dcesrv_samr.c

来自「samba最新软件」· C语言 代码 · 共 2,389 行 · 第 1/5 页

		d_state->builtin = true;
	} else {
		d_state->builtin = false;
	}

	d_state->lp_ctx = dce_call->conn->dce_ctx->lp_ctx;

	h_domain = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_DOMAIN);
	if (!h_domain) {
		talloc_free(d_state);
		return NT_STATUS_NO_MEMORY;
	}
	
	h_domain->data = talloc_steal(h_domain, d_state);

	*r->out.domain_handle = h_domain->wire_handle;

	return NT_STATUS_OK;
}

/*
  return DomInfo1
*/
static NTSTATUS dcesrv_samr_info_DomInfo1(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo1 *info)
{
	info->min_password_length =
		samdb_result_uint(dom_msgs[0], "minPwdLength", 0);
	info->password_history_length =
		samdb_result_uint(dom_msgs[0], "pwdHistoryLength", 0);
	info->password_properties = 
		samdb_result_uint(dom_msgs[0], "pwdProperties", 0);
	info->max_password_age = 
		samdb_result_int64(dom_msgs[0], "maxPwdAge", 0);
	info->min_password_age = 
		samdb_result_int64(dom_msgs[0], "minPwdAge", 0);

	return NT_STATUS_OK;
}

/*
  return DomInfo2
*/
static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state, 
					  TALLOC_CTX *mem_ctx,
					  struct ldb_message **dom_msgs,
					  struct samr_DomInfo2 *info)
{
	/* This pulls the NetBIOS name from the 
	   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
	   string */
	info->primary.string = samdb_result_fsmo_name(state->sam_ctx, mem_ctx, dom_msgs[0], "fSMORoleOwner");

	if (!info->primary.string) {
		info->primary.string = lp_netbios_name(state->lp_ctx);
	}

	info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 
							    0x8000000000000000LL);

	info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL);
	info->domain_name.string  = state->domain_name;

	info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", 
						 0);
	switch (state->role) {
	case ROLE_DOMAIN_CONTROLLER:
		/* This pulls the NetBIOS name from the 
		   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
		   string */
		if (samdb_is_pdc(state->sam_ctx)) {
			info->role = SAMR_ROLE_DOMAIN_PDC;
		} else {
			info->role = SAMR_ROLE_DOMAIN_BDC;
		}
		break;
	case ROLE_DOMAIN_MEMBER:
		info->role = SAMR_ROLE_DOMAIN_MEMBER;
		break;
	case ROLE_STANDALONE:
		info->role = SAMR_ROLE_STANDALONE;
		break;
	}

	/* No users in BUILTIN, and the LOCAL group types are only in builtin, and the global group type is never in BUILTIN */
	info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, 
					     "(objectClass=user)");
	info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn,
					      "(&(objectClass=group)(sAMAccountType=%u))",
					      ATYPE_GLOBAL_GROUP);
	info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn,
					       "(&(objectClass=group)(sAMAccountType=%u))",
					       ATYPE_LOCAL_GROUP);

	return NT_STATUS_OK;
}

/*
  return DomInfo3
*/
static NTSTATUS dcesrv_samr_info_DomInfo3(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo3 *info)
{
	info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 
						      0x8000000000000000LL);

	return NT_STATUS_OK;
}

/*
  return DomInfo4
*/
static NTSTATUS dcesrv_samr_info_DomInfo4(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo4 *info)
{
	info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL);

	return NT_STATUS_OK;
}

/*
  return DomInfo5
*/
static NTSTATUS dcesrv_samr_info_DomInfo5(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo5 *info)
{
	info->domain_name.string  = state->domain_name;

	return NT_STATUS_OK;
}

/*
  return DomInfo6
*/
static NTSTATUS dcesrv_samr_info_DomInfo6(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				   struct ldb_message **dom_msgs,
				   struct samr_DomInfo6 *info)
{
	/* This pulls the NetBIOS name from the 
	   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
	   string */
	info->primary.string = samdb_result_fsmo_name(state->sam_ctx, mem_ctx, 
						      dom_msgs[0], "fSMORoleOwner");

	if (!info->primary.string) {
		info->primary.string = lp_netbios_name(state->lp_ctx);
	}

	return NT_STATUS_OK;
}

/*
  return DomInfo7
*/
static NTSTATUS dcesrv_samr_info_DomInfo7(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo7 *info)
{

	switch (state->role) {
	case ROLE_DOMAIN_CONTROLLER:
		/* This pulls the NetBIOS name from the 
		   cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
		   string */
		if (samdb_is_pdc(state->sam_ctx)) {
			info->role = SAMR_ROLE_DOMAIN_PDC;
		} else {
			info->role = SAMR_ROLE_DOMAIN_BDC;
		}
		break;
	case ROLE_DOMAIN_MEMBER:
		info->role = SAMR_ROLE_DOMAIN_MEMBER;
		break;
	case ROLE_STANDALONE:
		info->role = SAMR_ROLE_STANDALONE;
		break;
	}

	return NT_STATUS_OK;
}

/*
  return DomInfo8
*/
static NTSTATUS dcesrv_samr_info_DomInfo8(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo8 *info)
{
	info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", 
					       time(NULL));

	info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime",
						     0x0LL);

	return NT_STATUS_OK;
}

/*
  return DomInfo9
*/
static NTSTATUS dcesrv_samr_info_DomInfo9(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo9 *info)
{
	info->unknown = 1;

	return NT_STATUS_OK;
}

/*
  return DomInfo11
*/
static NTSTATUS dcesrv_samr_info_DomInfo11(struct samr_domain_state *state,
				    TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				    struct samr_DomInfo11 *info)
{
	NTSTATUS status;
	status = dcesrv_samr_info_DomInfo2(state, mem_ctx, dom_msgs, &info->info2);
	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}
	
	info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", 
						    -18000000000LL);
	info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow",
						    -18000000000LL);
	info->lockout_threshold = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutThreshold", 0);

	return NT_STATUS_OK;
}

/*
  return DomInfo12
*/
static NTSTATUS dcesrv_samr_info_DomInfo12(struct samr_domain_state *state,
				   TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				   struct samr_DomInfo12 *info)
{
	info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", 
						    -18000000000LL);
	info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow",
						    -18000000000LL);
	info->lockout_threshold = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutThreshold", 0);

	return NT_STATUS_OK;
}

/*
  return DomInfo13
*/
static NTSTATUS dcesrv_samr_info_DomInfo13(struct samr_domain_state *state,
				    TALLOC_CTX *mem_ctx,
				    struct ldb_message **dom_msgs,
				    struct samr_DomInfo13 *info)
{
	info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", 
					       time(NULL));

	info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime",
						     0x0LL);

	info->unknown1 = 0;
	info->unknown2 = 0;

	return NT_STATUS_OK;
}

/* 
  samr_QueryDomainInfo 
*/
static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
				     struct samr_QueryDomainInfo *r)
{
	struct dcesrv_handle *h;
	struct samr_domain_state *d_state;

	struct ldb_message **dom_msgs;
	const char * const *attrs = NULL;
	
	r->out.info = NULL;

	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);

	d_state = h->data;

	r->out.info = talloc(mem_ctx, union samr_DomainInfo);
	if (!r->out.info) {
		return NT_STATUS_NO_MEMORY;
	}

	switch (r->in.level) {
	case 1: 
	{
		static const char * const attrs2[] = { "minPwdLength", "pwdHistoryLength",
						       "pwdProperties", "maxPwdAge",
						       "minPwdAge", NULL };
		attrs = attrs2;
		break;
	}
	case 2:
	{
		static const char * const attrs2[] = {"forceLogoff",
						      "comment", 
						      "modifiedCount", 
						      "fSMORoleOwner",
						      NULL};
		attrs = attrs2;
		break;
	}
	case 3:
	{
		static const char * const attrs2[] = {"forceLogoff", 
						      NULL};
		attrs = attrs2;
		break;
	}
	case 4:
	{
		static const char * const attrs2[] = {"comment", 
						      NULL};
		attrs = attrs2;
		break;
	}
	case 5:
	{
		attrs = NULL;
		break;
	}
	case 6:
	{
		static const char * const attrs2[] = {"fSMORoleOwner", 
						      NULL};
		attrs = attrs2;
		break;
	}
	case 7:
	{
		attrs = NULL;
		break;
	}
	case 8:
	{
		static const char * const attrs2[] = { "modifiedCount", 
						       "creationTime", 
						       NULL };
		attrs = attrs2;
		break;
	}
	case 9:
		attrs = NULL;
		break;		
	case 11:
	{
		static const char * const attrs2[] = { "comment", "forceLogoff", 
						       "modifiedCount", 
						       "lockoutDuration", 
						       "lockOutObservationWindow", 
						       "lockoutThreshold", 
						       NULL};
		attrs = attrs2;
		break;
	}
	case 12:
	{
		static const char * const attrs2[] = { "lockoutDuration", 
						       "lockOutObservationWindow", 
						       "lockoutThreshold", 
						       NULL};
		attrs = attrs2;
		break;
	}
	case 13:
	{
		static const char * const attrs2[] = { "modifiedCount", 
						       "creationTime", 
						       NULL };
		attrs = attrs2;
		break;
	}
	}

	/* some levels don't need a search */
	if (attrs) {
		int ret;
		ret = gendb_search_dn(d_state->sam_ctx, mem_ctx,
				      d_state->domain_dn, &dom_msgs, attrs);
		if (ret != 1) {
			return NT_STATUS_INTERNAL_DB_CORRUPTION;
		}
	}

	ZERO_STRUCTP(r->out.info);

	switch (r->in.level) {
	case 1:
		return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info1);
	case 2:
		return dcesrv_samr_info_DomInfo2(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info2);
	case 3:
		return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info3);
	case 4:
		return dcesrv_samr_info_DomInfo4(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info4);
	case 5:
		return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info5);
	case 6:
		return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info6);
	case 7:
		return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info7);
	case 8:
		return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info8);
	case 9:
		return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info9);
	case 11:
		return dcesrv_samr_info_DomInfo11(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info11);
	case 12:
		return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info12);
	case 13:
		return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs, 
					  &r->out.info->info13);
	}

	return NT_STATUS_INVALID_INFO_CLASS;
}


/* 
  samr_SetDomainInfo 
*/
static NTSTATUS dcesrv_samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
		       struct samr_SetDomainInfo *r)
{
	struct dcesrv_handle *h;
	struct samr_domain_state *d_state;
	struct ldb_message *msg;
	int ret;
	struct ldb_context *sam_ctx;

	DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);

	d_state = h->data;
	sam_ctx = d_state->sam_ctx;

	msg = ldb_msg_new(mem_ctx);
	if (msg == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	msg->dn = talloc_reference(mem_ctx, d_state->domain_dn);
	if (!msg->dn) {
		return NT_STATUS_NO_MEMORY;
	}

	switch (r->in.level) {