bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_value_state flag)
{
gid_t gid;
if (!g_sid)
return False;
if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID )) ) {
return False;
}
/* if we cannot resolve the SID to gid, then just ignore it and
store DOMAIN_USERS as the primary groupSID */
if ( sid_to_gid( g_sid, &gid ) ) {
sid_copy(sampass->group_sid, g_sid);
} else {
sid_compose(sampass->group_sid, get_global_sam_sid(),
DOMAIN_GROUP_RID_USERS);
}
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
sid_string_dbg(sampass->group_sid)));
return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
}
UNISTR2* ucs2_to_unistr2(TALLOC_CTX *ctx, UNISTR2* dst, smb_ucs2_t* src)
{
size_t len;
if (!src) {
return NULL;
}
len = strlen_w(src);
/* allocate UNISTR2 destination if not given */
if (!dst) {
dst = TALLOC_P(ctx, UNISTR2);
if (!dst)
return NULL;
}
if (!dst->buffer) {
dst->buffer = TALLOC_ARRAY(ctx, uint16, len + 1);
if (!dst->buffer)
return NULL;
}
/* set UNISTR2 parameters */
dst->uni_max_len = len + 1;
dst->offset = 0;
dst->uni_str_len = len;
/* copy the actual unicode string */
strncpy_w(dst->buffer, src, dst->uni_max_len);
return dst;
}
DOM_SID *string_sid_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
{
DOM_SID *result = TALLOC_P(mem_ctx, DOM_SID);
if (result == NULL)
return NULL;
if (!string_to_sid(result, sidstr))
return NULL;
return result;
}
void init_unistr4_w( TALLOC_CTX *ctx, UNISTR4 *uni4, const smb_ucs2_t *buf )
{
uni4->string = TALLOC_P( ctx, UNISTR2 );
if (!uni4->string) {
smb_panic("init_unistr4_w: talloc fail\n");
return;
}
init_unistr2_w( ctx, uni4->string, buf );
uni4->length = 2 * (uni4->string->uni_str_len);
uni4->size = 2 * (uni4->string->uni_max_len);
}
void init_unistr4(UNISTR4 *uni4, const char *buf, enum unistr2_term_codes flags)
{
uni4->string = TALLOC_P( get_talloc_ctx(), UNISTR2 );
if (!uni4->string) {
smb_panic("init_unistr4: talloc fail\n");
return;
}
init_unistr2( uni4->string, buf, flags );
uni4->length = 2 * (uni4->string->uni_str_len);
uni4->size = 2 * (uni4->string->uni_max_len);
}
WERROR rpccli_svcctl_open_scm(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *hSCM, uint32 access_desired )
{
SVCCTL_Q_OPEN_SCMANAGER in;
SVCCTL_R_OPEN_SCMANAGER out;
prs_struct qbuf, rbuf;
fstring server;
ZERO_STRUCT(in);
ZERO_STRUCT(out);
/* leave the database name NULL to get the default service db */
in.database = NULL;
/* set the server name */
if ( !(in.servername = TALLOC_P( mem_ctx, UNISTR2 )) )
return WERR_NOMEM;
fstr_sprintf( server, "\\\\%s", cli->cli->desthost );
init_unistr2( in.servername, server, UNI_STR_TERMINATE );
in.access = access_desired;
CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SCMANAGER_W,
in, out,
qbuf, rbuf,
svcctl_io_q_open_scmanager,
svcctl_io_r_open_scmanager,
WERR_GENERAL_FAILURE );
if ( !W_ERROR_IS_OK( out.status ) )
return out.status;
memcpy( hSCM, &out.handle, sizeof(POLICY_HND) );
return out.status;
}
NTSTATUS rpccli_ds_getprimarydominfo(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
uint16 level, DS_DOMINFO_CTR *ctr)
{
prs_struct qbuf, rbuf;
DS_Q_GETPRIMDOMINFO q;
DS_R_GETPRIMDOMINFO r;
NTSTATUS result;
ZERO_STRUCT(q);
ZERO_STRUCT(r);
q.level = level;
CLI_DO_RPC( cli, mem_ctx, PI_LSARPC_DS, DS_GETPRIMDOMINFO,
q, r,
qbuf, rbuf,
ds_io_q_getprimdominfo,
ds_io_r_getprimdominfo,
NT_STATUS_UNSUCCESSFUL);
/* Return basic info - if we are requesting at info != 1 then
there could be trouble. */
result = r.status;
if ( r.ptr && ctr ) {
ctr->basic = TALLOC_P(mem_ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC);
if (!ctr->basic)
goto done;
memcpy(ctr->basic, r.info.basic, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
}
done:
return result;
}
static BOOL parse_share_modes(TDB_DATA dbuf, struct share_mode_lock *lck)
{
struct locking_data *data;
int i;
if (dbuf.dsize < sizeof(struct locking_data)) {
smb_panic("PANIC: parse_share_modes: buffer too short.\n");
}
data = (struct locking_data *)dbuf.dptr;
lck->delete_on_close = data->u.s.delete_on_close;
lck->initial_delete_on_close = data->u.s.initial_delete_on_close;
lck->num_share_modes = data->u.s.num_share_mode_entries;
DEBUG(10, ("parse_share_modes: delete_on_close: %d, "
"initial_delete_on_close: %d, "
"num_share_modes: %d\n",
lck->delete_on_close,
lck->initial_delete_on_close,
lck->num_share_modes));
if ((lck->num_share_modes < 0) || (lck->num_share_modes > 1000000)) {
DEBUG(0, ("invalid number of share modes: %d\n",
lck->num_share_modes));
smb_panic("PANIC: invalid number of share modes");
}
lck->share_modes = NULL;
if (lck->num_share_modes != 0) {
if (dbuf.dsize < (sizeof(struct locking_data) +
(lck->num_share_modes *
sizeof(struct share_mode_entry)))) {
smb_panic("PANIC: parse_share_modes: buffer too short.\n");
}
lck->share_modes = talloc_memdup(lck, dbuf.dptr+sizeof(*data),
lck->num_share_modes *
sizeof(struct share_mode_entry));
if (lck->share_modes == NULL) {
smb_panic("talloc failed\n");
}
}
/* Get any delete token. */
if (data->u.s.delete_token_size) {
char *p = dbuf.dptr + sizeof(*data) +
(lck->num_share_modes *
sizeof(struct share_mode_entry));
if ((data->u.s.delete_token_size < sizeof(uid_t) + sizeof(gid_t)) ||
((data->u.s.delete_token_size - sizeof(uid_t)) % sizeof(gid_t)) != 0) {
DEBUG(0, ("parse_share_modes: invalid token size %d\n",
data->u.s.delete_token_size));
smb_panic("parse_share_modes: invalid token size\n");
}
lck->delete_token = TALLOC_P(lck, UNIX_USER_TOKEN);
if (!lck->delete_token) {
smb_panic("talloc failed\n");
}
/* Copy out the uid and gid. */
memcpy(&lck->delete_token->uid, p, sizeof(uid_t));
p += sizeof(uid_t);
memcpy(&lck->delete_token->gid, p, sizeof(gid_t));
p += sizeof(gid_t);
/* Any supplementary groups ? */
lck->delete_token->ngroups = (data->u.s.delete_token_size > (sizeof(uid_t) + sizeof(gid_t))) ?
((data->u.s.delete_token_size -
(sizeof(uid_t) + sizeof(gid_t)))/sizeof(gid_t)) : 0;
if (lck->delete_token->ngroups) {
/* Make this a talloc child of lck->delete_token. */
lck->delete_token->groups = TALLOC_ARRAY(lck->delete_token, gid_t,
lck->delete_token->ngroups);
if (!lck->delete_token) {
smb_panic("talloc failed\n");
}
for (i = 0; i < lck->delete_token->ngroups; i++) {
memcpy(&lck->delete_token->groups[i], p, sizeof(gid_t));
p += sizeof(gid_t);
}
}
} else {
lck->delete_token = NULL;
}
/* Save off the associated service path and filename. */
lck->servicepath = talloc_strdup(lck, dbuf.dptr + sizeof(*data) +
(lck->num_share_modes *
sizeof(struct share_mode_entry)) +
data->u.s.delete_token_size );
lck->filename = talloc_strdup(lck, dbuf.dptr + sizeof(*data) +
(lck->num_share_modes *
sizeof(struct share_mode_entry)) +
data->u.s.delete_token_size +
strlen(lck->servicepath) + 1 );
/*
* Ensure that each entry has a real process attached.
*/
for (i = 0; i < lck->num_share_modes; i++) {
struct share_mode_entry *entry_p = &lck->share_modes[i];
DEBUG(10,("parse_share_modes: %s\n",
share_mode_str(i, entry_p) ));
if (!process_exists(entry_p->pid)) {
DEBUG(10,("parse_share_modes: deleted %s\n",
share_mode_str(i, entry_p) ));
entry_p->op_type = UNUSED_SHARE_MODE_ENTRY;
lck->modified = True;
}
}
return True;
}
const DOM_SID *pdb_get_group_sid(struct samu *sampass)
{
DOM_SID *gsid;
struct passwd *pwd;
/* Return the cached group SID if we have that */
if ( sampass->group_sid ) {
return sampass->group_sid;
}
/* generate the group SID from the user's primary Unix group */
if ( !(gsid = TALLOC_P( sampass, DOM_SID )) ) {
return NULL;
}
/* No algorithmic mapping, meaning that we have to figure out the
primary group SID according to group mapping and the user SID must
be a newly allocated one. We rely on the user's Unix primary gid.
We have no choice but to fail if we can't find it. */
if ( sampass->unix_pw ) {
pwd = sampass->unix_pw;
} else {
pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) );
}
if ( !pwd ) {
DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) ));
return NULL;
}
if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) {
enum lsa_SidType type = SID_NAME_UNKNOWN;
TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid");
bool lookup_ret;
if (!mem_ctx) {
return NULL;
}
/* Now check that it's actually a domain group and not something else */
lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);
TALLOC_FREE( mem_ctx );
if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {
sampass->group_sid = gsid;
return sampass->group_sid;
}
DEBUG(3, ("Primary group for user %s is a %s and not a domain group\n",
pwd->pw_name, sid_type_lookup(type)));
}
/* Just set it to the 'Domain Users' RID of 512 which will
always resolve to a name */
sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
sampass->group_sid = gsid;
return sampass->group_sid;
}
