2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-2000,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
7 * Copyright (C) Sander Striker 2000
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 extern int DEBUGLEVEL
;
31 /*******************************************************************
32 opens a samr group by rid, returns a policy handle.
33 ********************************************************************/
34 static uint32
samr_open_by_nt5ldapsid(LDAPDB
*hds
,
35 const POLICY_HND
*parent_pol
,
36 const DOM_SID
*dom_sid
,
43 /* get a (unique) handle. open a policy on it. */
44 if (!open_policy_hnd_link(get_global_hnd_cache(),
45 parent_pol
, pol
, access_mask
))
47 return NT_STATUS_ACCESS_DENIED
;
50 DEBUG(0,("TODO: verify that the rid exists\n"));
52 /* associate a SID with the (unique) handle. */
53 sid_copy(&sid
, dom_sid
);
54 sid_append_rid(&sid
, rid
);
56 /* associate an group SID with the (unique) handle. */
57 if (!set_nt5ldapsid(get_global_hnd_cache(), pol
, hds
, &sid
))
59 /* close the policy in case we can't associate a group SID */
60 close_policy_hnd(get_global_hnd_cache(), pol
);
61 return NT_STATUS_ACCESS_DENIED
;
64 return NT_STATUS_NOPROBLEMO
;
67 /*******************************************************************
68 samr_reply_add_aliasmem
69 ********************************************************************/
70 uint32
_samr_add_aliasmem(const POLICY_HND
*alias_pol
, const DOM_SID
*sid
)
74 fstring alias_sid_str
;
77 /* find the policy handle. open a policy on it. */
78 if (!get_nt5ldapsid(get_global_hnd_cache(), alias_pol
, &hds
, &alias_sid
))
80 return NT_STATUS_INVALID_HANDLE
;
82 sid_to_string(alias_sid_str
, &alias_sid
);
83 sid_split_rid(&alias_sid
, &alias_rid
);
85 DEBUG(10,("sid is %s\n", alias_sid_str
));
87 if (sid_equal(&alias_sid
, &global_sam_sid
))
89 DEBUG(10,("add member on Domain SID\n"));
92 if (!add_alias_member(alias_rid
, sid
))
95 return NT_STATUS_ACCESS_DENIED
;
98 else if (sid_equal(&alias_sid
, &global_sid_S_1_5_20
))
100 DEBUG(10,("add member on BUILTIN SID\n"));
103 if (!add_builtin_member(alias_rid
, sid
))
106 return NT_STATUS_ACCESS_DENIED
;
111 return NT_STATUS_NO_SUCH_ALIAS
;
114 return NT_STATUS_NOPROBLEMO
;
117 /*******************************************************************
118 samr_reply_del_aliasmem
119 ********************************************************************/
120 uint32
_samr_del_aliasmem(const POLICY_HND
*alias_pol
, const DOM_SID
*sid
)
124 fstring alias_sid_str
;
127 /* find the policy handle. open a policy on it. */
128 if (!get_nt5ldapsid(get_global_hnd_cache(), alias_pol
, &hds
, &alias_sid
))
130 return NT_STATUS_INVALID_HANDLE
;
132 sid_to_string(alias_sid_str
, &alias_sid
);
133 sid_split_rid(&alias_sid
, &alias_rid
);
135 DEBUG(10,("sid is %s\n", alias_sid_str
));
137 if (sid_equal(&alias_sid
, &global_sam_sid
))
139 DEBUG(10,("del member on Domain SID\n"));
142 if (!del_alias_member(alias_rid
, sid
))
145 return NT_STATUS_ACCESS_DENIED
;
148 else if (sid_equal(&alias_sid
, &global_sid_S_1_5_20
))
150 DEBUG(10,("del member on BUILTIN SID\n"));
153 if (!del_builtin_member(alias_rid
, sid
))
156 return NT_STATUS_ACCESS_DENIED
;
161 return NT_STATUS_NO_SUCH_ALIAS
;
164 return NT_STATUS_NOPROBLEMO
;
167 /*******************************************************************
168 samr_reply_query_aliasinfo
169 ********************************************************************/
170 uint32
_samr_query_aliasinfo(const POLICY_HND
*alias_pol
,
174 /* find the policy handle. open a policy on it. */
175 if ((find_policy_by_hnd(get_global_hnd_cache(), alias_pol
) == -1))
177 return NT_STATUS_INVALID_HANDLE
;
180 switch (switch_level
)
184 ctr
->switch_value1
= 3;
185 make_samr_alias_info3(&ctr
->alias
.info3
,
186 "<fake account description>");
191 return NT_STATUS_INVALID_INFO_CLASS
;
195 return NT_STATUS_NOPROBLEMO
;
199 /*******************************************************************
200 samr_reply_delete_dom_alias
201 ********************************************************************/
202 uint32
_samr_delete_dom_alias(POLICY_HND
*alias_pol
)
207 fstring alias_sid_str
;
209 DEBUG(5,("samr_delete_dom_alias: %d\n", __LINE__
));
211 /* find the policy handle. open a policy on it. */
212 if (!get_nt5ldapsid(get_global_hnd_cache(), alias_pol
, &hds
, &alias_sid
))
214 return NT_STATUS_INVALID_HANDLE
;
217 sid_to_string(alias_sid_str
, &alias_sid
);
218 sid_split_rid(&alias_sid
, &alias_rid
);
220 DEBUG(10,("sid is %s\n", alias_sid_str
));
222 if (!sid_equal(&alias_sid
, &global_sam_sid
))
224 return NT_STATUS_NO_SUCH_ALIAS
;
227 DEBUG(10,("lookup on Domain SID\n"));
230 if (!del_alias_entry(alias_rid
))
233 return NT_STATUS_NO_SUCH_ALIAS
;
236 return _samr_close(alias_pol
);
240 /*******************************************************************
241 samr_reply_query_aliasmem
242 ********************************************************************/
243 uint32
_samr_query_aliasmem(const POLICY_HND
*alias_pol
,
244 uint32
*num_mem
, DOM_SID2
**sid
)
247 LOCAL_GRP_MEMBER
*mem_grp
= NULL
;
248 LOCAL_GRP
*grp
= NULL
;
252 fstring alias_sid_str
;
254 DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__
));
259 /* find the policy handle. open a policy on it. */
260 if (!get_nt5ldapsid(get_global_hnd_cache(), alias_pol
, &hds
, &alias_sid
))
262 return NT_STATUS_INVALID_HANDLE
;
264 sid_to_string(alias_sid_str
, &alias_sid
);
265 sid_split_rid(&alias_sid
, &alias_rid
);
267 DEBUG(10,("sid is %s\n", alias_sid_str
));
269 if (sid_equal(&alias_sid
, &global_sid_S_1_5_20
))
271 DEBUG(10,("lookup on S-1-5-20\n"));
275 grp
= getbuiltinrid(alias_rid
, &mem_grp
, &num_sids
);
279 else if (sid_equal(&alias_sid
, &global_sam_sid
))
281 DEBUG(10,("lookup on Domain SID\n"));
285 grp
= getaliasrid(alias_rid
, &mem_grp
, &num_sids
);
291 return NT_STATUS_NO_SUCH_ALIAS
;
296 return NT_STATUS_NO_SUCH_ALIAS
;
301 (*sid
) = malloc(num_sids
* sizeof(DOM_SID2
));
302 if (mem_grp
!= NULL
&& sid
!= NULL
)
305 for (i
= 0; i
< num_sids
; i
++)
307 make_dom_sid2(&(*sid
)[i
], &mem_grp
[i
].sid
);
312 (*num_mem
) = num_sids
;
319 return NT_STATUS_NOPROBLEMO
;
322 /*******************************************************************
323 _samr_create_dom_alias
324 ********************************************************************/
325 uint32
_samr_create_dom_alias(const POLICY_HND
*domain_pol
,
326 const UNISTR2
*uni_acct_name
,
328 POLICY_HND
*alias_pol
, uint32
*rid
)
335 ZERO_STRUCTP(alias_pol
);
337 /* find the policy handle. open a policy on it. */
338 if (find_policy_by_hnd(get_global_hnd_cache(), domain_pol
) == -1)
340 return NT_STATUS_INVALID_HANDLE
;
343 /* find the domain sid */
344 if (!get_nt5ldapsid(get_global_hnd_cache(), domain_pol
, &hds
))
346 return NT_STATUS_OBJECT_TYPE_MISMATCH
;
349 if (!sid_equal(&dom_sid
, &global_sam_sid
))
351 return NT_STATUS_ACCESS_DENIED
;
354 unistr2_to_ascii(grp
.name
, uni_acct_name
, sizeof(grp
.name
)-1);
355 fstrcpy(grp
.comment
, "");
356 *rid
= grp
.rid
= 0xffffffff;
359 status
= samr_open_by_nt5ldapsid(hds
, domain_pol
,
360 &dom_sid
, alias_pol
, access_mask
, grp
.rid
);
362 if (status
!= NT_STATUS_NOPROBLEMO
)
368 if (!add_alias_entry(&grp
))
371 return NT_STATUS_ACCESS_DENIED
;
374 return NT_STATUS_NOPROBLEMO
;
377 /*******************************************************************
379 ********************************************************************/
380 uint32
_samr_open_alias(const POLICY_HND
*domain_pol
,
381 uint32 access_mask
, uint32 alias_rid
,
382 POLICY_HND
*alias_pol
)
387 /* find the domain sid associated with the policy handle */
388 if (!get_nt5ldapsid(get_global_hnd_cache(), domain_pol
, &hds
, &sid
))
390 return NT_STATUS_INVALID_HANDLE
;
393 /* this should not be hard-coded like this */
394 if (!sid_equal(&sid
, &global_sam_sid
) &&
395 !sid_equal(&sid
, &global_sid_S_1_5_20
))
397 return NT_STATUS_ACCESS_DENIED
;
400 return samr_open_by_nt5ldapsid(hds
, domain_pol
,
401 &sid
, alias_pol
, access_mask
, alias_rid
);