Print this page
1575 untangle libmlrpc from SMB server
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
NEX-15052 Need a way to add appliance local user/group ACE from Windows
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15052 Need a way to add appliance local user/group ACE from Windows
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-3106 ACL editor crash in Windows 2012 R2
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Alek Pinchuk <alek.pinchuk@nexenta.com>
re #12435 rb3958 r10 is added 2 times to panic info
re #12393 rb3935 Kerberos and smbd disagree about who is our AD server
*** 19,29 ****
* CDDL HEADER END
*/
/*
* Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
! * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Security Accounts Manager RPC (SAMR) server-side interface.
*
--- 19,29 ----
* CDDL HEADER END
*/
/*
* Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
! * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
*/
/*
* Security Accounts Manager RPC (SAMR) server-side interface.
*
*** 37,48 ****
#include <strings.h>
#include <unistd.h>
#include <netdb.h>
#include <assert.h>
#include <grp.h>
#include <smbsrv/libsmb.h>
- #include <smbsrv/libmlrpc.h>
#include <smbsrv/libmlsvc.h>
#include <smbsrv/smbinfo.h>
#include <smbsrv/nmpipes.h>
#include <smbsrv/ndl/samrpc.ndl>
#include <samlib.h>
--- 37,48 ----
#include <strings.h>
#include <unistd.h>
#include <netdb.h>
#include <assert.h>
#include <grp.h>
+ #include <libmlrpc/libmlrpc.h>
#include <smbsrv/libsmb.h>
#include <smbsrv/libmlsvc.h>
#include <smbsrv/smbinfo.h>
#include <smbsrv/nmpipes.h>
#include <smbsrv/ndl/samrpc.ndl>
#include <samlib.h>
*** 100,109 ****
--- 100,110 ----
static ndr_hdid_t *samr_hdalloc(ndr_xa_t *, samr_key_t, smb_domain_type_t,
DWORD);
static void samr_hdfree(ndr_xa_t *, ndr_hdid_t *);
static ndr_handle_t *samr_hdlookup(ndr_xa_t *, ndr_hdid_t *, samr_key_t);
+ static ndr_handle_t *samr_hdlookup_any(ndr_xa_t *, ndr_hdid_t *);
static int samr_call_stub(ndr_xa_t *mxa);
static DWORD samr_s_enum_local_domains(struct samr_EnumLocalDomain *,
ndr_xa_t *);
static ndr_stub_table_t samr_stub_table[];
*** 212,221 ****
--- 213,240 ----
return (hd);
}
/*
+ * Handle lookup wrapper to validate the local context,
+ * but don't limit to one type.
+ */
+ static ndr_handle_t *
+ samr_hdlookup_any(ndr_xa_t *mxa, ndr_hdid_t *id)
+ {
+ ndr_handle_t *hd;
+
+ if ((hd = ndr_hdlookup(mxa, id)) == NULL)
+ return (NULL);
+
+ if (hd->nh_data == NULL)
+ return (NULL);
+
+ return (hd);
+ }
+
+ /*
* samr_s_Connect
*
* This is a request to connect to the local SAM database. We don't
* support any form of update request and our database doesn't
* contain any private information, so there is little point in
*** 259,268 ****
--- 278,330 ----
param->status = 0;
return (NDR_DRC_OK);
}
/*
+ * samr_s_QuerySecObject
+ */
+ static int
+ samr_s_QuerySecObject(void *arg, ndr_xa_t *mxa)
+ {
+ struct samr_QuerySecObject *param = arg;
+ ndr_hdid_t *id;
+ uint32_t status;
+ struct samr_sec_desc *sd;
+
+ id = (ndr_hdid_t *)¶m->obj_handle;
+ if (samr_hdlookup_any(mxa, id) == NULL) {
+ status = NT_STATUS_INVALID_HANDLE;
+ goto QuerySecObjectError;
+ }
+
+ param->sd = NDR_MALLOC(mxa, sizeof (samr_sd_t));
+ if (param->sd == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto QuerySecObjectError;
+ }
+ param->sd->length = sizeof (struct samr_sec_desc);
+
+ sd = NDR_MALLOC(mxa, param->sd->length);
+ if (sd == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto QuerySecObjectError;
+ }
+ bzero(sd, param->sd->length);
+ sd->Revision = 1;
+ sd->Control = SE_SELF_RELATIVE;
+
+ param->sd->data = (void *)sd;
+ param->status = NT_STATUS_SUCCESS;
+ return (NDR_DRC_OK);
+
+ QuerySecObjectError:
+ bzero(param, sizeof (struct samr_QuerySecObject));
+ param->status = NT_SC_ERROR(status);
+ return (NDR_DRC_OK);
+ }
+
+ /*
* samr_s_LookupDomain
*
* This is a request to map a domain name to a domain SID. We can map
* the primary domain name, our local domain name (hostname) and the
* builtin domain names to the appropriate SID. Anything else will be
*** 687,698 ****
*/
/*ARGSUSED*/
static int
samr_s_QueryUserInfo(void *arg, ndr_xa_t *mxa)
{
- static uint16_t owf_buf[8];
- static uint8_t hour_buf[SAMR_SET_USER_HOURS_SZ];
struct samr_QueryUserInfo *param = arg;
struct samr_QueryUserInfo21 *all_info;
ndr_hdid_t *id;
ndr_handle_t *hd;
samr_keydata_t *data;
--- 749,758 ----
*** 730,754 ****
}
all_info = ¶m->ru.info21;
bzero(all_info, sizeof (struct samr_QueryUserInfo21));
! all_info->WhichFields = SAMR_USER_ALL_USERNAME | SAMR_USER_ALL_USERID;
(void) NDR_MSTRING(mxa, account.a_name,
(ndr_mstring_t *)&all_info->UserName);
all_info->UserId = data->kd_rid;
- all_info->LmOwfPassword.length = 16;
- all_info->LmOwfPassword.maxlen = 16;
- all_info->LmOwfPassword.buf = owf_buf;
- all_info->NtOwfPassword.length = 16;
- all_info->NtOwfPassword.maxlen = 16;
- all_info->NtOwfPassword.buf = owf_buf;
- all_info->LogonHours.units_per_week = SAMR_HOURS_PER_WEEK;
- all_info->LogonHours.hours = hour_buf;
-
param->address = 1;
param->switch_index = SAMR_QUERY_USER_ALL_INFO;
param->status = NT_STATUS_SUCCESS;
smb_account_free(&account);
smb_sid_free(sid);
--- 790,816 ----
}
all_info = ¶m->ru.info21;
bzero(all_info, sizeof (struct samr_QueryUserInfo21));
! all_info->WhichFields = SAMR_USER_ALL_USERNAME | SAMR_USER_ALL_USERID |
! SAMR_USER_ALL_FULLNAME | SAMR_USER_ALL_USERACCOUNTCONTROL |
! SAMR_USER_ALL_ADMINCOMMENT;
(void) NDR_MSTRING(mxa, account.a_name,
(ndr_mstring_t *)&all_info->UserName);
+ (void) NDR_MSTRING(mxa, account.a_name,
+ (ndr_mstring_t *)&all_info->FullName);
+ (void) NDR_MSTRING(mxa, "",
+ (ndr_mstring_t *)&all_info->AdminComment);
+
all_info->UserId = data->kd_rid;
+ all_info->UserAccountControl = SAMR_AF_NORMAL_ACCOUNT |
+ SAMR_AF_DONT_EXPIRE_PASSWD;
+ if ((account.a_flags & SMB_PWF_DISABLE) != 0)
+ all_info->UserAccountControl |= SAMR_AF_ACCOUNTDISABLE;
param->address = 1;
param->switch_index = SAMR_QUERY_USER_ALL_INFO;
param->status = NT_STATUS_SUCCESS;
smb_account_free(&account);
smb_sid_free(sid);
*** 1849,1858 ****
--- 1911,1921 ----
}
static ndr_stub_table_t samr_stub_table[] = {
{ samr_s_Connect, SAMR_OPNUM_Connect },
{ samr_s_CloseHandle, SAMR_OPNUM_CloseHandle },
+ { samr_s_QuerySecObject, SAMR_OPNUM_QuerySecObject },
{ samr_s_LookupDomain, SAMR_OPNUM_LookupDomain },
{ samr_s_EnumLocalDomains, SAMR_OPNUM_EnumLocalDomains },
{ samr_s_OpenDomain, SAMR_OPNUM_OpenDomain },
{ samr_s_QueryDomainInfo, SAMR_OPNUM_QueryDomainInfo },
{ samr_s_QueryInfoDomain2, SAMR_OPNUM_QueryInfoDomain2 },