Mercurial > illumos > illumos-gate
annotate usr/src/lib/smbsrv/libmlsvc/common/samlib.c @ 10717:fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
6877755 smbd should not route stderr, stdout to /dev/null
6882701 Wrong error message for attempt to map local user to Windows group, or vice versa
6885105 Potential for deadlock in smb_node_set_delete_on_close()
6881928 smbd core generated when running a script to join domain, set abe properties
6885538 Reduce dependencies on libsmbrdr
6820325 cifs service can't start on multi vlan+ipmp configuration
author | Alan Wright <amw@Sun.COM> |
---|---|
date | Mon, 05 Oct 2009 11:03:34 -0700 |
parents | ee04788f8605 |
children | 37e5dcdf36d3 |
rev | line source |
---|---|
5331 | 1 /* |
2 * CDDL HEADER START | |
3 * | |
4 * The contents of this file are subject to the terms of the | |
5 * Common Development and Distribution License (the "License"). | |
6 * You may not use this file except in compliance with the License. | |
7 * | |
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 * or http://www.opensolaris.org/os/licensing. | |
10 * See the License for the specific language governing permissions | |
11 * and limitations under the License. | |
12 * | |
13 * When distributing Covered Code, include this CDDL HEADER in each | |
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 * If applicable, add the following below this CDDL HEADER, with the | |
16 * fields enclosed by brackets "[]" replaced with your own identifying | |
17 * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 * | |
19 * CDDL HEADER END | |
20 */ | |
21 /* | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. |
5331 | 23 * Use is subject to license terms. |
24 */ | |
25 | |
26 /* | |
27 * This module provides the high level interface to the SAM RPC | |
28 * functions. | |
29 */ | |
30 | |
31 #include <alloca.h> | |
32 | |
33 #include <smbsrv/libsmb.h> | |
34 #include <smbsrv/libmlsvc.h> | |
6432
98715880dd9e
6666802 Cannot copy >1023 byte readonly file from Vista client to Solaris CIFS share
as200622
parents:
5772
diff
changeset
|
35 |
5331 | 36 #include <smbsrv/ntstatus.h> |
37 #include <smbsrv/ntaccess.h> | |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
38 #include <lsalib.h> |
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
39 #include <samlib.h> |
5331 | 40 |
41 /* | |
42 * Valid values for the OEM OWF password encryption. | |
43 */ | |
44 #define SAM_PASSWORD_516 516 | |
45 #define SAM_KEYLEN 16 | |
46 | |
10504
ee04788f8605
6861127 Want an RPC function to get the session key
Keyur Desai <Keyur.Desai@Sun.COM>
parents:
9832
diff
changeset
|
47 extern DWORD samr_set_user_info(mlsvc_handle_t *); |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
48 static struct samr_sid *sam_get_domain_sid(mlsvc_handle_t *, char *, char *); |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
49 |
5331 | 50 /* |
51 * sam_create_trust_account | |
52 * | |
53 * Create a trust account for this system. | |
54 * | |
55 * SAMR_AF_WORKSTATION_TRUST_ACCOUNT: servers and workstations. | |
56 * SAMR_AF_SERVER_TRUST_ACCOUNT: domain controllers. | |
57 * | |
58 * Returns NT status codes. | |
59 */ | |
60 DWORD | |
10504
ee04788f8605
6861127 Want an RPC function to get the session key
Keyur Desai <Keyur.Desai@Sun.COM>
parents:
9832
diff
changeset
|
61 sam_create_trust_account(char *server, char *domain) |
5331 | 62 { |
7961
4b5e3051f38b
6751647 TRANS2_FIND_NEXT continuation by filename restarts search at beginning of directory
natalie li - Sun Microsystems - Irvine United States <Natalie.Li@Sun.COM>
parents:
6432
diff
changeset
|
63 char account_name[SMB_SAMACCT_MAXLEN]; |
5331 | 64 DWORD status; |
65 | |
7961
4b5e3051f38b
6751647 TRANS2_FIND_NEXT continuation by filename restarts search at beginning of directory
natalie li - Sun Microsystems - Irvine United States <Natalie.Li@Sun.COM>
parents:
6432
diff
changeset
|
66 if (smb_getsamaccount(account_name, SMB_SAMACCT_MAXLEN) != 0) |
4b5e3051f38b
6751647 TRANS2_FIND_NEXT continuation by filename restarts search at beginning of directory
natalie li - Sun Microsystems - Irvine United States <Natalie.Li@Sun.COM>
parents:
6432
diff
changeset
|
67 return (NT_STATUS_INTERNAL_ERROR); |
5331 | 68 |
69 /* | |
70 * The trust account value here should match | |
71 * the value that will be used when the user | |
72 * information is set on this account. | |
73 */ | |
74 status = sam_create_account(server, domain, account_name, | |
10504
ee04788f8605
6861127 Want an RPC function to get the session key
Keyur Desai <Keyur.Desai@Sun.COM>
parents:
9832
diff
changeset
|
75 SAMR_AF_WORKSTATION_TRUST_ACCOUNT); |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
76 |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
77 /* |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
78 * Based on network traces, a Windows 2000 client will |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
79 * always try to create the computer account first. |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
80 * If it existed, then check the user permission to join |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
81 * the domain. |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
82 */ |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
83 |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
84 if (status == NT_STATUS_USER_EXISTS) |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
85 status = sam_check_user(server, domain, account_name); |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
86 |
5331 | 87 return (status); |
88 } | |
89 | |
90 | |
91 /* | |
92 * sam_create_account | |
93 * | |
94 * Create the specified domain account in the SAM database on the | |
95 * domain controller. | |
96 * | |
97 * Account flags: | |
98 * SAMR_AF_NORMAL_ACCOUNT | |
99 * SAMR_AF_WORKSTATION_TRUST_ACCOUNT | |
100 * SAMR_AF_SERVER_TRUST_ACCOUNT | |
101 * | |
102 * Returns NT status codes. | |
103 */ | |
104 DWORD | |
105 sam_create_account(char *server, char *domain_name, char *account_name, | |
10504
ee04788f8605
6861127 Want an RPC function to get the session key
Keyur Desai <Keyur.Desai@Sun.COM>
parents:
9832
diff
changeset
|
106 DWORD account_flags) |
5331 | 107 { |
108 mlsvc_handle_t samr_handle; | |
109 mlsvc_handle_t domain_handle; | |
110 mlsvc_handle_t user_handle; | |
111 union samr_user_info sui; | |
112 struct samr_sid *sid; | |
113 DWORD rid; | |
114 DWORD status; | |
115 int rc; | |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
116 char user[SMB_USERNAME_MAXLEN]; |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
117 |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
118 smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); |
5331 | 119 |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
120 rc = samr_open(server, domain_name, user, SAM_CONNECT_CREATE_ACCOUNT, |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
121 &samr_handle); |
5331 | 122 |
123 if (rc != 0) { | |
124 status = NT_STATUS_OPEN_FAILED; | |
125 smb_tracef("SamCreateAccount[%s\\%s]: %s", | |
126 domain_name, account_name, xlate_nt_status(status)); | |
127 return (status); | |
128 } | |
129 | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
130 sid = sam_get_domain_sid(&samr_handle, server, domain_name); |
5331 | 131 |
132 status = samr_open_domain(&samr_handle, | |
133 SAM_DOMAIN_CREATE_ACCOUNT, sid, &domain_handle); | |
134 | |
135 if (status == NT_STATUS_SUCCESS) { | |
136 status = samr_create_user(&domain_handle, account_name, | |
137 account_flags, &rid, &user_handle); | |
138 | |
139 if (status == NT_STATUS_SUCCESS) { | |
140 (void) samr_query_user_info(&user_handle, | |
141 SAMR_QUERY_USER_UNKNOWN16, &sui); | |
142 | |
143 (void) samr_get_user_pwinfo(&user_handle); | |
10504
ee04788f8605
6861127 Want an RPC function to get the session key
Keyur Desai <Keyur.Desai@Sun.COM>
parents:
9832
diff
changeset
|
144 (void) samr_set_user_info(&user_handle); |
5331 | 145 (void) samr_close_handle(&user_handle); |
5772
237ac22142fe
6560095 SNAS shows SIDs for Built-in Groups members instead of name
as200622
parents:
5521
diff
changeset
|
146 } else if (status != NT_STATUS_USER_EXISTS) { |
5331 | 147 smb_tracef("SamCreateAccount[%s]: %s", |
148 account_name, xlate_nt_status(status)); | |
149 } | |
150 | |
151 (void) samr_close_handle(&domain_handle); | |
152 } else { | |
153 smb_tracef("SamCreateAccount[%s]: open domain failed", | |
154 account_name); | |
155 status = (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); | |
156 } | |
157 | |
158 (void) samr_close_handle(&samr_handle); | |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
159 free(sid); |
5331 | 160 return (status); |
161 } | |
162 | |
163 | |
164 /* | |
165 * sam_remove_trust_account | |
166 * | |
167 * Attempt to remove the workstation trust account for this system. | |
168 * Administrator access is required to perform this operation. | |
169 * | |
170 * Returns NT status codes. | |
171 */ | |
172 DWORD | |
173 sam_remove_trust_account(char *server, char *domain) | |
174 { | |
7961
4b5e3051f38b
6751647 TRANS2_FIND_NEXT continuation by filename restarts search at beginning of directory
natalie li - Sun Microsystems - Irvine United States <Natalie.Li@Sun.COM>
parents:
6432
diff
changeset
|
175 char account_name[SMB_SAMACCT_MAXLEN]; |
5331 | 176 |
7961
4b5e3051f38b
6751647 TRANS2_FIND_NEXT continuation by filename restarts search at beginning of directory
natalie li - Sun Microsystems - Irvine United States <Natalie.Li@Sun.COM>
parents:
6432
diff
changeset
|
177 if (smb_getsamaccount(account_name, SMB_SAMACCT_MAXLEN) != 0) |
4b5e3051f38b
6751647 TRANS2_FIND_NEXT continuation by filename restarts search at beginning of directory
natalie li - Sun Microsystems - Irvine United States <Natalie.Li@Sun.COM>
parents:
6432
diff
changeset
|
178 return (NT_STATUS_INTERNAL_ERROR); |
5331 | 179 |
180 return (sam_delete_account(server, domain, account_name)); | |
181 } | |
182 | |
183 | |
184 /* | |
185 * sam_delete_account | |
186 * | |
187 * Attempt to remove an account from the SAM database on the specified | |
188 * server. | |
189 * | |
190 * Returns NT status codes. | |
191 */ | |
192 DWORD | |
193 sam_delete_account(char *server, char *domain_name, char *account_name) | |
194 { | |
195 mlsvc_handle_t samr_handle; | |
196 mlsvc_handle_t domain_handle; | |
197 mlsvc_handle_t user_handle; | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
198 smb_account_t ainfo; |
5331 | 199 struct samr_sid *sid; |
200 DWORD access_mask; | |
201 DWORD status; | |
202 int rc; | |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
203 char user[SMB_USERNAME_MAXLEN]; |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
204 |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
205 smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); |
5331 | 206 |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
207 rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION, |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
208 &samr_handle); |
5331 | 209 |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
210 if (rc != 0) |
5331 | 211 return (NT_STATUS_OPEN_FAILED); |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
212 |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
213 sid = sam_get_domain_sid(&samr_handle, server, domain_name); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
214 status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION, sid, |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
215 &domain_handle); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
216 free(sid); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
217 if (status != NT_STATUS_SUCCESS) { |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
218 (void) samr_close_handle(&samr_handle); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
219 return (status); |
5331 | 220 } |
221 | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
222 status = samr_lookup_domain_names(&domain_handle, account_name, &ainfo); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
223 if (status == NT_STATUS_SUCCESS) { |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
224 access_mask = STANDARD_RIGHTS_EXECUTE | DELETE; |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
225 status = samr_open_user(&domain_handle, access_mask, |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
226 ainfo.a_rid, &user_handle); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
227 if (status == NT_STATUS_SUCCESS) { |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
228 if (samr_delete_user(&user_handle) != 0) |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
229 (void) samr_close_handle(&user_handle); |
5331 | 230 } |
231 } | |
232 | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
233 (void) samr_close_handle(&domain_handle); |
5331 | 234 (void) samr_close_handle(&samr_handle); |
235 return (status); | |
236 } | |
237 | |
238 /* | |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
239 * sam_check_user |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
240 * |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
241 * Check to see if user have permission to access computer account. |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
242 * The user being checked is the specified user for joining the Solaris |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
243 * host to the domain. |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
244 */ |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
245 DWORD |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
246 sam_check_user(char *server, char *domain_name, char *account_name) |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
247 { |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
248 mlsvc_handle_t samr_handle; |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
249 mlsvc_handle_t domain_handle; |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
250 mlsvc_handle_t user_handle; |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
251 smb_account_t ainfo; |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
252 struct samr_sid *sid; |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
253 DWORD access_mask; |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
254 DWORD status; |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
255 int rc; |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
256 char user[SMB_USERNAME_MAXLEN]; |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
257 |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
258 smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
259 |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
260 rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION, |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
261 &samr_handle); |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
262 |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
263 if (rc != 0) |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
264 return (NT_STATUS_OPEN_FAILED); |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
265 |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
266 sid = sam_get_domain_sid(&samr_handle, server, domain_name); |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
267 status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION, sid, |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
268 &domain_handle); |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
269 free(sid); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
270 if (status != NT_STATUS_SUCCESS) { |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
271 (void) samr_close_handle(&samr_handle); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
272 return (status); |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
273 } |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
274 |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
275 status = samr_lookup_domain_names(&domain_handle, account_name, &ainfo); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
276 if (status == NT_STATUS_SUCCESS) { |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
277 /* |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
278 * Win2000 client uses this access mask. The |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
279 * following SAMR user specific rights bits are |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
280 * set: set password, set attributes, and get |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
281 * attributes. |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
282 */ |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
283 |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
284 access_mask = 0xb0; |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
285 status = samr_open_user(&domain_handle, |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
286 access_mask, ainfo.a_rid, &user_handle); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
287 if (status == NT_STATUS_SUCCESS) |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
288 (void) samr_close_handle(&user_handle); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
289 } |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
290 |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
291 (void) samr_close_handle(&domain_handle); |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
292 (void) samr_close_handle(&samr_handle); |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
293 return (status); |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
294 } |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
295 |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
296 /* |
5331 | 297 * sam_lookup_name |
298 * | |
299 * Lookup an account name in the SAM database on the specified domain | |
300 * controller. Provides the account RID on success. | |
301 * | |
302 * Returns NT status codes. | |
303 */ | |
304 DWORD | |
305 sam_lookup_name(char *server, char *domain_name, char *account_name, | |
306 DWORD *rid_ret) | |
307 { | |
308 mlsvc_handle_t samr_handle; | |
309 mlsvc_handle_t domain_handle; | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
310 smb_account_t ainfo; |
5331 | 311 struct samr_sid *domain_sid; |
312 int rc; | |
313 DWORD status; | |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
314 char user[SMB_USERNAME_MAXLEN]; |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
315 |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
316 smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); |
5331 | 317 |
318 *rid_ret = 0; | |
319 | |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
320 rc = samr_open(server, domain_name, user, SAM_LOOKUP_INFORMATION, |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
321 &samr_handle); |
5331 | 322 |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
323 if (rc != 0) |
5331 | 324 return (NT_STATUS_OPEN_FAILED); |
325 | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
326 domain_sid = (struct samr_sid *)samr_lookup_domain(&samr_handle, |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
327 domain_name); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
328 if (domain_sid == NULL) { |
5331 | 329 (void) samr_close_handle(&samr_handle); |
330 return (NT_STATUS_NO_SUCH_DOMAIN); | |
331 } | |
332 | |
333 status = samr_open_domain(&samr_handle, SAM_LOOKUP_INFORMATION, | |
334 domain_sid, &domain_handle); | |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
335 if (status == NT_STATUS_SUCCESS) { |
5331 | 336 status = samr_lookup_domain_names(&domain_handle, |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
337 account_name, &ainfo); |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
338 if (status == NT_STATUS_SUCCESS) |
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
339 *rid_ret = ainfo.a_rid; |
5331 | 340 |
341 (void) samr_close_handle(&domain_handle); | |
342 } | |
343 | |
344 (void) samr_close_handle(&samr_handle); | |
345 return (status); | |
346 } | |
347 | |
348 /* | |
349 * sam_get_local_domains | |
350 * | |
351 * Query a remote server to get the list of local domains that it | |
352 * supports. | |
353 * | |
354 * Returns NT status codes. | |
355 */ | |
356 DWORD | |
357 sam_get_local_domains(char *server, char *domain_name) | |
358 { | |
359 mlsvc_handle_t samr_handle; | |
360 DWORD status; | |
361 int rc; | |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
362 char user[SMB_USERNAME_MAXLEN]; |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
363 |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
364 smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); |
5331 | 365 |
5521
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
366 rc = samr_open(server, domain_name, user, SAM_ENUM_LOCAL_DOMAIN, |
cf62335046cd
6575640 rename/rmdir/remove on mixed file systems work incorrectly for mangled names
as200622
parents:
5331
diff
changeset
|
367 &samr_handle); |
5331 | 368 if (rc != 0) |
369 return (NT_STATUS_OPEN_FAILED); | |
370 | |
371 status = samr_enum_local_domains(&samr_handle); | |
372 (void) samr_close_handle(&samr_handle); | |
373 return (status); | |
374 } | |
375 | |
376 /* | |
377 * sam_oem_password | |
378 * | |
379 * Generate an OEM password. | |
380 */ | |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
381 int |
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
382 sam_oem_password(oem_password_t *oem_password, unsigned char *new_password, |
5331 | 383 unsigned char *old_password) |
384 { | |
385 mts_wchar_t *unicode_password; | |
386 int length; | |
387 | |
388 #ifdef PBSHORTCUT | |
389 assert(sizeof (oem_password_t) == SAM_PASSWORD_516); | |
390 #endif /* PBSHORTCUT */ | |
391 | |
392 length = strlen((char const *)new_password); | |
393 unicode_password = alloca((length + 1) * sizeof (mts_wchar_t)); | |
394 | |
395 length = smb_auth_qnd_unicode((unsigned short *)unicode_password, | |
396 (char *)new_password, length); | |
397 oem_password->length = length; | |
398 | |
399 (void) memcpy(&oem_password->data[512 - length], | |
400 unicode_password, length); | |
401 | |
402 rand_hash((unsigned char *)oem_password, sizeof (oem_password_t), | |
403 old_password, SAM_KEYLEN); | |
404 | |
405 return (0); | |
406 } | |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
407 |
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
408 static struct samr_sid * |
8670
6da349c3f817
6792084 smb_node_lookup should not take ownership of the hold on vnode passed as a parameter
jose borrego <Jose.Borrego@Sun.COM>
parents:
8334
diff
changeset
|
409 sam_get_domain_sid(mlsvc_handle_t *samr_handle, char *server, char *domain_name) |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
410 { |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
411 smb_sid_t *sid = NULL; |
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
412 smb_domainex_t domain; |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
413 |
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
414 if (ndr_rpc_server_os(samr_handle) == NATIVE_OS_WIN2000) { |
9832
3569b6c7f56c
6803042 AUXILIARY tags in libsmb mapfile produce ELF noise and bloated binary
Alan Wright <amw@Sun.COM>
parents:
8670
diff
changeset
|
415 if (!smb_domain_getinfo(&domain)) { |
3569b6c7f56c
6803042 AUXILIARY tags in libsmb mapfile produce ELF noise and bloated binary
Alan Wright <amw@Sun.COM>
parents:
8670
diff
changeset
|
416 if (lsa_query_account_domain_info(server, domain_name, |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
417 &domain.d_primary) != NT_STATUS_SUCCESS) |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
418 return (NULL); |
9832
3569b6c7f56c
6803042 AUXILIARY tags in libsmb mapfile produce ELF noise and bloated binary
Alan Wright <amw@Sun.COM>
parents:
8670
diff
changeset
|
419 } |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
420 |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
421 sid = smb_sid_fromstr(domain.d_primary.di_sid); |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
422 } else { |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
423 sid = samr_lookup_domain(samr_handle, domain_name); |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
424 } |
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
425 |
10717
fe0545fc3cdd
6612607 CIFS ADS client should use ldap_sasl_interactive_bind_s API
Alan Wright <amw@Sun.COM>
parents:
10504
diff
changeset
|
426 return ((struct samr_sid *)sid); |
8334
5f1c6a3b0fad
6762162 $DATA appended to streams when stream type != $DATA
jose borrego <Jose.Borrego@Sun.COM>
parents:
7961
diff
changeset
|
427 } |