1/* 2 * Unix SMB/CIFS implementation. 3 * RPC Pipe client / server routines 4 * Copyright (C) Andrew Tridgell 1992-1998 5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, 6 * Copyright (C) Paul Ashton 1997-1998, 7 * Copyright (C) Andrew Bartlett 2004. 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, write to the Free Software 21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22 */ 23 24/* this module apparently provides an implementation of DCE/RPC over a 25 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC 26 * documentation are available (in on-line form) from the X-Open group. 27 * 28 * this module should provide a level of abstraction between SMB 29 * and DCE/RPC, while minimising the amount of mallocs, unnecessary 30 * data copies, and network traffic. 31 * 32 * in this version, which takes a "let's learn what's going on and 33 * get something running" approach, there is additional network 34 * traffic generated, but the code should be easier to understand... 35 * 36 * ... if you read the docs. or stare at packets for weeks on end. 37 * 38 */ 39 40#include "includes.h" 41 42#undef DBGC_CLASS 43#define DBGC_CLASS DBGC_RPC_SRV 44 45/* 46 * A list of the rids of well known BUILTIN and Domain users 47 * and groups. 48 */ 49 50static const rid_name builtin_alias_rids[] = 51{ 52 { BUILTIN_ALIAS_RID_ADMINS , "Administrators" }, 53 { BUILTIN_ALIAS_RID_USERS , "Users" }, 54 { BUILTIN_ALIAS_RID_GUESTS , "Guests" }, 55 { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" }, 56 57 { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" }, 58 { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" }, 59 { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" }, 60 { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" }, 61 { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" }, 62 { 0 , NULL } 63}; 64 65/* array lookup of well-known Domain RID users. */ 66static const rid_name domain_user_rids[] = 67{ 68 { DOMAIN_USER_RID_ADMIN , "Administrator" }, 69 { DOMAIN_USER_RID_GUEST , "Guest" }, 70 { 0 , NULL } 71}; 72 73/* array lookup of well-known Domain RID groups. */ 74static const rid_name domain_group_rids[] = 75{ 76 { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" }, 77 { DOMAIN_GROUP_RID_USERS , "Domain Users" }, 78 { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" }, 79 { 0 , NULL } 80}; 81 82 83/******************************************************************* 84 gets a domain user's groups from their already-calculated NT_USER_TOKEN 85 ********************************************************************/ 86NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, 87 const NT_USER_TOKEN *nt_token, 88 int *numgroups, DOM_GID **pgids) 89{ 90 DOM_GID *gids; 91 int i; 92 93 gids = TALLOC_ARRAY(mem_ctx, DOM_GID, nt_token->num_sids); 94 95 if (!gids) { 96 return NT_STATUS_NO_MEMORY; 97 } 98 99 *numgroups=0; 100 101 for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) { 102 if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) { 103 sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid)); 104 gids[*numgroups].attr=7; 105 (*numgroups)++; 106 } 107 } 108 *pgids = gids; 109 return NT_STATUS_OK; 110} 111 112