diff options
author | David O'Neill <dmo@samba.org> | 2001-01-04 19:27:08 +0000 |
---|---|---|
committer | David O'Neill <dmo@samba.org> | 2001-01-04 19:27:08 +0000 |
commit | 23807f2b308e80a1e325c8fd2bddeec3e2e15bc5 (patch) | |
tree | 744ac3d0a34255dcfdadd83060ae9687e1a9fa1e | |
parent | 92ebc81734a8a4165f88eeba9c05a05ea2917584 (diff) | |
download | samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.tar.gz samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.tar.xz samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.zip |
Changes from APPLIANCE_HEAD:
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
-rw-r--r-- | source3/Makefile.in | 4 | ||||
-rw-r--r-- | source3/include/proto.h | 812 | ||||
-rw-r--r-- | source3/include/rpc_secdes.h | 10 | ||||
-rwxr-xr-x | source3/include/rpc_spoolss.h | 20 | ||||
-rw-r--r-- | source3/lib/util_seaccess.c | 79 | ||||
-rw-r--r-- | source3/lib/util_str.c | 1 | ||||
-rw-r--r-- | source3/nsswitch/wb_client.c | 3 | ||||
-rw-r--r-- | source3/printing/nt_printing.c | 106 | ||||
-rw-r--r-- | source3/printing/printing.c | 11 | ||||
-rw-r--r-- | source3/smbd/password.c | 8 | ||||
-rw-r--r-- | source3/smbd/sec_ctx.c | 14 | ||||
-rw-r--r-- | source3/smbd/service.c | 2 |
12 files changed, 573 insertions, 497 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 85b68f0059d..5c280aef924 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -673,10 +673,10 @@ rpc_client_proto: $(RPC_CLIENT_OBJ) etags: - etags `find . -name "*.[ch]" | grep -v /CVS/` + etags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/` ctags: - ctags `find . -name "*.[ch]" | grep -v /CVS/` + ctags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/` realclean: clean -rm -f config.log $(PROGS) $(SPROGS) bin/.dummy diff --git a/source3/include/proto.h b/source3/include/proto.h index 3f55bc3613e..267622a9791 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -223,10 +223,312 @@ void CatchChildLeaveStatus(void); int vslprintf(char *str, int n, char *format, va_list ap); +/*The following definitions come from libsmb/cliconnect.c */ + +BOOL cli_session_setup(struct cli_state *cli, + char *user, + char *pass, int passlen, + char *ntpass, int ntpasslen, + char *workgroup); +BOOL cli_ulogoff(struct cli_state *cli); +BOOL cli_send_tconX(struct cli_state *cli, + char *share, char *dev, char *pass, int passlen); +BOOL cli_tdis(struct cli_state *cli); +void cli_negprot_send(struct cli_state *cli); +BOOL cli_negprot(struct cli_state *cli); +BOOL cli_session_request(struct cli_state *cli, + struct nmb_name *calling, struct nmb_name *called); +BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip); +BOOL cli_reestablish_connection(struct cli_state *cli); +BOOL cli_establish_connection(struct cli_state *cli, + char *dest_host, struct in_addr *dest_ip, + struct nmb_name *calling, struct nmb_name *called, + char *service, char *service_type, + BOOL do_shutdown, BOOL do_tcon); +BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost, + struct in_addr *pdest_ip); + +/*The following definitions come from libsmb/clidgram.c */ + +int cli_send_mailslot(BOOL unique, char *mailslot, char *buf, int len, + const char *srcname, int src_type, + const char *dstname, int dest_type, + struct in_addr dest_ip, struct in_addr src_ip, + int dest_port); +int cli_get_response(BOOL unique, char *mailslot, char *buf, int bufsiz); +int cli_get_backup_list(const char *myname, const char *send_to_name); +int cli_get_backup_server(char *my_name, char *target, char *servername, int namesize); + +/*The following definitions come from libsmb/clientgen.c */ + +int cli_set_port(struct cli_state *cli, int port); +BOOL cli_receive_smb(struct cli_state *cli); +BOOL cli_send_smb(struct cli_state *cli); +void cli_setup_packet(struct cli_state *cli); +void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr); +struct cli_state *cli_initialise(struct cli_state *cli); +void cli_shutdown(struct cli_state *cli); +void cli_sockopt(struct cli_state *cli, char *options); +uint16 cli_setpid(struct cli_state *cli, uint16 pid); + +/*The following definitions come from libsmb/clierror.c */ + +char *cli_errstr(struct cli_state *cli); +int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num, uint32 *nt_rpc_error); + +/*The following definitions come from libsmb/clifile.c */ + +BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst); +BOOL cli_unlink(struct cli_state *cli, char *fname); +BOOL cli_mkdir(struct cli_state *cli, char *dname); +BOOL cli_rmdir(struct cli_state *cli, char *dname); +int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess); +int cli_nt_create_uni(struct cli_state *cli, char *fname, uint32 DesiredAccess); +int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode); +BOOL cli_close(struct cli_state *cli, int fnum); +BOOL cli_lock(struct cli_state *cli, int fnum, + uint32 offset, uint32 len, int timeout, enum brl_type lock_type); +BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len); +BOOL cli_lock64(struct cli_state *cli, int fnum, + SMB_BIG_UINT offset, SMB_BIG_UINT len, int timeout, enum brl_type lock_type); +BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_UINT len); +BOOL cli_getattrE(struct cli_state *cli, int fd, + uint16 *attr, size_t *size, + time_t *c_time, time_t *a_time, time_t *m_time); +BOOL cli_getatr(struct cli_state *cli, char *fname, + uint16 *attr, size_t *size, time_t *t); +BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t); +BOOL cli_chkpath(struct cli_state *cli, char *path); +BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail); + +/*The following definitions come from libsmb/clilist.c */ + +int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, + void (*fn)(file_info *, const char *)); +int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, + void (*fn)(file_info *, const char *)); + +/*The following definitions come from libsmb/cli_lsarpc.c */ + +struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name, + struct ntuser_creds *creds); +void cli_lsa_shutdown(struct cli_state *cli); +uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, + uint32 des_access, POLICY_HND *hnd); +uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd); +uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd, + int num_sids, DOM_SID *sids, char ***names, + uint32 **types, int *num_names); +uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, + int num_names, char **names, DOM_SID **sids, + uint32 **types, int *num_sids); +uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *hnd, + uint16 info_class, fstring domain_name, + DOM_SID * domain_sid); + +/*The following definitions come from libsmb/climessage.c */ + +BOOL cli_message_start(struct cli_state *cli, char *host, char *username, + int *grp); +BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp); +BOOL cli_message_end(struct cli_state *cli, int grp); + +/*The following definitions come from libsmb/cliprint.c */ + +int cli_print_queue(struct cli_state *cli, + void (*fn)(struct print_job_info *)); +int cli_printjob_del(struct cli_state *cli, int job); + +/*The following definitions come from libsmb/clirap.c */ + +BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, int pipe_name_len, + uint16 *setup, uint32 setup_count, uint32 max_setup_count, + char *params, uint32 param_count, uint32 max_param_count, + char *data, uint32 data_count, uint32 max_data_count, + char **rparam, uint32 *rparam_count, + char **rdata, uint32 *rdata_count); +BOOL cli_api(struct cli_state *cli, + char *param, int prcnt, int mprcnt, + char *data, int drcnt, int mdrcnt, + char **rparam, int *rprcnt, + char **rdata, int *rdrcnt); +BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation); +int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *, void *), void *state); +BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, + void (*fn)(const char *, uint32, const char *, void *), + void *state); +BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password, + const char *old_password); +BOOL cli_qpathinfo(struct cli_state *cli, const char *fname, + time_t *c_time, time_t *a_time, time_t *m_time, + size_t *size, uint16 *mode); +BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname, + time_t *c_time, time_t *a_time, time_t *m_time, + time_t *w_time, size_t *size, uint16 *mode, + SMB_INO_T *ino); +BOOL cli_qfileinfo(struct cli_state *cli, int fnum, + uint16 *mode, size_t *size, + time_t *c_time, time_t *a_time, time_t *m_time, + time_t *w_time, SMB_INO_T *ino); + +/*The following definitions come from libsmb/clireadwrite.c */ + +size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size); +ssize_t cli_write(struct cli_state *cli, + int fnum, uint16 write_mode, + char *buf, off_t offset, size_t size); +ssize_t cli_smbwrite(struct cli_state *cli, + int fnum, char *buf, off_t offset, size_t size1); + +/*The following definitions come from libsmb/clisecdesc.c */ + +SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd); +BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd); + +/*The following definitions come from libsmb/clitrans.c */ + +BOOL cli_send_trans(struct cli_state *cli, int trans, + char *name, int pipe_name_len, + int fid, int flags, + uint16 *setup, int lsetup, int msetup, + char *param, int lparam, int mparam, + char *data, int ldata, int mdata); +BOOL cli_receive_trans(struct cli_state *cli,int trans, + char **param, int *param_len, + char **data, int *data_len); +BOOL cli_send_nt_trans(struct cli_state *cli, + int function, + int flags, + uint16 *setup, int lsetup, int msetup, + char *param, int lparam, int mparam, + char *data, int ldata, int mdata); +BOOL cli_receive_nt_trans(struct cli_state *cli, + char **param, int *param_len, + char **data, int *data_len); + +/*The following definitions come from libsmb/credentials.c */ + +char *credstr(uchar *cred); +void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, + uchar session_key[8]); +void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, + DOM_CHAL *cred); +int cred_assert(DOM_CHAL *cred, uchar session_key[8], DOM_CHAL *stored_cred, + UTIME timestamp); +BOOL clnt_deal_with_creds(uchar sess_key[8], + DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred); +BOOL deal_with_creds(uchar sess_key[8], + DOM_CRED *sto_clnt_cred, + DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred); + +/*The following definitions come from libsmb/namequery.c */ + +struct node_status *name_status_query(int fd,struct nmb_name *name, + struct in_addr to_ip, int *num_names); +BOOL name_status_find(int type, struct in_addr to_ip, char *name); +struct in_addr *name_query(int fd,const char *name,int name_type, + BOOL bcast,BOOL recurse, + struct in_addr to_ip, int *count); +FILE *startlmhosts(char *fname); +BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr); +void endlmhosts(FILE *fp); +BOOL name_resolve_bcast(const char *name, int name_type, + struct in_addr **return_ip_list, int *return_count); +BOOL is_ip_address(const char *name); +BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type); +BOOL resolve_srv_name(const char* srv_name, fstring dest_host, + struct in_addr *ip); +BOOL find_master_ip(char *group, struct in_addr *master_ip); +BOOL lookup_pdc_name(const char *srcname, const char *domain, struct in_addr *pdc_ip, char *ret_name); +BOOL get_dc_list(BOOL pdc_only, char *group, struct in_addr **ip_list, int *count); + +/*The following definitions come from libsmb/nmblib.c */ + +void debug_nmb_packet(struct packet_struct *p); +char *nmb_namestr(struct nmb_name *n); +struct packet_struct *copy_packet(struct packet_struct *packet); +void free_packet(struct packet_struct *packet); +struct packet_struct *parse_packet(char *buf,int length, + enum packet_type packet_type); +struct packet_struct *read_packet(int fd,enum packet_type packet_type); +void make_nmb_name( struct nmb_name *n, const char *name, int type); +BOOL nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2); +int build_packet(char *buf, struct packet_struct *p); +BOOL send_packet(struct packet_struct *p); +struct packet_struct *receive_packet(int fd,enum packet_type type,int t); +struct packet_struct *receive_nmb_packet(int fd, int t, int trn_id); +struct packet_struct *receive_dgram_packet(int fd, int t, char *mailslot_name); +BOOL match_mailslot_name(struct packet_struct *p, char *mailslot_name); +void sort_query_replies(char *data, int n, struct in_addr ip); +char *dns_to_netbios_name(char *dns_name); +int name_mangle( char *In, char *Out, char name_type ); +int name_extract(char *buf,int ofs,char *name); +int name_len(char *s1); + +/*The following definitions come from libsmb/nterr.c */ + +BOOL get_safe_nt_error_msg(uint32 nt_code,char *msg, size_t len); +char *get_nt_error_msg(uint32 nt_code); + +/*The following definitions come from libsmb/passchange.c */ + +BOOL remote_password_change(const char *remote_machine, const char *user_name, + const char *old_passwd, const char *new_passwd, + char *err_str, size_t err_str_len); + +/*The following definitions come from libsmb/pwd_cache.c */ + +void pwd_init(struct pwd_info *pwd); +BOOL pwd_is_nullpwd(const struct pwd_info *pwd); +BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2); +void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt); +void pwd_set_nullpwd(struct pwd_info *pwd); +void pwd_set_cleartext(struct pwd_info *pwd, char *clr); +void pwd_get_cleartext(struct pwd_info *pwd, char *clr); +void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); +void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); +void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr); +void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]); +void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]); + /*The following definitions come from lib/smbrun.c */ int smbrun(char *cmd,char *outfile,BOOL shared); +/*The following definitions come from libsmb/smbdes.c */ + +void E_P16(unsigned char *p14,unsigned char *p16); +void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); +void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out); +void E_old_pw_hash( unsigned char *p14, unsigned char *in, unsigned char *out); +void cred_hash1(unsigned char *out,unsigned char *in,unsigned char *key); +void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key); +void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key, int forw); +void SamOEMhash( unsigned char *data, unsigned char *key, int val); + +/*The following definitions come from libsmb/smbencrypt.c */ + +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24); +void E_md4hash(uchar *passwd, uchar *p16); +void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]); +void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); +void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]); +void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); +BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode); +BOOL decode_pw_buffer(char buffer[516], char *new_pwrd, + int new_pwrd_size, uint32 *new_pw_len); + +/*The following definitions come from libsmb/smberr.c */ + +char *smb_errstr(char *inbuf); + +/*The following definitions come from libsmb/unexpected.c */ + +void unexpected_packet(struct packet_struct *p); +void clear_unexpected(time_t t); +struct packet_struct *receive_unexpected(enum packet_type packet_type, int id, + char *mailslot_name); + /*The following definitions come from lib/snprintf.c */ @@ -348,6 +650,23 @@ BOOL user_in_group_list(char *user,char *gname); BOOL user_in_list(char *user,char *list); struct passwd *smb_getpwnam(char *user, BOOL allow_change); +/*The following definitions come from lib/util_array.c */ + +void free_void_array(uint32 num_entries, void **entries, + void(free_item)(void*)); +void* add_copy_to_array(uint32 *len, void ***array, const void *item, + void*(item_dup)(const void*), BOOL alloc_anyway); +void* add_item_to_array(uint32 *len, void ***array, void *item); +void free_use_info_array(uint32 num_entries, struct use_info **entries); +struct use_info* add_use_info_to_array(uint32 *len, struct use_info ***array, + const struct use_info *name); +void free_char_array(uint32 num_entries, char **entries); +char* add_chars_to_array(uint32 *len, char ***array, const char *name); +void free_uint32_array(uint32 num_entries, uint32 **entries); +uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name); +void free_sid_array(uint32 num_entries, DOM_SID **entries); +DOM_SID* add_sid_to_array(uint32 *len, DOM_SID ***array, const DOM_SID *sid); + /*The following definitions come from lib/util.c */ char *tmpdir(void); @@ -414,23 +733,6 @@ BOOL ms_has_wild(char *s); BOOL mask_match(char *string, char *pattern, BOOL is_case_sensitive); int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6); -/*The following definitions come from lib/util_array.c */ - -void free_void_array(uint32 num_entries, void **entries, - void(free_item)(void*)); -void* add_copy_to_array(uint32 *len, void ***array, const void *item, - void*(item_dup)(const void*), BOOL alloc_anyway); -void* add_item_to_array(uint32 *len, void ***array, void *item); -void free_use_info_array(uint32 num_entries, struct use_info **entries); -struct use_info* add_use_info_to_array(uint32 *len, struct use_info ***array, - const struct use_info *name); -void free_char_array(uint32 num_entries, char **entries); -char* add_chars_to_array(uint32 *len, char ***array, const char *name); -void free_uint32_array(uint32 num_entries, uint32 **entries); -uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name); -void free_sid_array(uint32 num_entries, DOM_SID **entries); -DOM_SID* add_sid_to_array(uint32 *len, DOM_SID ***array, const DOM_SID *sid); - /*The following definitions come from lib/util_file.c */ BOOL do_file_lock(int fd, int waitsecs, int type); @@ -462,6 +764,7 @@ struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd); /*The following definitions come from lib/util_seaccess.c */ +void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping); BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status); @@ -653,296 +956,6 @@ struct in_addr wins_srv_ip( void ); void wins_srv_died( struct in_addr boothill_ip ); unsigned long wins_srv_count( void ); -/*The following definitions come from libsmb/cli_lsarpc.c */ - -struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds); -void cli_lsa_shutdown(struct cli_state *cli); -uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, - uint32 des_access, POLICY_HND *hnd); -uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd); -uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd, - int num_sids, DOM_SID *sids, char ***names, - uint32 **types, int *num_names); -uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, - int num_names, char **names, DOM_SID **sids, - uint32 **types, int *num_sids); -uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *hnd, - uint16 info_class, fstring domain_name, - DOM_SID * domain_sid); - -/*The following definitions come from libsmb/cliconnect.c */ - -BOOL cli_session_setup(struct cli_state *cli, - char *user, - char *pass, int passlen, - char *ntpass, int ntpasslen, - char *workgroup); -BOOL cli_ulogoff(struct cli_state *cli); -BOOL cli_send_tconX(struct cli_state *cli, - char *share, char *dev, char *pass, int passlen); -BOOL cli_tdis(struct cli_state *cli); -void cli_negprot_send(struct cli_state *cli); -BOOL cli_negprot(struct cli_state *cli); -BOOL cli_session_request(struct cli_state *cli, - struct nmb_name *calling, struct nmb_name *called); -BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip); -BOOL cli_reestablish_connection(struct cli_state *cli); -BOOL cli_establish_connection(struct cli_state *cli, - char *dest_host, struct in_addr *dest_ip, - struct nmb_name *calling, struct nmb_name *called, - char *service, char *service_type, - BOOL do_shutdown, BOOL do_tcon); -BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost, - struct in_addr *pdest_ip); - -/*The following definitions come from libsmb/clientgen.c */ - -int cli_set_port(struct cli_state *cli, int port); -BOOL cli_receive_smb(struct cli_state *cli); -BOOL cli_send_smb(struct cli_state *cli); -void cli_setup_packet(struct cli_state *cli); -void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr); -struct cli_state *cli_initialise(struct cli_state *cli); -void cli_shutdown(struct cli_state *cli); -void cli_sockopt(struct cli_state *cli, char *options); -uint16 cli_setpid(struct cli_state *cli, uint16 pid); - -/*The following definitions come from libsmb/clierror.c */ - -char *cli_errstr(struct cli_state *cli); -int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num, uint32 *nt_rpc_error); - -/*The following definitions come from libsmb/clifile.c */ - -BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst); -BOOL cli_unlink(struct cli_state *cli, char *fname); -BOOL cli_mkdir(struct cli_state *cli, char *dname); -BOOL cli_rmdir(struct cli_state *cli, char *dname); -int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess); -int cli_nt_create_uni(struct cli_state *cli, char *fname, uint32 DesiredAccess); -int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode); -BOOL cli_close(struct cli_state *cli, int fnum); -BOOL cli_lock(struct cli_state *cli, int fnum, - uint32 offset, uint32 len, int timeout, enum brl_type lock_type); -BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len); -BOOL cli_lock64(struct cli_state *cli, int fnum, - SMB_BIG_UINT offset, SMB_BIG_UINT len, int timeout, enum brl_type lock_type); -BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_UINT len); -BOOL cli_getattrE(struct cli_state *cli, int fd, - uint16 *attr, size_t *size, - time_t *c_time, time_t *a_time, time_t *m_time); -BOOL cli_getatr(struct cli_state *cli, char *fname, - uint16 *attr, size_t *size, time_t *t); -BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t); -BOOL cli_chkpath(struct cli_state *cli, char *path); -BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail); - -/*The following definitions come from libsmb/clilist.c */ - -int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, - void (*fn)(file_info *, const char *)); -int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, - void (*fn)(file_info *, const char *)); - -/*The following definitions come from libsmb/climessage.c */ - -BOOL cli_message_start(struct cli_state *cli, char *host, char *username, - int *grp); -BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp); -BOOL cli_message_end(struct cli_state *cli, int grp); - -/*The following definitions come from libsmb/cliprint.c */ - -int cli_print_queue(struct cli_state *cli, - void (*fn)(struct print_job_info *)); -int cli_printjob_del(struct cli_state *cli, int job); - -/*The following definitions come from libsmb/clirap.c */ - -BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, int pipe_name_len, - uint16 *setup, uint32 setup_count, uint32 max_setup_count, - char *params, uint32 param_count, uint32 max_param_count, - char *data, uint32 data_count, uint32 max_data_count, - char **rparam, uint32 *rparam_count, - char **rdata, uint32 *rdata_count); -BOOL cli_api(struct cli_state *cli, - char *param, int prcnt, int mprcnt, - char *data, int drcnt, int mdrcnt, - char **rparam, int *rprcnt, - char **rdata, int *rdrcnt); -BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation); -int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *)); -BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, - void (*fn)(const char *, uint32, const char *)); -BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password, - const char *old_password); -BOOL cli_qpathinfo(struct cli_state *cli, const char *fname, - time_t *c_time, time_t *a_time, time_t *m_time, - size_t *size, uint16 *mode); -BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname, - time_t *c_time, time_t *a_time, time_t *m_time, - time_t *w_time, size_t *size, uint16 *mode, - SMB_INO_T *ino); -BOOL cli_qfileinfo(struct cli_state *cli, int fnum, - uint16 *mode, size_t *size, - time_t *c_time, time_t *a_time, time_t *m_time, - time_t *w_time, SMB_INO_T *ino); - -/*The following definitions come from libsmb/clireadwrite.c */ - -size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size); -ssize_t cli_write(struct cli_state *cli, - int fnum, uint16 write_mode, - char *buf, off_t offset, size_t size); -ssize_t cli_smbwrite(struct cli_state *cli, - int fnum, char *buf, off_t offset, size_t size1); - -/*The following definitions come from libsmb/clisecdesc.c */ - -SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd); -BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd); - -/*The following definitions come from libsmb/clitrans.c */ - -BOOL cli_send_trans(struct cli_state *cli, int trans, - char *name, int pipe_name_len, - int fid, int flags, - uint16 *setup, int lsetup, int msetup, - char *param, int lparam, int mparam, - char *data, int ldata, int mdata); -BOOL cli_receive_trans(struct cli_state *cli,int trans, - char **param, int *param_len, - char **data, int *data_len); -BOOL cli_send_nt_trans(struct cli_state *cli, - int function, - int flags, - uint16 *setup, int lsetup, int msetup, - char *param, int lparam, int mparam, - char *data, int ldata, int mdata); -BOOL cli_receive_nt_trans(struct cli_state *cli, - char **param, int *param_len, - char **data, int *data_len); - -/*The following definitions come from libsmb/credentials.c */ - -char *credstr(uchar *cred); -void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, - uchar session_key[8]); -void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, - DOM_CHAL *cred); -int cred_assert(DOM_CHAL *cred, uchar session_key[8], DOM_CHAL *stored_cred, - UTIME timestamp); -BOOL clnt_deal_with_creds(uchar sess_key[8], - DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred); -BOOL deal_with_creds(uchar sess_key[8], - DOM_CRED *sto_clnt_cred, - DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred); - -/*The following definitions come from libsmb/namequery.c */ - -struct node_status *name_status_query(int fd,struct nmb_name *name, - struct in_addr to_ip, int *num_names); -BOOL name_status_find(int type, struct in_addr to_ip, char *name); -struct in_addr *name_query(int fd,const char *name,int name_type, - BOOL bcast,BOOL recurse, - struct in_addr to_ip, int *count); -FILE *startlmhosts(char *fname); -BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr); -void endlmhosts(FILE *fp); -BOOL name_resolve_bcast(const char *name, int name_type, - struct in_addr **return_ip_list, int *return_count); -BOOL is_ip_address(const char *name); -BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type); -BOOL resolve_srv_name(const char* srv_name, fstring dest_host, - struct in_addr *ip); -BOOL find_master_ip(char *group, struct in_addr *master_ip); -BOOL lookup_pdc_name(const char *srcname, const char *domain, struct in_addr *pdc_ip, char *ret_name); -BOOL get_dc_list(BOOL pdc_only, char *group, struct in_addr **ip_list, int *count); - -/*The following definitions come from libsmb/nmblib.c */ - -void debug_nmb_packet(struct packet_struct *p); -char *nmb_namestr(struct nmb_name *n); -struct packet_struct *copy_packet(struct packet_struct *packet); -void free_packet(struct packet_struct *packet); -struct packet_struct *parse_packet(char *buf,int length, - enum packet_type packet_type); -struct packet_struct *read_packet(int fd,enum packet_type packet_type); -void make_nmb_name( struct nmb_name *n, const char *name, int type); -BOOL nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2); -int build_packet(char *buf, struct packet_struct *p); -BOOL send_packet(struct packet_struct *p); -struct packet_struct *receive_packet(int fd,enum packet_type type,int t); -struct packet_struct *receive_nmb_packet(int fd, int t, int trn_id); -struct packet_struct *receive_dgram_packet(int fd, int t, char *mailslot_name); -BOOL match_mailslot_name(struct packet_struct *p, char *mailslot_name); -void sort_query_replies(char *data, int n, struct in_addr ip); -char *dns_to_netbios_name(char *dns_name); -int name_mangle( char *In, char *Out, char name_type ); -int name_extract(char *buf,int ofs,char *name); -int name_len(char *s1); - -/*The following definitions come from libsmb/nterr.c */ - -BOOL get_safe_nt_error_msg(uint32 nt_code,char *msg, size_t len); -char *get_nt_error_msg(uint32 nt_code); - -/*The following definitions come from libsmb/passchange.c */ - -BOOL remote_password_change(const char *remote_machine, const char *user_name, - const char *old_passwd, const char *new_passwd, - char *err_str, size_t err_str_len); - -/*The following definitions come from libsmb/pwd_cache.c */ - -void pwd_init(struct pwd_info *pwd); -BOOL pwd_is_nullpwd(const struct pwd_info *pwd); -BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2); -void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt); -void pwd_set_nullpwd(struct pwd_info *pwd); -void pwd_set_cleartext(struct pwd_info *pwd, char *clr); -void pwd_get_cleartext(struct pwd_info *pwd, char *clr); -void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); -void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); -void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr); -void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]); -void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]); - -/*The following definitions come from libsmb/smbdes.c */ - -void E_P16(unsigned char *p14,unsigned char *p16); -void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); -void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out); -void E_old_pw_hash( unsigned char *p14, unsigned char *in, unsigned char *out); -void cred_hash1(unsigned char *out,unsigned char *in,unsigned char *key); -void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key); -void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key, int forw); -void SamOEMhash( unsigned char *data, unsigned char *key, int val); - -/*The following definitions come from libsmb/smbencrypt.c */ - -void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24); -void E_md4hash(uchar *passwd, uchar *p16); -void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]); -void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); -void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]); -void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); -BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode); -BOOL decode_pw_buffer(char buffer[516], char *new_pwrd, - int new_pwrd_size, uint32 *new_pw_len); - -/*The following definitions come from libsmb/smberr.c */ - -char *smb_errstr(char *inbuf); - -/*The following definitions come from libsmb/unexpected.c */ - -void unexpected_packet(struct packet_struct *p); -void clear_unexpected(time_t t); -struct packet_struct *receive_unexpected(enum packet_type packet_type, int id, - char *mailslot_name); - /*The following definitions come from locking/brlock.c */ void brl_init(int read_only); @@ -1029,9 +1042,6 @@ BOOL queue_dns_query(struct packet_struct *p,struct nmb_name *question, struct name_record **n); void kill_async_dns_child(void); -/*The following definitions come from nmbd/nmbd.c */ - - /*The following definitions come from nmbd/nmbd_become_dmb.c */ void add_domain_names(time_t t); @@ -1062,6 +1072,9 @@ void announce_and_sync_with_domain_master_browser( struct subnet_record *subrec, void collect_all_workgroup_names_from_wins_server(time_t t); void sync_all_dmbs(time_t t); +/*The following definitions come from nmbd/nmbd.c */ + + /*The following definitions come from nmbd/nmbd_elections.c */ void check_master_browser_exists(time_t t); @@ -1852,6 +1865,7 @@ BOOL get_specific_param(NT_PRINTER_INFO_LEVEL printer, uint32 level, fstring value, uint8 **data, uint32 *type, uint32 *len); uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr); BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr); +void map_printer_permissions(SEC_DESC *sd); BOOL print_access_check(struct current_user *user, int snum, int access_type); BOOL print_time_access_check(int snum); #endif @@ -1866,11 +1880,6 @@ void pcap_printer_fn(void (*fn)(char *, char *)); void cups_printer_fn(void (*fn)(char *, char *)); int cups_printername_ok(char *name); -/*The following definitions come from printing/print_svid.c */ - -void sysv_printer_fn(void (*fn)(char *, char *)); -int sysv_printername_ok(char *name); - /*The following definitions come from printing/printfsp.c */ #if OLD_NTDOMAIN @@ -1903,6 +1912,11 @@ BOOL print_queue_resume(struct current_user *user, int snum, int *errcode); BOOL print_queue_purge(struct current_user *user, int snum, int *errcode); #endif +/*The following definitions come from printing/print_svid.c */ + +void sysv_printer_fn(void (*fn)(char *, char *)); +int sysv_printername_ok(char *name); + /*The following definitions come from profile/profile.c */ void profile_message(int msg_type, pid_t src, void *buf, size_t len); @@ -2158,6 +2172,62 @@ BOOL do_wks_query_info(struct cli_state *cli, char *server_name, uint32 switch_value, WKS_INFO_100 *wks100); +/*The following definitions come from rpcclient/cmd_lsarpc.c */ + +uint32 cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]); +uint32 cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[]); +void add_lsa_commands(void); + +/*The following definitions come from rpcclient/cmd_spoolss.c */ + +uint32 cmd_spoolss_enum_printers(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_enum_ports(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_enum_printerdata(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_getprinter(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_enum_jobs(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_open_printer_ex(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_getprinterdata(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_getprinterdriver(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_enumprinterdrivers(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_getprinterdriverdir(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_addprinterex(struct client_info *info, int argc, char *argv[]); +uint32 cmd_spoolss_addprinterdriver(struct client_info *info, int argc, char *argv[]); +void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch); +BOOL init_drv_info_3_members (DRIVER_INFO_3 *info, char *args); +void free_drv_info_3 (DRIVER_INFO_3 *info); + +/*The following definitions come from rpcclient/display_sec.c */ + +void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *const sec); + +/*The following definitions come from rpcclient/display_spool.c */ + +void display_printer_info_ctr(FILE *out_hnd, enum action_type action, uint32 level, + uint32 count, PRINTER_INFO_CTR ctr); +void display_port_info_ctr(FILE *out_hnd, enum action_type action, uint32 level, + uint32 count, PORT_INFO_CTR *ctr); +void display_port_info_1(FILE *out_hnd, enum action_type action, PORT_INFO_1 *i1); +void display_port_info_2(FILE *out_hnd, enum action_type action, PORT_INFO_2 *i2); +void display_printer_enumdata(FILE *out_hnd, enum action_type action, uint32 idx, + uint32 valuelen, uint16 *value, uint32 rvaluelen, + uint32 type, + uint32 datalen, uint8 *data, uint32 rdatalen); +void display_job_info_2(FILE *out_hnd, enum action_type action, + JOB_INFO_2 *const i2); +void display_job_info_1(FILE *out_hnd, enum action_type action, + JOB_INFO_1 *const i1); +void display_job_info_2_ctr(FILE *out_hnd, enum action_type action, + uint32 count, JOB_INFO_2 *const *const ctr); +void display_job_info_1_ctr(FILE *out_hnd, enum action_type action, + uint32 count, JOB_INFO_1 *const *const ctr); +void display_job_info_ctr(FILE *out_hnd, enum action_type action, + uint32 level, uint32 count, + void *const *const ctr); +void display_printer_driver_ctr(FILE *out_hnd, enum action_type action, uint32 level, + uint32 count, PRINTER_DRIVER_CTR ctr); +void display_printerdriverdir_info_ctr(FILE *out_hnd, enum action_type action, uint32 level, + DRIVER_DIRECTORY_CTR ctr); + /*The following definitions come from rpc_client/msrpc_spoolss.c */ void init_buffer(NEW_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx); @@ -2207,6 +2277,13 @@ struct ncacn_np *ncacn_np_use_add(const char *pipe_name, const struct ntuser_creds *ntc, BOOL reuse, BOOL *is_new_connection); +/*The following definitions come from rpcclient/rpcclient.c */ + + +/*The following definitions come from rpcclient/spoolss_cmds.c */ + +void add_spl_commands(void); + /*The following definitions come from rpc_parse/parse_creds.c */ BOOL make_creds_unix(CREDS_UNIX *r_u, const char* user_name, @@ -3361,69 +3438,6 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid); BOOL api_wkssvc_rpc(pipes_struct *p); #endif -/*The following definitions come from rpcclient/cmd_lsarpc.c */ - -uint32 cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]); -uint32 cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[]); -void add_lsa_commands(void); - -/*The following definitions come from rpcclient/cmd_spoolss.c */ - -uint32 cmd_spoolss_enum_printers(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_enum_ports(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_enum_printerdata(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_getprinter(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_enum_jobs(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_open_printer_ex(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_getprinterdata(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_getprinterdriver(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_enumprinterdrivers(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_getprinterdriverdir(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_addprinterex(struct client_info *info, int argc, char *argv[]); -uint32 cmd_spoolss_addprinterdriver(struct client_info *info, int argc, char *argv[]); -void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch); -BOOL init_drv_info_3_members (DRIVER_INFO_3 *info, char *args); -void free_drv_info_3 (DRIVER_INFO_3 *info); - -/*The following definitions come from rpcclient/display_sec.c */ - -void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *const sec); - -/*The following definitions come from rpcclient/display_spool.c */ - -void display_printer_info_ctr(FILE *out_hnd, enum action_type action, uint32 level, - uint32 count, PRINTER_INFO_CTR ctr); -void display_port_info_ctr(FILE *out_hnd, enum action_type action, uint32 level, - uint32 count, PORT_INFO_CTR *ctr); -void display_port_info_1(FILE *out_hnd, enum action_type action, PORT_INFO_1 *i1); -void display_port_info_2(FILE *out_hnd, enum action_type action, PORT_INFO_2 *i2); -void display_printer_enumdata(FILE *out_hnd, enum action_type action, uint32 idx, - uint32 valuelen, uint16 *value, uint32 rvaluelen, - uint32 type, - uint32 datalen, uint8 *data, uint32 rdatalen); -void display_job_info_2(FILE *out_hnd, enum action_type action, - JOB_INFO_2 *const i2); -void display_job_info_1(FILE *out_hnd, enum action_type action, - JOB_INFO_1 *const i1); -void display_job_info_2_ctr(FILE *out_hnd, enum action_type action, - uint32 count, JOB_INFO_2 *const *const ctr); -void display_job_info_1_ctr(FILE *out_hnd, enum action_type action, - uint32 count, JOB_INFO_1 *const *const ctr); -void display_job_info_ctr(FILE *out_hnd, enum action_type action, - uint32 level, uint32 count, - void *const *const ctr); -void display_printer_driver_ctr(FILE *out_hnd, enum action_type action, uint32 level, - uint32 count, PRINTER_DRIVER_CTR ctr); -void display_printerdriverdir_info_ctr(FILE *out_hnd, enum action_type action, uint32 level, - DRIVER_DIRECTORY_CTR ctr); - -/*The following definitions come from rpcclient/rpcclient.c */ - - -/*The following definitions come from rpcclient/spoolss_cmds.c */ - -void add_spl_commands(void); - /*The following definitions come from smbd/blocking.c */ #if OLD_NTDOMAIN @@ -3930,6 +3944,27 @@ BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype); BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype); #endif +/*The following definitions come from smbd/vfs.c */ + +#if OLD_NTDOMAIN +int vfs_init_default(connection_struct *conn); +BOOL vfs_init_custom(connection_struct *conn); +BOOL vfs_directory_exist(connection_struct *conn, char *dname, SMB_STRUCT_STAT *st); +int vfs_mkdir(connection_struct *conn, char *fname, mode_t mode); +char *vfs_getwd(connection_struct *conn, char *unix_path); +BOOL vfs_file_exist(connection_struct *conn,char *fname,SMB_STRUCT_STAT *sbuf); +ssize_t vfs_read_data(files_struct *fsp, char *buf, size_t byte_count); +ssize_t vfs_write_data(files_struct *fsp,char *buffer,size_t N); +int vfs_set_filelen(files_struct *fsp, SMB_OFF_T len); +SMB_OFF_T vfs_transfer_file(int in_fd, files_struct *in_fsp, + int out_fd, files_struct *out_fsp, + SMB_OFF_T n, char *header, int headlen, int align); +char *vfs_readdirname(connection_struct *conn, void *p); +int vfs_ChDir(connection_struct *conn, char *path); +char *vfs_GetWd(connection_struct *conn, char *path); +BOOL reduce_name(connection_struct *conn, char *s,char *dir,BOOL widelinks); +#endif + /*The following definitions come from smbd/vfs-wrap.c */ #if OLD_NTDOMAIN @@ -3966,27 +4001,6 @@ BOOL vfswrap_fset_nt_acl(files_struct *fsp, int fd, uint32 security_info_sent, S BOOL vfswrap_set_nt_acl(files_struct *fsp, char *name, uint32 security_info_sent, SEC_DESC *psd); #endif -/*The following definitions come from smbd/vfs.c */ - -#if OLD_NTDOMAIN -int vfs_init_default(connection_struct *conn); -BOOL vfs_init_custom(connection_struct *conn); -BOOL vfs_directory_exist(connection_struct *conn, char *dname, SMB_STRUCT_STAT *st); -int vfs_mkdir(connection_struct *conn, char *fname, mode_t mode); -char *vfs_getwd(connection_struct *conn, char *unix_path); -BOOL vfs_file_exist(connection_struct *conn,char *fname,SMB_STRUCT_STAT *sbuf); -ssize_t vfs_read_data(files_struct *fsp, char *buf, size_t byte_count); -ssize_t vfs_write_data(files_struct *fsp,char *buffer,size_t N); -int vfs_set_filelen(files_struct *fsp, SMB_OFF_T len); -SMB_OFF_T vfs_transfer_file(int in_fd, files_struct *in_fsp, - int out_fd, files_struct *out_fsp, - SMB_OFF_T n, char *header, int headlen, int align); -char *vfs_readdirname(connection_struct *conn, void *p); -int vfs_ChDir(connection_struct *conn, char *path); -char *vfs_GetWd(connection_struct *conn, char *path); -BOOL reduce_name(connection_struct *conn, char *s,char *dir,BOOL widelinks); -#endif - /*The following definitions come from smbwrapper/realcalls.c */ int real_utime(const char *name, struct utimbuf *buf); diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index a5c5758434f..ab8a24d2d61 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -156,4 +156,14 @@ typedef struct sec_desc_buf_info #define _SEC_DESC_BUF #endif +/* A type to describe the mapping of generic access rights to object + specific access rights. */ + +typedef struct generic_mapping { + uint32 generic_read; + uint32 generic_write; + uint32 generic_execute; + uint32 generic_all; +} GENERIC_MAPPING; + #endif /* _RPC_SECDES_H */ diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h index 94cfb45dfed..33541c12fe0 100755 --- a/source3/include/rpc_spoolss.h +++ b/source3/include/rpc_spoolss.h @@ -148,24 +148,19 @@ #define PRINTER_STATUS_POWER_SAVE 0x01000000 -/* Printer permissions ACE settings. NT4 uses generic and standard access - rights whereas NT5 converts them all to object specific access rights. */ - -#define PRINTER_ACE_FULL_CONTROL GENERIC_ALL_ACCESS -#define PRINTER_ACE_MANAGE_DOCUMENTS READ_CONTROL_ACCESS -#define PRINTER_ACE_PRINT \ - (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS) - -#define PRINTER_ACE_NT5_FULL_CONTROL 0x000f000c -#define PRINTER_ACE_NT5_PRINT 0x00020000 -#define PRINTER_ACE_NT5_MANAGE_DOCUMENTS 0x00020008 - #define SERVER_ACCESS_ADMINISTER 0x00000001 #define SERVER_ACCESS_ENUMERATE 0x00000002 #define PRINTER_ACCESS_ADMINISTER 0x00000004 #define PRINTER_ACCESS_USE 0x00000008 #define JOB_ACCESS_ADMINISTER 0x00000010 +/* ACE masks for the various print permissions */ + +#define PRINTER_ACE_FULL_CONTROL GENERIC_ALL_ACCESS +#define PRINTER_ACE_MANAGE_DOCUMENTS READ_CONTROL_ACCESS +#define PRINTER_ACE_PRINT \ + (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS) + /* Access rights for print servers */ #define SERVER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE #define SERVER_READ STANDARD_RIGHTS_READ_ACCESS|SERVER_ACCESS_ENUMERATE @@ -1824,5 +1819,4 @@ SPOOL_R_REPLY_RRPCN; #define PRINTER_DRIVER_VERSION 2 #define PRINTER_DRIVER_ARCHITECTURE "Windows NT x86" - #endif /* _RPC_SPOOLSS_H */ diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 87d0f3bb688..68f900b34db 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -51,6 +51,32 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, { uint32 mask = ace->info.mask; +#if 0 + + /* I think there is some aspect of inheritable ACEs that we don't + understand. A 'Manage Documents' permission has the following + ACE entries (after generic mapping has been applied): + + S-1-5-21-1067277791-1719175008-3000797951-1033 0 9 0x000f000c + S-1-5-21-1067277791-1719175008-3000797951-1033 0 2 0x00020000 + + Now a user wanting to print calls se_access_check() with desired + access PRINTER_ACCESS_USE (0x00000008). This is only allowed if + the inherit only ACE, flags & SEC_ACE_FLAG_INHERIT_ONLY (0x8) is + checked. A similar argument is used to explain how a user with + 'Full Control' permission can print. + + Having both the flags SEC_ACE_FLAG_INHERIT_ONLY and + SEC_ACE_FLAG_OBJECT_INHERIT set in an ACE doesn't seem to make + sense. According to the MSDN, an inherit only ACE "indicates an + [...] ACE which does not control access to the object to which + it is attached" and an object inherit ACE for "non-container + child objects [they] inherit the ACE as an effective ACE". + These two flags don't seem to make sense when combined. Does + the object inherit override the inherit only flag? We are also + talking about access to a printer object, not a printer job so + inheritance shouldn't even be involved. -tpot */ + /* * Inherit only is ignored. */ @@ -59,6 +85,7 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, return acc_desired; } +#endif /* * If this ACE has no SID in common with the token, @@ -159,13 +186,48 @@ static BOOL get_max_access( SEC_ACL *acl, NT_USER_TOKEN *token, uint32 *granted, return True; } -/********************************************************************************* +/* Map generic access rights to object specific rights. This technique is + used to give meaning to assigning read, write, execute and all access to + objects. Each type of object has its own mapping of generic to object + specific access rights. */ + +void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) +{ + uint32 old_mask = *access_mask; + + if (*access_mask & GENERIC_READ_ACCESS) { + *access_mask &= ~GENERIC_READ_ACCESS; + *access_mask |= mapping->generic_read; + } + + if (*access_mask & GENERIC_WRITE_ACCESS) { + *access_mask &= ~GENERIC_WRITE_ACCESS; + *access_mask |= mapping->generic_write; + } + + if (*access_mask & GENERIC_EXECUTE_ACCESS) { + *access_mask &= ~GENERIC_EXECUTE_ACCESS; + *access_mask |= mapping->generic_execute; + } + + if (*access_mask & GENERIC_ALL_ACCESS) { + *access_mask &= ~GENERIC_ALL_ACCESS; + *access_mask |= mapping->generic_all; + } + + if (old_mask != *access_mask) { + DEBUG(10, ("se_map_generic(): mapped mask 0x%08x to 0x%08x\n", + old_mask, *access_mask)); + } +} + +/***************************************************************************** Check access rights of a user against a security descriptor. Look at each ACE in the security descriptor until an access denied ACE denies any of the desired rights to the user or any of the users groups, or one or more ACEs explicitly grant all requested access rights. See "Access-Checking" document in MSDN. -**********************************************************************************/ +*****************************************************************************/ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status) @@ -204,6 +266,11 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) )); + for (i = 1; i < token->num_sids; i++) { + DEBUG(3, ("se_access_check: also %s\n", + sid_to_string(sid_str, &token->user_sids[i]))); + } + /* Is the token the owner of the SID ? */ if (sd->owner_sid) { @@ -230,9 +297,11 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, for ( i = 0 ; i < acl->num_aces && tmp_acc_desired != 0; i++) { SEC_ACE *ace = &acl->ace[i]; - DEBUG(10,("se_access_check: ACE %u: SID = %s mask = %x, current desired = %x\n", - (unsigned int)i, sid_to_string(sid_str, &ace->sid), - (unsigned int) ace->info.mask, (unsigned int)tmp_acc_desired )); + DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", + (unsigned int)i, ace->type, ace->flags, + sid_to_string(sid_str, &ace->sid), + (unsigned int) ace->info.mask, + (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); if (*status != NT_STATUS_NOPROBLEMO) { diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 822267f5d5f..e07e5ef6ada 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -1296,4 +1296,5 @@ void parse_domain_user(char *domuser, fstring domain, fstring user) fstrcpy(user, p+1); fstrcpy(domain, domuser); domain[PTR_DIFF(p, domuser)] = 0; + strupper(domain); } diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 3e32fa3ac9f..142c61d9c1c 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -266,7 +266,8 @@ int winbind_initgroups(char *user, gid_t gid) result = wb_getgroups(user, &groups); - DEBUG(10,("wb_getgroups: %s: result = %s\n", user, result == NSS_STATUS_SUCCESS ? "SUCCESS" : "FAIL")); + DEBUG(10,("wb_getgroups: %s: result = %s\n", user, result == -1 ? + "FAIL" : "SUCCESS")); if (result != -1) { int ngroups = result, i; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 91679235cd7..699ddc60b2c 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -35,6 +35,15 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION 1 +/* Map generic permissions to printer object specific permissions */ + +struct generic_mapping printer_generic_mapping = { + PRINTER_READ, + PRINTER_WRITE, + PRINTER_EXECUTE, + PRINTER_ALL_ACCESS +}; + /* We need one default form to support our default printer. Msoft adds the forms it wants and in the ORDER it wants them (note: DEVMODE papersize is an array index). Letter is always first, so (for the current code) additions @@ -2833,11 +2842,16 @@ BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr) prs_struct ps; TALLOC_CTX *mem_ctx = NULL; fstring key; + char *temp; mem_ctx = talloc_init(); if (mem_ctx == NULL) return False; + if ((temp = strchr(printername + 2, '\\'))) { + printername = temp + 1; + } + /* Fetch security descriptor from tdb */ slprintf(key, sizeof(key), "SECDESC/%s", printername); @@ -2910,8 +2924,9 @@ BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr) sid_to_string(sid_str, &acl->ace[i].sid); - DEBUG(10, ("%s 0x%08x\n", sid_str, - acl->ace[i].info.mask)); + DEBUG(10, ("%s %d %d 0x%08x\n", sid_str, + acl->ace[i].type, acl->ace[i].flags, + acl->ace[i].info.mask)); } } @@ -2956,6 +2971,20 @@ jfm: I should use this comment for the text file to explain */ +/* Convert generic access rights to printer object specific access rights. + It turns out that NT4 security descriptors use generic access rights and + NT5 the object specific ones. */ + +void map_printer_permissions(SEC_DESC *sd) +{ + int i; + + for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { + se_map_generic(&sd->dacl->ace[i].info.mask, + &printer_generic_mapping); + } +} + /**************************************************************************** Check a user has permissions to perform the given operation. We use some constants defined in include/rpc_spoolss.h that look relevant to check @@ -2969,7 +2998,7 @@ jfm: I should use this comment for the text file to explain PRINTER_ACCESS_USE: print_job_start - JOB_ACCESS_ADMINISTER: + PRINTER_ACCESS_ADMINISTER (should really be JOB_ACCESS_ADMINISTER): print_job_delete, print_job_pause, print_job_resume, print_queue_purge @@ -2977,7 +3006,7 @@ jfm: I should use this comment for the text file to explain BOOL print_access_check(struct current_user *user, int snum, int access_type) { SEC_DESC_BUF *secdesc = NULL; - uint32 access_granted, status, required_access = 0; + uint32 access_granted, status; BOOL result; char *pname; extern struct current_user current_user; @@ -3008,77 +3037,14 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) /* Get printer security descriptor */ nt_printing_getsec(pname, &secdesc); - - /* Check against NT4 ACE mask values. From observation these - values are: - - Access Type ACE Mask Constant - ------------------------------------- - Full Control 0x10000000 PRINTER_ACE_FULL_CONTROL - Print 0xe0000000 PRINTER_ACE_PRINT - Manage Documents 0x00020000 PRINTER_ACE_MANAGE_DOCUMENTS - */ - - switch (access_type) { - case PRINTER_ACCESS_USE: - required_access = PRINTER_ACE_PRINT; - break; - case PRINTER_ACCESS_ADMINISTER: - /* - * This should be set to PRINTER_ACE_FULL_CONTROL, not to - * (PRINTER_ACE_PRINT | PRINTER_ACE_MANAGE_DOCUMENTS). - * Doing the latter gives anyone with both PRINTER_ACE_PRINT - * and PRINTER_ACE_MANAGE_DOCUMENTS (in any combination of ACLs) - * full control over all printer functions. This isn't what - * we want. - */ - required_access = PRINTER_ACE_FULL_CONTROL; - break; - case JOB_ACCESS_ADMINISTER: - required_access = PRINTER_ACE_MANAGE_DOCUMENTS; - break; - default: - DEBUG(0, ("invalid value passed to print_access_check()\n")); - result = False; - goto done; - } - if ((result = se_access_check(secdesc->sec, user, required_access, - &access_granted, &status))) { - goto done; - } - - /* Check against NT5 ACE mask values. From observation these - values are: - - Access Type ACE Mask Constant - ------------------------------------- - Full Control 0x000f000c PRINTER_ACE_NT5_FULL_CONTROL - Print 0x00020008 PRINTER_ACE_NT5_PRINT - Manage Documents 0x00020000 PRINTER_ACE_NT5_MANAGE_DOCUMENTS - - NT5 likes to rewrite the security descriptor and change the ACE - masks from NT4 format to NT5 format making them unreadable by - NT4 clients. */ - - switch (access_type) { - case PRINTER_ACCESS_USE: - required_access = PRINTER_ACE_NT5_PRINT; - break; - case PRINTER_ACCESS_ADMINISTER: - required_access = PRINTER_ACE_NT5_FULL_CONTROL; - break; - case JOB_ACCESS_ADMINISTER: - required_access = PRINTER_ACE_NT5_MANAGE_DOCUMENTS; - break; - } - - result = se_access_check(secdesc->sec, user, required_access, + map_printer_permissions(secdesc->sec); + + result = se_access_check(secdesc->sec, user, access_type, &access_granted, &status); /* Check access */ - done: DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE")); /* Free mallocated memory */ diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 842b97f9c5b..57d0c2b8a37 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -575,7 +575,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode) owns their job. */ if (!owner && - !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { DEBUG(3, ("delete denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -617,7 +617,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode) owner = is_owner(user, jobid); if (!owner && - !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { DEBUG(3, ("pause denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -668,7 +668,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode) owner = is_owner(user, jobid); if (!is_owner(user, jobid) && - !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { DEBUG(3, ("resume denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -807,7 +807,7 @@ int print_job_start(struct current_user *user, int snum, char *jobname) return -1; } - if (print_queue_length(snum) > lp_maxprintjobs(snum)) { + if (lp_maxprintjobs(snum) && print_queue_length(snum) > lp_maxprintjobs(snum)) { errno = ENOSPC; return -1; } @@ -1202,7 +1202,8 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode) njobs = print_queue_status(snum, &queue, &status); for (i=0;i<njobs;i++) { - if (print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { + if (print_access_check(user, snum, + PRINTER_ACCESS_ADMINISTER)) { print_job_delete1(queue[i].job); } } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index c2bcac339e3..69ba0421555 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -176,6 +176,7 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, DOM_SID *psids; int i, psid_ndx = 0; size_t num_sids = 0; + fstring sid_str; if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) return NULL; @@ -229,6 +230,13 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, token->num_sids = psid_ndx; + /* Dump list of sids in token */ + + for (i = 0; i < token->num_sids; i++) { + DEBUG(5, ("user token sid %s\n", + sid_to_string(sid_str, &token->user_sids[i]))); + } + return token; } diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index eaaae9ace77..f3cc9e04e0b 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -305,11 +305,23 @@ BOOL push_sec_ctx(void) void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token) { struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; - + /* Set the security context */ DEBUG(3, ("setting sec ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", uid, gid, sec_ctx_stack_ndx)); + if (ngroups) { + int i; + + DEBUG(3, ("%d user groups: \n", ngroups)); + for (i = 0; i < ngroups; i++) { + DEBUGADD(3, ("%d ", groups[i])); + } + + DEBUG(3, ("\n")); + } + + gain_root(); #ifdef HAVE_SETGROUPS diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0713c0e49d2..4670d601d7e 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -468,7 +468,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, + conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, guest); |