diff options
| author | CVS Import User <samba-bugs@samba.org> | 2004-04-04 11:38:24 +0000 |
|---|---|---|
| committer | CVS Import User <samba-bugs@samba.org> | 2004-04-04 11:38:24 +0000 |
| commit | 211fcde5103a2eeaa5c4a71040f49d3400c1491e (patch) | |
| tree | 48c6de8f701a65555dacc860197e1307da268a4c /source | |
| parent | 139b1658ca30692835c1a7203c7cd003e587ac12 (diff) | |
| download | samba-211fcde5103a2eeaa5c4a71040f49d3400c1491e.tar.gz samba-211fcde5103a2eeaa5c4a71040f49d3400c1491e.tar.xz samba-211fcde5103a2eeaa5c4a71040f49d3400c1491e.zip | |
r5: merge in the SAMBA_3_0_RELEASE branch from cvs
to checkout try:
svn co svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0_RELEASE samba-3_0-release
metze
Diffstat (limited to 'source')
158 files changed, 1988 insertions, 17052 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index 145905332ad..843e843a1ef 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -65,7 +65,6 @@ RPCLIBDIR = $(LIBDIR)/rpc IDMAPLIBDIR = $(LIBDIR)/idmap CHARSETLIBDIR = $(LIBDIR)/charset AUTHLIBDIR = $(LIBDIR)/auth -CONFIGLIBDIR = $(LIBDIR)/config CONFIGDIR = @configdir@ VARDIR = @localstatedir@ MANDIR = @mandir@ @@ -155,8 +154,7 @@ RPC_MODULES = @RPC_MODULES@ IDMAP_MODULES = @IDMAP_MODULES@ CHARSET_MODULES = @CHARSET_MODULES@ AUTH_MODULES = @AUTH_MODULES@ -CONFIG_MODULES = @CONFIG_MODULES@ -MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) $(CONFIG_MODULES) +MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) ###################################################################### # object file lists @@ -165,7 +163,7 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSE TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o tdb/tdbback.o -SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@ +SMBLDAP_OBJ = @SMBLDAP@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/getsmbpass.o lib/interface.o lib/md4.o \ @@ -186,8 +184,7 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \ - lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o \ - lib/genparser.o lib/genparser_samba.o + lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o @@ -202,7 +199,7 @@ POPT_LIB_OBJ = lib/popt_common.o UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o -PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o param/modconf.o +PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o @@ -240,7 +237,7 @@ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \ rpc_client/cli_reg.o rpc_client/cli_pipe.o \ rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \ rpc_client/cli_ds.o rpc_client/cli_echo.o \ - rpc_client/cli_shutdown.o rpc_client/cli_epmapper.o + rpc_client/cli_shutdown.o REGOBJS_OBJ = registry/reg_objects.o REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \ @@ -269,8 +266,6 @@ RPC_PIPE_OBJ = rpc_server/srv_pipe_hnd.o rpc_server/srv_util.o \ RPC_ECHO_OBJ = rpc_server/srv_echo.o rpc_server/srv_echo_nt.o -RPC_EPMAPPER_OBJ = rpc_server/srv_epmapper.o rpc_server/srv_epmapper_nt.o - RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) # this includes only the low level parse code, not stuff @@ -284,15 +279,13 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \ rpc_parse/parse_wks.o rpc_parse/parse_ds.o \ rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o \ rpc_parse/parse_echo.o rpc_parse/parse_shutdown.o \ - rpc_parse/parse_epmapper.o $(REGOBJS_OBJ) + $(REGOBJS_OBJ) RPC_CLIENT_OBJ = rpc_client/cli_pipe.o LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o smbd/tdbutil.o -GUMS_OBJ = sam/gums.o sam/gums_api.o sam/gums_helper.o @GUMS_STATIC@ - PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ @@ -326,7 +319,6 @@ VFS_NETATALK_OBJ = modules/vfs_netatalk.o VFS_DEFAULT_QUOTA_OBJ = modules/vfs_default_quota.o VFS_READONLY_OBJ = modules/vfs_readonly.o modules/getdate.o VFS_CAP_OBJ = modules/vfs_cap.o -VFS_EXPAND_MSDFS_OBJ = modules/vfs_expand_msdfs.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -348,8 +340,6 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/auth_compat.o \ MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o -CONFIG_LDAP_OBJ = param/config_ldap.o - SMBD_OBJ_MAIN = smbd/server.o BUILDOPT_OBJ = smbd/build_options.o @@ -452,9 +442,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o libsmb/passchange.o $(PARAM_OBJ) $(SECRETS_OBJ $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) lib/dummyroot.o -PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) \ +PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \ $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(KRBCLIENT_OBJ) $(RPC_PARSE_OBJ) lib/dummyroot.o + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) lib/dummyroot.o SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) $(SECRETS_OBJ) @@ -463,8 +453,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \ rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \ rpcclient/display_sec.o rpcclient/cmd_ds.o \ - rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o \ - rpcclient/cmd_epmapper.o + rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \ @@ -517,7 +506,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \ utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \ utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \ utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \ - utils/net_status.o utils/net_privileges.o + utils/net_status.o NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ @@ -603,10 +592,9 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \ $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \ $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \ $(LIB_SMBD_OBJ) $(AUTH_SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \ - $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \ - $(RPC_LSA_DS_OBJ) $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) \ - $(RPC_SPOOLSS_OBJ) $(RPC_ECHO_OBJ) $(RPC_EPMAPPER_OBJ) \ - $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o + $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) $(RPC_LSA_DS_OBJ) \ + $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \ + $(RPC_ECHO_OBJ) $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) @@ -638,7 +626,6 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_wins.o \ nsswitch/winbindd_rpc.o \ nsswitch/winbindd_ads.o \ - nsswitch/winbindd_passdb.o \ nsswitch/winbindd_dual.o \ nsswitch/winbindd_acct.o @@ -648,10 +635,10 @@ WINBINDD_OBJ = \ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ $(PROFILE_OBJ) $(SLCACHE_OBJ) $(SMBLDAP_OBJ) \ $(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ - $(DCUTIL_OBJ) $(IDMAP_OBJ) lib/dummyroot.o lib/afs.o + $(DCUTIL_OBJ) $(IDMAP_OBJ) lib/dummyroot.o WBINFO_OBJ = nsswitch/wbinfo.o $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ - $(UBIQX_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) lib/afs.o + $(UBIQX_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) WINBIND_NSS_OBJ = nsswitch/wb_common.o lib/replace1.o @WINBIND_NSS_EXTRA_OBJS@ @@ -880,7 +867,7 @@ bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) $(KRB5LIBS) + @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) bin/smbget@EXEEXT@: $(SMBGET_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @@ -1043,11 +1030,6 @@ bin/librpc_echo.@SHLIBEXT@: $(RPC_ECHO_OBJ) @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_ECHO_OBJ) -lc \ @SONAMEFLAG@`basename $@` -bin/librpc_epmapper.@SHLIBEXT@: $(RPC_EPMAPPER_OBJ) - @echo "Linking $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_EPMAPPER_OBJ) -lc \ - @SONAMEFLAG@`basename $@` - bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @echo "Linking $@" @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) @@ -1189,19 +1171,9 @@ bin/cap.@SHLIBEXT@: $(VFS_CAP_OBJ:.o=.@PICSUFFIX@) @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_CAP_OBJ:.o=.@PICSUFFIX@) \ @SONAMEFLAG@`basename $@` -bin/expand_msdfs.@SHLIBEXT@: $(VFS_EXPAND_MSDFS_OBJ:.o=.@PICSUFFIX@) - @echo "Building plugin $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_EXPAND_MSDFS_OBJ:.o=.@PICSUFFIX@) \ - @SONAMEFLAG@`basename $@` - -bin/config_ldap.@SHLIBEXT@: $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) - @echo "Building plugin $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) \ - @SMBLDAP@ @LDAP_LIBS@ @SONAMEFLAG@`basename $@` - bin/wbinfo@EXEEXT@: $(WBINFO_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(LINK) -o $@ $(WBINFO_OBJ) $(LIBS) @POPTLIBS@ -lcrypto + @$(LINK) -o $@ $(WBINFO_OBJ) $(LIBS) @POPTLIBS@ bin/ntlm_auth@EXEEXT@: $(NTLM_AUTH_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ $(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy @@ -1312,7 +1284,7 @@ python_ext: $(PYTHON_PICOBJS) fi PYTHON_OBJS="$(PYTHON_PICOBJS)" \ PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS) $(FLAGS)" \ - LIBS="$(LDFLAGS) $(LIBS) $(PASSDB_LIBS) $(IDMAP_LIBS) $(KRB5LIBS) $(LDAP_LIBS)" \ + LIBS="$(LIBS) $(PASSDB_LIBS) $(IDMAP_LIBS) $(KRB5LIBS) $(LDAP_LIBS)" \ $(PYTHON) python/setup.py build python_install: $(PYTHON_PICOBJS) @@ -1322,7 +1294,7 @@ python_install: $(PYTHON_PICOBJS) fi PYTHON_OBJS="$(PYTHON_PICOBJS)" \ PYTHON_CFLAGS="$(CFLAGS) $(CPPFLAGS)" \ - LIBS="$(LDFLAGS) $(LIBS)" \ + LIBS="$(LIBS)" \ $(PYTHON) python/setup.py install python_clean: @@ -1434,15 +1406,6 @@ utils/net_proto.h: -h _NET_PROTO_H_ $(builddir)/utils/net_proto.h \ $(NET_OBJ1) -include/tdbsam2_parse_info.h: - @if test -n "$(PERL)"; then \ - cd $(srcdir) && @PERL@ -w script/genstruct.pl \ - -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \ - include/gums.h; \ - else \ - echo Unable to build $@, continuing; \ - fi - # "make headers" or "make proto" calls a subshell because we need to # make sure these commands are executed in sequence even for a # parallel make. @@ -1455,12 +1418,7 @@ headers: $(MAKE) nsswitch/winbindd_proto.h; \ $(MAKE) web/swat_proto.h; \ $(MAKE) client/client_proto.h; \ - $(MAKE) utils/net_proto.h; - -prebuiltheaders: - $(MAKE) include/tdbsam2_parse_info.h - -genparse: prebuiltheaders + $(MAKE) utils/net_proto.h proto: headers diff --git a/source/VERSION b/source/VERSION index d7f386ab42b..b777e5bcee3 100644 --- a/source/VERSION +++ b/source/VERSION @@ -18,8 +18,8 @@ # -> "3.0.0" # ######################################################## SAMBA_VERSION_MAJOR=3 -SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_MINOR=0 +SAMBA_VERSION_RELEASE=3 ######################################################## # If a official release has a serious bug # @@ -41,7 +41,7 @@ SAMBA_VERSION_REVISION= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # ######################################################## -SAMBA_VERSION_PRE_RELEASE= +SAMBA_VERSION_PRE_RELEASE=1 ######################################################## # For 'rc' releases the version will be # @@ -71,7 +71,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # -> "4.0.0alpha1" # ######################################################## -SAMBA_VERSION_ALPHA_RELEASE=1 +SAMBA_VERSION_ALPHA_RELEASE= ######################################################## # For 'test' releases the version will be # @@ -93,7 +93,7 @@ SAMBA_VERSION_TEST_RELEASE= # e.g. SAMBA_VERSION_IS_CVS_SNAPSHOT=yes # # -> "CVS 3.0.0rc2" # ######################################################## -SAMBA_VERSION_IS_CVS_SNAPSHOT=yes +SAMBA_VERSION_IS_CVS_SNAPSHOT= ######################################################## # This can be set by vendors if they want... # diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index a823991bcad..f62cc2fb9e0 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -803,23 +803,6 @@ static NTSTATUS add_user_groups(auth_serversupplied_info **server_info, } /*************************************************************************** -Fill a server_info struct from a SAM_ACCOUNT with its privileges -***************************************************************************/ - -static NTSTATUS add_privileges(auth_serversupplied_info **server_info) -{ - PRIVILEGE_SET *privs = NULL; - - init_privilege(&privs); - if (!pdb_get_privilege_set((*server_info)->ptok->user_sids, (*server_info)->ptok->num_sids, privs)) - DEBUG(1, ("Could not add privileges\n")); - - (*server_info)->privs = privs; - - return NT_STATUS_OK; -} - -/*************************************************************************** Make (and fill) a user_info struct from a SAM_ACCOUNT ***************************************************************************/ @@ -855,11 +838,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, return nt_status; } - if (!NT_STATUS_IS_OK(nt_status = add_privileges(server_info))) { - free_server_info(server_info); - return nt_status; - } - (*server_info)->sam_fill_level = SAM_FILL_ALL; DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", pdb_get_username(sampass), diff --git a/source/bin/.cvsignore b/source/bin/.cvsignore index 3144075134e..09aba16017c 100644 --- a/source/bin/.cvsignore +++ b/source/bin/.cvsignore @@ -1,10 +1,10 @@ -debug2html +*.so .dummy -editreg .libs +debug2html +editreg locktest locktest2 -log2pcap make_printerdef make_smbcodepage make_unicodemap @@ -27,9 +27,7 @@ smbcontrol smbcquotas smbd smbfilter -smbget smbgroupedit -smbiconv smbmnt smbmount smbpasswd @@ -39,18 +37,19 @@ smbstatus smbtorture smbtree smbumount -*.so +smbiconv swat -talloctort -tdbbackup tdbdump -testparm -testprns t_push_ucs2 t_snprintf t_strcmp t_stringoverflow +talloctort +tdbbackup +testparm +testprns vfstest +log2pcap wbinfo winbindd wrepld diff --git a/source/client/client.c b/source/client/client.c index 1da35fcc439..214b7872979 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -2853,7 +2853,6 @@ static int do_message_op(void) int main(int argc,char *argv[]) { extern BOOL AllowDebugChange; - extern BOOL override_logfile; pstring base_directory; int opt; pstring query_host; @@ -2990,14 +2989,11 @@ static int do_message_op(void) /* save the workgroup... - FIXME!! do we need to do this for other options as well + FIXME!! do we need to do tyhis for other options as well (or maybe a generic way to keep lp_load() from overwriting everything)? */ - fstrcpy( new_workgroup, lp_workgroup() ); - - if ( override_logfile ) - setup_logging( lp_logfile(), False ); + fstrcpy( new_workgroup, lp_workgroup() ); if (!lp_load(dyn_CONFIGFILE,True,False,False)) { fprintf(stderr, "%s: Can't load %s - run testparm to debug it\n", diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c index 8c23cc22123..504de9e629d 100755 --- a/source/client/mount.cifs.c +++ b/source/client/mount.cifs.c @@ -38,12 +38,16 @@ #include <fcntl.h> #define MOUNT_CIFS_VERSION_MAJOR "1" -#define MOUNT_CIFS_VERSION_MINOR "0" +#define MOUNT_CIFS_VERSION_MINOR "1" #ifndef MOUNT_CIFS_VENDOR_SUFFIX #define MOUNT_CIFS_VENDOR_SUFFIX "" #endif +#ifndef MS_MOVE +#define MS_MOVE 8192 +#endif + char * thisprogram; int verboseflag = 0; static int got_password = 0; @@ -227,7 +231,7 @@ static int get_password_from_file(int file_descript, char * filename) return rc; } -static int parse_options(char * options) +static int parse_options(char * options, int * filesys_flags) { char * data; char * percent_char = 0; @@ -394,7 +398,7 @@ static int parse_options(char * options) if (strcmp (data, "fmask") == 0) { printf ("WARNING: CIFS mount option 'fmask' is deprecated. Use 'file_mode' instead.\n"); - data = "file_mode"; + data = "file_mode"; /* BB fix this */ } } else if (strcmp(data, "dir_mode") == 0 || strcmp(data, "dmask")==0) { if (!value || !*value) { @@ -410,29 +414,50 @@ static int parse_options(char * options) printf ("WARNING: CIFS mount option 'dmask' is deprecated. Use 'dir_mode' instead.\n"); data = "dir_mode"; } + /* the following eight mount options should be + stripped out from what is passed into the kernel + since these eight options are best passed as the + mount flags rather than redundantly to the kernel + and could generate spurious warnings depending on the + level of the corresponding cifs vfs kernel code */ + } else if (strncmp(data, "nosuid", 6) == 0) { + *filesys_flags |= MS_NOSUID; + } else if (strncmp(data, "suid", 4) == 0) { + *filesys_flags &= ~MS_NOSUID; + } else if (strncmp(data, "nodev", 5) == 0) { + *filesys_flags |= MS_NODEV; + } else if (strncmp(data, "dev", 3) == 0) { + *filesys_flags &= ~MS_NODEV; + } else if (strncmp(data, "noexec", 6) == 0) { + *filesys_flags |= MS_NOEXEC; + } else if (strncmp(data, "exec", 4) == 0) { + *filesys_flags &= ~MS_NOEXEC; + } else if (strncmp(data, "ro", 2) == 0) { + *filesys_flags |= MS_RDONLY; + } else if (strncmp(data, "rw", 2) == 0) { + *filesys_flags &= ~MS_RDONLY; } /* else if (strnicmp(data, "port", 4) == 0) { - if (value && *value) { - vol->port = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "rsize", 5) == 0) { - if (value && *value) { - vol->rsize = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "wsize", 5) == 0) { - if (value && *value) { - vol->wsize = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "version", 3) == 0) { - - } else if (strnicmp(data, "rw", 2) == 0) { - - } else - printf("CIFS: Unknown mount option %s\n",data); */ + if (value && *value) { + vol->port = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "rsize", 5) == 0) { + if (value && *value) { + vol->rsize = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "wsize", 5) == 0) { + if (value && *value) { + vol->wsize = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "version", 3) == 0) { + } else { + printf("CIFS: Unknown mount option %s\n",data); + } */ /* nothing to do on those four mount options above. + Just pass to kernel and ignore them here */ - /* move to next option */ + /* move to next option */ data = next_keyword+1; /* put overwritten equals sign back */ @@ -440,7 +465,7 @@ static int parse_options(char * options) value--; *value = '='; } - + /* put previous overwritten comma back */ if(next_keyword) *next_keyword = ','; @@ -522,7 +547,9 @@ char * parse_server(char * unc_name) static struct option longopts[] = { { "all", 0, 0, 'a' }, - { "help", 0, 0, 'h' }, + { "help",0, 0, 'h' }, + { "move",0, 0, 'm' }, + { "bind",0, 0, 'b' }, { "read-only", 0, 0, 'r' }, { "ro", 0, 0, 'r' }, { "verbose", 0, 0, 'v' }, @@ -530,12 +557,11 @@ static struct option longopts[] = { { "read-write", 0, 0, 'w' }, { "rw", 0, 0, 'w' }, { "options", 1, 0, 'o' }, - { "types", 1, 0, 't' }, + { "type", 1, 0, 't' }, { "rsize",1, 0, 'R' }, { "wsize",1, 0, 'W' }, { "uid", 1, 0, '1'}, { "gid", 1, 0, '2'}, - { "uuid",1,0,'U' }, { "user",1,0,'u'}, { "username",1,0,'u'}, { "dom",1,0,'d'}, @@ -544,13 +570,14 @@ static struct option longopts[] = { { "pass",1,0,'p'}, { "credentials",1,0,'c'}, { "port",1,0,'P'}, + /* { "uuid",1,0,'U'}, */ /* BB unimplemented */ { NULL, 0, 0, 0 } }; int main(int argc, char ** argv) { int c; - int flags = MS_MANDLOCK | MS_MGC_VAL; + int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */ char * orgoptions = NULL; char * share_name = NULL; char * domain_name = NULL; @@ -615,6 +642,12 @@ int main(int argc, char ** argv) case 'n': ++nomtab; break; + case 'b': + flags |= MS_BIND; + break; + case 'm': + flags |= MS_MOVE; + break; case 'o': orgoptions = strdup(optarg); break; @@ -693,7 +726,7 @@ int main(int argc, char ** argv) ipaddr = parse_server(share_name); - if (orgoptions && parse_options(orgoptions)) + if (orgoptions && parse_options(orgoptions, &flags)) return 1; /* BB save off path and pop after mount returns? */ @@ -701,9 +734,10 @@ int main(int argc, char ** argv) if(chdir(mountpoint)) { printf("mount error: can not change directory into mount target %s\n",mountpoint); + return -1; } - if(stat (mountpoint, &statbuf)) { + if(stat (".", &statbuf)) { printf("mount error: mount point %s does not exist\n",mountpoint); return -1; } @@ -715,7 +749,11 @@ int main(int argc, char ** argv) if((getuid() != 0) && (geteuid() == 0)) { if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) { - printf("setuid mount allowed\n"); +#ifndef CIFS_ALLOW_USR_SUID + /* Do not allow user mounts to control suid flag + for mount unless explicitly built that way */ + flags |= MS_NOSUID | MS_NODEV; +#endif } else { printf("mount error: permission denied or not superuser and cifs.mount not installed SUID\n"); return -1; @@ -746,6 +784,12 @@ int main(int argc, char ** argv) optlen += strlen(mountpassword) + 6; options = malloc(optlen + 10); + if(options == NULL) { + printf("Could not allocate memory for mount options\n"); + return -1; + } + + options[0] = 0; strncat(options,"unc=",4); strcat(options,share_name); diff --git a/source/configure.in b/source/configure.in index f546069e08a..f92ea2d0806 100644 --- a/source/configure.in +++ b/source/configure.in @@ -220,7 +220,6 @@ AC_SUBST(SMBWRAPPER) AC_SUBST(EXTRA_BIN_PROGS) AC_SUBST(EXTRA_SBIN_PROGS) AC_SUBST(EXTRA_ALL_TARGETS) -AC_SUBST(CONFIG_LIBS) AC_ARG_ENABLE(debug, [ --enable-debug Turn on compiler debugging information (default=no)], @@ -358,10 +357,10 @@ DYNEXP= dnl Add modules that have to be built by default here dnl These have to be built static: -default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_epmapper auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin" +default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin" dnl These are preferably build shared, and static if dlopen() is not available -default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs charset_CP850 charset_CP437" +default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap charset_CP850 charset_CP437" if test "x$developer" = xyes; then default_static_modules="$default_static_modules rpc_echo" @@ -1686,7 +1685,7 @@ dnl Try to find iconv(3) LDFLAGS=$save_LDFLAGS LIB_ADD_DIR(LDFLAGS, "$i/lib") CFLAGS_ADD_DIR(CPPFLAGS, "$i/include") - LIBS="$save_LIBS" + LIBS="$save_LIBS" ICONV_LOCATION=$i export LDFLAGS LIBS CPPFLAGS dnl Now, check for a working iconv ... we want to do it here because @@ -2407,8 +2406,6 @@ AC_MSG_RESULT($with_ldap_support) SMBLDAP="" AC_SUBST(SMBLDAP) -SMBLDAPUTIL="" -AC_SUBST(SMBLDAPUTIL) if test x"$with_ldap_support" != x"no"; then ################################################################## @@ -2464,9 +2461,7 @@ if test x"$with_ldap_support" != x"no"; then if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available]) default_static_modules="$default_static_modules pdb_ldap idmap_ldap"; - default_shared_modules="$default_shared_modules config_ldap"; SMBLDAP="lib/smbldap.o" - SMBLDAPUTIL="lib/smbldap_util.o" with_ldap_support=yes AC_MSG_CHECKING(whether LDAP support is used) AC_MSG_RESULT(yes) @@ -4298,7 +4293,6 @@ MODULE_pdb_guest=STATIC MODULE_rpc_spoolss=STATIC MODULE_rpc_srv=STATIC MODULE_idmap_tdb=STATIC -MODULE_gums_tdbsam2=STATIC AC_ARG_WITH(static-modules, [ --with-static-modules=MODULES Comma-seperated list of names of modules to statically link in], @@ -4336,12 +4330,8 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, "bin/ldapsam.$SHLIBEXT", PDB, SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB) SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB) SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB) -SMB_MODULE(pdb_gums, [passdb/pdb_gums.o \$(GUMS_OBJ)], "bin/gums.$SHLIBEXT", PDB) SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o) -SMB_MODULE(gums_tdbsam2, sam/gums_tdbsam2.o, "bin/tdbsam2.$SHLIBEXT", GUMS) -SMB_SUBSYSTEM(GUMS) - SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC) SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC) SMB_MODULE(rpc_lsa_ds, \$(RPC_LSA_DS_OBJ), "bin/librpc_lsa_ds.$SHLIBEXT", RPC) @@ -4352,8 +4342,6 @@ SMB_MODULE(rpc_srv, \$(RPC_SVC_OBJ), "bin/librpc_srvsvc.$SHLIBEXT", RPC) SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), "bin/librpc_spoolss.$SHLIBEXT", RPC) SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), "bin/librpc_samr.$SHLIBEXT", RPC) SMB_MODULE(rpc_echo, \$(RPC_ECHO_OBJ), "bin/librpc_echo.$SHLIBEXT", RPC) -SMB_MODULE(rpc_epmapper, \$(RPC_EPMAPPER_OBJ), "bin/librpc_epmapper.$SHLIBEXT", - RPC) SMB_SUBSYSTEM(RPC,smbd/server.o) SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, "bin/idmap_ldap.$SHLIBEXT", IDMAP) @@ -4383,12 +4371,8 @@ SMB_MODULE(vfs_fake_perms, \$(VFS_FAKE_PERMS_OBJ), "bin/fake_perms.$SHLIBEXT", V SMB_MODULE(vfs_default_quota, \$(VFS_DEFAULT_QUOTA_OBJ), "bin/default_quota.$SHLIBEXT", VFS) SMB_MODULE(vfs_readonly, \$(VFS_READONLY_OBJ), "bin/readonly.$SHLIBEXT", VFS) SMB_MODULE(vfs_cap, \$(VFS_CAP_OBJ), "bin/cap.$SHLIBEXT", VFS) -SMB_MODULE(vfs_expand_msdfs, \$(VFS_EXPAND_MSDFS_OBJ), "bin/expand_msdfs.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) -SMB_MODULE(config_ldap, param/config_ldap.o, "bin/config_ldap.$SHLIBEXT", CONFIG, [ CONFIG_LIBS="$CONFIG_LIBS $LDAP_LIBS" "$SMBLDAP" ]) -SMB_SUBSYSTEM(CONFIG, param/modconf.o) - AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules]) ################################################# diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index d476f5cac13..d10a7decb7e 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -28,12 +28,16 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define GROUP_PREFIX "UNIXGROUP/" -/* Alias memberships are stored reverse, as memberships. The performance - * critical operation is to determine the aliases a SID is member of, not - * listing alias members. So we store a list of alias SIDs a SID is member of - * hanging of the member as key. - */ -#define MEMBEROF_PREFIX "MEMBEROF/" +PRIVS privs[] = { + {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ + {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, + {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" }, + {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" }, + {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" }, + {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, + {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } +}; + /**************************************************************************** dump the mapping group mapping to a text file @@ -368,7 +372,7 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) Remove a group mapping entry. ****************************************************************************/ -static BOOL group_map_remove(const DOM_SID *sid) +static BOOL group_map_remove(DOM_SID sid) { TDB_DATA kbuf, dbuf; pstring key; @@ -381,7 +385,7 @@ static BOOL group_map_remove(const DOM_SID *sid) /* the key is the SID, retrieving is direct */ - sid_to_string(string_sid, sid); + sid_to_string(string_sid, &sid); slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dptr = key; @@ -485,284 +489,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, return True; } -/* This operation happens on session setup, so it should better be fast. We - * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ - -static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - fstring key, string_sid; - TDB_DATA kbuf, dbuf; - const char *p; - - *num = 0; - *sids = NULL; - - if (!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - sid_to_string(string_sid, sid); - slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - dbuf = tdb_fetch(tdb, kbuf); - - if (dbuf.dptr == NULL) { - return NT_STATUS_OK; - } - - p = dbuf.dptr; - - while (next_token(&p, string_sid, " ", sizeof(string_sid))) { - - DOM_SID alias; - - if (!string_to_sid(&alias, string_sid)) - continue; - - add_sid_to_array(&alias, sids, num); - - if (sids == NULL) - return NT_STATUS_NO_MEMORY; - } - - SAFE_FREE(dbuf.dptr); - return NT_STATUS_OK; -} - -static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - DOM_SID *sids; - int i, num; - - /* This feels the wrong way round, but the on-disk data structure - * dictates it this way. */ - if (!NT_STATUS_IS_OK(alias_memberships(member, &sids, &num))) - return False; - - for (i=0; i<num; i++) { - if (sid_compare(alias, &sids[i]) == 0) { - SAFE_FREE(sids); - return True; - } - } - SAFE_FREE(sids); - return False; -} - -static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - GROUP_MAP map; - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - char *new_memberstring; - int result; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!get_group_map_from_sid(*alias, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; - - if (is_aliasmem(alias, member)) - return NT_STATUS_MEMBER_IN_ALIAS; - - sid_to_string(string_sid, member); - slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - dbuf = tdb_fetch(tdb, kbuf); - - sid_to_string(string_sid, alias); - - if (dbuf.dptr != NULL) { - asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr), - string_sid); - } else { - new_memberstring = strdup(string_sid); - } - - if (new_memberstring == NULL) - return NT_STATUS_NO_MEMORY; - - SAFE_FREE(dbuf.dptr); - dbuf.dsize = strlen(new_memberstring)+1; - dbuf.dptr = new_memberstring; - - result = tdb_store(tdb, kbuf, dbuf, 0); - - SAFE_FREE(new_memberstring); - - return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED); -} - -struct aliasmem_closure { - const DOM_SID *alias; - DOM_SID **sids; - int *num; -}; - -static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, - void *state) -{ - struct aliasmem_closure *closure = (struct aliasmem_closure *)state; - const char *p; - fstring alias_string; - - if (strncmp(key.dptr, MEMBEROF_PREFIX, - strlen(MEMBEROF_PREFIX)) != 0) - return 0; - - p = data.dptr; - - while (next_token(&p, alias_string, " ", sizeof(alias_string))) { - - DOM_SID alias, member; - const char *member_string; - - - if (!string_to_sid(&alias, alias_string)) - continue; - - if (sid_compare(closure->alias, &alias) != 0) - continue; - - /* Ok, we found the alias we're looking for in the membership - * list currently scanned. The key represents the alias - * member. Add that. */ - - member_string = strchr(key.dptr, '/'); - - /* Above we tested for MEMBEROF_PREFIX which includes the - * slash. */ - - SMB_ASSERT(member_string != NULL); - member_string += 1; - - if (!string_to_sid(&member, member_string)) - continue; - - add_sid_to_array(&member, closure->sids, closure->num); - } - - return 0; -} - -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num) -{ - GROUP_MAP map; - struct aliasmem_closure closure; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!get_group_map_from_sid(*alias, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; - - *sids = NULL; - *num = 0; - - closure.alias = alias; - closure.sids = sids; - closure.num = num; - - tdb_traverse(tdb, collect_aliasmem, &closure); - return NT_STATUS_OK; -} - -static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - NTSTATUS result; - DOM_SID *sids; - int i, num; - BOOL found = False; - char *member_string; - TDB_DATA kbuf, dbuf; - pstring key; - fstring sid_string; - - result = alias_memberships(member, &sids, &num); - - if (!NT_STATUS_IS_OK(result)) - return result; - - for (i=0; i<num; i++) { - if (sid_compare(&sids[i], alias) == 0) { - found = True; - break; - } - } - - if (!found) { - SAFE_FREE(sids); - return NT_STATUS_MEMBER_NOT_IN_ALIAS; - } - - if (i < num) - sids[i] = sids[num-1]; - - num -= 1; - - sid_to_string(sid_string, member); - slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, sid_string); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - if (num == 0) - return tdb_delete(tdb, kbuf) == 0 ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - member_string = strdup(""); - - if (member_string == NULL) { - SAFE_FREE(sids); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i<num; i++) { - char *s = member_string; - - sid_to_string(sid_string, &sids[i]); - asprintf(&member_string, "%s %s", s, sid_string); - - SAFE_FREE(s); - if (member_string == NULL) { - SAFE_FREE(sids); - return NT_STATUS_NO_MEMORY; - } - } - - dbuf.dsize = strlen(member_string)+1; - dbuf.dptr = member_string; - - result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ? - NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; - - SAFE_FREE(sids); - SAFE_FREE(member_string); - - return result; -} - /* * * High level functions @@ -842,8 +568,7 @@ BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map) if ( !ret ) return False; - if ( ( (map->sid_name_use != SID_NAME_ALIAS) && - (map->sid_name_use != SID_NAME_WKN_GRP) ) + if ( (map->sid_name_use != SID_NAME_ALIAS) || (map->gid == -1) || (getgrgid(map->gid) == NULL) ) { @@ -958,6 +683,129 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) return True; } + + + +/**************************************************************************** + Get the member users of a group and + all the users who have that group as primary. + + give back an array of SIDS + return the grand number of users + + + TODO: sort the list and remove duplicate. JFM. + +****************************************************************************/ + +BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) +{ + struct group *grp; + int i=0; + char *gr; + DOM_SID *s; + + struct sys_pwent *userlist; + struct sys_pwent *user; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return(False); + } + + *num_sids = 0; + *sids=NULL; + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + gr = grp->gr_mem[0]; + DEBUG(10, ("getting members\n")); + + while (gr && (*gr != (char)'\0')) { + SAM_ACCOUNT *group_member_acct = NULL; + BOOL found_user; + s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); + if (!s) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge SID list!\n")); + return False; + } + else (*sids) = s; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { + continue; + } + + become_root(); + found_user = pdb_getsampwnam(group_member_acct, gr); + unbecome_root(); + + if (found_user) { + sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct)); + (*num_sids)++; + } + + pdb_free_sam(&group_member_acct); + + gr = grp->gr_mem[++i]; + } + DEBUG(10, ("got [%d] members\n", *num_sids)); + + winbind_off(); + + user = userlist = getpwent_list(); + + while (user != NULL) { + + SAM_ACCOUNT *group_member_acct = NULL; + BOOL found_user; + + if (user->pw_gid != gid) { + user = user->next; + continue; + } + + s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); + if (!s) { + DEBUG(0,("get_sid_list_of_group: unable to enlarge " + "SID list!\n")); + pwent_free(userlist); + winbind_on(); + return False; + } + else (*sids) = s; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { + continue; + } + + become_root(); + found_user = pdb_getsampwnam(group_member_acct, user->pw_name); + unbecome_root(); + + if (found_user) { + sid_copy(&(*sids)[*num_sids], + pdb_get_user_sid(group_member_acct)); + (*num_sids)++; + } else { + DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] " + "has no samba account\n", + user->pw_name, (unsigned long)user->pw_uid)); + if (algorithmic_uid_to_sid(&(*sids)[*num_sids], + user->pw_uid)) + (*num_sids)++; + } + pdb_free_sam(&group_member_acct); + + user = user->next; + } + pwent_free(userlist); + DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids)); + + winbind_on(); + return True; +} + /**************************************************************************** Create a UNIX group on demand. ****************************************************************************/ @@ -1168,7 +1016,7 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, DOM_SID sid) { - return group_map_remove(&sid) ? + return group_map_remove(sid) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -1181,178 +1029,6 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, - const char *name, DOM_SID *sid) -{ - GROUP_MAP map; - - if (!pdb_getgrnam(&map, name)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ((map.sid_name_use != SID_NAME_WKN_GRP) && - (map.sid_name_use != SID_NAME_ALIAS)) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - sid_copy(sid, &map.sid); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, - const char *name, uint32 *rid) -{ - DOM_SID sid; - enum SID_NAME_USE type; - uint32 new_rid; - gid_t gid; - - GROUP_MAP map; - - if (lookup_name(get_global_sam_name(), name, &sid, &type)) - return NT_STATUS_ALIAS_EXISTS; - - if (!winbind_allocate_rid(&new_rid)) - return NT_STATUS_ACCESS_DENIED; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, new_rid); - - /* Here we allocate the gid */ - if (!winbind_sid_to_gid(&gid, &sid)) { - DEBUG(0, ("Could not get gid for new RID\n")); - return NT_STATUS_ACCESS_DENIED; - } - - map.gid = gid; - sid_copy(&map.sid, &sid); - map.sid_name_use = SID_NAME_ALIAS; - fstrcpy(map.nt_name, name); - fstrcpy(map.comment, ""); - - if (!pdb_add_group_mapping_entry(&map)) { - DEBUG(0, ("Could not add group mapping entry for alias %s\n", - name)); - return NT_STATUS_ACCESS_DENIED; - } - - *rid = new_rid; - - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, - const DOM_SID *sid) -{ - return pdb_delete_group_mapping_entry(*sid) ? - NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; -} - -NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - extern DOM_SID global_sid_Builtin; - - GROUP_MAP *map; - int i, num_maps; - enum SID_NAME_USE type = SID_NAME_UNKNOWN; - - if (sid_compare(sid, get_global_sam_sid()) == 0) - type = SID_NAME_ALIAS; - - if (sid_compare(sid, &global_sid_Builtin) == 0) - type = SID_NAME_WKN_GRP; - - if (!pdb_enum_group_mapping(type, &map, &num_maps, False) || - (num_maps == 0)) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - if (start_idx > num_maps) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - *num_aliases = num_maps - start_idx; - - if (*num_aliases > max_entries) - *num_aliases = max_entries; - - *info = malloc(sizeof(struct acct_info) * (*num_aliases)); - - for (i=0; i<*num_aliases; i++) { - fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name); - fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment); - sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid); - } - - done: - SAFE_FREE(map); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info) -{ - GROUP_MAP map; - - if (!pdb_getgrsid(&map, *sid)) - return NT_STATUS_NO_SUCH_ALIAS; - - fstrcpy(info->acct_name, map.nt_name); - fstrcpy(info->acct_desc, map.comment); - sid_peek_rid(&map.sid, &info->rid); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info) -{ - GROUP_MAP map; - - if (!pdb_getgrsid(&map, *sid)) - return NT_STATUS_NO_SUCH_ALIAS; - - fstrcpy(map.comment, info->acct_desc); - - if (!pdb_update_group_mapping_entry(&map)) - return NT_STATUS_ACCESS_DENIED; - - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member) -{ - return add_aliasmem(alias, member); -} - -NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member) -{ - return del_aliasmem(alias, member); -} - -NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members) -{ - return enum_aliasmem(alias, members, num_members); -} - -NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - return alias_memberships(sid, aliases, num); -} - /********************************************************************** no ops for passdb backends that don't implement group mapping *********************************************************************/ @@ -1401,38 +1077,3 @@ NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_UNSUCCESSFUL; } -/**************************************************************************** - These need to be redirected through pdb_interface.c -****************************************************************************/ -BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) -{ - GROUP_MAP map; - BOOL res; - - become_root(); - res = get_domain_group_from_sid(*sid, &map); - unbecome_root(); - - if (!res) - return False; - - fstrcpy(info->acct_name, map.nt_name); - fstrcpy(info->acct_desc, map.comment); - sid_peek_rid(sid, &info->rid); - return True; -} - -BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) -{ - GROUP_MAP map; - - if (!get_domain_group_from_sid(*sid, &map)) - return False; - - fstrcpy(map.nt_name, info->acct_name); - fstrcpy(map.comment, info->acct_desc); - - return pdb_update_group_mapping_entry(&map); -} - - diff --git a/source/include/ads.h b/source/include/ads.h index 4daa65e796d..65a5ade556d 100644 --- a/source/include/ads.h +++ b/source/include/ads.h @@ -10,8 +10,6 @@ typedef struct { time_t last_attempt; /* last attempt to reconnect */ int ldap_port; - int is_mine; /* do I own this structure's memory? */ - /* info needed to find the server */ struct { char *realm; @@ -29,7 +27,6 @@ typedef struct { char *kdc_server; unsigned flags; int time_offset; - time_t expire; } auth; /* info derived from the servers config */ diff --git a/source/include/auth.h b/source/include/auth.h index 27cdc1e3f5f..ecf4d539d8c 100644 --- a/source/include/auth.h +++ b/source/include/auth.h @@ -86,7 +86,6 @@ typedef struct auth_serversupplied_info /* NT group information taken from the info3 structure */ NT_USER_TOKEN *ptok; - PRIVILEGE_SET *privs; DATA_BLOB nt_session_key; DATA_BLOB lm_session_key; diff --git a/source/include/genparser.h b/source/include/genparser.h deleted file mode 100644 index f28cd78249d..00000000000 --- a/source/include/genparser.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_H -#define _GENPARSER_H - -/* these macros are needed for genstruct auto-parsers */ -#ifndef GENSTRUCT -#define GENSTRUCT -#define _LEN(x) -#define _NULLTERM -#endif - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -/* flag to mark a fixed size array as actually being null terminated */ -#define FLAG_NULLTERM 1 -#define FLAG_ALWAYS 2 - -struct enum_struct { - const char *name; - unsigned value; -}; - -/* intermediate dumps are stored in one of these */ -struct parse_string { - unsigned allocated; - unsigned length; - char *s; -}; - -typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent); -typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str); - -/* genstruct.pl generates arrays of these */ -struct parse_struct { - const char *name; - unsigned ptr_count; - unsigned size; - unsigned offset; - unsigned array_len; - const char *dynamic_len; - unsigned flags; - gen_dump_fn dump_fn; - gen_parse_fn parse_fn; -}; - -#define DUMP_PARSE_DECL(type) \ - int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \ - int gen_parse_ ## type(TALLOC_CTX *, char *, const char *); - -DUMP_PARSE_DECL(char) -DUMP_PARSE_DECL(int) -DUMP_PARSE_DECL(unsigned) -DUMP_PARSE_DECL(double) -DUMP_PARSE_DECL(float) - -#define gen_dump_unsigned_char gen_dump_char -#define gen_parse_unsigned_char gen_parse_char - -#endif /* _GENPARSER_H */ diff --git a/source/include/genparser_samba.h b/source/include/genparser_samba.h deleted file mode 100644 index 213d51da876..00000000000 --- a/source/include/genparser_samba.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_SAMBA_H -#define _GENPARSER_SAMBA_H - -const struct parse_struct pinfo_security_ace_info[] = { -{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS}, -{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_acl_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_descriptor_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_luid_attr_info[] = { -{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_data_blob_info[] = { -{"length", 0, sizeof(int), offsetof(DATA_BLOB, length), 0, NULL, 0, gen_dump_int, gen_parse_int}, -{"data", 1, sizeof(char), offsetof(DATA_BLOB, data), 0, "length", 0, gen_dump_char, gen_parse_char}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -#endif /* _GENPARSER_SAMBA_H */ diff --git a/source/include/gums.h b/source/include/gums.h deleted file mode 100644 index d16a839bc4b..00000000000 --- a/source/include/gums.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GUMS_H -#define _GUMS_H - -#define GUMS_VERSION_MAJOR 0 -#define GUMS_VERSION_MINOR 1 -#define GUMS_OBJECT_VERSION 1 -#define GUMS_PRIVILEGE_VERSION 1 -#define GUMS_INTERFACE_VERSION 1 - -#define GUMS_OBJ_DOMAIN 0x10 -#define GUMS_OBJ_NORMAL_USER 0x20 -#define GUMS_OBJ_GROUP 0x30 -#define GUMS_OBJ_ALIAS 0x31 - -/* define value types */ -#define GUMS_SET_PRIMARY_GROUP 0x1 -#define GUMS_SET_SEC_DESC 0x2 - -#define GUMS_SET_NAME 0x10 -#define GUMS_SET_DESCRIPTION 0x11 -#define GUMS_SET_FULL_NAME 0x12 - -/* user specific type values */ -#define GUMS_SET_LOGON_TIME 0x20 -#define GUMS_SET_LOGOFF_TIME 0x21 -#define GUMS_SET_KICKOFF_TIME 0x23 -#define GUMS_SET_PASS_LAST_SET_TIME 0x24 -#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25 -#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26 - - -#define GUMS_SET_HOME_DIRECTORY 0x31 -#define GUMS_SET_DRIVE 0x32 -#define GUMS_SET_LOGON_SCRIPT 0x33 -#define GUMS_SET_PROFILE_PATH 0x34 -#define GUMS_SET_WORKSTATIONS 0x35 -#define GUMS_SET_UNKNOWN_STRING 0x36 -#define GUMS_SET_MUNGED_DIAL 0x37 - -#define GUMS_SET_LM_PASSWORD 0x40 -#define GUMS_SET_NT_PASSWORD 0x41 -#define GUMS_SET_PLAINTEXT_PASSWORD 0x42 -#define GUMS_SET_UNKNOWN_3 0x43 -#define GUMS_SET_LOGON_DIVS 0x44 -#define GUMS_SET_HOURS_LEN 0x45 -#define GUMS_SET_HOURS 0x46 -#define GUMS_SET_BAD_PASSWORD_COUNT 0x47 -#define GUMS_SET_LOGON_COUNT 0x48 -#define GUMS_SET_UNKNOWN_6 0x49 - -#define GUMS_SET_MUST_CHANGE_PASS 0x50 -#define GUMS_SET_CANNOT_CHANGE_PASS 0x51 -#define GUMS_SET_PASS_NEVER_EXPIRE 0x52 -#define GUMS_SET_ACCOUNT_DISABLED 0x53 -#define GUMS_SET_ACCOUNT_LOCKOUT 0x54 - -/*group specific type values */ -#define GUMS_ADD_SID_LIST 0x60 -#define GUMS_DEL_SID_LIST 0x61 -#define GUMS_SET_SID_LIST 0x62 - -GENSTRUCT struct gums_user -{ - DOM_SID *group_sid; /* Primary Group SID */ - - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - char *full_name; _NULLTERM /* user's full name string */ - char *home_dir; _NULLTERM /* home directory string */ - char *dir_drive; _NULLTERM /* home directory drive string */ - char *logon_script; _NULLTERM /* logon script string */ - char *profile_path; _NULLTERM /* profile path string */ - char *workstations; _NULLTERM /* login from workstations string */ - char *unknown_str; _NULLTERM /* don't know what this is, yet. */ - char *munged_dial; _NULLTERM /* munged path name and dial-back tel number */ - - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - - uint16 acct_ctrl; /* account type & status flags */ - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */ - - uint16 bad_password_count; /* 0 */ - uint16 logon_count; /* 0 */ - uint32 unknown_3; /* 0x00ff ffff */ - uint32 unknown_6; /* 0x0000 04ec */ - -}; - -GENSTRUCT struct gums_group -{ - uint32 count; /* Number of SIDs */ - DOM_SID *members; _LEN(count) /* SID array */ - -}; - -GENSTRUCT struct gums_domain -{ - uint32 next_rid; - -}; - -GENSTRUCT struct gums_object -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object Type */ - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - SEC_DESC *sec_desc; /* Security Descriptor */ - - DOM_SID *sid; /* Object Sid */ - char *name; _NULLTERM /* Object Name - it should be in DOMAIN\NAME format */ - char *description; _NULLTERM /* Object Description */ - - struct gums_user *user; - struct gums_group *group; - struct gums_domain *domain; - -}; - -GENSTRUCT struct gums_privilege -{ - TALLOC_CTX *mem_ctx; - - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - char *name; _NULLTERM /* Object Name */ - char *description; _NULLTERM /* Object Description */ - - LUID_ATTR *privilege; /* Privilege Type */ - - uint32 count; - DOM_SID *members; _LEN(count) - -}; - -typedef struct gums_user GUMS_USER; -typedef struct gums_group GUMS_GROUP; -typedef struct gums_domain GUMS_DOMAIN; -typedef struct gums_object GUMS_OBJECT; -typedef struct gums_privilege GUMS_PRIVILEGE; - -typedef struct gums_data_set -{ - int type; /* GUMS_SET_xxx */ - void *data; - -} GUMS_DATA_SET; - -typedef struct gums_commit_set -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object type */ - DOM_SID sid; /* Object Sid */ - uint32 count; /* number of changes */ - GUMS_DATA_SET *data; - -} GUMS_COMMIT_SET; - -typedef struct gums_priv_commit_set -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object type */ - char *name; /* Object Sid */ - uint32 count; /* number of changes */ - GUMS_DATA_SET *data; - -} GUMS_PRIV_COMMIT_SET; - - -typedef struct gums_functions -{ - /* module data */ - TALLOC_CTX *mem_ctx; - char *name; - void *private_data; - void (*free_private_data)(void **); - - /* Generic object functions */ - - NTSTATUS (*get_domain_sid) (DOM_SID *sid, const char* name); - NTSTATUS (*set_domain_sid) (const DOM_SID *sid); - - NTSTATUS (*get_sequence_number) (void); - - NTSTATUS (*new_object) (DOM_SID *sid, const char *name, const int obj_type); - NTSTATUS (*delete_object) (const DOM_SID *sid); - - NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type); - NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type); - /* This function is used to get the list of all objects changed since b_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - - NTSTATUS (*enumerate_objects_start) (void **handle, const DOM_SID *sid, const int obj_type); - NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle); - NTSTATUS (*enumerate_objects_stop) (void *handle); - - /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. - Never use this function to update an object in the database, use set_object_values() */ - NTSTATUS (*set_object) (GUMS_OBJECT *object); - - /* set object values function */ - NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ - NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - - NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - - NTSTATUS (*lock_sid) (const DOM_SID *sid); - NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - - NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name); - NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members); - NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members); - NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members); - NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs); - - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ - NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); - -} GUMS_FUNCTIONS; - -typedef NTSTATUS (*gums_init_function)( - struct gums_functions *, - const char *); - -struct gums_init_function_entry { - - const char *name; - gums_init_function init_fn; - struct gums_init_function_entry *prev, *next; -}; - -#endif /* _GUMS_H */ diff --git a/source/include/includes.h b/source/include/includes.h index dd93c813d3d..ea8eb1a3043 100644 --- a/source/include/includes.h +++ b/source/include/includes.h @@ -779,8 +779,6 @@ extern int errno; #include "version.h" -#include "privileges.h" - #include "smb.h" #include "nameserv.h" @@ -789,6 +787,8 @@ extern int errno; #include "byteorder.h" +#include "privileges.h" + #include "rpc_creds.h" #include "mapping.h" @@ -801,10 +801,6 @@ extern int errno; #include "rpc_secdes.h" -#include "genparser.h" - -#include "gums.h" - #include "nt_printing.h" #include "msdfs.h" @@ -889,7 +885,6 @@ struct smb_ldap_privates; /* forward declarations from smbldap.c */ #include "smbldap.h" -#include "modconf.h" /***** automatically generated prototypes *****/ #ifndef NO_PROTO_H diff --git a/source/include/modconf.h b/source/include/modconf.h deleted file mode 100644 index f5cc5ef4889..00000000000 --- a/source/include/modconf.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef _MODCONF_H_ -#define _MODCONF_H_ -/* - Unix SMB/CIFS implementation. - - ModConf headers - - Copyright (C) Simo Sorce 2003 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#define SAMBA_CONFIG_INTERFACE_VERSION 1 - -/* Filled out by config backends */ -struct config_functions { - NTSTATUS (*init)(char *params); - NTSTATUS (*load)(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *)); - NTSTATUS (*close)(void); -}; -#endif /* _MODCONF_H_ */ diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h index 4e6795a85d5..b1a4107980d 100644 --- a/source/include/ntdomain.h +++ b/source/include/ntdomain.h @@ -23,22 +23,6 @@ #ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */ #define _NT_DOMAIN_H -struct uuid -{ - uint32 time_low; - uint16 time_mid; - uint16 time_hi_and_version; - uint8 clock_seq[2]; - uint8 node[6]; -}; -#define UUID_SIZE 16 - -#define UUID_FLAT_SIZE 16 -typedef struct uuid_flat -{ - uint8 info[UUID_FLAT_SIZE]; -} UUID_FLAT; - /* dce/rpc support */ #include "rpc_dce.h" @@ -382,6 +366,13 @@ typedef struct } rid_name; +struct acct_info +{ + fstring acct_name; /* account name */ + fstring acct_desc; /* account name */ + uint32 rid; /* domain-relative RID */ +}; + /* * higher order functions for use with msrpc client code */ @@ -411,7 +402,6 @@ typedef struct #include "rpc_dfs.h" #include "rpc_ds.h" #include "rpc_echo.h" -#include "rpc_epmapper.h" #include "rpc_shutdown.h" #endif /* _NT_DOMAIN_H */ diff --git a/source/include/passdb.h b/source/include/passdb.h index baf0e23a20c..75c4fd215bf 100644 --- a/source/include/passdb.h +++ b/source/include/passdb.h @@ -115,15 +115,6 @@ enum pdb_group_elements { PDB_GROUP_COUNT }; -enum pdb_trust_passwd_elements { - PDB_TRUST_PASS, - PDB_TRUST_SID, - PDB_TRUST_NAME, - PDB_TRUST_MODTIME, - PDB_TRUST_FLAGS, - - PDB_TRUST_COUNT -}; enum pdb_value_state { PDB_DEFAULT=0, @@ -233,41 +224,6 @@ typedef struct sam_group { } SAM_GROUP; -typedef struct _GROUP_INFO { - struct pdb_methods *methods; - DOM_SID sid; - enum SID_NAME_USE sid_name_use; - fstring nt_name; - fstring comment; -} GROUP_INFO; - -struct acct_info -{ - fstring acct_name; /* account name */ - fstring acct_desc; /* account name */ - uint32 rid; /* domain-relative RID */ -}; - -typedef struct sam_trust_passwd { - TALLOC_CTX *mem_ctx; - - void (*free_fn)(struct sam_trust_passwd **); - - struct pdb_methods *methods; - - struct trust_passwd_data { - uint16 flags; /* flags */ - size_t uni_name_len; /* unicode name length */ - smb_ucs2_t uni_name[32]; /* unicode domain name */ - fstring pass; /* trust password */ - time_t mod_time; /* last change time */ - DOM_SID domain_sid; /* trusted domain sid */ - } private; - -} SAM_TRUST_PASSWD; - - - /***************************************************************** Functions to be implemented by the new (v2) passdb API ****************************************************************/ @@ -277,7 +233,7 @@ typedef struct sam_trust_passwd { * this SAMBA will load. Increment this if *ANY* changes are made to the interface. */ -#define PASSDB_INTERFACE_VERSION 7 +#define PASSDB_INTERFACE_VERSION 4 typedef struct pdb_context { @@ -303,8 +259,6 @@ typedef struct pdb_context NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username); - /* group mapping functions: to be removed */ - NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid); @@ -325,96 +279,6 @@ typedef struct pdb_context GROUP_MAP **rmap, int *num_entries, BOOL unix_only); - NTSTATUS (*pdb_find_alias)(struct pdb_context *context, - const char *name, DOM_SID *sid); - - NTSTATUS (*pdb_create_alias)(struct pdb_context *context, - const char *name, uint32 *rid); - - NTSTATUS (*pdb_delete_alias)(struct pdb_context *context, - const DOM_SID *sid); - - NTSTATUS (*pdb_enum_aliases)(struct pdb_context *context, - const DOM_SID *domain_sid, - uint32 start_idx, uint32 num_entries, - uint32 *num_aliases, - struct acct_info **aliases); - - NTSTATUS (*pdb_get_aliasinfo)(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*pdb_set_aliasinfo)(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*pdb_add_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member); - - NTSTATUS (*pdb_del_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member); - - NTSTATUS (*pdb_enum_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - DOM_SID **members, int *num_members); - - NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context, - const DOM_SID *alias, - DOM_SID **aliases, - int *num); - - /* group functions */ - - NTSTATUS (*pdb_get_group_info_by_sid)(struct pdb_context *context, GROUP_INFO *info, const DOM_SID *group); - - NTSTATUS (*pdb_get_group_list)(struct pdb_context *context, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); - - NTSTATUS (*pdb_get_group_sids)(struct pdb_context *context, const DOM_SID *group, DOM_SID **members, int *num_members); - - NTSTATUS (*pdb_add_group)(struct pdb_context *context, const SAM_GROUP *group); - - NTSTATUS (*pdb_update_group)(struct pdb_context *context, const SAM_GROUP *group); - - NTSTATUS (*pdb_delete_group)(struct pdb_context *context, const DOM_SID *group); - - NTSTATUS (*pdb_add_sid_to_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*pdb_remove_sid_from_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*pdb_get_group_info_by_name)(struct pdb_context *context, GROUP_INFO *info, const char *name); - - NTSTATUS (*pdb_get_group_info_by_nt_name)(struct pdb_context *context, GROUP_INFO *info, const char *nt_name); - - NTSTATUS (*pdb_get_group_uids)(struct pdb_context *context, const DOM_SID *group, uid_t **members, int *num_members); - - /* trust password functions */ - - NTSTATUS (*pdb_settrustpwent)(struct pdb_context *context); - - NTSTATUS (*pdb_gettrustpwent)(struct pdb_context *context, SAM_TRUST_PASSWD *trust); - - NTSTATUS (*pdb_gettrustpwnam)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const char *dom_name); - - NTSTATUS (*pdb_gettrustpwsid)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const DOM_SID *sid); - - NTSTATUS (*pdb_add_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - NTSTATUS (*pdb_update_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - NTSTATUS (*pdb_delete_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - /* privileges functions */ - - NTSTATUS (*pdb_add_sid_to_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*pdb_remove_sid_from_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*pdb_get_privilege_set)(struct pdb_context *context, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privs); - - NTSTATUS (*pdb_get_privilege_entry)(struct pdb_context *context, const char *privname, char **sid_list); - void (*free_fn)(struct pdb_context **); TALLOC_CTX *mem_ctx; @@ -445,9 +309,7 @@ typedef struct pdb_methods NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username); - - /* group mapping functions: to be removed */ - + NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid); @@ -468,92 +330,9 @@ typedef struct pdb_methods GROUP_MAP **rmap, int *num_entries, BOOL unix_only); - NTSTATUS (*find_alias)(struct pdb_methods *methods, - const char *name, DOM_SID *sid); - - NTSTATUS (*create_alias)(struct pdb_methods *methods, - const char *name, uint32 *rid); - - NTSTATUS (*delete_alias)(struct pdb_methods *methods, - const DOM_SID *sid); - - NTSTATUS (*enum_aliases)(struct pdb_methods *methods, - const DOM_SID *domain_sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, struct acct_info **info); - - NTSTATUS (*get_aliasinfo)(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*set_aliasinfo)(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*add_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member); - NTSTATUS (*del_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member); - NTSTATUS (*enum_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members); - NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num); - - /* group functions */ - - NTSTATUS (*get_group_info_by_sid)(struct pdb_methods *methods, GROUP_INFO *info, const DOM_SID *group); - - NTSTATUS (*get_group_list)(struct pdb_methods *methods, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); - - NTSTATUS (*get_group_sids)(struct pdb_methods *methods, const DOM_SID *group, DOM_SID **members, int *num_members); - - NTSTATUS (*add_group)(struct pdb_methods *methods, const SAM_GROUP *group); - - NTSTATUS (*update_group)(struct pdb_methods *methods, const SAM_GROUP *group); - - NTSTATUS (*delete_group)(struct pdb_methods *methods, const DOM_SID *group); - - NTSTATUS (*add_sid_to_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*remove_sid_from_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*get_group_info_by_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *name); - - NTSTATUS (*get_group_info_by_nt_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *nt_name); - - NTSTATUS (*get_group_uids)(struct pdb_methods *methods, const DOM_SID *group, uid_t **members, int *num_members); - void *private_data; /* Private data of some kind */ void (*free_private_data)(void **); - - /* trust password functions */ - - NTSTATUS (*settrustpwent)(struct pdb_methods *methods); - - NTSTATUS (*gettrustpwent)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust); - - NTSTATUS (*gettrustpwnam)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const char *name); - - NTSTATUS (*gettrustpwsid)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const DOM_SID *sid); - - NTSTATUS (*add_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - NTSTATUS (*update_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - NTSTATUS (*delete_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - /* privileges functions */ - - NTSTATUS (*add_sid_to_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*remove_sid_from_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*get_privilege_set)(struct pdb_methods *methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privs); - - NTSTATUS (*get_privilege_entry)(struct pdb_methods *methods, const char *privname, char **sid_list); } PDB_METHODS; diff --git a/source/include/privileges.h b/source/include/privileges.h index 289afa234ec..b7e1b44c2af 100644 --- a/source/include/privileges.h +++ b/source/include/privileges.h @@ -23,39 +23,15 @@ #ifndef PRIVILEGES_H #define PRIVILEGES_H -#define PRIV_ALL_INDEX 30 +#define PRIV_ALL_INDEX 5 -#define SE_NONE 0 -#define SE_ASSIGN_PRIMARY_TOKEN 1 -#define SE_CREATE_TOKEN 2 -#define SE_LOCK_MEMORY 3 -#define SE_INCREASE_QUOTA 4 -#define SE_UNSOLICITED_INPUT 5 -#define SE_MACHINE_ACCOUNT 6 -#define SE_TCB 7 -#define SE_SECURITY 8 -#define SE_TAKE_OWNERSHIP 9 -#define SE_LOAD_DRIVER 10 -#define SE_SYSTEM_PROFILE 11 -#define SE_SYSTEM_TIME 12 -#define SE_PROF_SINGLE_PROCESS 13 -#define SE_INC_BASE_PRIORITY 14 -#define SE_CREATE_PAGEFILE 15 -#define SE_CREATE_PERMANENT 16 -#define SE_BACKUP 17 -#define SE_RESTORE 18 -#define SE_SHUTDOWN 19 -#define SE_DEBUG 20 -#define SE_AUDIT 21 -#define SE_SYSTEM_ENVIRONMENT 22 -#define SE_CHANGE_NOTIFY 23 -#define SE_REMOTE_SHUTDOWN 24 -#define SE_UNDOCK 25 -#define SE_SYNC_AGENT 26 -#define SE_ENABLE_DELEGATION 27 -#define SE_PRINT_OPERATOR 28 -#define SE_ADD_USERS 29 -#define SE_ALL_PRIVS 0xffff +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_MACHINES 0x0006 +#define SE_PRIV_SEC_PRIV 0x0008 +#define SE_PRIV_TAKE_OWNER 0x0009 +#define SE_PRIV_ADD_USERS 0xff01 +#define SE_PRIV_PRINT_OPERATOR 0xff03 +#define SE_PRIV_ALL 0xffff #define PR_NONE 0x0000 #define PR_LOG_ON_LOCALLY 0x0001 @@ -63,11 +39,6 @@ #define PR_LOG_ON_BATCH_JOB 0x0004 #define PR_LOG_ON_SERVICE 0x0010 -#ifndef _BOOL -typedef int BOOL; -#define _BOOL /* So we don't typedef BOOL again in vfs.h */ -#endif - typedef struct LUID { uint32 low; @@ -78,7 +49,7 @@ typedef struct LUID_ATTR { LUID luid; uint32 attr; -} LUID_ATTR; +} LUID_ATTR ; typedef struct privilege_set { diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h index 8266fc861f1..52fe08d8753 100644 --- a/source/include/rpc_dce.h +++ b/source/include/rpc_dce.h @@ -87,15 +87,29 @@ enum netsec_direction /* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */ #define MAX_PDU_FRAG_LEN 0x10b8 /* this is what w2k sets */ +/* + * Actual structure of a DCE UUID + */ + +typedef struct rpc_uuid +{ + uint32 time_low; + uint16 time_mid; + uint16 time_hi_and_version; + uint8 remaining[8]; +} RPC_UUID; + +#define RPC_UUID_LEN 16 + /* RPC_IFACE */ typedef struct rpc_iface_info { - struct uuid uuid; /* 16 bytes of rpc interface identification */ + RPC_UUID uuid; /* 16 bytes of rpc interface identification */ uint32 version; /* the interface version number */ } RPC_IFACE; -#define RPC_IFACE_LEN (UUID_SIZE + 4) +#define RPC_IFACE_LEN (RPC_UUID_LEN + 4) struct pipe_id_info { diff --git a/source/include/rpc_ds.h b/source/include/rpc_ds.h index e06918730a4..dc1aeef464e 100644 --- a/source/include/rpc_ds.h +++ b/source/include/rpc_ds.h @@ -64,7 +64,7 @@ typedef struct uint32 dnsname_ptr; uint32 forestname_ptr; - struct uuid domain_guid; + GUID domain_guid; UNISTR2 netbios_domain; @@ -110,7 +110,7 @@ typedef struct { uint32 trust_type; uint32 trust_attributes; uint32 sid_ptr; - struct uuid guid; + GUID guid; UNISTR2 netbios_domain; UNISTR2 dns_domain; @@ -124,7 +124,7 @@ struct ds_domain_trust { uint32 parent_index; uint32 trust_type; uint32 trust_attributes; - struct uuid guid; + GUID guid; DOM_SID sid; char *netbios_domain; diff --git a/source/include/rpc_epmapper.h b/source/include/rpc_epmapper.h deleted file mode 100644 index bbca6ac1f28..00000000000 --- a/source/include/rpc_epmapper.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Endpoint mapper data definitions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#define EPM_HANDLE_LEN 20 - -/* ordinal for the mapping interface */ - -#define EPM_MAP_PIPE_NAME 0x03 - -/* some of the different connection protocols and their IDs from Windows */ - -#define EPM_FLOOR_UUID 0x0d /* floor contains UUID */ -#define EPM_FLOOR_RPC 0x0b /* tower is for connection-oriented rpc */ -#define EPM_FLOOR_TCP 0x07 /* floor contains tcp port number */ -#define EPM_FLOOR_IP 0x09 /* floor contains IP address */ -#define EPM_FLOOR_NMPIPES 0x0f /* floor contains remote named pipe name */ -#define EPM_FLOOR_LRPC 0x10 /* floor contains local named pipe name */ -#define EPM_FLOOR_NETBIOS 0x11 /* floor contains netbios address */ -#define EPM_FLOOR_NETBEUI 0x12 /* floor contains netbeui address */ -#define EPM_FLOOR_SOCKET 0x20 - -#define EPM_PIPE_NM "epmapper" - -#define MAX_TOWERS 1 - -typedef struct -{ - uint8 data[EPM_HANDLE_LEN]; -} EPM_HANDLE; - -typedef struct -{ - struct { - uint16 length; - uint8 protocol; - struct { - struct uuid uuid; - uint16 version; - } uuid; - } lhs; - struct { - uint16 length; - uint16 unknown; - struct { - uint16 port; - } tcp; - struct { - uint8 addr[4]; - } ip; - char string[MAXHOSTNAMELEN+3]; /* hostname + \\ + null term */ - } rhs; -} EPM_FLOOR; - -typedef struct -{ - uint32 max_length; - uint32 length; - uint16 num_floors; - EPM_FLOOR *floors; - uint8 unknown; -} EPM_TOWER; - -typedef struct -{ - EPM_HANDLE handle; - uint32 tower_ref_id; - EPM_TOWER *tower; - EPM_HANDLE term_handle; /* in/out */ - uint32 max_towers; -} EPM_Q_MAP; - -typedef struct -{ - uint32 max_count; - uint32 offset; - uint32 count; - uint32 *tower_ref_ids; - EPM_TOWER *towers; -} EPM_TOWER_ARRAY; - -typedef struct -{ - EPM_HANDLE handle; - uint32 num_results; - EPM_TOWER_ARRAY *results; - uint32 status; -} EPM_R_MAP; - - -/* port mapping entries to be read */ - -typedef struct _mapper_entries{ - uint8 protocol ; - RPC_IFACE uuid_info ; /* needs to be zeroed if no specific uuid */ - uint16 port ; - char pipe_name[40] ; - char srv_name[20] ; - uint8 srv_port[4] ; - char func_name[16][16]; /* array of up to 16 functions available */ -} mapper_entries; - diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h index 29a9cd7306b..2064a38056e 100644 --- a/source/include/rpc_lsa.h +++ b/source/include/rpc_lsa.h @@ -275,7 +275,7 @@ typedef struct lsa_dns_dom_info UNIHDR hdr_dns_dom_name; UNIHDR hdr_forest_name; - struct uuid dom_guid; /* domain GUID */ + GUID dom_guid; /* domain GUID */ UNISTR2 uni_nb_dom_name; UNISTR2 uni_dns_dom_name; @@ -635,20 +635,6 @@ typedef struct lsa_r_unk_get_connuser } LSA_R_UNK_GET_CONNUSER; -typedef struct lsa_q_createaccount -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; - uint32 access; /* access */ -} LSA_Q_CREATEACCOUNT; - -typedef struct lsa_r_createaccount -{ - POLICY_HND pol; /* policy handle */ - NTSTATUS status; -} LSA_R_CREATEACCOUNT; - - typedef struct lsa_q_openaccount { POLICY_HND pol; /* policy handle */ diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h index a5b93b0238a..74e3a50ee4a 100644 --- a/source/include/rpc_netlogon.h +++ b/source/include/rpc_netlogon.h @@ -33,7 +33,6 @@ #define NET_SRVPWSET 0x06 #define NET_SAM_DELTAS 0x07 #define NET_LOGON_CTRL 0x0c -#define NET_GETDCNAME 0x0d #define NET_AUTH2 0x0f #define NET_LOGON_CTRL2 0x0e #define NET_SAM_SYNC 0x10 @@ -299,25 +298,6 @@ typedef struct net_r_logon_ctrl2_info } NET_R_LOGON_CTRL2; -/* NET_Q_GETDCNAME - Ask a DC for a trusted DC name */ - -typedef struct net_q_getdcname -{ - uint32 ptr_logon_server; - UNISTR2 uni_logon_server; - uint32 ptr_domainname; - UNISTR2 uni_domainname; -} NET_Q_GETDCNAME; - -/* NET_R_GETDCNAME - Ask a DC for a trusted DC name */ - -typedef struct net_r_getdcname -{ - uint32 ptr_dcname; - UNISTR2 uni_dcname; - NTSTATUS status; -} NET_R_GETDCNAME; - /* NET_Q_TRUST_DOM_LIST - LSA Query Trusted Domains */ typedef struct net_q_trust_dom_info { diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h index 56145ac024c..5e718f8167d 100644 --- a/source/include/rpc_secdes.h +++ b/source/include/rpc_secdes.h @@ -113,6 +113,13 @@ PROTECTED_SACL_SECURITY_INFORMATION|\ PROTECTED_DACL_SECURITY_INFORMATION) +/* Globally Unique ID */ +#define GUID_SIZE 16 +typedef struct guid_info +{ + uint8 info[GUID_SIZE]; +} GUID; + /* SEC_ACCESS */ typedef struct security_info_info { @@ -131,8 +138,8 @@ typedef struct security_ace_info /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ - struct uuid obj_guid; /* object GUID */ - struct uuid inh_guid; /* inherited object GUID */ + GUID obj_guid; /* object GUID */ + GUID inh_guid; /* inherited object GUID */ /* eof object stuff */ DOM_SID trustee; diff --git a/source/include/rpc_spoolss.h b/source/include/rpc_spoolss.h index d9fc0c6a6ab..f96b4fa96ab 100755 --- a/source/include/rpc_spoolss.h +++ b/source/include/rpc_spoolss.h @@ -375,7 +375,7 @@ PRINTER_MESSAGE_INFO; #define PRINTER_ATTRIBUTE_SAMBA (PRINTER_ATTRIBUTE_RAW_ONLY|\ PRINTER_ATTRIBUTE_SHARED|\ - PRINTER_ATTRIBUTE_LOCAL) + PRINTER_ATTRIBUTE_NETWORK) #define NO_PRIORITY 0 #define MAX_PRIORITY 99 diff --git a/source/include/secrets.h b/source/include/secrets.h index 8c393940586..cb4fbd043a7 100644 --- a/source/include/secrets.h +++ b/source/include/secrets.h @@ -49,13 +49,6 @@ #define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN" #define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD" -/* Trust password type flags */ -#define PASS_MACHINE_TRUST_NT 0x0001 -#define PASS_SERVER_TRUST_NT 0x0002 -#define PASS_DOMAIN_TRUST_NT 0x0004 -#define PASS_MACHINE_TRUST_ADS 0x0008 -#define PASS_DOMAIN_TRUST_ADS 0x0010 - /* structure for storing machine account password (ie. when samba server is member of a domain */ struct machine_acct_pass { diff --git a/source/include/smb.h b/source/include/smb.h index 6de50c8afa1..6c2f74e3b9e 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -195,7 +195,6 @@ typedef smb_ucs2_t wfstring[FSTRING_LEN]; #define PIPE_NETDFS "\\PIPE\\netdfs" #define PIPE_ECHO "\\PIPE\\rpcecho" #define PIPE_SHUTDOWN "\\PIPE\\initshutdown" -#define PIPE_EPM "\\PIPE\\epmapper" #define PIPE_NETLOGON_PLAIN "\\NETLOGON" @@ -210,8 +209,7 @@ typedef smb_ucs2_t wfstring[FSTRING_LEN]; #define PI_NETDFS 8 #define PI_ECHO 9 #define PI_SHUTDOWN 10 -#define PI_EPM 11 -#define PI_MAX_PIPES 12 +#define PI_MAX_PIPES 11 /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */ typedef struct nttime_info @@ -500,7 +498,6 @@ typedef struct connection_struct int ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; time_t lastused; BOOL used; @@ -520,7 +517,6 @@ struct current_user int ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; }; /* Defines for the sent_oplock_break field above. */ @@ -1558,7 +1554,6 @@ typedef struct user_struct gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; DATA_BLOB session_key; @@ -1654,7 +1649,7 @@ struct ip_service { typedef struct smb_sign_info { void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si); - BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si, BOOL expected_ok); + BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si); void (*free_signing_context)(struct smb_sign_info *si); void *signing_context; @@ -1662,18 +1657,6 @@ typedef struct smb_sign_info { BOOL allow_smb_signing; BOOL doing_signing; BOOL mandatory_signing; - BOOL seen_valid; /* Have I ever seen a validly signed packet? */ } smb_sign_info; -struct ea_struct { - uint8 flags; - char *name; - DATA_BLOB value; -}; - -/* EA names used internally in Samba. KEEP UP TO DATE with prohibited_ea_names in trans2.c !. */ -#define SAMBA_POSIX_INHERITANCE_EA_NAME "user.SAMBA_PAI" -/* EA to use for DOS attributes */ -#define SAMBA_XATTR_DOS_ATTRIB "user.DOSATTRIB" - #endif /* _SMB_H */ diff --git a/source/include/smbldap.h b/source/include/smbldap.h index 119479f218d..68a2c00afe0 100644 --- a/source/include/smbldap.h +++ b/source/include/smbldap.h @@ -38,7 +38,6 @@ #define LDAP_OBJ_IDPOOL "sambaUnixIdPool" #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" -#define LDAP_OBJ_PRIVILEGE "sambaPrivilege" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -50,7 +49,6 @@ #define LDAP_ATTRIBUTE_SID "sambaSID" #define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber" #define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber" -#define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList" /* attribute map table indexes */ @@ -95,7 +93,6 @@ #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 #define LDAP_ATTR_MOD_TIMESTAMP 39 -#define LDAP_ATTR_SID_LIST 40 typedef struct _attrib_map_entry { int attrib; @@ -109,7 +106,6 @@ extern ATTRIB_MAP_ENTRY attrib_map_v22[]; extern ATTRIB_MAP_ENTRY attrib_map_v30[]; extern ATTRIB_MAP_ENTRY dominfo_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; -extern ATTRIB_MAP_ENTRY privilege_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; extern ATTRIB_MAP_ENTRY idpool_attr_list[]; extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; diff --git a/source/include/tdbsam2_parse_info.h b/source/include/tdbsam2_parse_info.h deleted file mode 100644 index 35eeaeb2d2c..00000000000 --- a/source/include/tdbsam2_parse_info.h +++ /dev/null @@ -1,2 +0,0 @@ -/* This is an automatically generated file - DO NOT EDIT! */ - diff --git a/source/lib/afs.c b/source/lib/afs.c index ce972ec27b7..789afcdd837 100644 --- a/source/lib/afs.c +++ b/source/lib/afs.c @@ -43,130 +43,6 @@ struct ClearToken { uint32 EndTimestamp; }; -static char *afs_encode_token(const char *cell, const DATA_BLOB ticket, - const struct ClearToken *ct) -{ - char *base64_ticket; - char *result; - - DATA_BLOB key = data_blob(ct->HandShakeKey, 8); - char *base64_key; - - base64_ticket = base64_encode_data_blob(ticket); - if (base64_ticket == NULL) - return NULL; - - base64_key = base64_encode_data_blob(key); - if (base64_key == NULL) { - free(base64_ticket); - return NULL; - } - - asprintf(&result, "%s\n%u\n%s\n%u\n%u\n%u\n%s\n", cell, - ct->AuthHandle, base64_key, ct->ViceId, ct->BeginTimestamp, - ct->EndTimestamp, base64_ticket); - - DEBUG(10, ("Got ticket string:\n%s\n", result)); - - free(base64_ticket); - free(base64_key); - - return result; -} - -static BOOL afs_decode_token(const char *string, char **cell, - DATA_BLOB *ticket, struct ClearToken *ct) -{ - DATA_BLOB blob; - struct ClearToken result_ct; - - char *s = strdup(string); - - char *t; - - if ((t = strtok(s, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); - return False; - } - - *cell = strdup(t); - - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); - return False; - } - - if (sscanf(t, "%u", &result_ct.AuthHandle) != 1) { - DEBUG(10, ("sscanf AuthHandle failed\n")); - return False; - } - - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); - return False; - } - - blob = base64_decode_data_blob(t); - - if ( (blob.data == NULL) || - (blob.length != sizeof(result_ct.HandShakeKey) )) { - DEBUG(10, ("invalid key: %x/%d\n", (uint32)blob.data, - blob.length)); - return False; - } - - memcpy(result_ct.HandShakeKey, blob.data, blob.length); - - data_blob_free(&blob); - - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); - return False; - } - - if (sscanf(t, "%u", &result_ct.ViceId) != 1) { - DEBUG(10, ("sscanf ViceId failed\n")); - return False; - } - - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); - return False; - } - - if (sscanf(t, "%u", &result_ct.BeginTimestamp) != 1) { - DEBUG(10, ("sscanf BeginTimestamp failed\n")); - return False; - } - - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); - return False; - } - - if (sscanf(t, "%u", &result_ct.EndTimestamp) != 1) { - DEBUG(10, ("sscanf EndTimestamp failed\n")); - return False; - } - - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); - return False; - } - - blob = base64_decode_data_blob(t); - - if (blob.data == NULL) { - DEBUG(10, ("Could not get ticket\n")); - return False; - } - - *ticket = blob; - *ct = result_ct; - - return True; -} - /* Put an AFS token into the Kernel so that it can authenticate against the AFS server. This assumes correct local uid settings. @@ -177,9 +53,9 @@ static BOOL afs_decode_token(const char *string, char **cell, to avoid. */ -static BOOL afs_settoken(const char *cell, +static BOOL afs_settoken(const char *username, const char *cell, const struct ClearToken *ctok, - DATA_BLOB ticket) + char *v4tkt_data, int v4tkt_length) { int ret; struct { @@ -191,10 +67,10 @@ static BOOL afs_settoken(const char *cell, char *p = buf; int tmp; - memcpy(p, &ticket.length, sizeof(uint32)); + memcpy(p, &v4tkt_length, sizeof(uint32)); p += sizeof(uint32); - memcpy(p, ticket.data, ticket.length); - p += ticket.length; + memcpy(p, v4tkt_data, v4tkt_length); + p += v4tkt_length; tmp = sizeof(struct ClearToken); memcpy(p, &tmp, sizeof(uint32)); @@ -233,69 +109,90 @@ static BOOL afs_settoken(const char *cell, return (ret == 0); } -BOOL afs_settoken_str(const char *token_string) +/* + This routine takes a radical approach completely defeating the + Kerberos idea of security and using AFS simply as an intelligent + file backend. Samba has persuaded itself somehow that the user is + actually correctly identified and then we create a ticket that the + AFS server hopefully accepts using its KeyFile that the admin has + kindly stored to our secrets.tdb. + + Thanks to the book "Network Security -- PRIVATE Communication in a + PUBLIC World" by Charlie Kaufman, Radia Perlman and Mike Speciner + Kerberos 4 tickets are not really hard to construct. + + For the comments "Alice" is the User to be auth'ed, and "Bob" is the + AFS server. */ + +BOOL afs_login(connection_struct *conn) { - DATA_BLOB ticket; - struct ClearToken ct; - BOOL result; + fstring ticket; + char *p = ticket; + uint32 len; + struct afs_key key; + pstring afs_username; char *cell; - if (!afs_decode_token(token_string, &cell, &ticket, &ct)) - return False; + struct ClearToken ct; - if (geteuid() != 0) - ct.ViceId = getuid(); + uint32 now; /* I assume time() returns 32 bit */ - result = afs_settoken(cell, &ct, ticket); + des_key_schedule key_schedule; - SAFE_FREE(cell); - data_blob_free(&ticket); + pstrcpy(afs_username, lp_afs_username_map()); + standard_sub_conn(conn, afs_username, sizeof(afs_username)); - return result; - } + /* The pts command always generates completely lower-case user + * names. */ + strlower_m(afs_username); -/* Create a ClearToken and an encrypted ticket. ClearToken has not yet the - * ViceId set, this should be set by the caller. */ + cell = strchr(afs_username, '@'); -static BOOL afs_createtoken(const char *username, const char *cell, - DATA_BLOB *ticket, struct ClearToken *ct) -{ - fstring clear_ticket; - char *p = clear_ticket; - uint32 len; - uint32 now; + if (cell == NULL) { + DEBUG(1, ("AFS username doesn't contain a @, " + "could not find cell\n")); + return False; + } - struct afs_key key; - des_key_schedule key_schedule; + *cell = '\0'; + cell += 1; + + DEBUG(10, ("Trying to log into AFS for user %s@%s\n", + afs_username, cell)); if (!secrets_init()) return False; if (!secrets_fetch_afs_key(cell, &key)) { - DEBUG(1, ("Could not fetch AFS service key\n")); + DEBUG(5, ("Could not fetch AFS service key\n")); return False; } - ct->AuthHandle = key.kvno; + ct.AuthHandle = key.kvno; /* Build the ticket. This is going to be encrypted, so in our way we fill in ct while we still have the unencrypted form. */ - p = clear_ticket; + p = ticket; /* The byte-order */ *p = 1; p += 1; /* "Alice", the client username */ - strncpy(p, username, sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1); + strncpy(p, afs_username, sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - strncpy(p, "", sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1); + strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - strncpy(p, cell, sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1); + strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; + /* This assumes that we have setresuid and set the real uid as well as + the effective uid in set_effective_uid(). */ + ct.ViceId = getuid(); + DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId)); + /* Alice's network layer address. At least Openafs-1.2.10 ignores this, so we fill in a dummy value here. */ SIVAL(p, 0, 0); @@ -306,7 +203,7 @@ static BOOL afs_createtoken(const char *username, const char *cell, /* Our client code needs the the key in the clear, it does not know the server-key ... */ - memcpy(ct->HandShakeKey, p, 8); + memcpy(ct.HandShakeKey, p, 8); p += 8; @@ -319,151 +216,37 @@ static BOOL afs_createtoken(const char *username, const char *cell, /* Ticket creation time */ now = time(NULL); SIVAL(p, 0, now); - ct->BeginTimestamp = now; + ct.BeginTimestamp = now; - ct->EndTimestamp = now + (255*60*5); - if (((ct->EndTimestamp - ct->BeginTimestamp) & 1) == 1) { - ct->BeginTimestamp += 1; /* Lifetime must be even */ + ct.EndTimestamp = now + (255*60*5); + if (((ct.EndTimestamp - ct.BeginTimestamp) & 1) == 1) { + ct.BeginTimestamp += 1; /* Lifetime must be even */ } p += 4; /* And here comes Bob's name and instance, in this case the AFS server. */ - strncpy(p, "afs", sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1); + strncpy(p, "afs", sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - strncpy(p, "", sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1); + strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; /* And zero-pad to a multiple of 8 bytes */ - len = PTR_DIFF(p, clear_ticket); + len = PTR_DIFF(p, ticket); if (len & 7) { uint32 extra_space = 8-(len & 7); memset(p, 0, extra_space); p+=extra_space; } - len = PTR_DIFF(p, clear_ticket); + len = PTR_DIFF(p, ticket); des_key_sched((const_des_cblock *)key.key, key_schedule); - des_pcbc_encrypt(clear_ticket, clear_ticket, + des_pcbc_encrypt(ticket, ticket, len, key_schedule, (C_Block *)key.key, 1); ZERO_STRUCT(key); - *ticket = data_blob(clear_ticket, len); - - return True; -} - -char *afs_createtoken_str(const char *username, const char *cell) -{ - DATA_BLOB ticket; - struct ClearToken ct; - char *result; - - if (!afs_createtoken(username, cell, &ticket, &ct)) - return NULL; - - result = afs_encode_token(cell, ticket, &ct); - - data_blob_free(&ticket); - - return result; -} - -/* - This routine takes a radical approach completely bypassing the - Kerberos idea of security and using AFS simply as an intelligent - file backend. Samba has persuaded itself somehow that the user is - actually correctly identified and then we create a ticket that the - AFS server hopefully accepts using its KeyFile that the admin has - kindly stored to our secrets.tdb. - - Thanks to the book "Network Security -- PRIVATE Communication in a - PUBLIC World" by Charlie Kaufman, Radia Perlman and Mike Speciner - Kerberos 4 tickets are not really hard to construct. - - For the comments "Alice" is the User to be auth'ed, and "Bob" is the - AFS server. */ - -BOOL afs_login(connection_struct *conn) -{ - DATA_BLOB ticket; - pstring afs_username; - char *cell; - BOOL result; - - struct ClearToken ct; - - pstrcpy(afs_username, lp_afs_username_map()); - standard_sub_conn(conn, afs_username, sizeof(afs_username)); - - /* The pts command always generates completely lower-case user - * names. */ - strlower_m(afs_username); - - cell = strchr(afs_username, '@'); - - if (cell == NULL) { - DEBUG(1, ("AFS username doesn't contain a @, " - "could not find cell\n")); - return False; - } - - *cell = '\0'; - cell += 1; - - DEBUG(10, ("Trying to log into AFS for user %s@%s\n", - afs_username, cell)); - - if (!afs_createtoken(afs_username, cell, &ticket, &ct)) - return False; - - /* For which Unix-UID do we want to set the token? */ - ct.ViceId = getuid(); - - { - char *str, *new_cell; - DATA_BLOB test_ticket; - struct ClearToken test_ct; - - hex_encode(ct.HandShakeKey, sizeof(ct.HandShakeKey), &str); - DEBUG(10, ("Key: %s\n", str)); - free(str); - - str = afs_encode_token(cell, ticket, &ct); - - if (!afs_decode_token(str, &new_cell, &test_ticket, - &test_ct)) { - DEBUG(0, ("Could not decode token")); - goto decode_failed; - } - - if (strcmp(cell, new_cell) != 0) { - DEBUG(0, ("cell changed\n")); - } - - if ((ticket.length != test_ticket.length) || - (memcmp(ticket.data, test_ticket.data, - ticket.length) != 0)) { - DEBUG(0, ("Ticket changed\n")); - } - - if (memcmp(&ct, &test_ct, sizeof(ct)) != 0) { - DEBUG(0, ("ClearToken changed\n")); - } - - data_blob_free(&test_ticket); - - decode_failed: - SAFE_FREE(str); - SAFE_FREE(new_cell); - } - - result = afs_settoken(cell, &ct, ticket); - - data_blob_free(&ticket); - - return result; + return afs_settoken(afs_username, cell, &ct, ticket, len); } #else @@ -473,14 +256,4 @@ BOOL afs_login(connection_struct *conn) return True; } -BOOL afs_settoken_str(const char *token_string) -{ - return False; -} - -char *afs_createtoken_str(const char *username, const char *cell) -{ - return False; -} - #endif /* WITH_FAKE_KASERVER */ diff --git a/source/lib/charcnv.c b/source/lib/charcnv.c index b9791931a35..11b1448f1eb 100644 --- a/source/lib/charcnv.c +++ b/source/lib/charcnv.c @@ -130,21 +130,9 @@ void init_iconv(void) conv_handles[c1][c2] = smb_iconv_open(n2,n1); if (conv_handles[c1][c2] == (smb_iconv_t)-1) { - DEBUG(0,("init_iconv: Conversion from %s to %s not supported\n", + DEBUG(0,("Conversion from %s to %s not supported\n", charset_name((charset_t)c1), charset_name((charset_t)c2))); - if (c1 != CH_UCS2) { - n1 = "ASCII"; - } - if (c2 != CH_UCS2) { - n2 = "ASCII"; - } - DEBUG(0,("init_iconv: Attempting to replace with conversion from %s to %s\n", - n1, n2 )); - conv_handles[c1][c2] = smb_iconv_open(n2,n1); - if (!conv_handles[c1][c2]) { - DEBUG(0,("init_iconv: Conversion from %s to %s failed", n1, n2)); - smb_panic("init_iconv: conv_handle initialization failed."); - } + conv_handles[c1][c2] = NULL; } } } @@ -489,6 +477,8 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to, if (descriptor == (smb_iconv_t)-1 || descriptor == (smb_iconv_t)0) { if (!conv_silent) DEBUG(0,("convert_string_allocate: Conversion not supported.\n")); + if (allow_bad_conv) + goto use_as_is; return (size_t)-1; } diff --git a/source/lib/debug.c b/source/lib/debug.c index 1a926053bb0..0050761e9a8 100644 --- a/source/lib/debug.c +++ b/source/lib/debug.c @@ -84,13 +84,6 @@ BOOL debug_warn_unknown_class = True; BOOL debug_auto_add_unknown_class = True; BOOL AllowDebugChange = True; -/* - used to check if the user specified a - logfile on the command line -*/ -BOOL override_logfile; - - /* * This is to allow assignment to DEBUGLEVEL before the debug * system has been initialised. diff --git a/source/lib/genparser.c b/source/lib/genparser.c deleted file mode 100644 index 7476b5d0aff..00000000000 --- a/source/lib/genparser.c +++ /dev/null @@ -1,783 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -#include "includes.h" - -/* see if a range of memory is all zero. Used to prevent dumping of zero elements */ -static int all_zero(const char *ptr, unsigned size) -{ - int i; - if (!ptr) return 1; - for (i=0;i<size;i++) { - if (ptr[i]) return 0; - } - return 1; -} - -/* encode a buffer of bytes into a escaped string */ -static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len) -{ - const char *hexdig = "0123456789abcdef"; - char *ret, *p; - unsigned i; - ret = talloc(mem_ctx, len*3 + 1); /* worst case size */ - if (!ret) return NULL; - for (p=ret,i=0;i<len;i++) { - if (isalnum(ptr[i]) || isspace(ptr[i]) || - (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) { - *p++ = ptr[i]; - } else { - unsigned char c = *(unsigned char *)(ptr+i); - if (c == 0 && all_zero(ptr+i, len-i)) break; - p[0] = '\\'; - p[1] = hexdig[c>>4]; - p[2] = hexdig[c&0xF]; - p += 3; - } - } - - *p = 0; - - return ret; -} - -/* decode an escaped string from encode_bytes() into a buffer */ -static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len) -{ - char *ret, *p; - unsigned i; - int slen = strlen(s) + 1; - - ret = talloc(mem_ctx, slen); /* worst case length */ - if (!ret) - return NULL; - memset(ret, 0, slen); - - if (*s == '{') s++; - - for (p=ret,i=0;s[i];i++) { - if (s[i] == '}') { - break; - } else if (s[i] == '\\') { - unsigned v; - if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) { - return NULL; - } - *(unsigned char *)p = v; - p++; - i += 2; - } else { - *p++ = s[i]; - } - } - *p = 0; - - (*len) = (unsigned)(p - ret); - - return ret; -} - -/* the add*() functions deal with adding things to a struct - parse_string */ - -/* allocate more space if needed */ -static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n) -{ - if (p->length + n <= p->allocated) return 0; - p->allocated = p->length + n + 200; - p->s = talloc_realloc(mem_ctx, p->s, p->allocated); - if (!p->s) { - errno = ENOMEM; - return -1; - } - return 0; -} - -/* add a character to the buffer */ -static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c) -{ - if (addgen_alloc(mem_ctx, p, 2) != 0) { - return -1; - } - p->s[p->length++] = c; - p->s[p->length] = 0; - return 0; -} - -/* add a string to the buffer */ -int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, len+1) != 0) { - return -1; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* add a string to the buffer with a tab prefix */ -static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) { - return -1; - } - while (indent--) { - p->s[p->length++] = '\t'; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* note! this can only be used for results up to 60 chars wide! */ -int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char buf[60]; - int n; - va_list ap; - va_start(ap, fmt); - n = vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - return 0; -} - -/* - this is here to make it easier for people to write dump functions - for their own types - */ -int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char *buf = NULL; - int n; - va_list ap; - va_start(ap, fmt); - n = vasprintf(&buf, fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - if (buf) free(buf); - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - if (buf) free(buf); - return 0; -} - -/* dump a enumerated type */ -int gen_dump_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - unsigned v = *(unsigned *)ptr; - int i; - for (i=0;einfo[i].name;i++) { - if (v == einfo[i].value) { - addstr(mem_ctx, p, einfo[i].name); - return 0; - } - } - /* hmm, maybe we should just fail? */ - return gen_dump_unsigned(mem_ctx, p, ptr, indent); -} - -/* dump a single non-array element, hanlding struct and enum */ -static int gen_dump_one(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - unsigned indent) -{ - if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) { - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addchar(mem_ctx, p,'{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}")) { - return -1; - } - return 0; - } - - return pinfo->dump_fn(mem_ctx, p, ptr, indent); -} - -/* handle dumping of an array of arbitrary type */ -static int gen_dump_array(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - int array_len, - int indent) -{ - int i, count=0; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - char *s = encode_bytes(mem_ctx, ptr, array_len); - if (!s) return -1; - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = {") || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - return 0; - } - - for (i=0;i<array_len;i++) { - const char *p2 = ptr; - unsigned size = pinfo->size; - - /* generic pointer dereference */ - if (pinfo->ptr_count) { - p2 = *(const char **)ptr; - size = sizeof(void *); - } - - if ((count || pinfo->ptr_count) && - !(pinfo->flags & FLAG_ALWAYS) && - all_zero(ptr, size)) { - ptr += size; - continue; - } - if (count == 0) { - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addshort(mem_ctx, p, " = %u:", i)) { - return -1; - } - } else { - if (addshort(mem_ctx, p, ", %u:", i) != 0) { - return -1; - } - } - if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) { - return -1; - } - ptr += size; - count++; - } - if (count) { - return addstr(mem_ctx, p, "\n"); - } - return 0; -} - -/* find a variable by name in a loaded structure and return its value - as an integer. Used to support dynamic arrays */ -static int find_var(const struct parse_struct *pinfo, - const char *data, - const char *var) -{ - int i; - const char *ptr; - - /* this allows for constant lengths */ - if (isdigit(*var)) { - return atoi(var); - } - - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, var) == 0) break; - } - if (!pinfo[i].name) return -1; - - ptr = data + pinfo[i].offset; - - switch (pinfo[i].size) { - case sizeof(int): - return *(int *)ptr; - case sizeof(char): - return *(char *)ptr; - } - - return -1; -} - - -int gen_dump_struct(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1); - if (!s) return -1; - if (addstr(mem_ctx, p, "{\n") || - addstr(mem_ctx, p, s) || - addtabbed(mem_ctx, p, "}", indent)) { - return -1; - } - return 0; -} - -static int gen_dump_string(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - const char *ptr = *(char **)data; - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = ") || - addchar(mem_ctx, p, '{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - return 0; -} - -/* - find the length of a nullterm array -*/ -static int len_nullterm(const char *ptr, int size, int array_len) -{ - int len; - - if (size == 1) { - len = strnlen(ptr, array_len); - } else { - for (len=0; len < array_len; len++) { - if (all_zero(ptr+len*size, size)) break; - } - } - - if (len == 0) len = 1; - - return len; -} - - -/* the generic dump routine. Scans the parse information for this structure - and processes it recursively */ -char *gen_dump(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - struct parse_string p; - int i; - - p.length = 0; - p.allocated = 0; - p.s = NULL; - - if (addstr(mem_ctx, &p, "") != 0) { - return NULL; - } - - for (i=0;pinfo[i].name;i++) { - const char *ptr = data + pinfo[i].offset; - unsigned size = pinfo[i].size; - - if (pinfo[i].ptr_count) { - size = sizeof(void *); - } - - /* special handling for array types */ - if (pinfo[i].array_len) { - unsigned len = pinfo[i].array_len; - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(ptr, size, len); - } - if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr, - len, indent)) { - goto failed; - } - continue; - } - - /* and dynamically sized arrays */ - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - struct parse_struct p2 = pinfo[i]; - if (len < 0) { - goto failed; - } - if (len > 0) { - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(*(char **)ptr, - pinfo[i].size, len); - } - p2.ptr_count--; - p2.dynamic_len = NULL; - if (gen_dump_array(mem_ctx, &p, &p2, - *(char **)ptr, - len, indent) != 0) { - goto failed; - } - } - continue; - } - - /* don't dump zero elements */ - if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue; - - /* assume char* is a null terminated string */ - if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 && - pinfo[i].dump_fn == gen_dump_char) { - if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) { - goto failed; - } - continue; - } - - /* generic pointer dereference */ - if (pinfo[i].ptr_count) { - ptr = *(const char **)ptr; - } - - if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) || - addstr(mem_ctx, &p, " = ") || - gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) || - addstr(mem_ctx, &p, "\n")) { - goto failed; - } - } - return p.s; - -failed: - return NULL; -} - -/* search for a character in a string, skipping over sections within - matching braces */ -static char *match_braces(char *s, char c) -{ - int depth = 0; - while (*s) { - switch (*s) { - case '}': - depth--; - break; - case '{': - depth++; - break; - } - if (depth == 0 && *s == c) { - return s; - } - s++; - } - return s; -} - -/* parse routine for enumerated types */ -int gen_parse_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - char *ptr, - const char *str) -{ - unsigned v; - int i; - - if (isdigit(*str)) { - if (sscanf(str, "%u", &v) != 1) { - errno = EINVAL; - return -1; - } - *(unsigned *)ptr = v; - return 0; - } - - for (i=0;einfo[i].name;i++) { - if (strcmp(einfo[i].name, str) == 0) { - *(unsigned *)ptr = einfo[i].value; - return 0; - } - } - - /* unknown enum value?? */ - return -1; -} - - -/* parse all base types */ -static int gen_parse_base(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str) -{ - if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) { - unsigned len; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s) return -1; - *(char **)ptr = s; - return 0; - } - - if (pinfo->ptr_count) { - unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size; - struct parse_struct p2 = *pinfo; - *(void **)ptr = talloc(mem_ctx, size); - if (! *(void **)ptr) { - return -1; - } - memset(*(void **)ptr, 0, size); - ptr = *(char **)ptr; - p2.ptr_count--; - return gen_parse_base(mem_ctx, &p2, ptr, str); - } - - return pinfo->parse_fn(mem_ctx, ptr, str); -} - -/* parse a generic array */ -static int gen_parse_array(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str, - int array_len) -{ - char *p, *p2; - unsigned size = pinfo->size; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - unsigned len = 0; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s || (len > array_len)) return -1; - memset(ptr, 0, array_len); - memcpy(ptr, s, len); - return 0; - } - - if (pinfo->ptr_count) { - size = sizeof(void *); - } - - while (*str) { - unsigned idx; - int done; - - idx = atoi(str); - p = strchr(str,':'); - if (!p) break; - p++; - p2 = match_braces(p, ','); - done = (*p2 != ','); - *p2 = 0; - - if (*p == '{') { - p++; - p[strlen(p)-1] = 0; - } - - if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) { - return -1; - } - - if (done) break; - str = p2+1; - } - - return 0; -} - -/* parse one element, hanlding dynamic and static arrays */ -static int gen_parse_one(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *name, - char *data, - const char *str) -{ - int i; - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, name) == 0) { - break; - } - } - if (pinfo[i].name == NULL) { - return 0; - } - - if (pinfo[i].array_len) { - return gen_parse_array(mem_ctx, &pinfo[i], - data+pinfo[i].offset, - str, pinfo[i].array_len); - } - - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - if (len < 0) { - errno = EINVAL; - return -1; - } - if (len > 0) { - struct parse_struct p2 = pinfo[i]; - char *ptr; - unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size; - ptr = talloc(mem_ctx, len*size); - if (!ptr) { - errno = ENOMEM; - return -1; - } - memset(ptr, 0, len*size); - *((char **)(data + pinfo[i].offset)) = ptr; - p2.ptr_count--; - p2.dynamic_len = NULL; - return gen_parse_array(mem_ctx, &p2, ptr, str, len); - } - return 0; - } - - return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str); -} - -int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str) -{ - return gen_parse(mem_ctx, pinfo, ptr, str); -} - -/* the main parse routine */ -int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s) -{ - char *str, *s0; - - s0 = talloc_strdup(mem_ctx, s); - str = s0; - - while (*str) { - char *p; - char *name; - char *value; - - /* skip leading whitespace */ - while (isspace(*str)) str++; - - p = strchr(str, '='); - if (!p) break; - value = p+1; - while (p > str && isspace(*(p-1))) { - p--; - } - - *p = 0; - name = str; - - while (isspace(*value)) value++; - - if (*value == '{') { - str = match_braces(value, '}'); - value++; - } else { - str = match_braces(value, '\n'); - } - - *str++ = 0; - - if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) { - return -1; - } - } - - return 0; -} - - - -/* for convenience supply some standard dumpers and parsers here */ - -int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned char *)ptr = atoi(str); - return 0; -} - -int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(int *)ptr = atoi(str); - return 0; -} - -int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(time_t *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(double *)ptr = atof(str); - return 0; -} - -int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(float *)ptr = atof(str); - return 0; -} - -int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr)); -} - -int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%d", *(int *)(ptr)); -} - -int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr)); -} - -int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(time_t *)(ptr)); -} - -int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%lg", *(double *)(ptr)); -} - -int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%g", *(float *)(ptr)); -} diff --git a/source/lib/genparser_samba.c b/source/lib/genparser_samba.c deleted file mode 100644 index 8f469a46d6a..00000000000 --- a/source/lib/genparser_samba.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "genparser_samba.h" - -/* PARSE functions */ - -int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint8 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint16 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint32 *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - -int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(!string_to_sid((DOM_SID *)ptr, str)) return -1; - return 0; -} - -int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - int info[UUID_FLAT_SIZE]; - int i; - char *sc; - char *p; - char *m; - - m = strdup(str); - if (!m) return -1; - sc = m; - - memset(info, 0, sizeof(info)); - for (i = 0; i < UUID_FLAT_SIZE; i++) { - p = strchr(sc, ','); - if (p != NULL) p = '\0'; - info[i] = atoi(sc); - if (p != NULL) sc = p + 1; - } - free(m); - - for (i = 0; i < UUID_FLAT_SIZE; i++) { - ((UUID_FLAT *)ptr)->info[i] = info[i]; - } - - return 0; -} - -int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str); -} - -int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str); -} - -int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str); -} - -int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str); -} - -int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - -int gen_parse_DATA_BLOB(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_data_blob_info, ptr, str); -} - -int gen_parse_TALLOC_CTX(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - (TALLOC_CTX *)ptr = NULL; - return 0; -} - -/* DUMP functions */ - -int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr)); -} - -int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr)); -} - -int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr)); -} - -int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((NTTIME *)(ptr))->high; - low = ((NTTIME *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - -int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - fstring sidstr; - - sid_to_string(sidstr, (DOM_SID *)ptr); - return addstr(mem_ctx, p, sidstr); -} - -int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask); -} - -int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - int i, r; - - for (i = 0; i < (UUID_FLAT_SIZE - 1); i++) { - if (!(r = addshort(mem_ctx, p, "%d,", ((UUID_FLAT *)ptr)->info[i]))) return r; - } - return addshort(mem_ctx, p, "%d", ((UUID_FLAT *)ptr)->info[i]); -} - -int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent); -} - -int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent); -} - -int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent); -} - -int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent); -} - -int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((LUID *)(ptr))->high; - low = ((LUID *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - -int gen_dump_DATA_BLOB(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_data_blob_info, p, ptr, indent); -} - -int gen_dump_TALLOC_CTX(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "TALLOC_CTX"); -} diff --git a/source/lib/pam_errors.c b/source/lib/pam_errors.c index 925441fb1d4..212d3831fd5 100644 --- a/source/lib/pam_errors.c +++ b/source/lib/pam_errors.c @@ -36,7 +36,7 @@ static const struct { {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL}, {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL}, {PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL}, + {PAM_BUF_ERR, NT_STATUS_NO_MEMORY}, {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED}, {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD}, {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */ @@ -69,6 +69,8 @@ static const struct { {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED}, {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED}, {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD}, + {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES}, + {NT_STATUS_NO_MEMORY, PAM_BUF_ERR}, {NT_STATUS_OK, PAM_SUCCESS} }; diff --git a/source/lib/popt_common.c b/source/lib/popt_common.c index 6c35213d43a..9a5a1120225 100644 --- a/source/lib/popt_common.c +++ b/source/lib/popt_common.c @@ -35,7 +35,6 @@ extern pstring user_socket_options; extern BOOL AllowDebugChange; -extern BOOL override_logfile; struct user_auth_info cmdline_auth_info; @@ -96,7 +95,6 @@ static void popt_common_callback(poptContext con, if (arg) { pstr_sprintf(logfile, "%s/log.%s", arg, pname); lp_set_logfile(logfile); - override_logfile = True; } break; diff --git a/source/lib/privileges.c b/source/lib/privileges.c index abbaf112d34..b9d4df301d9 100644 --- a/source/lib/privileges.c +++ b/source/lib/privileges.c @@ -26,43 +26,6 @@ #define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) #define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) - -PRIVS privs[] = { - {SE_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ - {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"}, - {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"}, - {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"}, - {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"}, - {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"}, - {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"}, - {SE_TCB, "SeTcbPrivilege", "TCB"}, - {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, - {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, - {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, - {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"}, - {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, - {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, - {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, - {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"}, - {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, - {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, - {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, - {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, - {SE_AUDIT, "SeAuditPrivilege", "Audit"}, - {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, - {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, - {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, - {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, - {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"}, - {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} -}; - - - /**************************************************************************** Check if a user is a mapped group. @@ -102,10 +65,9 @@ NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) /**************************************************************************** duplicate alloc luid_attr ****************************************************************************/ -NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la, int count) +NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la) { NTSTATUS ret; - int i; /* don't crash if the source pointer is NULL (since we don't do priviledges now anyways) */ @@ -113,14 +75,12 @@ NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR * if ( !old_la ) return NT_STATUS_OK; - *new_la = (LUID_ATTR *)talloc(mem_ctx, count*sizeof(LUID_ATTR)); + *new_la = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR)); ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); - for (i=0; i<count; i++) { - (*new_la)[i].luid.high = old_la[i].luid.high; - (*new_la)[i].luid.low = old_la[i].luid.low; - (*new_la)[i].attr = old_la[i].attr; - } + (*new_la)->luid.high = old_la->luid.high; + (*new_la)->luid.low = old_la->luid.low; + (*new_la)->attr = old_la->attr; ret = NT_STATUS_OK; @@ -173,9 +133,6 @@ void reset_privilege(PRIVILEGE_SET *priv_set) void destroy_privilege(PRIVILEGE_SET **priv_set) { - if (priv_set == NULL || *priv_set == NULL) - return; - reset_privilege(*priv_set); if (!((*priv_set)->ext_ctx)) /* mem_ctx is local, destroy it */ @@ -213,27 +170,6 @@ done: return ret; } -NTSTATUS add_privilege_by_name(PRIVILEGE_SET *priv_set, const char *name) -{ - int e; - - for (e = 0; privs[e].se_priv != SE_ALL_PRIVS; e++) { - if (StrCaseCmp(privs[e].priv, name) == 0) { - LUID_ATTR la; - - la.attr = 0; - la.luid.high = 0; - la.luid.low = privs[e].se_priv; - - return add_privilege(priv_set, la); - } - } - - DEBUG(1, ("add_privilege_by_name: No Such Privilege Found (%s)\n", name)); - - return NT_STATUS_UNSUCCESSFUL; -} - /**************************************************************************** add all the privileges to a privilege array ****************************************************************************/ @@ -246,15 +182,15 @@ NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set) set.luid.high = 0; /* TODO: set a proper list of privileges */ - set.luid.low = SE_ADD_USERS; + set.luid.low = SE_PRIV_ADD_USERS; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); - set.luid.low = SE_MACHINE_ACCOUNT; + set.luid.low = SE_PRIV_ADD_MACHINES; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); - set.luid.low = SE_PRINT_OPERATOR; + set.luid.low = SE_PRIV_PRINT_OPERATOR; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); @@ -378,7 +314,7 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) LUID_ATTR *old_set; int i; - if (new_priv_set == NULL || priv_set == NULL) + if (!new_priv_set || !priv_set) return NT_STATUS_INVALID_PARAMETER; /* special case if there are no privileges in the list */ @@ -393,7 +329,7 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) old_set = priv_set->set; - new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count) * (sizeof(LUID_ATTR))); + new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); ALLOC_CHECK(new_set, ret, done, "dup_priv_set"); for (i=0; i < priv_set->count; i++) { @@ -412,31 +348,3 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) done: return ret; } - - -NTSTATUS user_has_privilege(struct current_user *user, uint32 privilege) -{ - LUID_ATTR set; - - set.attr = 0; - set.luid.high = 0; - set.luid.low = privilege; - - return check_priv_in_privilege(user->privs, set); -} - -BOOL luid_to_privilege_name(const LUID *set, fstring name) -{ - int i; - - if (set->high != 0) - return False; - - for (i=1; i<PRIV_ALL_INDEX-1; i++) { - if (set->low == privs[i].se_priv) { - fstrcpy(name, privs[i].priv); - return True; - } - } - return False; -} diff --git a/source/lib/secace.c b/source/lib/secace.c index 8c54c970433..6769f1288a2 100644 --- a/source/lib/secace.c +++ b/source/lib/secace.c @@ -48,8 +48,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->size = ace_src->size; ace_dest->info.mask = ace_src->info.mask; ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct uuid)); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct uuid)); + memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE); + memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE); sid_copy(&ace_dest->trustee, &ace_src->trustee); } diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c index 14a46fc5fb0..18979e2f76f 100644 --- a/source/lib/smbldap.c +++ b/source/lib/smbldap.c @@ -123,7 +123,6 @@ ATTRIB_MAP_ENTRY groupmap_attr_list[] = { { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, { LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, - { LDAP_ATTR_SID_LIST, "sambaSIDList" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_CN, "cn" }, @@ -136,7 +135,6 @@ ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = { { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, - { LDAP_ATTR_SID_LIST, "sambaSIDList" }, { LDAP_ATTR_LIST_END, NULL } }; @@ -157,16 +155,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { { LDAP_ATTR_LIST_END, NULL } }; -/* privileges */ - -ATTRIB_MAP_ENTRY privilege_attr_list[] = { - { LDAP_ATTR_CN, "sambaPrivName" }, - { LDAP_ATTR_SID_LIST, LDAP_ATTRIBUTE_SID_LIST }, - { LDAP_ATTR_DESC, "description" }, - { LDAP_ATTR_OBJCLASS, "objectClass" }, - { LDAP_ATTR_LIST_END, NULL } -}; - /********************************************************************** perform a simple table lookup and return the attribute name **********************************************************************/ @@ -1212,6 +1200,181 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ return NT_STATUS_OK; } +/********************************************************************** + Add the sambaDomain to LDAP, so we don't have to search for this stuff + again. This is a once-add operation for now. + + TODO: Add other attributes, and allow modification. +*********************************************************************/ +static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, + const char *domain_name) +{ + fstring sid_string; + fstring algorithmic_rid_base_string; + pstring filter, dn; + LDAPMod **mods = NULL; + int rc; + int ldap_op; + LDAPMessage *result = NULL; + int num_result; + char **attr_list; + uid_t u_low, u_high; + gid_t g_low, g_high; + uint32 rid_low, rid_high; + + slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, LDAP_OBJ_DOMINFO); + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + num_result = ldap_count_entries(ldap_state->ldap_struct, result); + + if (num_result > 1) { + DEBUG (0, ("More than domain with that name exists: bailing out!\n")); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + /* Check if we need to add an entry */ + DEBUG(3,("Adding new domain\n")); + ldap_op = LDAP_MOD_ADD; + + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, lp_ldap_suffix()); + + /* Free original search */ + ldap_msgfree(result); + + /* make the changes - the entry *must* not already have samba attributes */ + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + /* If we don't have an entry, then ask secrets.tdb for what it thinks. + It may choose to make it up */ + + sid_to_string(sid_string, get_global_sam_sid()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); + + slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), + algorithmic_rid_base_string); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); + + /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. + TODO: fix all the places where the line between idmap and normal operations + needed by smbd gets fuzzy --jerry 2003-08-11 */ + + if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) + && get_free_rid_range(&rid_low, &rid_high) ) + { + fstring rid_str; + + fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); + DEBUG(10,("setting next available user rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), + rid_str); + + fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); + DEBUG(10,("setting next available group rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + rid_str); + + } + + + switch(ldap_op) + { + case LDAP_MOD_ADD: + rc = smbldap_add(ldap_state, dn, mods); + break; + case LDAP_MOD_REPLACE: + rc = smbldap_modify(ldap_state, dn, mods); + break; + default: + DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); + return NT_STATUS_INVALID_PARAMETER; + } + + if (rc!=LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", + ldap_op == LDAP_MOD_ADD ? "add" : "modify", + dn, ldap_err2string(rc), + ld_error?ld_error:"unknown")); + SAFE_FREE(ld_error); + + ldap_mods_free(mods, True); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); + ldap_mods_free(mods, True); + return NT_STATUS_OK; +} + +/********************************************************************** +Search for the domain info entry +*********************************************************************/ +NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, + LDAPMessage ** result, const char *domain_name, + BOOL try_add) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + pstring filter; + int rc; + char **attr_list; + int count; + + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", + LDAP_OBJ_DOMINFO, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + DEBUG(2, ("Searching for:[%s]\n", filter)); + + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); + DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { + DEBUG(3, ("Got no domain info entries for domain\n")); + ldap_msgfree(*result); + *result = NULL; + if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { + return smbldap_search_domain_info(ldap_state, result, domain_name, False); + } + else { + DEBUG(0, ("Adding domain info for %s failed with %s\n", + domain_name, nt_errstr(ret))); + return ret; + } + } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { + DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", + count, domain_name)); + ldap_msgfree(*result); + *result = NULL; + return ret; + } else { + return NT_STATUS_OK; + } + + return ret; +} + /******************************************************************* Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX. ********************************************************************/ @@ -1232,3 +1395,4 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) ldap_memfree(utf8_dn); return unix_dn; } + diff --git a/source/lib/smbldap_util.c b/source/lib/smbldap_util.c deleted file mode 100644 index f6097599bc5..00000000000 --- a/source/lib/smbldap_util.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - Unix SMB/CIFS mplementation. - LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 - Copyright (C) Gerald Carter 2001-2003 - Copyright (C) Shahms King 2001 - Copyright (C) Andrew Bartlett 2002-2003 - Copyright (C) Stefan (metze) Metzmacher 2002-2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include "includes.h" -#include "smbldap.h" - -/********************************************************************** - Add the sambaDomain to LDAP, so we don't have to search for this stuff - again. This is a once-add operation for now. - - TODO: Add other attributes, and allow modification. -*********************************************************************/ -static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, - const char *domain_name) -{ - fstring sid_string; - fstring algorithmic_rid_base_string; - pstring filter, dn; - LDAPMod **mods = NULL; - int rc; - int ldap_op; - LDAPMessage *result = NULL; - int num_result; - char **attr_list; - uid_t u_low, u_high; - gid_t g_low, g_high; - uint32 rid_low, rid_high; - - slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, LDAP_OBJ_DOMINFO); - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - return NT_STATUS_UNSUCCESSFUL; - } - - num_result = ldap_count_entries(ldap_state->ldap_struct, result); - - if (num_result > 1) { - DEBUG (0, ("More than domain with that name exists: bailing out!\n")); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Check if we need to add an entry */ - DEBUG(3,("Adding new domain\n")); - ldap_op = LDAP_MOD_ADD; - - pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, lp_ldap_suffix()); - - /* Free original search */ - ldap_msgfree(result); - - /* make the changes - the entry *must* not already have samba attributes */ - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - /* If we don't have an entry, then ask secrets.tdb for what it thinks. - It may choose to make it up */ - - sid_to_string(sid_string, get_global_sam_sid()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); - - slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), - algorithmic_rid_base_string); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); - - /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. - TODO: fix all the places where the line between idmap and normal operations - needed by smbd gets fuzzy --jerry 2003-08-11 */ - - if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) - && get_free_rid_range(&rid_low, &rid_high) ) - { - fstring rid_str; - - fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); - DEBUG(10,("setting next available user rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), - rid_str); - - fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); - DEBUG(10,("setting next available group rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), - rid_str); - - } - - - switch(ldap_op) - { - case LDAP_MOD_ADD: - rc = smbldap_add(ldap_state, dn, mods); - break; - case LDAP_MOD_REPLACE: - rc = smbldap_modify(ldap_state, dn, mods); - break; - default: - DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); - return NT_STATUS_INVALID_PARAMETER; - } - - if (rc!=LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", - ldap_op == LDAP_MOD_ADD ? "add" : "modify", - dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - - ldap_mods_free(mods, True); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); - ldap_mods_free(mods, True); - return NT_STATUS_OK; -} - -/********************************************************************** -Search for the domain info entry -*********************************************************************/ -NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, - LDAPMessage ** result, const char *domain_name, - BOOL try_add) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - pstring filter; - int rc; - char **attr_list; - int count; - - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", - LDAP_OBJ_DOMINFO, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - DEBUG(2, ("Searching for:[%s]\n", filter)); - - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); - DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); - } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { - DEBUG(3, ("Got no domain info entries for domain\n")); - ldap_msgfree(*result); - *result = NULL; - if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { - return smbldap_search_domain_info(ldap_state, result, domain_name, False); - } - else { - DEBUG(0, ("Adding domain info for %s failed with %s\n", - domain_name, nt_errstr(ret))); - return ret; - } - } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { - DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", - count, domain_name)); - ldap_msgfree(*result); - *result = NULL; - return ret; - } else { - return NT_STATUS_OK; - } - - return ret; -} - diff --git a/source/lib/substitute.c b/source/lib/substitute.c index fed11c22982..5dec9808101 100644 --- a/source/lib/substitute.c +++ b/source/lib/substitute.c @@ -116,11 +116,6 @@ void sub_set_smb_name(const char *name) alpha_strcpy(smb_user_name,tmp,SAFE_NETBIOS_CHARS,sizeof(smb_user_name)-1); } -char* sub_get_smb_name( void ) -{ - return smb_user_name; -} - /******************************************************************* Setup the strings used by substitutions. Called per packet. Ensure %U name is set correctly also. diff --git a/source/lib/username.c b/source/lib/username.c index ac5530b5c71..40327f81687 100644 --- a/source/lib/username.c +++ b/source/lib/username.c @@ -283,11 +283,6 @@ struct passwd *Get_Pwnam(const char *user) fstring user2; struct passwd *ret; - if ( *user == '\0' ) { - DEBUG(10,("Get_Pwnam: empty username!\n")); - return NULL; - } - fstrcpy(user2, user); DEBUG(5,("Finding user %s\n", user)); diff --git a/source/lib/util.c b/source/lib/util.c index 3f57048a00b..10d224baabf 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -1411,7 +1411,7 @@ void smb_panic2(const char *why, BOOL decrement_pid_count ) for (i = 0; i < backtrace_size; i++) DEBUGADD(0, (" #%u %s\n", i, backtrace_strings[i])); - /* Leak the backtrace_strings, rather than risk what free() might do */ + SAFE_FREE(backtrace_strings); } #elif HAVE_LIBEXC diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c index 2c0bd797859..50bbb4c72c6 100644 --- a/source/lib/util_sid.c +++ b/source/lib/util_sid.c @@ -617,6 +617,23 @@ char *sid_binstring(const DOM_SID *sid) return s; } + +/***************************************************************** + Print a GUID structure for debugging. +*****************************************************************/ + +void print_guid(GUID *guid) +{ + int i; + + d_printf("%08x-%04x-%04x", + IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6)); + d_printf("-%02x%02x-", guid->info[8], guid->info[9]); + for (i=10;i<GUID_SIZE;i++) + d_printf("%02x", guid->info[i]); + d_printf("\n"); +} + /******************************************************************* Tallocs a duplicate SID. ********************************************************************/ diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c index 845aaa4b13a..19fb41f6ca3 100644 --- a/source/lib/util_sock.c +++ b/source/lib/util_sock.c @@ -596,7 +596,7 @@ BOOL receive_smb(int fd,char *buffer, unsigned int timeout) } /* Check the incoming SMB signature. */ - if (!srv_check_sign_mac(buffer, True)) { + if (!srv_check_sign_mac(buffer)) { DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); if (smb_read_error == 0) smb_read_error = READ_BAD_SIG; diff --git a/source/lib/util_str.c b/source/lib/util_str.c index be1e2ffeb1b..2be8b7eb64c 100644 --- a/source/lib/util_str.c +++ b/source/lib/util_str.c @@ -2027,21 +2027,3 @@ SMB_BIG_UINT STR_TO_SMB_BIG_UINT(const char *nptr, const char **entptr) return val; } - -void string_append(char **left, const char *right) -{ - int new_len = strlen(right) + 1; - - if (*left == NULL) { - *left = malloc(new_len); - *left[0] = '\0'; - } else { - new_len += strlen(*left); - *left = Realloc(*left, new_len); - } - - if (*left == NULL) - return; - - safe_strcat(*left, right, new_len-1); -} diff --git a/source/lib/util_uuid.c b/source/lib/util_uuid.c index 4c35236c902..56f0ecd85b9 100644 --- a/source/lib/util_uuid.c +++ b/source/lib/util_uuid.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * UUID server routines * Copyright (C) Theodore Ts'o 1996, 1997, - * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002, 2003 + * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,47 +27,57 @@ #define TIME_OFFSET_HIGH 0x01B21DD2 #define TIME_OFFSET_LOW 0x13814000 -void smb_uuid_pack(const struct uuid uu, UUID_FLAT *ptr) -{ - SIVAL(ptr, 0, uu.time_low); - SSVAL(ptr, 4, uu.time_mid); - SSVAL(ptr, 6, uu.time_hi_and_version); - memcpy(ptr+8, uu.clock_seq, 2); - memcpy(ptr+10, uu.node, 6); -} +struct uuid { + uint32 time_low; + uint16 time_mid; + uint16 time_hi_and_version; + uint8 clock_seq[2]; + uint8 node[6]; +}; -void smb_uuid_unpack(const UUID_FLAT in, struct uuid *uu) + +static void uuid_pack(const struct uuid *uu, GUID *ptr) { - uu->time_low = IVAL(in.info, 0); - uu->time_mid = SVAL(in.info, 4); - uu->time_hi_and_version = SVAL(in.info, 6); - memcpy(uu->clock_seq, in.info+8, 2); - memcpy(uu->node, in.info+10, 6); + uint8 *out = ptr->info; + + SIVAL(out, 0, uu->time_low); + SSVAL(out, 4, uu->time_mid); + SSVAL(out, 6, uu->time_hi_and_version); + memcpy(out+8, uu->clock_seq, 2); + memcpy(out+10, uu->node, 6); } -const struct uuid smb_uuid_unpack_static(const UUID_FLAT in) +static void uuid_unpack(const GUID in, struct uuid *uu) { - static struct uuid uu; + const uint8 *ptr = in.info; - smb_uuid_unpack(in, &uu); - return uu; + uu->time_low = IVAL(ptr, 0); + uu->time_mid = SVAL(ptr, 4); + uu->time_hi_and_version = SVAL(ptr, 6); + memcpy(uu->clock_seq, ptr+8, 2); + memcpy(uu->node, ptr+10, 6); } -void smb_uuid_generate_random(struct uuid *uu) +void smb_uuid_generate_random(GUID *out) { - UUID_FLAT tmp; + GUID tmp; + struct uuid uu; generate_random_buffer(tmp.info, sizeof(tmp.info), True); - smb_uuid_unpack(tmp, uu); + uuid_unpack(tmp, &uu); - uu->clock_seq[0] = (uu->clock_seq[0] & 0x3F) | 0x80; - uu->time_hi_and_version = (uu->time_hi_and_version & 0x0FFF) | 0x4000; + uu.clock_seq[0] = (uu.clock_seq[0] & 0x3F) | 0x80; + uu.time_hi_and_version = (uu.time_hi_and_version & 0x0FFF) | 0x4000; + uuid_pack(&uu, out); } -char *smb_uuid_to_string(const struct uuid uu) +char *smb_uuid_to_string(const GUID in) { + struct uuid uu; char *out; + uuid_unpack(in, &uu); + asprintf(&out, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", uu.time_low, uu.time_mid, uu.time_hi_and_version, uu.clock_seq[0], uu.clock_seq[1], @@ -77,11 +87,13 @@ char *smb_uuid_to_string(const struct uuid uu) return out; } -const char *smb_uuid_string_static(const struct uuid uu) +const char *smb_uuid_string_static(const GUID in) { + struct uuid uu; static char out[37]; - slprintf(out, sizeof(out), + uuid_unpack(in, &uu); + slprintf(out, sizeof(out) -1, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", uu.time_low, uu.time_mid, uu.time_hi_and_version, uu.clock_seq[0], uu.clock_seq[1], @@ -89,86 +101,3 @@ const char *smb_uuid_string_static(const struct uuid uu) uu.node[3], uu.node[4], uu.node[5]); return out; } - -BOOL smb_string_to_uuid(const char *in, struct uuid* uu) -{ - BOOL ret = False; - const char *ptr = in; - char *end = (char *)in; - int i; - - if (!in || !uu) goto out; - - uu->time_low = strtoul(ptr, &end, 16); - if ((end - ptr) != 8 || *end != '-') goto out; - ptr = (end + 1); - - uu->time_mid = strtoul(ptr, &end, 16); - if ((end - ptr) != 4 || *end != '-') goto out; - ptr = (end + 1); - - uu->time_hi_and_version = strtoul(ptr, &end, 16); - if ((end - ptr) != 4 || *end != '-') goto out; - ptr = (end + 1); - - for (i = 0; i < 2; i++) { - int adj = 0; - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->clock_seq[i] = (*ptr - adj) << 4; - ptr++; - - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->clock_seq[i] |= (*ptr - adj); - ptr++; - } - - if (*ptr != '-') goto out; - ptr++; - - for (i = 0; i < 6; i++) { - int adj = 0; - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->node[i] = (*ptr - adj) << 4; - ptr++; - - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->node[i] |= (*ptr - adj); - ptr++; - } - - ret = True; -out: - return ret; -} diff --git a/source/libads/ads_struct.c b/source/libads/ads_struct.c index 92f37093f46..9774968e121 100644 --- a/source/libads/ads_struct.c +++ b/source/libads/ads_struct.c @@ -102,21 +102,21 @@ ADS_STRUCT *ads_init(const char *realm, ads->server.foreign = 1; } - /* the caller will own the memory by default */ - ads->is_mine = 1; - return ads; } +/* a simpler ads_init() interface using all defaults */ +ADS_STRUCT *ads_init_simple(void) +{ + return ads_init(NULL, NULL, NULL); +} + /* free the memory used by the ADS structure initialized with 'ads_init(...)' */ void ads_destroy(ADS_STRUCT **ads) { if (ads && *ads) { - BOOL is_mine; - - is_mine = (*ads)->is_mine; #if HAVE_LDAP if ((*ads)->ld) ldap_unbind((*ads)->ld); #endif @@ -133,11 +133,8 @@ void ads_destroy(ADS_STRUCT **ads) SAFE_FREE((*ads)->config.realm); SAFE_FREE((*ads)->config.bind_path); SAFE_FREE((*ads)->config.ldap_server_name); - - - ZERO_STRUCTP(*ads); - if ( is_mine ) - SAFE_FREE(*ads); + ZERO_STRUCTP(*ads); + SAFE_FREE(*ads); } } diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c index 70f6f3386c7..bef2febaefd 100644 --- a/source/libads/kerberos.c +++ b/source/libads/kerberos.c @@ -54,7 +54,7 @@ kerb_prompter(krb5_context ctx, void *data, simulate a kinit, putting the tgt in the default cache location remus@snapserver.com */ -int kerberos_kinit_password(const char *principal, const char *password, int time_offset, time_t *expire_time) +int kerberos_kinit_password(const char *principal, const char *password, int time_offset) { krb5_context ctx; krb5_error_code code = 0; @@ -102,9 +102,6 @@ int kerberos_kinit_password(const char *principal, const char *password, int tim return code; } - if (expire_time) - *expire_time = (time_t) my_creds.times.endtime; - krb5_cc_close(ctx, cc); krb5_free_cred_contents(ctx, &my_creds); krb5_free_principal(ctx, me); @@ -129,7 +126,7 @@ int ads_kinit_password(ADS_STRUCT *ads) return KRB5_LIBOS_CANTREADPWD; } - ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire); + ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset); if (ret) { DEBUG(0,("kerberos_kinit_password %s failed: %s\n", @@ -139,37 +136,5 @@ int ads_kinit_password(ADS_STRUCT *ads) return ret; } -int ads_kdestroy(const char *cc_name) -{ - krb5_error_code code; - krb5_context ctx; - krb5_ccache cc; - - if ((code = krb5_init_context (&ctx))) { - DEBUG(3, ("ads_kdestroy: kdb5_init_context rc=%d\n", code)); - return code; - } - - if (!cc_name) { - if ((code = krb5_cc_default(ctx, &cc))) { - krb5_free_context(ctx); - return code; - } - } else { - if ((code = krb5_cc_resolve(ctx, cc_name, &cc))) { - DEBUG(3, ("ads_kdestroy: krb5_cc_resolve rc=%d\n", - code)); - krb5_free_context(ctx); - return code; - } - } - - if ((code = krb5_cc_destroy (ctx, cc))) { - DEBUG(3, ("ads_kdestroy: krb5_cc_destroy rc=%d\n", code)); - } - - krb5_free_context (ctx); - return code; -} #endif diff --git a/source/libads/krb5_setpw.c b/source/libads/krb5_setpw.c index 16d3df83e93..9cf15221a8d 100644 --- a/source/libads/krb5_setpw.c +++ b/source/libads/krb5_setpw.c @@ -642,7 +642,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server, { int ret; - if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { + if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset))) { DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); return ADS_ERROR_KRB5(ret); } diff --git a/source/libads/ldap.c b/source/libads/ldap.c index 20a36dfdf5c..15504a5202f 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -1106,14 +1106,20 @@ static void dump_binary(const char *field, struct berval **values) } } +struct uuid { + uint32 i1; + uint16 i2; + uint16 i3; + uint8 s[8]; +}; + static void dump_guid(const char *field, struct berval **values) { int i; - UUID_FLAT guid; + GUID guid; for (i=0; values[i]; i++) { memcpy(guid.info, values[i]->bv_val, sizeof(guid.info)); - printf("%s: %s\n", field, - smb_uuid_string_static(smb_uuid_unpack_static(guid))); + printf("%s: %s\n", field, smb_uuid_string_static(guid)); } } @@ -1765,18 +1771,16 @@ BOOL ads_pull_uint32(ADS_STRUCT *ads, * @return boolean indicating success **/ BOOL ads_pull_guid(ADS_STRUCT *ads, - void *msg, struct uuid *guid) + void *msg, GUID *guid) { char **values; - UUID_FLAT flat_guid; values = ldap_get_values(ads->ld, msg, "objectGUID"); if (!values) return False; if (values[0]) { - memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT)); - smb_uuid_unpack(flat_guid, guid); + memcpy(guid, values[0], sizeof(GUID)); ldap_value_free(values); return True; } diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c index c39044e10af..e75a361e259 100644 --- a/source/libsmb/cliconnect.c +++ b/source/libsmb/cliconnect.c @@ -325,7 +325,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user, session_key = data_blob(NULL, 16); SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); } - cli_simple_set_signing(cli, session_key, nt_response); + cli_simple_set_signing(cli, session_key, nt_response, 0); } else { /* pre-encrypted password supplied. Only used for security=server, can't do @@ -521,7 +521,7 @@ static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char * file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length); #endif - cli_simple_set_signing(cli, session_key_krb5, null_blob); + cli_simple_set_signing(cli, session_key_krb5, null_blob, 0); blob2 = cli_session_setup_blob(cli, negTokenTarg); @@ -588,7 +588,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use /* now send that blob on its way */ if (!cli_session_setup_blob_send(cli, msg1)) { - DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n")); + DEBUG(3, ("Failed to send NTLMSSP/SPENGO blob to server!\n")); nt_status = NT_STATUS_UNSUCCESSFUL; } else { data_blob_free(&msg1); @@ -643,16 +643,13 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use fstrcpy(cli->server_domain, ntlmssp_state->server_domain); cli_set_session_key(cli, ntlmssp_state->session_key); - if (cli_simple_set_signing(cli, key, null_blob)) { - - /* 'resign' the last message, so we get the right sequence numbers - for checking the first reply from the server */ - cli_calculate_sign_mac(cli); - - if (!cli_check_sign_mac(cli, True)) { - nt_status = NT_STATUS_ACCESS_DENIED; - } - } + /* Using NTLMSSP session setup, signing on the net only starts + * after a successful authentication and the session key has + * been determined, but with a sequence number of 2. This + * assumes that NTLMSSP needs exactly 2 roundtrips, for any + * other SPNEGO mechanism it needs adapting. */ + + cli_simple_set_signing(cli, key, null_blob, 2); } /* we have a reference conter on ntlmssp_state, if we are signing @@ -721,7 +718,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, int ret; use_in_memory_ccache(); - ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); + ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */); if (ret){ DEBUG(0, ("Kinit failed: %s\n", error_message(ret))); @@ -820,7 +817,7 @@ BOOL cli_session_setup(struct cli_state *cli, if (cli->capabilities & CAP_EXTENDED_SECURITY) { ADS_STATUS status = cli_session_setup_spnego(cli, user, pass, workgroup); if (!ADS_ERR_OK(status)) { - DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status))); + DEBUG(3, ("SPENGO login failed: %s\n", ads_errstr(status))); return False; } return True; @@ -1091,8 +1088,6 @@ BOOL cli_negprot(struct cli_state *cli) } cli->sign_info.negotiated_smb_signing = True; cli->sign_info.mandatory_signing = True; - } else if (cli->sign_info.allow_smb_signing && cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) { - cli->sign_info.negotiated_smb_signing = True; } } else if (cli->protocol >= PROTOCOL_LANMAN1) { @@ -1610,8 +1605,8 @@ struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip, struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring workgroup, struct user_auth_info *user_info) { static fstring name; - struct cli_state *cli; - struct in_addr server_ip; + struct cli_state *cli; + struct in_addr server_ip; DEBUG(99, ("Looking up name of master browser %s\n", inet_ntoa(mb_ip->ip))); @@ -1640,14 +1635,14 @@ struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring w return NULL; } - pstrcpy(workgroup, name); + pstrcpy(workgroup, name); - DEBUG(4, ("found master browser %s, %s\n", + DEBUG(4, ("found master browser %s, %s\n", name, inet_ntoa(mb_ip->ip))); - cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info); + cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info); - return cli; + return cli; } diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c index 66edc3ce38b..8542eea064d 100644 --- a/source/libsmb/clientgen.c +++ b/source/libsmb/clientgen.c @@ -117,7 +117,7 @@ BOOL cli_receive_smb(struct cli_state *cli) return ret; } - if (!cli_check_sign_mac(cli, True)) { + if (!cli_check_sign_mac(cli)) { DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); cli->smb_rw_error = READ_BAD_SIG; close(cli->fd); diff --git a/source/libsmb/clifile.c b/source/libsmb/clifile.c index bf7923ec788..a3fa811e29f 100644 --- a/source/libsmb/clifile.c +++ b/source/libsmb/clifile.c @@ -1161,257 +1161,3 @@ NTSTATUS cli_raw_ioctl(struct cli_state *cli, int fnum, uint32 code, DATA_BLOB * return NT_STATUS_OK; } - -/********************************************************* - Set an extended attribute utility fn. -*********************************************************/ - -static BOOL cli_set_ea(struct cli_state *cli, uint16 setup, char *param, unsigned int param_len, - const char *ea_name, const char *ea_val, size_t ea_len) -{ - unsigned int data_len = 0; - char *data = NULL; - char *rparam=NULL, *rdata=NULL; - char *p; - size_t ea_namelen = strlen(ea_name); - - data_len = 4 + 4 + ea_namelen + 1 + ea_len; - data = malloc(data_len); - if (!data) { - return False; - } - p = data; - SIVAL(p,0,data_len); - p += 4; - SCVAL(p, 0, 0); /* EA flags. */ - SCVAL(p, 1, ea_namelen); - SSVAL(p, 2, ea_len); - memcpy(p+4, ea_name, ea_namelen+1); /* Copy in the name. */ - memcpy(p+4+ea_namelen+1, ea_val, ea_len); - - if (!cli_send_trans(cli, SMBtrans2, - NULL, /* name */ - -1, 0, /* fid, flags */ - &setup, 1, 0, /* setup, length, max */ - param, param_len, 2, /* param, length, max */ - data, data_len, cli->max_xmit /* data, length, max */ - )) { - return False; - } - - if (!cli_receive_trans(cli, SMBtrans2, - &rparam, ¶m_len, - &rdata, &data_len)) { - return False; - } - - SAFE_FREE(data); - SAFE_FREE(rdata); - SAFE_FREE(rparam); - - return True; -} - -/********************************************************* - Set an extended attribute on a pathname. -*********************************************************/ - -BOOL cli_set_ea_path(struct cli_state *cli, const char *path, const char *ea_name, const char *ea_val, size_t ea_len) -{ - uint16 setup = TRANSACT2_SETPATHINFO; - unsigned int param_len = 0; - char param[sizeof(pstring)+6]; - size_t srclen = 2*(strlen(path)+1); - char *p; - - memset(param, 0, sizeof(param)); - SSVAL(param,0,SMB_INFO_SET_EA); - p = ¶m[6]; - - p += clistr_push(cli, p, path, MIN(srclen, sizeof(param)-6), STR_TERMINATE); - param_len = PTR_DIFF(p, param); - - return cli_set_ea(cli, setup, param, param_len, ea_name, ea_val, ea_len); -} - -/********************************************************* - Set an extended attribute on an fnum. -*********************************************************/ - -BOOL cli_set_ea_fnum(struct cli_state *cli, int fnum, const char *ea_name, const char *ea_val, size_t ea_len) -{ - char param[6]; - uint16 setup = TRANSACT2_SETFILEINFO; - - memset(param, 0, 6); - SSVAL(param,0,fnum); - SSVAL(param,2,SMB_INFO_SET_EA); - - return cli_set_ea(cli, setup, param, 6, ea_name, ea_val, ea_len); -} - -/********************************************************* - Get an extended attribute list tility fn. -*********************************************************/ - -static BOOL cli_get_ea_list(struct cli_state *cli, - uint16 setup, char *param, unsigned int param_len, - TALLOC_CTX *ctx, - size_t *pnum_eas, - struct ea_struct **pea_list) -{ - unsigned int data_len = 0; - unsigned int rparam_len, rdata_len; - char *rparam=NULL, *rdata=NULL; - char *p; - size_t ea_size; - size_t num_eas; - BOOL ret = False; - struct ea_struct *ea_list; - - *pnum_eas = 0; - *pea_list = NULL; - - if (!cli_send_trans(cli, SMBtrans2, - NULL, /* Name */ - -1, 0, /* fid, flags */ - &setup, 1, 0, /* setup, length, max */ - param, param_len, 10, /* param, length, max */ - NULL, data_len, cli->max_xmit /* data, length, max */ - )) { - return False; - } - - if (!cli_receive_trans(cli, SMBtrans2, - &rparam, &rparam_len, - &rdata, &rdata_len)) { - return False; - } - - if (!rdata || rdata_len < 4) { - goto out; - } - - ea_size = (size_t)IVAL(rdata,0); - if (ea_size > rdata_len) { - goto out; - } - - if (ea_size == 0) { - /* No EA's present. */ - ret = True; - goto out; - } - - p = rdata + 4; - ea_size -= 4; - - /* Validate the EA list and count it. */ - for (num_eas = 0; ea_size >= 4; num_eas++) { - unsigned int ea_namelen = CVAL(p,1); - unsigned int ea_valuelen = SVAL(p,2); - if (ea_namelen == 0) { - goto out; - } - if (4 + ea_namelen + 1 + ea_valuelen > ea_size) { - goto out; - } - ea_size -= 4 + ea_namelen + 1 + ea_valuelen; - p += 4 + ea_namelen + 1 + ea_valuelen; - } - - if (num_eas == 0) { - ret = True; - goto out; - } - - *pnum_eas = num_eas; - if (!pea_list) { - /* Caller only wants number of EA's. */ - ret = True; - goto out; - } - - ea_list = (struct ea_struct *)talloc(ctx, num_eas*sizeof(struct ea_struct)); - if (!ea_list) { - goto out; - } - - ea_size = (size_t)IVAL(rdata,0); - p = rdata + 4; - - for (num_eas = 0; num_eas < *pnum_eas; num_eas++ ) { - struct ea_struct *ea = &ea_list[num_eas]; - fstring unix_ea_name; - unsigned int ea_namelen = CVAL(p,1); - unsigned int ea_valuelen = SVAL(p,2); - - ea->flags = CVAL(p,0); - unix_ea_name[0] = '\0'; - pull_ascii_fstring(unix_ea_name, p + 4); - ea->name = talloc_strdup(ctx, unix_ea_name); - /* Ensure the value is null terminated (in case it's a string). */ - ea->value = data_blob_talloc(ctx, NULL, ea_valuelen + 1); - if (!ea->value.data) { - goto out; - } - if (ea_valuelen) { - memcpy(ea->value.data, p+4+ea_namelen+1, ea_valuelen); - } - ea->value.data[ea_valuelen] = 0; - ea->value.length--; - p += 4 + ea_namelen + 1 + ea_valuelen; - } - - *pea_list = ea_list; - ret = True; - - out : - - SAFE_FREE(rdata); - SAFE_FREE(rparam); - return ret; -} - -/********************************************************* - Get an extended attribute list from a pathname. -*********************************************************/ - -BOOL cli_get_ea_list_path(struct cli_state *cli, const char *path, - TALLOC_CTX *ctx, - size_t *pnum_eas, - struct ea_struct **pea_list) -{ - uint16 setup = TRANSACT2_QPATHINFO; - unsigned int param_len = 0; - char param[sizeof(pstring)+6]; - char *p; - - p = param; - memset(p, 0, 6); - SSVAL(p, 0, SMB_INFO_QUERY_ALL_EAS); - p += 6; - p += clistr_push(cli, p, path, sizeof(pstring)-6, STR_TERMINATE); - param_len = PTR_DIFF(p, param); - - return cli_get_ea_list(cli, setup, param, param_len, ctx, pnum_eas, pea_list); -} - -/********************************************************* - Get an extended attribute list from an fnum. -*********************************************************/ - -BOOL cli_get_ea_list_fnum(struct cli_state *cli, int fnum, - TALLOC_CTX *ctx, - size_t *pnum_eas, - struct ea_struct **pea_list) -{ - uint16 setup = TRANSACT2_QFILEINFO; - char param[6]; - - memset(param, 0, 6); - SSVAL(param,0,fnum); - SSVAL(param,2,SMB_INFO_SET_EA); - - return cli_get_ea_list(cli, setup, param, 6, ctx, pnum_eas, pea_list); -} diff --git a/source/libsmb/samlogon_cache.c b/source/libsmb/samlogon_cache.c index 4cd642c4e35..72c10007bf4 100644 --- a/source/libsmb/samlogon_cache.c +++ b/source/libsmb/samlogon_cache.c @@ -157,7 +157,7 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user) free the user_info struct (malloc()'d memory) ***********************************************************************/ -NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user_sid) +NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, DOM_SID *user_sid) { NET_USER_INFO_3 *user = NULL; TDB_DATA data, key; @@ -218,7 +218,7 @@ NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user return user; } -BOOL netsamlogon_cache_have(const DOM_SID *user_sid) +BOOL netsamlogon_cache_have(DOM_SID *user_sid) { TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have"); NET_USER_INFO_3 *user = NULL; diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c index 28ff0e0c2e9..9010dbf5cb2 100644 --- a/source/libsmb/smb_signing.c +++ b/source/libsmb/smb_signing.c @@ -150,7 +150,7 @@ static void null_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - NULL implementation - check a MAC sent by server. ************************************************************/ -static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si) { return True; } @@ -197,39 +197,25 @@ static void free_signing_context(struct smb_sign_info *si) } -static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq, BOOL expected_ok) +static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq) { - if (good) { + if (good && !si->doing_signing) { + si->doing_signing = True; + } - if (!si->doing_signing) { - si->doing_signing = True; - } - - if (!si->seen_valid) { - si->seen_valid = True; - } + if (!good) { + if (si->doing_signing) { + struct smb_basic_signing_context *data = si->signing_context; - } else { - if (!si->mandatory_signing && !si->seen_valid) { + /* W2K sends a bad first signature but the sign engine is on.... JRA. */ + if (data->send_seq_num > 1) + DEBUG(1, ("signing_good: SMB signature check failed on seq %u!\n", + (unsigned int)seq )); - if (!expected_ok) { - return True; - } - /* Non-mandatory signing - just turn off if this is the first bad packet.. */ - DEBUG(5, ("signing_good: signing negotiated but not required and the other side \ -isn't sending correct signatures. Turning signatures off.\n")); - si->negotiated_smb_signing = False; - si->allow_smb_signing = False; - si->doing_signing = False; - free_signing_context(si); - return True; - } else if (!expected_ok) { - /* This packet is known to be unsigned */ - return True; + return False; } else { - /* Mandatory signing or bad packet after signing started - fail and disconnect. */ - if (seq) - DEBUG(0, ("signing_good: BAD SIG: seq %u\n", (unsigned int)seq)); + DEBUG(3, ("signing_good: Peer did not sign reply correctly\n")); + free_signing_context(si); return False; } } @@ -337,7 +323,7 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - Client implementation - check a MAC sent by server. ************************************************************/ -static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si) { BOOL good; uint32 reply_seq_number; @@ -395,7 +381,7 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); dump_data(10, (const char *)server_sent_mac, 8); } - return signing_good(inbuf, si, good, saved_seq, expected_ok); + return signing_good(inbuf, si, good, saved_seq); } /*********************************************************** @@ -429,7 +415,7 @@ static void simple_free_signing_context(struct smb_sign_info *si) BOOL cli_simple_set_signing(struct cli_state *cli, const DATA_BLOB user_session_key, - const DATA_BLOB response) + const DATA_BLOB response, int initial_send_seq_num) { struct smb_basic_signing_context *data; @@ -467,7 +453,7 @@ BOOL cli_simple_set_signing(struct cli_state *cli, dump_data_pw("MAC ssession key is:\n", data->mac_key.data, data->mac_key.length); /* Initialise the sequence number */ - data->send_seq_num = 0; + data->send_seq_num = initial_send_seq_num; /* Initialise the list of outstanding packets */ data->outstanding_packet_list = NULL; @@ -549,7 +535,7 @@ static void temp_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - TEMP implementation - check a MAC sent by server. ************************************************************/ -static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si) { return True; } @@ -611,9 +597,9 @@ void cli_calculate_sign_mac(struct cli_state *cli) * which had a bad checksum, True otherwise. */ -BOOL cli_check_sign_mac(struct cli_state *cli, BOOL expected_ok) +BOOL cli_check_sign_mac(struct cli_state *cli) { - if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, expected_ok)) { + if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info)) { free_signing_context(&cli->sign_info); return False; } @@ -702,7 +688,7 @@ static BOOL is_oplock_break(char *inbuf) SMB signing - Server implementation - check a MAC sent by server. ************************************************************/ -static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si) { BOOL good; struct smb_basic_signing_context *data = si->signing_context; @@ -776,7 +762,25 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); dump_data(10, (const char *)server_sent_mac, 8); } - return (signing_good(inbuf, si, good, saved_seq, expected_ok)); + if (!signing_good(inbuf, si, good, saved_seq)) { + if (!si->mandatory_signing && (data->send_seq_num < 3)){ + /* Non-mandatory signing - just turn off if this is the first bad packet.. */ + DEBUG(5, ("srv_check_incoming_message: signing negotiated but not required and client \ +isn't sending correct signatures. Turning off.\n")); + si->negotiated_smb_signing = False; + si->allow_smb_signing = False; + si->doing_signing = False; + free_signing_context(si); + return True; + } else { + /* Mandatory signing or bad packet after signing started - fail and disconnect. */ + if (saved_seq) + DEBUG(0, ("srv_check_incoming_message: BAD SIG: seq %u\n", (unsigned int)saved_seq)); + return False; + } + } else { + return True; + } } /*********************************************************** @@ -809,13 +813,13 @@ BOOL srv_oplock_set_signing(BOOL onoff) Called to validate an incoming packet from the client. ************************************************************/ -BOOL srv_check_sign_mac(char *inbuf, BOOL expected_ok) +BOOL srv_check_sign_mac(char *inbuf) { /* Check if it's a session keepalive. */ if(CVAL(inbuf,0) == SMBkeepalive) return True; - return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, expected_ok); + return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info); } /*********************************************************** @@ -903,42 +907,6 @@ BOOL srv_is_signing_active(void) return srv_sign_info.doing_signing; } - -/*********************************************************** - Returns whether signing is negotiated. We can't use it unless it was - in the negprot. -************************************************************/ - -BOOL srv_is_signing_negotiated(void) -{ - return srv_sign_info.negotiated_smb_signing; -} - -/*********************************************************** - Returns whether signing is negotiated. We can't use it unless it was - in the negprot. -************************************************************/ - -BOOL srv_signing_started(void) -{ - struct smb_basic_signing_context *data; - - if (!srv_sign_info.doing_signing) { - return False; - } - - data = (struct smb_basic_signing_context *)srv_sign_info.signing_context; - if (!data) - return False; - - if (data->send_seq_num == 0) { - return False; - } - - return True; -} - - /*********************************************************** Tell server code we are in a multiple trans reply state. ************************************************************/ diff --git a/source/modules/developer.c b/source/modules/developer.c deleted file mode 100644 index 7ffc3ff50d2..00000000000 --- a/source/modules/developer.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba module with developer tools - Copyright (C) Andrew Tridgell 2001 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -static struct { - char from; - char *to; - int len; -} weird_table[] = { - {'q', "^q^", 3}, - {'Q', "^Q^", 3}, - {0, NULL} -}; - -static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft, - char **outbuf, size_t *outbytesleft) -{ - while (*inbytesleft >= 1 && *outbytesleft >= 2) { - int i; - int done = 0; - for (i=0;weird_table[i].from;i++) { - if (strncmp((*inbuf), - weird_table[i].to, - weird_table[i].len) == 0) { - if (*inbytesleft < weird_table[i].len) { - DEBUG(0,("ERROR: truncated weird string\n")); - /* smb_panic("weird_pull"); */ - - } else { - (*outbuf)[0] = weird_table[i].from; - (*outbuf)[1] = 0; - (*inbytesleft) -= weird_table[i].len; - (*outbytesleft) -= 2; - (*inbuf) += weird_table[i].len; - (*outbuf) += 2; - done = 1; - break; - } - } - } - if (done) continue; - (*outbuf)[0] = (*inbuf)[0]; - (*outbuf)[1] = 0; - (*inbytesleft) -= 1; - (*outbytesleft) -= 2; - (*inbuf) += 1; - (*outbuf) += 2; - } - - if (*inbytesleft > 0) { - errno = E2BIG; - return -1; - } - - return 0; -} - -static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft, - char **outbuf, size_t *outbytesleft) -{ - int ir_count=0; - - while (*inbytesleft >= 2 && *outbytesleft >= 1) { - int i; - int done=0; - for (i=0;weird_table[i].from;i++) { - if ((*inbuf)[0] == weird_table[i].from && - (*inbuf)[1] == 0) { - if (*outbytesleft < weird_table[i].len) { - DEBUG(0,("No room for weird character\n")); - /* smb_panic("weird_push"); */ - } else { - memcpy(*outbuf, weird_table[i].to, - weird_table[i].len); - (*inbytesleft) -= 2; - (*outbytesleft) -= weird_table[i].len; - (*inbuf) += 2; - (*outbuf) += weird_table[i].len; - done = 1; - break; - } - } - } - if (done) continue; - - (*outbuf)[0] = (*inbuf)[0]; - if ((*inbuf)[1]) ir_count++; - (*inbytesleft) -= 2; - (*outbytesleft) -= 1; - (*inbuf) += 2; - (*outbuf) += 1; - } - - if (*inbytesleft == 1) { - errno = EINVAL; - return -1; - } - - if (*inbytesleft > 1) { - errno = E2BIG; - return -1; - } - - return ir_count; -} - -struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push}; - -int charset_weird_init(void) -{ - smb_register_charset(&weird_functions); - return True; -} diff --git a/source/modules/vfs_expand_msdfs.c b/source/modules/vfs_expand_msdfs.c deleted file mode 100644 index 07fbe59825e..00000000000 --- a/source/modules/vfs_expand_msdfs.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Expand msdfs targets based on client IP - * - * Copyright (C) Volker Lendecke, 2004 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_VFS - -/********************************************************** - Under mapfile we expect a table of the following format: - - IP-Prefix whitespace expansion - - For example: - 192.168.234 local.samba.org - 192.168 remote.samba.org - default.samba.org - - This is to redirect a DFS client to a host close to it. -***********************************************************/ - -static BOOL read_target_host(const char *mapfile, pstring targethost) -{ - XFILE *f; - pstring buf; - char *s, *space = buf; - BOOL found = False; - - f = x_fopen(mapfile, O_RDONLY, 0); - - if (f == NULL) { - DEBUG(0,("can't open IP map %s. Error %s\n", - mapfile, strerror(errno) )); - return False; - } - - DEBUG(10, ("Scanning mapfile [%s]\n", mapfile)); - - while ((s=x_fgets(buf, sizeof(buf), f)) != NULL) { - - if ((strlen(buf) > 0) && (buf[strlen(buf)-1] == '\n')) - buf[strlen(buf)-1] = '\0'; - - DEBUG(10, ("Scanning line [%s]\n", buf)); - - space = strchr_m(buf, ' '); - - if (space == NULL) { - DEBUG(0, ("Ignoring invalid line %s\n", buf)); - continue; - } - - *space = '\0'; - - if (strncmp(client_addr(), buf, strlen(buf)) == 0) { - found = True; - break; - } - } - - x_fclose(f); - - if (!found) - return False; - - space += 1; - - while (isspace(*space)) - space += 1; - - pstrcpy(targethost, space); - return True; -} - -/********************************************************** - - Expand the msdfs target host using read_target_host - explained above. The syntax used in the msdfs link is - - msdfs:@table-filename@/share - - Everything between and including the two @-signs is - replaced by the substitution string found in the table - described above. - -***********************************************************/ - -static BOOL expand_msdfs_target(connection_struct* conn, pstring target) -{ - pstring mapfilename; - char *filename_start = strchr_m(target, '@'); - char *filename_end; - int filename_len; - pstring targethost; - pstring new_target; - - if (filename_start == NULL) { - DEBUG(10, ("No filename start in %s\n", target)); - return False; - } - - filename_end = strchr_m(filename_start+1, '@'); - - if (filename_end == NULL) { - DEBUG(10, ("No filename end in %s\n", target)); - return False; - } - - filename_len = PTR_DIFF(filename_end, filename_start+1); - pstrcpy(mapfilename, filename_start+1); - mapfilename[filename_len] = '\0'; - - DEBUG(10, ("Expanding from table [%s]\n", mapfilename)); - - if (!read_target_host(mapfilename, targethost)) { - DEBUG(1, ("Could not expand target host from file %s\n", - mapfilename)); - return False; - } - - standard_sub_conn(conn, mapfilename, sizeof(mapfilename)); - - DEBUG(10, ("Expanded targethost to %s\n", targethost)); - - *filename_start = '\0'; - pstrcpy(new_target, target); - pstrcat(new_target, targethost); - pstrcat(new_target, filename_end+1); - - DEBUG(10, ("New DFS target: %s\n", new_target)); - pstrcpy(target, new_target); - return True; -} - -static int expand_msdfs_readlink(struct vfs_handle_struct *handle, - struct connection_struct *conn, - const char *path, char *buf, size_t bufsiz) -{ - pstring target; - int result; - - result = SMB_VFS_NEXT_READLINK(handle, conn, path, target, - sizeof(target)); - - if (result < 0) - return result; - - target[result] = '\0'; - - if ((strncmp(target, "msdfs:", strlen("msdfs:")) == 0) && - (strchr_m(target, '@') != NULL)) { - if (!expand_msdfs_target(conn, target)) { - errno = ENOENT; - return -1; - } - } - - safe_strcpy(buf, target, bufsiz-1); - return strlen(buf); -} - -/* VFS operations structure */ - -static vfs_op_tuple expand_msdfs_ops[] = { - {SMB_VFS_OP(expand_msdfs_readlink), SMB_VFS_OP_READLINK, - SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} -}; - -NTSTATUS vfs_expand_msdfs_init(void) -{ - return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "expand_msdfs", - expand_msdfs_ops); -} diff --git a/source/msdfs/msdfs.c b/source/msdfs/msdfs.c index 2ac7bda1754..2df5fcf4f5a 100644 --- a/source/msdfs/msdfs.c +++ b/source/msdfs/msdfs.c @@ -481,12 +481,6 @@ BOOL get_referred_path(char *pathname, struct junction_map *jucn, return False; } - if (!lp_msdfs_root(snum)) { - DEBUG(3,("get_referred_path: .%s. in dfs path %s is not a dfs root.\n", - dp.servicename, pathname)); - goto out; - } - /* * Self referrals are tested with a anonymous IPC connection and * a GET_DFS_REFERRAL call to \\server\share. (which means dp.reqpath[0] points @@ -502,6 +496,12 @@ BOOL get_referred_path(char *pathname, struct junction_map *jucn, if (!create_conn_struct(conn, snum, conn_path)) return False; + if (!lp_msdfs_root(SNUM(conn))) { + DEBUG(3,("get_referred_path: .%s. in dfs path %s is not a dfs root.\n", + dp.servicename, pathname)); + goto out; + } + if (*lp_msdfs_proxy(snum) != '\0') { struct referral* ref; jucn->referral_count = 1; diff --git a/source/nmbd/nmbd_processlogon.c b/source/nmbd/nmbd_processlogon.c index da93224043c..1d1fe75d9c6 100644 --- a/source/nmbd/nmbd_processlogon.c +++ b/source/nmbd/nmbd_processlogon.c @@ -313,8 +313,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", } #ifdef HAVE_ADS else { - struct uuid domain_guid; - UUID_FLAT flat_guid; + GUID domain_guid; pstring domain; pstring hostname; char *component, *dc, *q1; @@ -341,10 +340,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain)); return; } - - smb_uuid_pack(domain_guid, &flat_guid); - memcpy(q, &flat_guid.info, UUID_FLAT_SIZE); - q += UUID_FLAT_SIZE; + memcpy(q, &domain_guid, sizeof(domain_guid)); + q += sizeof(domain_guid); /* Forest */ str_offset = q - q_orig; diff --git a/source/nmbd/nmbd_winsserver.c b/source/nmbd/nmbd_winsserver.c index 0f0190adb61..8a638402391 100644 --- a/source/nmbd/nmbd_winsserver.c +++ b/source/nmbd/nmbd_winsserver.c @@ -440,8 +440,8 @@ static void send_wins_name_registration_response(int rcode, int ttl, struct pack Deal with a name refresh request to a WINS server. ************************************************************************/ -void wins_process_name_refresh_request( struct subnet_record *subrec, - struct packet_struct *p ) +void wins_process_name_refresh_request(struct subnet_record *subrec, + struct packet_struct *p) { struct nmb_packet *nmb = &p->packet.nmb; struct nmb_name *question = &nmb->question.question_name; @@ -453,36 +453,28 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, struct in_addr from_ip; struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0"); - putip( (char *)&from_ip, &nmb->additional->rdata[2] ); + putip((char *)&from_ip,&nmb->additional->rdata[2]); if(bcast) { /* * We should only get unicast name refresh packets here. - * Anyone trying to refresh broadcast should not be going - * to a WINS server. Log an error here. + * Anyone trying to refresh broadcast should not be going to a WINS + * server. Log an error here. */ - if( DEBUGLVL( 0 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Broadcast name refresh request received " ); - dbgtext( "for name %s ", nmb_namestr(question) ); - dbgtext( "from IP %s ", inet_ntoa(from_ip) ); - dbgtext( "on subnet %s. ", subrec->subnet_name ); - dbgtext( "Error - Broadcasts should not be sent " ); - dbgtext( "to a WINS server\n" ); - } + + DEBUG(0,("wins_process_name_refresh_request: broadcast name refresh request \ +received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n", + nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name)); return; } - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s IP %s\n", - nmb_namestr(question), inet_ntoa(from_ip) ); - } + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s \ +IP %s\n", nmb_namestr(question), inet_ntoa(from_ip) )); /* * See if the name already exists. - * If not, handle it as a name registration and return. */ + namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME); /* @@ -490,62 +482,48 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, * treat it like a registration request. This allows us to recover * from errors (tridge) */ + if(namerec == NULL) { - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s ", - nmb_namestr( question ) ); - dbgtext( "and the name does not exist. Treating " ); - dbgtext( "as registration.\n" ); - } + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s and \ +the name does not exist. Treating as registration.\n", nmb_namestr(question) )); wins_process_name_registration_request(subrec,p); return; } /* - * if the name is present but not active, simply remove it - * and treat the refresh request as a registration & return. + * if the name is present but not active, + * simply remove it and treat the request + * as a registration */ if (namerec != NULL && !WINS_STATE_ACTIVE(namerec)) { - if( DEBUGLVL( 5 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name (%s) in WINS ", nmb_namestr(question) ); - dbgtext( "was not active - removing it.\n" ); - } + DEBUG(5,("wins_process_name_refresh_request: Name (%s) in WINS was \ +not active - removing it.\n", nmb_namestr(question) )); remove_name_from_namelist( subrec, namerec ); namerec = NULL; - wins_process_name_registration_request( subrec, p ); + wins_process_name_registration_request(subrec,p); return; } /* * Check that the group bits for the refreshing name and the - * name in our database match. If not, refuse the refresh. - * [crh: Why RFS_ERR instead of ACT_ERR? Is this what MS does?] + * name in our database match. */ - if( (namerec != NULL) && - ( (group && !NAME_GROUP(namerec)) - || (!group && NAME_GROUP(namerec)) ) ) { - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name %s ", nmb_namestr(question) ); - dbgtext( "group bit = %s does not match ", - group ? "True" : "False" ); - dbgtext( "group bit in WINS for this name.\n" ); - } + + if((namerec != NULL) && ((group && !NAME_GROUP(namerec)) || (!group && NAME_GROUP(namerec))) ) { + DEBUG(3,("wins_process_name_refresh_request: Name %s group bit = %s \ +does not match group bit in WINS for this name.\n", nmb_namestr(question), group ? "True" : "False" )); send_wins_name_registration_response(RFS_ERR, 0, p); return; } /* - * For a unique name check that the person refreshing the name is - * one of the registered IP addresses. If not - fail the refresh. - * Do the same for group names with a type of 0x1c. - * Just return success for unique 0x1d refreshes. For normal group - * names update the ttl and return success. + * For a unique name check that the person refreshing the name is one of the registered IP + * addresses. If not - fail the refresh. Do the same for group names with a type of 0x1c. + * Just return success for unique 0x1d refreshes. For normal group names update the ttl + * and return success. */ - if( (!group || (group && (question->name_type == 0x1c))) - && find_ip_in_name_record(namerec, from_ip) ) { + + if((!group || (group && (question->name_type == 0x1c))) && find_ip_in_name_record(namerec, from_ip )) { /* * Update the ttl. */ @@ -563,26 +541,11 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, send_wins_name_registration_response(0, ttl, p); wins_hook("refresh", namerec, ttl); return; - } else if((group && (question->name_type == 0x1c))) { - /* - * Added by crh for bug #1079. - * Fix from Bert Driehuis - */ - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s, ", - nmb_namestr(question) ); - dbgtext( "but IP address %s ", inet_ntoa(from_ip) ); - dbgtext( "is not yet associated with " ); - dbgtext( "that name. Treating as registration.\n" ); - } - wins_process_name_registration_request(subrec,p); - return; } else if(group) { /* - * Normal groups are all registered with an IP address of - * 255.255.255.255 so we can't search for the IP address. - */ + * Normal groups are all registered with an IP address of 255.255.255.255 + * so we can't search for the IP address. + */ update_name_ttl(namerec, ttl); send_wins_name_registration_response(0, ttl, p); return; @@ -596,12 +559,9 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, /* * Fail the refresh. */ - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s with IP %s ", - nmb_namestr(question), inet_ntoa(from_ip) ); - dbgtext( "and is IP is not known to the name.\n" ); - } + + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s with IP %s and \ +is IP is not known to the name.\n", nmb_namestr(question), inet_ntoa(from_ip) )); send_wins_name_registration_response(RFS_ERR, 0, p); return; } diff --git a/source/nsswitch/wb_client.c b/source/nsswitch/wb_client.c index 32dfc8decac..90e4584daba 100644 --- a/source/nsswitch/wb_client.c +++ b/source/nsswitch/wb_client.c @@ -235,30 +235,6 @@ BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid) return (result == NSS_STATUS_SUCCESS); } -BOOL winbind_allocate_rid(uint32 *rid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result; - - /* Initialise request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Make request */ - - result = winbindd_request(WINBINDD_ALLOCATE_RID, &request, &response); - - if (result != NSS_STATUS_SUCCESS) - return False; - - /* Copy out result */ - *rid = response.data.rid; - - return True; -} - /* Fetch the list of groups a user is a member of from winbindd. This is used by winbind_getgroups. */ @@ -619,6 +595,8 @@ BOOL winbind_delete_group( const char *group ) } /***********************************************************************/ +#if 0 /* not needed currently since winbindd_acct was added -- jerry */ + /* Call winbindd to convert SID to uid. Do not allocate */ BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid) @@ -689,5 +667,7 @@ BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid) return (result == NSS_STATUS_SUCCESS); } +#endif /* JERRY */ + /***********************************************************************/ diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c index 5c1722dcaa5..772332ee592 100644 --- a/source/nsswitch/wbinfo.c +++ b/source/nsswitch/wbinfo.c @@ -436,18 +436,6 @@ static BOOL wbinfo_sid_to_gid(char *sid) return True; } -static BOOL wbinfo_allocate_rid(void) -{ - uint32 rid; - - if (!winbind_allocate_rid(&rid)) - return False; - - d_printf("New rid: %d\n", rid); - - return True; -} - /* Convert sid to string */ static BOOL wbinfo_lookupsid(char *sid) @@ -606,64 +594,6 @@ static BOOL wbinfo_auth_crap(char *username) return result == NSS_STATUS_SUCCESS; } -/* Authenticate a user with a plaintext password and set a token */ - -static BOOL wbinfo_klog(char *username) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - char *p; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - p = strchr(username, '%'); - - if (p) { - *p = 0; - fstrcpy(request.data.auth.user, username); - fstrcpy(request.data.auth.pass, p + 1); - *p = '%'; - } else { - fstrcpy(request.data.auth.user, username); - fstrcpy(request.data.auth.pass, getpass("Password: ")); - } - - request.flags |= WBFLAG_PAM_AFS_TOKEN; - - result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response); - - /* Display response */ - - d_printf("plaintext password authentication %s\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - - if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status, - response.data.auth.error_string); - - if (result != NSS_STATUS_SUCCESS) - return False; - - if (response.extra_data == NULL) { - d_printf("Did not get token data\n"); - return False; - } - - if (!afs_settoken_str((char *)response.extra_data)) { - d_printf("Could not set token\n"); - return False; - } - - d_printf("Successfully created AFS token\n"); - return True; -} - /****************************************************************** create a winbindd user ******************************************************************/ @@ -1053,7 +983,6 @@ int main(int argc, char **argv) { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" }, { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" }, { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" }, - { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" }, { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" }, { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" }, { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" }, @@ -1071,9 +1000,6 @@ int main(int argc, char **argv) { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL }, { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" }, { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" }, -#ifdef WITH_FAKE_KASERVER - { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, -#endif POPT_COMMON_VERSION POPT_TABLEEND }; @@ -1176,12 +1102,6 @@ int main(int argc, char **argv) goto done; } break; - case 'A': - if (!wbinfo_allocate_rid()) { - d_printf("Could not allocate a RID\n"); - goto done; - } - break; case 't': if (!wbinfo_check_secret()) { d_printf("Could not check secret\n"); @@ -1239,12 +1159,6 @@ int main(int argc, char **argv) goto done; break; } - case 'k': - if (!wbinfo_klog(string_arg)) { - d_printf("Could not klog user\n"); - goto done; - } - break; case 'c': if ( !wbinfo_create_user(string_arg) ) { d_printf("Could not create user account\n"); diff --git a/source/nsswitch/winbind_nss_solaris.c b/source/nsswitch/winbind_nss_solaris.c index 8f03eb4cd6e..1afa5677462 100644 --- a/source/nsswitch/winbind_nss_solaris.c +++ b/source/nsswitch/winbind_nss_solaris.c @@ -270,10 +270,13 @@ _nss_winbind_getgroupsbymember_solwrap(nss_backend_t* be, void* args) &errnop); /* - * Always return NOTFOUND so nsswitch will get info from all - * the database backends specified in the nsswitch.conf file. - */ - return NSS_STATUS_NOTFOUND; + * If the maximum number of gids have been found, return + * SUCCESS so the switch engine will stop searching. Otherwise + * return NOTFOUND so nsswitch will continue to get groups + * from the remaining database backends specified in the + * nsswitch.conf file. + */ + return (gmem->numgids == gmem->maxgids ? NSS_STATUS_SUCCESS : NSS_STATUS_NOTFOUND); } static NSS_STATUS diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c index 283b2e4a89c..b55ea297b49 100644 --- a/source/nsswitch/winbindd.c +++ b/source/nsswitch/winbindd.c @@ -255,7 +255,6 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" }, { WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" }, { WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" }, - { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, "ALLOCATE_RID" }, /* Miscellaneous */ diff --git a/source/nsswitch/winbindd.h b/source/nsswitch/winbindd.h index 5c05a1b0457..7c8e6256e15 100644 --- a/source/nsswitch/winbindd.h +++ b/source/nsswitch/winbindd.h @@ -97,7 +97,6 @@ struct winbindd_domain { BOOL native_mode; /* is this a win2k domain in native mode ? */ BOOL active_directory; /* is this a win2k active directory ? */ BOOL primary; /* is this our primary domain ? */ - BOOL internal; /* BUILTIN and member SAM */ /* Lookup methods for this domain (LDAP or RPC) */ struct winbindd_methods *methods; @@ -163,7 +162,7 @@ struct winbindd_methods { /* lookup user info for a given SID */ NTSTATUS (*query_user)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, WINBIND_USERINFO *user_info); /* lookup all groups that a user is a member of. The backend @@ -171,13 +170,13 @@ struct winbindd_methods { function */ NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, uint32 *num_groups, DOM_SID ***user_gids); /* find all members of the group with the specified group_rid */ NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types); diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c index cd8b8e0e246..e6b857f4061 100644 --- a/source/nsswitch/winbindd_ads.c +++ b/source/nsswitch/winbindd_ads.c @@ -5,7 +5,6 @@ Copyright (C) Andrew Tridgell 2001 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003 - Copyright (C) Gerald (Jerry) Carter 2004 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,22 +39,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) ADS_STATUS status; if (domain->private) { - ads = (ADS_STRUCT *)domain->private; - - /* check for a valid structure */ - - DEBUG(7, ("Current tickets expire at %d\n, time is now %d\n", - (uint32) ads->auth.expire, (uint32) time(NULL))); - if ( ads->config.realm && (ads->auth.expire > time(NULL))) { - return ads; - } - else { - /* we own this ADS_STRUCT so make sure it goes away */ - ads->is_mine = True; - ads_destroy( &ads ); - ads_kdestroy("MEMORY:winbind_ccache"); - domain->private = NULL; - } + return (ADS_STRUCT *)domain->private; } /* we don't want this to affect the users ccache */ @@ -95,12 +79,6 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) return NULL; } - /* set the flag that says we don't own the memory even - though we do so that ads_destroy() won't destroy the - structure we pass back by reference */ - - ads->is_mine = False; - domain->private = (void *)ads; return ads; } @@ -412,7 +390,7 @@ failed: /* Lookup user information from a rid */ static NTSTATUS query_user(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *sid, + DOM_SID *sid, WINBIND_USERINFO *info) { ADS_STRUCT *ads = NULL; @@ -583,7 +561,7 @@ done: /* Lookup groups a user is a member of. */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *sid, + DOM_SID *sid, uint32 *num_groups, DOM_SID ***user_gids) { ADS_STRUCT *ads = NULL; @@ -681,7 +659,7 @@ done: */ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types) { diff --git a/source/nsswitch/winbindd_cache.c b/source/nsswitch/winbindd_cache.c index 73918d74f7d..91834e476fc 100644 --- a/source/nsswitch/winbindd_cache.c +++ b/source/nsswitch/winbindd_cache.c @@ -339,12 +339,10 @@ static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force) get_cache( domain ); -#if 0 /* JERRY -- disable as the default cache time is now 5 minutes */ /* trying to reconnect is expensive, don't do it too often */ if (domain->sequence_number == DOM_SEQUENCE_NONE) { cache_time *= 8; } -#endif time_diff = t - domain->last_seq_check; @@ -1041,7 +1039,7 @@ do_query: /* Lookup user information from a rid */ static NTSTATUS query_user(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, WINBIND_USERINFO *info) { struct winbind_cache *cache = get_cache(domain); @@ -1104,7 +1102,7 @@ do_query: /* Lookup groups a user is a member of. */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, uint32 *num_groups, DOM_SID ***user_gids) { struct winbind_cache *cache = get_cache(domain); @@ -1187,7 +1185,7 @@ skip_save: static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types) { diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c index 94037e39200..3ee8c0877b5 100644 --- a/source/nsswitch/winbindd_group.c +++ b/source/nsswitch/winbindd_group.c @@ -106,15 +106,6 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid))); *num_gr_mem = 0; - - /* HACK ALERT!! This whole routine does not cope with group members - * from more than one domain, ie aliases. Thus we have to work it out - * ourselves in a special routine. */ - - if (domain->internal) - return fill_passdb_alias_grmem(domain, group_sid, - num_gr_mem, - gr_mem, gr_mem_len); if ( !((group_name_type==SID_NAME_DOM_GRP) || ((group_name_type==SID_NAME_ALIAS) && domain->primary)) ) @@ -252,11 +243,14 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) /* if no domain or our local domain, then do a local tdb search */ - if ( (!*name_domain || strequal(name_domain, get_global_sam_name())) && - ((grp = wb_getgrnam(name_group)) != NULL) ) { - + if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { char *buffer = NULL; + if ( !(grp=wb_getgrnam(name_group)) ) { + DEBUG(5,("winbindd_getgrnam: lookup for %s\\%s failed\n", + name_domain, name_group)); + return WINBINDD_ERROR; + } memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) ); gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem ); @@ -268,13 +262,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_OK; } - /* if no domain or our local domain and no local tdb group, default to - * our local domain for aliases */ - - if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { - fstrcpy(name_domain, get_global_sam_name()); - } - /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -300,8 +287,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) } if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && domain->primary) || - ((name_type==SID_NAME_ALIAS) && domain->internal)) ) + ((name_type==SID_NAME_ALIAS) && domain->primary)) ) { DEBUG(1, ("name '%s' is not a local or domain group: %d\n", name_group, name_type)); @@ -392,8 +378,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) } if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && domain->primary) || - ((name_type==SID_NAME_ALIAS) && domain->internal)) ) + ((name_type==SID_NAME_ALIAS) && domain->primary) )) { DEBUG(1, ("name '%s' is not a local or domain group: %d\n", group_name, name_type)); @@ -556,8 +541,8 @@ static BOOL get_sam_group_entries(struct getent_state *ent) /* get the domain local groups if we are a member of a native win2k domain and are not using LDAP to get the groups */ - if ( ( lp_security() != SEC_ADS && domain->native_mode - && domain->primary) || domain->internal ) + if ( lp_security() != SEC_ADS && domain->native_mode + && domain->primary ) { DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n")); @@ -913,53 +898,6 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) return WINBINDD_OK; } -static void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num) -{ - int i; - - if ((*num) >= groups_max()) - return; - - for (i=0; i<*num; i++) { - if ((*gids)[i] == gid) - return; - } - - *gids = Realloc(*gids, (*num+1) * sizeof(gid_t)); - - if (*gids == NULL) - return; - - (*gids)[*num] = gid; - *num += 1; -} - -static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num) -{ - gid_t gid; - DOM_SID *aliases; - int j, num_aliases; - - DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid))); - - if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0))) - add_gid_to_array_unique(gid, gids, num); - - /* Add nested group memberships */ - - if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases)) - return; - - for (j=0; j<num_aliases; j++) { - - if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid))) - continue; - - add_gid_to_array_unique(gid, gids, num); - } - SAFE_FREE(aliases); -} - /* Get user supplementary groups. This is much quicker than trying to invert the groups database. We merge the groups from the gids and other_sids info3 fields as trusted domain, universal group @@ -977,7 +915,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) DOM_SID **user_grpsids; struct winbindd_domain *domain; enum winbindd_result result = WINBINDD_ERROR; - gid_t *gid_list = NULL; + gid_t *gid_list; unsigned int i; TALLOC_CTX *mem_ctx; NET_USER_INFO_3 *info3 = NULL; @@ -1025,8 +963,6 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; } - add_gids_from_sid(&user_sid, &gid_list, &num_gids); - /* Treat the info3 cache as authoritative as the lookup_usergroups() function may return cached data. */ @@ -1036,6 +972,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) info3->num_groups2, info3->num_other_sids)); num_groups = info3->num_other_sids + info3->num_groups2; + gid_list = calloc(sizeof(gid_t), num_groups); /* Go through each other sid and convert it to a gid */ @@ -1069,11 +1006,23 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) continue; } - add_gids_from_sid(&info3->other_sids[i].sid, - &gid_list, &num_gids); + /* Map to a gid */ - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) ) + { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&info3->other_sids[i].sid))); + continue; + } + + /* We've jumped through a lot of hoops to get here */ + + DEBUG(10, ("winbindd_getgroups: mapped other sid %s to " + "gid %lu\n", sid_string_static( + &info3->other_sids[i].sid), + (unsigned long)gid_list[num_gids])); + + num_gids++; } for (i = 0; i < info3->num_groups2; i++) { @@ -1083,10 +1032,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) sid_copy( &group_sid, &domain->sid ); sid_append_rid( &group_sid, info3->gids[i].g_rid ); - add_gids_from_sid(&group_sid, &gid_list, &num_gids); + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&group_sid))); + } - if (gid_list == NULL) - goto done; + num_gids++; } SAFE_FREE(info3); @@ -1098,15 +1049,18 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) if (!NT_STATUS_IS_OK(status)) goto done; + gid_list = malloc(sizeof(gid_t) * num_groups); + if (state->response.extra_data) goto done; for (i = 0; i < num_groups; i++) { - add_gids_from_sid(user_grpsids[i], - &gid_list, &num_gids); - - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) { + DEBUG(1, ("unable to convert group sid %s to gid\n", + sid_string_static(user_grpsids[i]))); + continue; + } + num_gids++; } } diff --git a/source/nsswitch/winbindd_nss.h b/source/nsswitch/winbindd_nss.h index 43c9e68cd9f..0d110b8afa8 100644 --- a/source/nsswitch/winbindd_nss.h +++ b/source/nsswitch/winbindd_nss.h @@ -36,7 +36,7 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 10 +#define WINBIND_INTERFACE_VERSION 9 /* Socket commands */ @@ -84,7 +84,6 @@ enum winbindd_cmd { WINBINDD_SID_TO_GID, WINBINDD_UID_TO_SID, WINBINDD_GID_TO_SID, - WINBINDD_ALLOCATE_RID, /* Miscellaneous other stuff */ @@ -157,7 +156,6 @@ typedef struct winbindd_gr { #define WBFLAG_QUERY_ONLY 0x0020 #define WBFLAG_ALLOCATE_RID 0x0040 #define WBFLAG_PAM_UNIX_NAME 0x0080 -#define WBFLAG_PAM_AFS_TOKEN 0x0100 /* Winbind request structure */ @@ -268,7 +266,7 @@ struct winbindd_response { char nt_session_key[16]; char first_8_lm_hash[8]; } auth; - uint32 rid; /* create user or group or allocate rid */ + uint32 rid; /* create user or group */ struct { fstring name; fstring alt_name; diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c index 1d232edfe31..37b2a9f21b7 100644 --- a/source/nsswitch/winbindd_pam.c +++ b/source/nsswitch/winbindd_pam.c @@ -211,41 +211,6 @@ done: state->response.data.auth.nt_status_string, state->response.data.auth.pam_error)); - if ( NT_STATUS_IS_OK(result) && - (state->request.flags & WBFLAG_PAM_AFS_TOKEN) ) { - - char *afsname = strdup(lp_afs_username_map()); - char *cell; - - if (afsname == NULL) goto no_token; - - afsname = realloc_string_sub(afsname, "%D", name_domain); - afsname = realloc_string_sub(afsname, "%u", name_user); - afsname = realloc_string_sub(afsname, "%U", name_user); - - if (afsname == NULL) goto no_token; - - strlower_m(afsname); - - cell = strchr(afsname, '@'); - - if (cell == NULL) goto no_token; - - *cell = '\0'; - cell += 1; - - /* Append an AFS token string */ - state->response.extra_data = - afs_createtoken_str(afsname, cell); - - if (state->response.extra_data != NULL) - state->response.length += - strlen(state->response.extra_data)+1; - - no_token: - SAFE_FREE(afsname); - } - if (mem_ctx) talloc_destroy(mem_ctx); diff --git a/source/nsswitch/winbindd_passdb.c b/source/nsswitch/winbindd_passdb.c deleted file mode 100644 index 36f5297efeb..00000000000 --- a/source/nsswitch/winbindd_passdb.c +++ /dev/null @@ -1,339 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind rpc backend functions - - Copyright (C) Tim Potter 2000-2001,2003 - Copyright (C) Simo Sorce 2003 - Copyright (C) Volker Lendecke 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -static void -add_member(const char *domain, const char *user, - char **members, int *num_members) -{ - fstring name; - - fill_domain_username(name, domain, user); - safe_strcat(name, ",", sizeof(name)-1); - string_append(members, name); - *num_members += 1; -} - -/********************************************************************** - Add member users resulting from sid. Expand if it is a domain group. -**********************************************************************/ - -static void -add_expanded_sid(const DOM_SID *sid, char **members, int *num_members) -{ - DOM_SID dom_sid; - uint32 rid; - struct winbindd_domain *domain; - int i; - - char *name = NULL; - enum SID_NAME_USE type; - - uint32 num_names; - DOM_SID **sid_mem; - char **names; - uint32 *types; - - NTSTATUS result; - - TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid"); - - if (mem_ctx == NULL) { - DEBUG(1, ("talloc_init failed\n")); - return; - } - - sid_copy(&dom_sid, sid); - sid_split_rid(&dom_sid, &rid); - - domain = find_domain_from_sid(&dom_sid); - - if (domain == NULL) { - DEBUG(3, ("Could not find domain for sid %s\n", - sid_string_static(sid))); - goto done; - } - - result = domain->methods->sid_to_name(domain, mem_ctx, sid, - &name, &type); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("sid_to_name failed for sid %s\n", - sid_string_static(sid))); - goto done; - } - - DEBUG(10, ("Found name %s, type %d\n", name, type)); - - if (type == SID_NAME_USER) { - add_member(domain->name, name, members, num_members); - goto done; - } - - if (type != SID_NAME_DOM_GRP) { - DEBUG(10, ("Alias member %s neither user nor group, ignore\n", - name)); - goto done; - } - - /* Expand the domain group */ - - result = domain->methods->lookup_groupmem(domain, mem_ctx, - sid, &num_names, - &sid_mem, &names, - &types); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(10, ("Could not lookup group members for %s: %s\n", - name, nt_errstr(result))); - goto done; - } - - for (i=0; i<num_names; i++) { - DEBUG(10, ("Adding group member SID %s\n", - sid_string_static(sid_mem[i]))); - - if (types[i] != SID_NAME_USER) { - DEBUG(1, ("Hmmm. Member %s of group %s is no user. " - "Ignoring.\n", names[i], name)); - continue; - } - - add_member(domain->name, names[i], members, num_members); - } - - done: - talloc_destroy(mem_ctx); - return; -} - -BOOL fill_passdb_alias_grmem(struct winbindd_domain *domain, - DOM_SID *group_sid, - int *num_gr_mem, char **gr_mem, int *gr_mem_len) -{ - DOM_SID *members; - int i, num_members; - - *num_gr_mem = 0; - *gr_mem = NULL; - *gr_mem_len = 0; - - if (!pdb_enum_aliasmem(group_sid, &members, &num_members)) - return True; - - for (i=0; i<num_members; i++) { - add_expanded_sid(&members[i], gr_mem, num_gr_mem); - } - - SAFE_FREE(members); - - if (*gr_mem != NULL) { - int len; - - /* We have at least one member, strip off the last "," */ - len = strlen(*gr_mem); - (*gr_mem)[len-1] = '\0'; - *gr_mem_len = len; - } - - return True; -} - -/* Query display info for a domain. This returns enough information plus a - bit extra to give an overview of domain users for the User Manager - application. */ -static NTSTATUS query_user_list(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - WINBIND_USERINFO **info) -{ - /* We don't have users */ - *num_entries = 0; - *info = NULL; - return NT_STATUS_OK; -} - -/* list all domain groups */ -static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - /* We don't have domain groups */ - *num_entries = 0; - *info = NULL; - return NT_STATUS_OK; -} - -/* List all domain groups */ - -static NTSTATUS enum_local_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - struct acct_info *talloced_info; - - /* Hmm. One billion aliases should be enough for a start */ - - if (!pdb_enum_aliases(&domain->sid, 0, 1000000000, - num_entries, info)) { - /* Nothing to report, just exit. */ - return NT_STATUS_OK; - } - - talloced_info = (struct acct_info *) - talloc_memdup(mem_ctx, *info, - *num_entries * sizeof(struct acct_info)); - - SAFE_FREE(*info); - *info = talloced_info; - - return NT_STATUS_OK; -} - -/* convert a single name to a sid in a domain */ -static NTSTATUS name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *name, - DOM_SID *sid, - enum SID_NAME_USE *type) -{ - DEBUG(10, ("Finding name %s\n", name)); - - if (!pdb_find_alias(name, sid)) - return NT_STATUS_NONE_MAPPED; - - *type = SID_NAME_ALIAS; - return NT_STATUS_OK; -} - -/* - convert a domain SID to a user or group name -*/ -static NTSTATUS sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - char **name, - enum SID_NAME_USE *type) -{ - struct acct_info info; - - DEBUG(10, ("Converting SID %s\n", sid_string_static(sid))); - - if (!pdb_get_aliasinfo(sid, &info)) - return NT_STATUS_NONE_MAPPED; - - *name = talloc_strdup(mem_ctx, info.acct_name); - *type = SID_NAME_ALIAS; - - return NT_STATUS_OK; -} - -/* Lookup user information from a rid or username. */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, - WINBIND_USERINFO *user_info) -{ - return NT_STATUS_NO_SUCH_USER; -} - -/* Lookup groups a user is a member of. I wish Unix had a call like this! */ -static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, - uint32 *num_groups, DOM_SID ***user_gids) -{ - return NT_STATUS_NO_SUCH_USER; -} - - -/* Lookup group membership given a rid. */ -static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, - DOM_SID ***sid_mem, char ***names, - uint32 **name_types) -{ - return NT_STATUS_OK; -} - -/* find the sequence number for a domain */ -static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) -{ - *seq = 1; - return NT_STATUS_OK; -} - -/* get a list of trusted domains */ -static NTSTATUS trusted_domains(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_domains, - char ***names, - char ***alt_names, - DOM_SID **dom_sids) -{ - return NT_STATUS_OK; -} - -/* find the domain sid for a domain */ -static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) -{ - sid_copy(sid, &domain->sid); - return NT_STATUS_OK; -} - -/* find alternate names list for the domain - * should we look for netbios aliases?? - SSS */ -static NTSTATUS alternate_name(struct winbindd_domain *domain) -{ - DEBUG(3,("pdb: alternate_name\n")); - - return NT_STATUS_OK; -} - - -/* the rpc backend methods are exposed via this structure */ -struct winbindd_methods passdb_methods = { - False, - query_user_list, - enum_dom_groups, - enum_local_groups, - name_to_sid, - sid_to_name, - query_user, - lookup_usergroups, - lookup_groupmem, - sequence_number, - trusted_domains, - domain_sid, - alternate_name -}; diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c index 25d5f64df67..d4428a2f59c 100644 --- a/source/nsswitch/winbindd_rpc.c +++ b/source/nsswitch/winbindd_rpc.c @@ -366,7 +366,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, /* Lookup user information from a rid or username. */ static NTSTATUS query_user(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, WINBIND_USERINFO *user_info) { CLI_POLICY_HND *hnd = NULL; @@ -465,7 +465,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, /* Lookup groups a user is a member of. I wish Unix had a call like this! */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, uint32 *num_groups, DOM_SID ***user_grpsids) { CLI_POLICY_HND *hnd; @@ -571,7 +571,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, /* Lookup group membership given a rid. */ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types) { diff --git a/source/nsswitch/winbindd_sid.c b/source/nsswitch/winbindd_sid.c index d4206558c5e..9fbf47046d6 100644 --- a/source/nsswitch/winbindd_sid.c +++ b/source/nsswitch/winbindd_sid.c @@ -30,8 +30,10 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) { + extern DOM_SID global_sid_Builtin; enum SID_NAME_USE type; - DOM_SID sid; + DOM_SID sid, tmp_sid; + uint32 rid; fstring name; fstring dom_name; @@ -48,6 +50,15 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } + /* Don't look up BUILTIN sids */ + + sid_copy(&tmp_sid, &sid); + sid_split_rid(&tmp_sid, &rid); + + if (sid_equal(&tmp_sid, &global_sid_Builtin)) { + return WINBINDD_ERROR; + } + /* Lookup the sid */ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) { @@ -434,23 +445,3 @@ done: return WINBINDD_OK; } - -enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state) -{ - if ( !state->privileged ) { - DEBUG(2, ("winbindd_allocate_rid: non-privileged access " - "denied!\n")); - return WINBINDD_ERROR; - } - - /* We tell idmap to always allocate a user RID. There might be a good - * reason to keep RID allocation for users to even and groups to - * odd. This needs discussion I think. For now only allocate user - * rids. */ - - if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid, - USER_RID_TYPE))) - return WINBINDD_ERROR; - - return WINBINDD_OK; -} diff --git a/source/nsswitch/winbindd_util.c b/source/nsswitch/winbindd_util.c index 1aa4923e96f..403ba399c88 100644 --- a/source/nsswitch/winbindd_util.c +++ b/source/nsswitch/winbindd_util.c @@ -83,20 +83,6 @@ void free_domain_list(void) } } -static BOOL is_internal_domain(const DOM_SID *sid) -{ - DOM_SID tmp_sid; - - if (sid_equal(sid, get_global_sam_sid())) - return True; - - string_to_sid(&tmp_sid, "S-1-5-32"); - if (sid_equal(sid, &tmp_sid)) - return True; - - return False; -} - /* Add a trusted domain to our list of domains */ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, @@ -157,7 +143,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const domain->methods = methods; domain->backend = NULL; - domain->internal = is_internal_domain(sid); domain->sequence_number = DOM_SEQUENCE_NONE; domain->last_seq_check = 0; if (sid) { @@ -165,9 +150,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } /* set flags about native_mode, active_directory */ - - if (!domain->internal) - set_dc_type_and_flags( domain ); + + set_dc_type_and_flags( domain ); DEBUG(3,("add_trusted_domain: %s is an %s %s domain\n", domain->name, domain->active_directory ? "ADS" : "NT4", @@ -319,24 +303,6 @@ BOOL init_domain_list(void) /* do an initial scan for trusted domains */ add_trusted_domains(domain); - - /* Add our local SAM domains */ - { - DOM_SID sid; - extern struct winbindd_methods passdb_methods; - struct winbindd_domain *dom; - - string_to_sid(&sid, "S-1-5-32"); - - dom = add_trusted_domain("BUILTIN", NULL, &passdb_methods, - &sid); - dom->internal = True; - - dom = add_trusted_domain(get_global_sam_name(), NULL, - &passdb_methods, - get_global_sam_sid()); - dom->internal = True; - } /* avoid rescanning this right away */ last_trustdom_scan = time(NULL); diff --git a/source/nsswitch/winbindd_wins.c b/source/nsswitch/winbindd_wins.c index a1eef159c0a..bc982d00443 100644 --- a/source/nsswitch/winbindd_wins.c +++ b/source/nsswitch/winbindd_wins.c @@ -201,10 +201,7 @@ enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state) } if (i != 0) { /* Clear out the newline character */ - /* But only if there is something in there, - otherwise we clobber something in the stack */ - if (strlen(response)) - response[strlen(response)-1] = ' '; + response[strlen(response)-1] = ' '; } fstrcat(response,addr); fstrcat(response,"\t"); diff --git a/source/param/config_ldap.c b/source/param/config_ldap.c deleted file mode 100644 index fe4693fb583..00000000000 --- a/source/param/config_ldap.c +++ /dev/null @@ -1,351 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - ModConfig LDAP backend - - Copyright (C) Simo Sorce 2003 - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - Copyright (C) Gerald Carter 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*#undef DBGC_CLASS -#define DBGC_CLASS DBGC_CONFIG -*/ - -#include <lber.h> -#include <ldap.h> - -#include "smbldap.h" - -#define LDAP_OBJ_SAMBA_CONFIG "sambaConfig" -#define LDAP_OBJ_SAMBA_SHARE "sambaShare" -#define LDAP_OBJ_SAMBA_OPTION "sambaConfigOption" - -#define LDAP_ATTR_LIST_END 0 -#define LDAP_ATTR_BOOL 1 -#define LDAP_ATTR_INTEGER 2 -#define LDAP_ATTR_STRING 3 -#define LDAP_ATTR_LIST 4 -#define LDAP_ATTR_NAME 5 - - -struct ldap_config_state { - struct smbldap_state *smbldap_state; - TALLOC_CTX *mem_ctx; -}; - -ATTRIB_MAP_ENTRY option_attr_list[] = { - { LDAP_ATTR_NAME, "sambaOptionName" }, - { LDAP_ATTR_LIST, "sambaListOption" }, - { LDAP_ATTR_STRING, "sambaStringOption" }, - { LDAP_ATTR_INTEGER, "sambaIntegerOption" }, - { LDAP_ATTR_BOOL, "sambaBoolOption" }, - { LDAP_ATTR_LIST_END, NULL } -}; - -static struct ldap_config_state ldap_state; -static char *config_base_dn; - -static NTSTATUS ldap_config_close(void); - -/* -TODO: - search each section - start with global, then with others - for each section parse all options -*/ - -static NTSTATUS parse_section( - const char *dn, - BOOL (*pfunc)(const char *, const char *)) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - pstring filter; - pstring option_name; - pstring option_value; - char **attr_list = NULL; - int rc; - int count; - - mem_ctx = talloc_init("parse_section"); - - /* search for the options */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_OPTION); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - attr_list = get_attr_list(option_attr_list); - rc = smbldap_search(ldap_state.smbldap_state, - dn, LDAP_SCOPE_ONELEVEL, - filter, attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("parse_section: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - while (entry) { - int o; - - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaOptionName", option_name)) { - goto done; - } - - option_value[0] = '\0'; - for (o = 1; option_attr_list[o].name != NULL; o++) { - if (smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, option_attr_list[o].name, option_value)) { - break; - } - } - if (option_value[0] != '\0') { - if (!pfunc(option_name, option_value)) { - goto done; - } - } else { - DEBUG(0,("parse_section: Missing value for option: %s\n", option_name)); - goto done; - } - - entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry); - } - - ret = NT_STATUS_OK; - -done: - talloc_destroy(mem_ctx); - free_attr_list(attr_list); - if (result) ldap_msgfree(result); - - return ret; -} - -/***************************************************************************** - load configuration from ldap -*****************************************************************************/ - -static NTSTATUS ldap_config_load( - BOOL (*sfunc)(const char *), - BOOL (*pfunc)(const char *, const char *)) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - pstring filter; - pstring attr_text; - char *config_dn = NULL; - char *temp; - int rc; - int count; - const char *config_attr_list[] = {"description", NULL}; - const char *share_attr_list[] = {"sambaShareName", "description", NULL}; - char **share_dn; - char **share_name; - - mem_ctx = talloc_init("ldap_config_load"); - - /* search for the base config dn */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_CONFIG); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - rc = smbldap_search(ldap_state.smbldap_state, - config_base_dn, LDAP_SCOPE_SUBTREE, - filter, config_attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - if (count != 1) { - DEBUG(0,("ldap_config_load: single %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, result))) { - goto done; - } - config_dn = talloc_strdup(mem_ctx, temp); - SAFE_FREE(temp); - if (!config_dn) { - goto done; - } - - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "description", attr_text)) { - DEBUG(0, ("ldap_config_load: no description field in %s object\n", LDAP_OBJ_SAMBA_CONFIG)); - } - - if (result) ldap_msgfree(result); -/* TODO: finish up the last section, see loadparm's lp_load()*/ - - /* retrive the section list */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_SHARE); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - rc = smbldap_search(ldap_state.smbldap_state, - config_dn, LDAP_SCOPE_SUBTREE, - filter, share_attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - DEBUG(0, ("config_ldap: Found %d shares\n", count)); - if (count) { - int i; - - share_dn = talloc(mem_ctx, (count + 1) * sizeof(char *)); - share_name = talloc(mem_ctx, (count) * sizeof(char *)); - if (!share_dn || !share_name) { - DEBUG(0,("config_ldap: Out of memory!\n")); - goto done; - } - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - i = 0; - while (entry) { - if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, entry))) { - goto done; - } - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaShareName", attr_text)) { - goto done; - } - share_dn[i] = talloc_strdup(mem_ctx, temp); - share_name[i] = talloc_strdup(mem_ctx, attr_text); - if (!share_dn[i] || !share_name[i]) { - DEBUG(0,("config_ldap: Out of memory!\n")); - goto done; - } - - DEBUG(0, ("config_ldap: Found share [%s] (%s)\n", attr_text, temp)); - SAFE_FREE(temp); - - entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry); - i++; - if (entry && (count == i)) { - DEBUG(0, ("Error too many entryes in ldap result\n")); - goto done; - } - } - share_dn[i] = NULL; - } - - /* parse global section*/ - if (!sfunc("global")) { - goto done; - } - if (!NT_STATUS_IS_OK(parse_section(config_dn, pfunc))) { - goto done; - } else { /* parse shares */ - int i; - - for (i = 0; share_dn[i] != NULL; i++) { - if (!sfunc(share_name[i])) { - goto done; - } - if (!NT_STATUS_IS_OK(parse_section(share_dn[i], pfunc))) { - goto done; - } - } - } - -done: - talloc_destroy(mem_ctx); - if (result) ldap_msgfree(result); - - return ret; -} - -/***************************************************************************** - Initialise config_ldap module -*****************************************************************************/ - -static NTSTATUS ldap_config_init(char *params) -{ - NTSTATUS nt_status; - const char *location; - const char *basedn; - - ldap_state.mem_ctx = talloc_init("config_ldap"); - if (!ldap_state.mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - - /* we assume only location is passed through an inline parameter - * other options go via parametrical options */ - if (params) { - location = params; - } else { - location = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "url", "ldap://localhost"); - } - DEBUG(0,("config_ldap: location=%s\n", location)); - basedn = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "basedn", NULL); - if (basedn) config_base_dn = smb_xstrdup(basedn); - - if (!NT_STATUS_IS_OK(nt_status = - smbldap_init(ldap_state.mem_ctx, location, - &ldap_state.smbldap_state))) { - talloc_destroy(ldap_state.mem_ctx); - DEBUG(0,("config_ldap: smbldap_init failed!\n")); - return nt_status; - } - - return NT_STATUS_OK; -} - -/***************************************************************************** - End the LDAP session -*****************************************************************************/ - -static NTSTATUS ldap_config_close(void) -{ - - smbldap_free_struct(&(ldap_state).smbldap_state); - talloc_destroy(ldap_state.mem_ctx); - - DEBUG(5,("The connection to the LDAP server was closed\n")); - /* maybe free the results here --metze */ - - return NT_STATUS_OK; -} - -static struct config_functions functions = { - ldap_config_init, - ldap_config_load, - ldap_config_close -}; - -NTSTATUS config_ldap_init(void) -{ - return smb_register_config(SAMBA_CONFIG_INTERFACE_VERSION, "ldap", &functions); -} diff --git a/source/param/loadparm.c b/source/param/loadparm.c index b92fa64ee0c..af26697476a 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -95,7 +95,6 @@ struct _param_opt_struct { */ typedef struct { - char *szConfigBackend; char *smb_ports; char *dos_charset; char *unix_charset; @@ -123,7 +122,6 @@ typedef struct char *szSMBPasswdFile; char *szPrivateDir; char **szPassdbBackend; - char *szGumsBackend; char **szPreloadModules; char *szPasswordServer; char *szSocketOptions; @@ -224,7 +222,6 @@ typedef struct char *szLdapUserSuffix; char *szLdapIdmapSuffix; char *szLdapGroupSuffix; - char *szLdapPrivilegeSuffix; #ifdef WITH_LDAP_SAMCONFIG int ldap_port; char *szLdapServer; @@ -383,7 +380,6 @@ typedef struct BOOL bMap_system; BOOL bMap_hidden; BOOL bMap_archive; - BOOL bStoreDosAttributes; BOOL bLocking; BOOL bStrictLocking; BOOL bPosixLocking; @@ -417,7 +413,6 @@ typedef struct BOOL bProfileAcls; BOOL bMap_acl_inherit; BOOL bAfs_Share; - BOOL bEASupport; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@ -506,7 +501,6 @@ static service sDefault = { False, /* bMap_system */ False, /* bMap_hidden */ True, /* bMap_archive */ - False, /* bStoreDosAttributes */ True, /* bLocking */ True, /* bStrictLocking */ True, /* bPosixLocking */ @@ -540,7 +534,6 @@ static service sDefault = { False, /* bProfileAcls */ False, /* bMap_acl_inherit */ False, /* bAfs_Share */ - False, /* bEASupport */ NULL, /* Parametric options */ @@ -762,7 +755,6 @@ static const struct enum_list enum_map_to_guest[] = { static struct parm_struct parm_table[] = { {N_("Base Options"), P_SEP, P_SEPARATOR}, - {"config backend", P_STRING, P_GLOBAL, &Globals.szConfigBackend, NULL, NULL, FLAG_ADVANCED}, {"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, handle_charset, NULL, FLAG_ADVANCED}, {"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, handle_charset, NULL, FLAG_ADVANCED}, {"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, handle_charset, NULL, FLAG_ADVANCED}, @@ -800,7 +792,6 @@ static struct parm_struct parm_table[] = { {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED}, {"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED}, {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, - {"gums backend", P_STRING, P_GLOBAL, &Globals.szGumsBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, @@ -896,7 +887,6 @@ static struct parm_struct parm_table[] = { {"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, FLAG_ADVANCED}, {"acl compatibility", P_STRING, P_GLOBAL, &Globals.szAclCompat, handle_acl_compatibility, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, - {"ea support", P_BOOL, P_LOCAL, &sDefault.bEASupport, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, FLAG_ADVANCED}, {"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, FLAG_ADVANCED}, @@ -1003,7 +993,6 @@ static struct parm_struct parm_table[] = { {"mangled names", P_BOOL, P_LOCAL, &sDefault.bMangledNames, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"mangled map", P_STRING, P_LOCAL, &sDefault.szMangledMap, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL | FLAG_DEPRECATED }, {"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, FLAG_ADVANCED}, - {"store dos attributes", P_BOOL, P_LOCAL, &sDefault.bStoreDosAttributes, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {N_("Domain Options"), P_SEP, P_SEPARATOR}, @@ -1081,7 +1070,6 @@ static struct parm_struct parm_table[] = { {"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap group suffix", P_STRING, P_GLOBAL, &Globals.szLdapGroupSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED}, - {"ldap privilege suffix", P_STRING, P_GLOBAL, &Globals.szLdapPrivilegeSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, FLAG_ADVANCED}, {"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED}, {"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED}, @@ -1316,8 +1304,6 @@ static void init_globals(void) DEBUG(3, ("Initialising global parameters\n")); - string_set(&Globals.szConfigBackend, NULL); - string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE); string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR); @@ -1471,7 +1457,6 @@ static void init_globals(void) #else Globals.szPassdbBackend = str_list_make("smbpasswd", NULL); #endif /* WITH_LDAP_SAMCONFIG */ - string_set(&Globals.szGumsBackend, "tdbsam2"); string_set(&Globals.szLdapSuffix, ""); string_set(&Globals.szLdapFilter, "(uid=%u)"); @@ -1479,7 +1464,6 @@ static void init_globals(void) string_set(&Globals.szLdapUserSuffix, ""); string_set(&Globals.szLdapGroupSuffix, ""); string_set(&Globals.szLdapIdmapSuffix, ""); - string_set(&Globals.szLdapPrivilegeSuffix, ""); string_set(&Globals.szLdapAdminDn, ""); Globals.ldap_ssl = LDAP_SSL_ON; @@ -1622,7 +1606,6 @@ static char *lp_string(const char *s) #define FN_LOCAL_INTEGER(fn_name,val) \ int fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);} -FN_GLOBAL_STRING(lp_config_backend, &Globals.szConfigBackend) FN_GLOBAL_STRING(lp_smb_ports, &Globals.smb_ports) FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset) FN_GLOBAL_STRING(lp_unix_charset, &Globals.unix_charset) @@ -1657,7 +1640,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat) FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_realm, &Globals.szRealm) -FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) +FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap) FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript) FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath) @@ -1672,7 +1655,6 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases) FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend) -FN_GLOBAL_STRING(lp_gums_backend, &Globals.szGumsBackend) FN_GLOBAL_LIST(lp_preload_modules, &Globals.szPreloadModules) FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) @@ -1863,7 +1845,6 @@ FN_LOCAL_BOOL(lp_guest_only, bGuest_only) FN_LOCAL_BOOL(lp_print_ok, bPrint_ok) FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden) FN_LOCAL_BOOL(lp_map_archive, bMap_archive) -FN_LOCAL_BOOL(lp_store_dos_attributes, bStoreDosAttributes) FN_LOCAL_BOOL(lp_locking, bLocking) FN_LOCAL_BOOL(lp_strict_locking, bStrictLocking) FN_LOCAL_BOOL(lp_posix_locking, bPosixLocking) @@ -1891,7 +1872,6 @@ FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS) FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver) FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode) FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport) -FN_LOCAL_BOOL(lp_ea_support, bEASupport) FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile) FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls) FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit) @@ -2677,16 +2657,7 @@ static void add_to_file_list(const char *fname, const char *subfname) BOOL lp_file_list_changed(void) { struct file_lists *f = file_lists; - char *username; - - DEBUG(6, ("lp_file_list_changed()\n")); - - /* get the username for substituion -- preference to the current_user_info */ - if ( strlen( current_user_info.smb_name ) != 0 ) - username = current_user_info.smb_name; - else - username = sub_get_smb_name(); - + DEBUG(6, ("lp_file_list_changed()\n")); while (f) { pstring n2; @@ -2981,14 +2952,6 @@ char *lp_ldap_idmap_suffix(void) return lp_string(Globals.szLdapSuffix); } -char *lp_ldap_privilege_suffix(void) -{ - if (Globals.szLdapPrivilegeSuffix[0]) - return append_ldap_suffix(Globals.szLdapPrivilegeSuffix); - - return lp_string(Globals.szLdapSuffix); -} - /*************************************************************************** ***************************************************************************/ @@ -3843,18 +3806,9 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, pstring n2; BOOL bRetval; param_opt_struct *data, *pdata; - char *username; pstrcpy(n2, pszFname); - - /* get the username for substituion -- preference to the current_user_info */ - - if ( strlen( current_user_info.smb_name ) != 0 ) - username = current_user_info.smb_name; - else - username = sub_get_smb_name(); - - standard_sub_basic( username, n2,sizeof(n2) ); + standard_sub_basic(current_user_info.smb_name, n2,sizeof(n2)); add_to_file_list(pszFname, n2); @@ -3897,11 +3851,6 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, if (iServiceIndex >= 0) bRetval = service_ok(iServiceIndex); - if (*(lp_config_backend())) { - modconf_init(lp_config_backend()); - modconf_load(do_section, do_parameter); - } - lp_add_auto_services(lp_auto_services()); if (add_ipc) { diff --git a/source/param/modconf.c b/source/param/modconf.c deleted file mode 100644 index a9ab6f9b4a2..00000000000 --- a/source/param/modconf.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Configuration Modules Support - Copyright (C) Simo Sorce 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_IDMAP - -struct modconf_struct { - char *name; - struct config_functions *fns; -}; - -static struct modconf_struct module; - -NTSTATUS smb_register_config(int version, const char *name, struct config_functions *fns) -{ - if ((version != SAMBA_CONFIG_INTERFACE_VERSION)) { - DEBUG(0, ("smb_register_config: Failed to register config module.\n" - "The module has been compiled with a different interface version (%d).\n" - "The supported version is: %d\n", - version, SAMBA_CONFIG_INTERFACE_VERSION)); - return NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - if (!name || !name[0]) { - DEBUG(0,("smb_register_config: Name missing!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - module.name = smb_xstrdup(name); - module.fns = fns; - DEBUG(5, ("smb_register_config: Successfully registeres config backend '%s'\n", name)); - return NT_STATUS_OK; -} - -/********************************************************************** - * Init the configuration module - *********************************************************************/ - -BOOL modconf_init(const char *config_backend) -{ - NTSTATUS ret; - BOOL bret = False; - char *name; - char *params; - - /* nothing to do */ - if (!config_backend) - return True; - - name = smb_xstrdup(config_backend); - if ((params = strchr(name, ':')) != NULL ) { - *params = '\0'; - params++; - } - - ret = smb_probe_module("config", name); - - if (NT_STATUS_IS_OK(ret) && NT_STATUS_IS_OK(module.fns->init(params))) - bret = True; - - SAFE_FREE(name); - return bret; -} - -BOOL modconf_load(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *)) -{ - if (module.fns) { - if (NT_STATUS_IS_OK(module.fns->load(sfunc, pfunc))) { - return True; - } - } - return False; -} - -NTSTATUS modconf_close(void) -{ - return module.fns->close(); -} diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index a365cba0082..83d2cd28ac6 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -66,7 +66,7 @@ BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_N Tries local lookup first - for local sids, then tries winbind. *****************************************************************/ -BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type) +BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type) { if (!name_type) return False; @@ -105,44 +105,6 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM return True; } -BOOL sid_to_local_user_name(const DOM_SID *sid, fstring username) -{ - fstring dom_name; - fstring name; - enum SID_NAME_USE type; - - if (!sid_check_is_in_our_domain(sid)) - return False; - - if (!lookup_sid(sid, dom_name, name, &type)) - return False; - - if (type != SID_NAME_USER) - return False; - - fstrcpy(username, name); - return True; -} - -BOOL sid_to_local_dom_grp_name(const DOM_SID *sid, fstring groupname) -{ - fstring dom_name; - fstring name; - enum SID_NAME_USE type; - - if (!sid_check_is_in_our_domain(sid)) - return False; - - if (!lookup_sid(sid, dom_name, name, &type)) - return False; - - if (type != SID_NAME_DOM_GRP) - return False; - - fstrcpy(groupname, name); - return True; -} - /***************************************************************** Id mapping cache. This is to avoid Winbind mappings already diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 73f613535d9..7c9376e045a 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -704,7 +704,7 @@ BOOL fallback_pdb_rid_is_user(uint32 rid) Convert a rid into a name. Used in the lookup SID rpc. ********************************************************************/ -BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use) +BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use) { uint32 rid; SAM_ACCOUNT *sam_account = NULL; @@ -800,6 +800,8 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na gid = pdb_group_rid_to_gid(rid); gr = getgrgid(gid); + *psid_name_use = SID_NAME_ALIAS; + DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid, gr ? "succeeded" : "failed" )); @@ -1890,8 +1892,6 @@ BOOL init_sam_from_buffer_v1(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen) done: - SAFE_FREE(lm_pw_ptr); - SAFE_FREE(nt_pw_ptr); SAFE_FREE(username); SAFE_FREE(domain); SAFE_FREE(nt_username); @@ -2339,50 +2339,3 @@ BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass) return True; } - -BOOL get_sids_from_priv(const char *privname, DOM_SID **sids, int *num) -{ - char *sids_string; - char *s; - fstring tok; - - if (!pdb_get_privilege_entry(privname, &sids_string)) - return False; - - s = sids_string; - - while (next_token(&s, tok, ",", sizeof(tok))) { - DOM_SID sid; - DEBUG(10, ("converting SID %s\n", tok)); - - if (!string_to_sid(&sid, tok)) { - DEBUG(3, ("Could not convert SID\n")); - continue; - } - - add_sid_to_array(&sid, sids, num); - } - - SAFE_FREE(sids_string); - return True; -} - -BOOL get_priv_for_sid(const DOM_SID *sid, PRIVILEGE_SET *priv) -{ - extern PRIVS privs[]; - int i; - for (i=1; i<PRIV_ALL_INDEX-1; i++) { - DOM_SID *sids; - int j, num; - - if (!get_sids_from_priv(privs[i].priv, &sids, &num)) - continue; - - for (j=0; j<num; j++) { - if (sid_compare(sid, &sids[j]) == 0) - add_privilege_by_name(priv, privs[i].priv); - } - SAFE_FREE(sids); - } - return True; -} diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c index 908588c8988..e69dac524f0 100644 --- a/source/passdb/pdb_get_set.c +++ b/source/passdb/pdb_get_set.c @@ -314,6 +314,14 @@ const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass) return (NULL); } +uint32 pdb_get_fields_present (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.fields_present); + else + return (-1); +} + uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass) { if (sampass) @@ -1001,6 +1009,16 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag); } +BOOL pdb_set_fields_present (SAM_ACCOUNT *sampass, uint32 fields_present, enum pdb_value_state flag) +{ + if (!sampass) + return False; + + sampass->private.fields_present = fields_present; + + return pdb_set_init_flags(sampass, PDB_FIELDS_PRESENT, flag); +} + BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag) { if (!sampass) @@ -1155,4 +1173,3 @@ uint32 pdb_build_fields_present (SAM_ACCOUNT *sampass) /* value set to all for testing */ return 0x00ffffff; } - diff --git a/source/passdb/pdb_guest.c b/source/passdb/pdb_guest.c index 8c1d4c7b0fe..510cf6abc8b 100644 --- a/source/passdb/pdb_guest.c +++ b/source/passdb/pdb_guest.c @@ -152,21 +152,6 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c (*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping; - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = pdb_nop_get_group_info_by_sid; - (*pdb_method)->get_group_list = pdb_nop_get_group_list; - (*pdb_method)->get_group_sids = pdb_nop_get_group_sids; - (*pdb_method)->add_group = pdb_nop_add_group; - (*pdb_method)->update_group = pdb_nop_update_group; - (*pdb_method)->delete_group = pdb_nop_delete_group; - (*pdb_method)->add_sid_to_group = pdb_nop_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = pdb_nop_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = pdb_nop_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = pdb_nop_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = pdb_nop_get_group_uids; -*/ - /* There's not very much to initialise here */ return NT_STATUS_OK; diff --git a/source/passdb/pdb_gums.c b/source/passdb/pdb_gums.c deleted file mode 100644 index f34d3a94b5a..00000000000 --- a/source/passdb/pdb_gums.c +++ /dev/null @@ -1,464 +0,0 @@ -/* - * GUMS password backend for samba - * Copyright (C) Simo Sorce 2003-2004 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) -#define BOOL_SET_OR_FAIL(func, label) do { if (!func) { DEBUG(0, ("%s: Setting sam object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - -struct gums_gw_data { - GUMS_FUNCTIONS *fns; - void *handle; -}; - -static NTSTATUS gums_object_to_sam_account(SAM_ACCOUNT *sa, GUMS_OBJECT *go) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; -/* - if (!NT_STATUS_IS_OK(ret = pdb_init_sam(sa))) { - DEBUG(0, ("gums_object_to_sam_account: error occurred while creating sam_account object!\n")); - goto error; - } -*/ - if (gums_get_object_type(go) != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - BOOL_SET_OR_FAIL(pdb_set_acct_ctrl(sa, gums_get_user_acct_ctrl(go), PDB_SET), error); - - /* domain */ - /* unix_homedir ? */ - - nt_time = gums_get_user_logon_time(go); - BOOL_SET_OR_FAIL(pdb_set_logon_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_logoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_logoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_kickoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_kickoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_last_set_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_last_set_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_can_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_can_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_must_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_must_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours_len(sa, gums_get_user_hours_len(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_divs(sa, gums_get_user_logon_divs(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_user_sid(sa, gums_get_object_sid(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_group_sid(sa, gums_get_user_pri_group(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_nt_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_fullname(sa, gums_get_user_fullname(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_script(sa, gums_get_user_logon_script(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_profile_path(sa, gums_get_user_profile_path(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_dir_drive(sa, gums_get_user_dir_drive(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_homedir(sa, gums_get_user_homedir(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_acct_desc(sa, gums_get_object_description(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_workstations(sa, gums_get_user_workstations(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_str(sa, gums_get_user_unknown_str(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_munged_dial(sa, gums_get_user_munged_dial(go), PDB_SET), error); - - pwd = gums_get_user_nt_pwd(go); - if (!pdb_set_nt_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set nt password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - pwd = gums_get_user_lm_pwd(go); - if (!pdb_set_lanman_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set lanman password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - - BOOL_SET_OR_FAIL(pdb_set_bad_password_count(sa, gums_get_user_bad_password_count(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_6(sa, gums_get_user_unknown_6(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours(sa, gums_get_user_hours(go), PDB_SET), error); - - return NT_STATUS_OK; - -error: - if (sa && (sa->free_fn)) { - sa->free_fn(&sa); - } - - return ret; -} - -static NTSTATUS sam_account_to_gums_object(GUMS_OBJECT *go, SAM_ACCOUNT *sa) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; - -/* - ret = gums_create_object(go, GUMS_OBJ_NORMAL_USER); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("sam_account_to_gums_object: error occurred while creating gums object!\n")); - goto error; - } -*/ - - /* sec_desc */ - - SET_OR_FAIL(gums_set_object_name(go, pdb_get_username(sa)), error); - - SET_OR_FAIL(gums_set_object_sid(go, pdb_get_user_sid(sa)), error); - SET_OR_FAIL(gums_set_user_pri_group(go, pdb_get_group_sid(sa)), error); - - if (pdb_get_acct_desc(sa)) - SET_OR_FAIL(gums_set_object_description(go, pdb_get_acct_desc(sa)), error); - if (pdb_get_fullname(sa)) - SET_OR_FAIL(gums_set_user_fullname(go, pdb_get_fullname(sa)), error); - if (pdb_get_homedir(sa)) - SET_OR_FAIL(gums_set_user_homedir(go, pdb_get_homedir(sa)), error); - if (pdb_get_dir_drive(sa)) - SET_OR_FAIL(gums_set_user_dir_drive(go, pdb_get_dir_drive(sa)), error); - if (pdb_get_logon_script(sa)) - SET_OR_FAIL(gums_set_user_logon_script(go, pdb_get_logon_script(sa)), error); - if (pdb_get_profile_path(sa)) - SET_OR_FAIL(gums_set_user_profile_path(go, pdb_get_profile_path(sa)), error); - if (pdb_get_workstations(sa)) - SET_OR_FAIL(gums_set_user_workstations(go, pdb_get_workstations(sa)), error); - if (pdb_get_unknown_str(sa)) - SET_OR_FAIL(gums_set_user_unknown_str(go, pdb_get_unknown_str(sa)), error); - if (pdb_get_munged_dial(sa)) - SET_OR_FAIL(gums_set_user_munged_dial(go, pdb_get_munged_dial(sa)), error); - SET_OR_FAIL(gums_set_user_logon_divs(go, pdb_get_logon_divs(sa)), error); - if (pdb_get_hours(sa)) - SET_OR_FAIL(gums_set_user_hours(go, pdb_get_hours_len(sa), pdb_get_hours(sa)), error); - SET_OR_FAIL(gums_set_user_bad_password_count(go, pdb_get_bad_password_count(sa)), error); - SET_OR_FAIL(gums_set_user_unknown_6(go, pdb_get_unknown_6(sa)), error); - - unix_to_nt_time(&nt_time, pdb_get_logon_time(sa)); - SET_OR_FAIL(gums_set_user_logon_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_logoff_time(sa)); - SET_OR_FAIL(gums_set_user_logoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_kickoff_time(sa)); - SET_OR_FAIL(gums_set_user_kickoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_last_set_time(sa)); - SET_OR_FAIL(gums_set_user_pass_last_set_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_can_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_can_change_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_must_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_must_change_time(go, nt_time), error); - - pwd = data_blob(pdb_get_nt_passwd(sa), NT_HASH_LEN); - ret = gums_set_user_nt_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set nt password!\n")); - goto error; - } - pwd = data_blob(pdb_get_lanman_passwd(sa), LM_HASH_LEN); - ret = gums_set_user_lm_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set lanman password!\n")); - goto error; - } - - SET_OR_FAIL(gums_set_user_acct_ctrl(go, pdb_get_acct_ctrl(sa)), error); - - return NT_STATUS_OK; - -error: - gums_reset_object(go); - return ret; -} - -static NTSTATUS gums_setsampwent(struct pdb_methods *methods, BOOL update) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - return ggwd->fns->enumerate_objects_start(&(ggwd->handle), NULL, GUMS_OBJ_NORMAL_USER); -} - -static NTSTATUS gums_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->enumerate_objects_get_next(&go, ggwd->handle))) { - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -static void gums_endsampwent(struct pdb_methods *methods) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - ggwd->fns->enumerate_objects_stop(ggwd->handle); -} - -/****************************************************************** - Lookup a name in the SAM database - ******************************************************************/ - -static NTSTATUS gums_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *account, const char *name) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_name(&go, global_myname(), name, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwnam: unable to find account with name %s", name)); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by SID - **************************************************************************/ - -static NTSTATUS gums_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT *account, const DOM_SID *sid) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, sid, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwsid: unable to find account with sid %s", sid_string_static(sid))); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by rid - **************************************************************************/ - -#if 0 - -static NTSTATUS gums_getsampwrid (struct pdb_methods *methods, - SAM_ACCOUNT *account, uint32 rid) -{ - DOM_SID sid; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - gums_getsampwsid(methods, account, &sid); - - return NT_STATUS_OK; -} - -#endif - -/*************************************************************************** - Updates a SAM_ACCOUNT - - This isn't a particulary practical option for pdb_guest. We certainly don't - want to twidde the filesystem, so what should we do? - - Current plan is to transparently add the account. It should appear - as if the pdb_guest version was modified, but its actually stored somehwere. - ****************************************************************************/ - -static NTSTATUS gums_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_add_sam_account: error occurred while creating gums object!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_add_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, pdb_get_user_sid(account), GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_update_sam_account: update on invalid account!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_update_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_update_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->delete_object(pdb_get_user_sid(account)))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - } - - return ret; -} - - -static void free_gw_private_data(void **vp) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)vp; - ggwd->fns->free_private_data(&(ggwd->fns->private_data)); - ggwd->fns = NULL; - ggwd->handle = NULL; - SAFE_FREE(vp); -} - -NTSTATUS pdb_init_gums_gateway(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd; - - if (!pdb_context) { - DEBUG(0, ("invalid pdb_context specified\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(ret = gums_setup_backend(lp_gums_backend()))) { - DEBUG(0, ("pdb_init_gums_gateway: initialization error!\n")); - return ret; - } - - ggwd = (struct gums_gw_data *)malloc(sizeof(struct gums_gw_data)); - if (!ggwd) - return NT_STATUS_NO_MEMORY; - memset(ggwd, 0, sizeof(struct gums_gw_data)); - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&(ggwd->fns)))) { - goto error; - } - - if (!NT_STATUS_IS_OK(ret = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { - goto error; - } - - (*pdb_method)->name = "gums_gateway"; - - (*pdb_method)->setsampwent = gums_setsampwent; - (*pdb_method)->getsampwent = gums_getsampwent; - (*pdb_method)->endsampwent = gums_endsampwent; - (*pdb_method)->getsampwnam = gums_getsampwnam; - (*pdb_method)->getsampwsid = gums_getsampwsid; - (*pdb_method)->add_sam_account = gums_add_sam_account; - (*pdb_method)->update_sam_account = gums_update_sam_account; - (*pdb_method)->delete_sam_account = gums_delete_sam_account; - - /* we should do no group mapping here */ -/* (*pdb_method)->getgrsid = gums_getgrsid; - (*pdb_method)->getgrgid = gums_getgrgid; - (*pdb_method)->getgrnam = gums_getgrnam; - (*pdb_method)->add_group_mapping_entry = gums_add_group_mapping_entry; - (*pdb_method)->update_group_mapping_entry = gums_update_group_mapping_entry; - (*pdb_method)->delete_group_mapping_entry = gums_delete_group_mapping_entry; - (*pdb_method)->enum_group_mapping = gums_enum_group_mapping;*/ - - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = gums_get_group_info_by_sid; - (*pdb_method)->get_group_list = gums_get_group_list; - (*pdb_method)->get_group_sids = gums_get_group_sids; - (*pdb_method)->add_group = gums_add_group; - (*pdb_method)->update_group = gums_update_group; - (*pdb_method)->delete_group = gums_delete_group; - (*pdb_method)->add_sid_to_group = gums_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = gums_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = gums_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = gums_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = gums_get_group_uids; -*/ - - (*pdb_method)->private_data = ggwd; - (*pdb_method)->free_private_data = free_gw_private_data; - - return NT_STATUS_OK; - -error: - SAFE_FREE(ggwd); - return ret; -} - -NTSTATUS pdb_gums_init(void) -{ - return smb_register_passdb(PASSDB_INTERFACE_VERSION, "gums", pdb_init_gums_gateway); -} - diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index b1620aa9eb6..06097d3557b 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -232,12 +232,25 @@ static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sa static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if ((!context) || (!context->pdb_methods)) { DEBUG(0, ("invalid pdb_context specified!\n")); return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on add' should be done */ /* We now add a new account to the first database listed. * Should we? */ @@ -248,6 +261,8 @@ static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); @@ -259,6 +274,17 @@ static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCO return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on update' should be done */ return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct); @@ -426,388 +452,6 @@ static NTSTATUS context_enum_group_mapping(struct pdb_context *context, num_entries, unix_only); } -static NTSTATUS context_find_alias(struct pdb_context *context, - const char *name, DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->find_alias(context->pdb_methods, - name, sid); -} - -static NTSTATUS context_create_alias(struct pdb_context *context, - const char *name, uint32 *rid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->create_alias(context->pdb_methods, - name, rid); -} - -static NTSTATUS context_delete_alias(struct pdb_context *context, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->delete_alias(context->pdb_methods, sid); -} - -static NTSTATUS context_enum_aliases(struct pdb_context *context, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliases(context->pdb_methods, - sid, start_idx, max_entries, - num_aliases, info); -} - -static NTSTATUS context_get_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->get_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_set_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->set_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_add_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_del_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->del_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_enum_aliasmem(struct pdb_context *context, - const DOM_SID *alias, DOM_SID **members, - int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliasmem(context->pdb_methods, - alias, members, num); -} - -static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods-> - enum_alias_memberships(context->pdb_methods, sid, aliases, - num); -} - -static NTSTATUS context_settrustpwent(struct pdb_context *context) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->settrustpwent(cur_methods); - if (NT_STATUS_IS_OK(ret)) { - context->pdb_methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwent(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwent(cur_methods, trust); - if (!NT_STATUS_IS_ERR(ret)) { - /* prevent from segfaulting when gettrustpwent - was called just to rewind enumeration */ - if (trust) trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwnam(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwnam(cur_methods, trust, name); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwsid(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwsid(cur_methods, trust, sid); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_add_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_trust_passwd(context->pdb_methods, trust); -} - -static NTSTATUS context_update_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->update_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_delete_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->delete_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_add_sid_to_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->add_sid_to_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_remove_sid_from_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->remove_sid_from_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_set(struct pdb_context *context, DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_set(curmethods, sid_list, num_sids, privset))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_entry(struct pdb_context *context, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_entry(curmethods, privname, sid_list))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - /****************************************************************** Free and cleanup a pdb context, any associated data and anything that the attached modules might have associated. @@ -923,27 +567,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry; (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry; (*context)->pdb_enum_group_mapping = context_enum_group_mapping; - (*context)->pdb_find_alias = context_find_alias; - (*context)->pdb_create_alias = context_create_alias; - (*context)->pdb_delete_alias = context_delete_alias; - (*context)->pdb_enum_aliases = context_enum_aliases; - (*context)->pdb_get_aliasinfo = context_get_aliasinfo; - (*context)->pdb_set_aliasinfo = context_set_aliasinfo; - (*context)->pdb_add_aliasmem = context_add_aliasmem; - (*context)->pdb_del_aliasmem = context_del_aliasmem; - (*context)->pdb_enum_aliasmem = context_enum_aliasmem; - (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships; - (*context)->pdb_settrustpwent = context_settrustpwent; - (*context)->pdb_gettrustpwent = context_gettrustpwent; - (*context)->pdb_gettrustpwnam = context_gettrustpwnam; - (*context)->pdb_gettrustpwsid = context_gettrustpwsid; - (*context)->pdb_add_trust_passwd = context_add_trust_passwd; - (*context)->pdb_update_trust_passwd = context_update_trust_passwd; - (*context)->pdb_delete_trust_passwd = context_delete_trust_passwd; - (*context)->pdb_add_sid_to_privilege = context_add_sid_to_privilege; - (*context)->pdb_remove_sid_from_privilege = context_remove_sid_from_privilege; - (*context)->pdb_get_privilege_set = context_get_privilege_set; - (*context)->pdb_get_privilege_entry = context_get_privilege_entry; (*context)->free_fn = free_pdb_context; @@ -1111,48 +734,22 @@ BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid) BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct)); } BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct)); } @@ -1253,183 +850,6 @@ BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, rmap, num_entries, unix_only)); } -BOOL pdb_find_alias(const char *name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context, - name, sid)); -} - -BOOL pdb_create_alias(const char *name, uint32 *rid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_create_alias(pdb_context, - name, rid)); -} - -BOOL pdb_delete_alias(const DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context, - sid)); - -} - -BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, struct acct_info **info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid, - start_idx, - max_entries, - num_aliases, - info)); -} - -BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_del_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_enum_aliasmem(const DOM_SID *alias, - DOM_SID **members, int *num_members) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_aliasmem(pdb_context, alias, - members, num_members)); -} - -BOOL pdb_enum_alias_memberships(const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_alias_memberships(pdb_context, sid, - aliases, num)); -} - -BOOL pdb_add_sid_to_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_sid_to_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_remove_sid_from_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_remove_sid_from_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_get_privilege_set(DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_set(pdb_context, sid_list, num_sids, privset)); -} - -BOOL pdb_get_privilege_entry(const char *privname, char **sid_list) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_entry(pdb_context, privname, sid_list)); -} - /*************************************************************** Initialize the static context (at smbd startup etc). @@ -1487,66 +907,6 @@ static void pdb_default_endsampwent(struct pdb_methods *methods) return; /* NT_STATUS_NOT_IMPLEMENTED; */ } -static NTSTATUS pdb_default_settrustpwent(struct pdb_methods *methods) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const char* name) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const DOM_SID* sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_sid_to_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_remove_sid_from_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_get_privilege_set(struct pdb_methods *methods, DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - /* by default return the empty privilege set as otherwise login will - * be denied if a backend does not support privilege sets */ - return NT_STATUS_OK; -} - -static NTSTATUS pdb_default_get_privilege_entry(struct pdb_methods *methods, const char *privname, char **sid_list) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - - NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) { *methods = talloc(mem_ctx, sizeof(struct pdb_methods)); @@ -1573,29 +933,6 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry; (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry; (*methods)->enum_group_mapping = pdb_default_enum_group_mapping; - (*methods)->find_alias = pdb_default_find_alias; - (*methods)->create_alias = pdb_default_create_alias; - (*methods)->delete_alias = pdb_default_delete_alias; - (*methods)->enum_aliases = pdb_default_enum_aliases; - (*methods)->get_aliasinfo = pdb_default_get_aliasinfo; - (*methods)->set_aliasinfo = pdb_default_set_aliasinfo; - (*methods)->add_aliasmem = pdb_default_add_aliasmem; - (*methods)->del_aliasmem = pdb_default_del_aliasmem; - (*methods)->enum_aliasmem = pdb_default_enum_aliasmem; - (*methods)->enum_alias_memberships = pdb_default_alias_memberships; - - (*methods)->settrustpwent = pdb_default_settrustpwent; - (*methods)->gettrustpwent = pdb_default_gettrustpwent; - (*methods)->gettrustpwnam = pdb_default_gettrustpwnam; - (*methods)->gettrustpwsid = pdb_default_gettrustpwsid; - (*methods)->add_trust_passwd = pdb_default_add_trust_passwd; - (*methods)->update_trust_passwd = pdb_default_update_trust_passwd; - (*methods)->delete_trust_passwd = pdb_default_delete_trust_passwd; - - (*methods)->add_sid_to_privilege = pdb_default_add_sid_to_privilege; - (*methods)->remove_sid_from_privilege = pdb_default_remove_sid_from_privilege; - (*methods)->get_privilege_set = pdb_default_get_privilege_set; - (*methods)->get_privilege_entry = pdb_default_get_privilege_entry; return NT_STATUS_OK; } diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 23ab0f9965d..2141f2a3f1c 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -407,7 +407,7 @@ static time_t ldapsam_get_entry_timestamp( strptime(temp, "%Y%m%d%H%M%SZ", &tm); tzset(); - return timegm(&tm); + return (mktime(&tm) - timezone); } /********************************************************************** @@ -539,6 +539,28 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, return False; } + +#if 0 /* JERRY -- not used anymore */ + /* + * If so configured, try and get the values from LDAP + */ + + if (lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) + { + if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) + { + GROUP_MAP map; + /* call the mapping code here */ + if(pdb_getgrgid(&map, gid)) { + pdb_set_group_sid(sampass, &map.sid, PDB_SET); + } + else { + pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET); + } + } + } +#endif + if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), temp)) { /* leave as default */ @@ -1990,8 +2012,8 @@ static int ldapsam_search_one_group_by_gid(struct ldapsam_privates *ldap_state, { pstring filter; - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%lu))", - LDAP_OBJ_POSIXGROUP, LDAP_OBJ_IDMAP_ENTRY, + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%lu))", + LDAP_OBJ_POSIXGROUP, get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), (unsigned long)gid); @@ -2033,37 +2055,6 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if ( count == 0 ) { - /* There's no posixGroup account, let's try to find an - * appropriate idmap entry for aliases */ - - pstring suffix; - pstring filter; - char **attr_list; - - ldap_msgfree(result); - - pstrcpy( suffix, lp_ldap_idmap_suffix() ); - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%u))", - LDAP_OBJ_IDMAP_ENTRY, LDAP_ATTRIBUTE_GIDNUMBER, - map->gid); - - attr_list = get_attr_list( sidmap_attr_list ); - rc = smbldap_search(ldap_state->smbldap_state, suffix, - LDAP_SCOPE_SUBTREE, filter, attr_list, - 0, &result); - - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(3,("Failure looking up entry (%s)\n", - ldap_err2string(rc) )); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - } - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); - if ( count == 0 ) { ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } @@ -2338,560 +2329,6 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member, - int modop) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - char *dn; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - LDAPMod **mods = NULL; - int rc; - - pstring filter; - - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_GROUP_SID), - sid_string_static(alias)); - - if (ldapsam_search_one_group(ldap_state, filter, - &result) != LDAP_SUCCESS) - return NT_STATUS_NO_SUCH_ALIAS; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - DEBUG(4, ("ldapsam_add_aliasmem: Did not find alias\n")); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - if (count > 1) { - DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: " - "count=%d\n", filter, count)); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!dn) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - smbldap_set_mod(&mods, modop, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST), - sid_string_static(member)); - - rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); - - ldap_mods_free(mods, True); - ldap_msgfree(result); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->smbldap_state->ldap_struct, - LDAP_OPT_ERROR_STRING,&ld_error); - - DEBUG(0, ("ldapsam_delete_entry: Could not delete attributes " - "for %s, error: %s (%s)\n", dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - SAFE_FREE(dn); - return NT_STATUS_UNSUCCESSFUL; - } - - SAFE_FREE(dn); - - return NT_STATUS_OK; -} - -static NTSTATUS ldapsam_add_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member) -{ - return ldapsam_modify_aliasmem(methods, alias, member, LDAP_MOD_ADD); -} - -static NTSTATUS ldapsam_del_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member) -{ - return ldapsam_modify_aliasmem(methods, alias, member, - LDAP_MOD_DELETE); -} - -static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - char **values; - int i; - pstring filter; - - *members = NULL; - *num_members = 0; - - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_GROUP_SID), - sid_string_static(alias)); - - if (ldapsam_search_one_group(ldap_state, filter, - &result) != LDAP_SUCCESS) - return NT_STATUS_NO_SUCH_ALIAS; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - DEBUG(4, ("ldapsam_add_aliasmem: Did not find alias\n")); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - if (count > 1) { - DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: " - "count=%d\n", filter, count)); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, - entry, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST)); - - if (values == NULL) { - ldap_msgfree(result); - return NT_STATUS_OK; - } - - count = ldap_count_values(values); - - for (i=0; i<count; i++) { - DOM_SID member; - - if (!string_to_sid(&member, values[i])) - continue; - - add_sid_to_array(&member, members, num_members); - } - - ldap_value_free(values); - ldap_msgfree(result); - - return NT_STATUS_OK; -} - -static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - - fstring sid_string; - const char *attrs[] = { LDAP_ATTRIBUTE_SID, NULL }; - - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - int rc; - pstring filter; - - sid_to_string(sid_string, sid); - pstr_sprintf(filter, "(&(|(objectclass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST), sid_string); - - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(), - LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); - - if (rc != LDAP_SUCCESS) - return NT_STATUS_UNSUCCESSFUL; - - *aliases = NULL; - *num = 0; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - ldap_msgfree(result); - return NT_STATUS_OK; - } - - - for (entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - entry != NULL; - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, - entry)) - { - DOM_SID alias; - char **vals; - vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct, - entry, LDAP_ATTRIBUTE_SID); - - if (vals == NULL) - continue; - - if (vals[0] == NULL) { - ldap_value_free(vals); - continue; - } - - if (!string_to_sid(&alias, vals[0])) { - ldap_value_free(vals); - continue; - } - - add_sid_to_array(&alias, aliases, num); - ldap_value_free(vals); - } - - ldap_msgfree(result); - return NT_STATUS_OK; -} - -/********************************************************************** - Privileges related functions - *********************************************************************/ - -static NTSTATUS ldapsam_modify_sid_list_for_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid, int ldap_op) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - LDAPMod **mods = NULL; - fstring sid_str; - fstring filter; - char **attr_list, *dn; - int rc; - - if ((sid == NULL) || (!sid_to_string(sid_str, sid))) { - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Invalid SID\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - /* if the privilege does not exist and we are adding then - * create it */ - if (ldap_op == LDAP_MOD_ADD) { - - DEBUG(3, ("Privilege not found on ldap tree, creating a new entry\n")); - if (asprintf(&dn, "sambaPrivName=%s,%s", privname, lp_ldap_privilege_suffix()) < 0) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: Out of memory\n")); - goto done; - } - - smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaPrivName", privname); - - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_PRIVILEGE); - - rc = smbldap_add(ldap_state->smbldap_state, dn, mods); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to add privilege (%s) dn= %s with: %s\n\t%s\n", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - - SAFE_FREE(ld_error); - goto done; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - } else { - goto done; - } - } - /* entry found */ - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - /* retrieve the dn */ - dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!dn) { - goto done; - } - - /* prepare the modification */ - smbldap_set_mod(&mods, ldap_op, "sambaSIDList", sid_str); - - /* modify the privilege */ - rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); - - /* free used structures */ - ldap_mods_free(mods, True); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to %s sid for privilege (%s) dn= %s with: %s\n\t%s\n", - (ldap_op == LDAP_MOD_ADD) ? "add" : "remove", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - SAFE_FREE(ld_error); - goto done; - } - - ret = NT_STATUS_OK; - -done: - return ret; -} - -static NTSTATUS ldapsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_ADD); -} - -static NTSTATUS ldapsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_DELETE); -} - -static NTSTATUS ldapsam_get_privilege_set(struct pdb_methods *my_methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privset) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring sid_str; - fstring filter; - char **sid_list; - char **attr_list; - int rc, i; - - sid_list = (char **)malloc(sizeof(char *) * (num_sids + 1)); - for (i = 0; i < num_sids; i++) { - sid_to_string(sid_str, &user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pstr_sprintf(filter, "(objectclass=%s)", LDAP_OBJ_PRIVILEGE); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_set: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_set: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_set: No privileges in ldap tree\n")); - ret = NT_STATUS_OK; - goto done; - } - - DEBUG(2, ("ldapsam_get_privilege_set: %d entries in the base!\n", - ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result))); - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - while (entry != NULL) { - char **values = NULL; - - for(i=0; sid_list[i] != NULL; i++) { - pstring privname; - int j; - - if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, "sambaPrivName", privname, sizeof(pstring))) { - goto loop; - } - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_set: SID List not found skipping privilege\n")); - goto loop; - } - - j = 0; - while (values[j] != 0) { - if (strcmp(values[j], sid_list[i]) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", privname)); - add_privilege_by_name(privset, privname); - goto loop; - } - j++; - } - - if (values) { - ldap_value_free(values); - values = NULL; - } - } - loop: - if (values) { - ldap_value_free(values); - } - - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, entry); - } - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - return ret; -} - -static NTSTATUS ldapsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, - char **sid_list) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring filter; - char **attr_list, **values; - int rc, i, len; - - *sid_list = NULL; - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_entry: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_entry: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_entry: No such privilege (%s) in ldap tree\n", privname)); - goto done; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_entry: SID List not found skipping privilege\n")); - ret = NT_STATUS_OK; - goto done; - } - - for (i = 0, len = 0; values[i] != 0; i++ ) { - len = len + strlen(values[i]) + 1; - } - - *sid_list = (char *)malloc(len); - if ((*sid_list) == NULL) { - DEBUG(0, ("ldapsam_get_privilege_entry: Out of memory!\n")); - ldap_value_free(values); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - (*sid_list)[0] = '\0'; - - for (i = 0; values[i] != 0; i++ ) { - if (i != 0) { - strlcat(*sid_list, ",", len); - } - strlcat(*sid_list, values[i], len); - } - - ldap_value_free(values); - ret = NT_STATUS_OK; -done: - return ret; -} - - /********************************************************************** Housekeeping *********************************************************************/ @@ -2945,11 +2382,6 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS ** (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; - (*pdb_method)->add_sid_to_privilege = ldapsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = ldapsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = ldapsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = ldapsam_get_privilege_entry; - /* TODO: Setup private data and free */ ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state)); @@ -3035,11 +2467,6 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met (*pdb_method)->name = "ldapsam"; - (*pdb_method)->add_aliasmem = ldapsam_add_aliasmem; - (*pdb_method)->del_aliasmem = ldapsam_del_aliasmem; - (*pdb_method)->enum_aliasmem = ldapsam_enum_aliasmem; - (*pdb_method)->enum_alias_memberships = ldapsam_alias_memberships; - ldap_state = (*pdb_method)->private_data; ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT; diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c index 2af6609ef6c..9bfb10c4009 100644 --- a/source/passdb/pdb_tdb.c +++ b/source/passdb/pdb_tdb.c @@ -42,7 +42,6 @@ static int tdbsam_debug_level = DBGC_ALL; #define PASSDB_FILE_NAME "passdb.tdb" #define USERPREFIX "USER_" #define RIDPREFIX "RID_" -#define PRIVPREFIX "PRIV_" #define tdbsamver_t int32 struct tdbsam_privates { @@ -698,620 +697,6 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } -/** - * Start trust passwords enumeration. This function is a simple - * wrapper for calling gettrustpwent with null pointer passed. - * - * @param methods methods belonging in pdb context (module) - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_settrustpwent(struct pdb_methods *methods) -{ - /* rewind enumeration from beginning */ - return methods->gettrustpwent(methods, NULL); -} - - -/** - * Enumerate across trust passwords (machine and interdomain nt/ads) - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct trust_passwd_data t; - TALLOC_CTX *mem_ctx; - - TRUSTDOM **trustdom; - static int enum_ctx; - int num_domains = 0; - unsigned int max_domains = 1; - char *dom_name, *dom_pass; - - smb_ucs2_t *uni_dom_name; - uint8 mach_pass[16]; - uint32 sec_chan; - - if (!methods) return NT_STATUS_UNSUCCESSFUL; - - /* - * NT domain trust passwords - */ - - /* rewind enumeration when passed NULL pointer as a trust */ - if (!trust) { - enum_ctx = 0; - return NT_STATUS_OK; - } - - mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration"); - - /* fetch next trusted domain (one at a time) and its full information */ - nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains, - &trustdom); - if (num_domains) { - pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name); - if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid, - &t.mod_time)) { - - t.uni_name_len = strnlen_w(trustdom[0]->name, 32); - strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len); - safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1); - t.flags = PASS_DOMAIN_TRUST_NT; - - SAFE_FREE(dom_pass); - talloc_destroy(mem_ctx); - trust->private = t; - return nt_status; - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* - * NT machine trust password - */ - - if (secrets_lock_trust_account_password(lp_workgroup(), True)) { - sec_chan = get_default_sec_channel(); - if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time, - &sec_chan)) { - - t.uni_name_len = strlen(lp_workgroup()); - push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup()); - strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len); - safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1); - t.flags = PASS_MACHINE_TRUST_NT; - if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - talloc_destroy(mem_ctx); - trust->private = t; - return NT_STATUS_NO_MORE_ENTRIES; - } - secrets_lock_trust_account_password(lp_workgroup(), False); - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - /* - * ADS machine trust password (TODO) - */ - - - /* - * if nothing is to be returned then reset domain name - * and return "no more entries" - */ - nt_status = NT_STATUS_NO_MORE_ENTRIES; - trust->private.uni_name_len = 0; - trust->private.uni_name[t.uni_name_len] = 0; - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Get trust password by trusted party name - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party name - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char domain_name[32]; - - if (!methods || !trust || !name) return nt_status; - - do { - /* get trust password (next in turn) */ - nt_status = tdbsam_gettrustpwent(methods, trust); - - /* convert unicode name and do case insensitive compare */ - pull_ucs2(NULL, domain_name, trust->private.uni_name, sizeof(domain_name), - trust->private.uni_name_len, STR_TERMINATE); - if (!StrnCaseCmp(domain_name, name, sizeof(domain_name))) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Get trust password by trusted party sid - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party sid - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - if (!methods || !trust || !sid) return nt_status; - - do { - nt_status = tdbsam_gettrustpwent(methods, trust); - - if (sid_equal(&trust->private.domain_sid, sid)) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Add new trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - BOOL status = False; - TALLOC_CTX *mem_ctx; - - char* domain = NULL; - struct trust_passwd_data t = trust->private; - uint32 sec_chan; - - mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password"); - - /* convert unicode name to char* (used to form the key) */ - pull_ucs2_talloc(mem_ctx, &domain, t.uni_name); - - /* add nt machine trust password */ - if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) { - sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC; - status = secrets_store_machine_password(t.pass, domain, sec_chan); - if (status) - status = secrets_store_domain_sid(domain, &t.domain_sid); - - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add nt domain trust password */ - } else if (t.flags & PASS_DOMAIN_TRUST_NT) { - status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len, - t.pass, t.domain_sid); - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add ads machine trust password (TODO) */ - } else if (t.flags & PASS_MACHINE_TRUST_ADS) { - } - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Update trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/** - * Delete trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/*************************************************************************** - Add sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - size_t str_size; - int flag; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdb_add_sid_to_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - if (data.dptr) { - /* check the list is not empty */ - if (*(data.dptr)) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - goto done; - } - } - SAFE_FREE(data.dptr); - - flag = TDB_MODIFY; - } else { - /* if privilege does not exist create one */ - flag = TDB_INSERT; - } - - /* add the given sid */ - sid_to_string(sid_str, sid); - - if (sid_list) { - str_size = strlen(sid_list) + strlen(sid_str) + 2; - s = realloc(sid_list, str_size); - if (!s) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - sid_list = s; - s = &sid_list[strlen(sid_list)]; - snprintf(s, strlen(sid_str) + 2, ",%s", sid_str); - - } else { - sid_list = strdup(sid_str); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - Reomve sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - /* if privilege does not exist, just leave */ - if (!data.dptr) { - ret = NT_STATUS_OK; - goto done; - } - - if (data.dptr) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Out of Memory!\n")); - goto done; - } - SAFE_FREE(data.dptr); - } - - /* remove the given sid */ - sid_to_string(sid_str, sid); - - s = strstr(sid_list, sid_str); - if (s) { - char *p; - p = strstr(s, ","); - if (p) { - size_t l = strlen(sid_list) + 1 - (s - sid_list); - memmove(s, ++p, l); - } else { - if (s != sid_list) - s--; - *s = '\0'; - } - } else { - /* sid not found */ - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - get the privilege list for the given token -****************************************************************************/ - -struct priv_traverse { - char **sid_list; - PRIVILEGE_SET *privset; -}; - -static int tdbsam_traverse_privilege(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) -{ - struct priv_traverse *pt = (struct priv_traverse *)state; - int prefixlen = strlen(PRIVPREFIX); - - if (strncmp(key.dptr, PRIVPREFIX, prefixlen) == 0) { - - /* add to privilege_set if any of the sid in the token - * is contained in the privilege */ - int i; - - for(i=0; pt->sid_list[i] != NULL; i++) { - char *c, *s; - int len; - - s = data.dptr; - while ((c=strchr(s, ',')) !=NULL) { - len = MAX((c - s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - s = c + 1; - } - len = MAX(strlen(s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - } - } - - return 0; -} - -static NTSTATUS tdbsam_get_privilege_set(struct pdb_methods *my_methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privset) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - struct priv_traverse pt; - fstring sid_str; - char **sid_list; - int i; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY ))) - return NT_STATUS_UNSUCCESSFUL; - - sid_list = (char **)malloc(sizeof(char *) * (num_sids + 1)); - for (i = 0; i < num_sids; i++) { - sid_to_string(sid_str, &user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pt.sid_list = sid_list; - pt.privset = privset; - tdb_traverse(pwd_tdb, tdbsam_traverse_privilege, &pt); - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - tdb_close(pwd_tdb); - - return ret; -} - -static NTSTATUS tdbsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring name; - fstring keystr; - - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) - return ret; - - /* setup the PRIV index key */ - fstrcpy(name, privname); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(pwd_tdb, key); - if (!data.dptr) - goto done; - - *sid_list = strdup(data.dptr); - SAFE_FREE(data.dptr); - - if (!*sid_list) - goto done; - - ret = NT_STATUS_OK; -done: - tdb_close(pwd_tdb); - return ret; -} - - - - - - static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { @@ -1332,17 +717,6 @@ static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_meth (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; - (*pdb_method)->settrustpwent = tdbsam_settrustpwent; - (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent; - (*pdb_method)->gettrustpwnam = tdbsam_gettrustpwnam; - (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid; - (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd; - (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd; - (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd; - (*pdb_method)->add_sid_to_privilege = tdbsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = tdbsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = tdbsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = tdbsam_get_privilege_entry; tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates)); @@ -1372,3 +746,4 @@ NTSTATUS pdb_tdbsam_init(void) { return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam); } + diff --git a/source/passdb/pdb_xml.c b/source/passdb/pdb_xml.c index 2738ad40e2a..64cb73ba5a4 100644 --- a/source/passdb/pdb_xml.c +++ b/source/passdb/pdb_xml.c @@ -534,17 +534,13 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method (*pdb_method)->getsampwsid = NULL; (*pdb_method)->update_sam_account = NULL; (*pdb_method)->delete_sam_account = NULL; - (*pdb_method)->get_group_info_by_sid = NULL; - (*pdb_method)->get_group_list = NULL; - (*pdb_method)->get_group_sids = NULL; - (*pdb_method)->add_group = NULL; - (*pdb_method)->update_group = NULL; - (*pdb_method)->delete_group = NULL; - (*pdb_method)->add_sid_to_group = NULL; - (*pdb_method)->remove_sid_from_group = NULL; - (*pdb_method)->get_group_info_by_name = NULL; - (*pdb_method)->get_group_info_by_nt_name = NULL; - (*pdb_method)->get_group_uids = NULL; + (*pdb_method)->getgrsid = NULL; + (*pdb_method)->getgrgid = NULL; + (*pdb_method)->getgrnam = NULL; + (*pdb_method)->add_group_mapping_entry = NULL; + (*pdb_method)->update_group_mapping_entry = NULL; + (*pdb_method)->delete_group_mapping_entry = NULL; + (*pdb_method)->enum_group_mapping = NULL; data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml)); data->location = talloc_strdup(pdb_context->mem_ctx, (location ? location : "passdb.xml")); diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 7531435e84f..308f95f395b 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -4,7 +4,7 @@ Copyright (C) Andrew Bartlett 2002 Copyright (C) Rafal Szczesniak 2002 Copyright (C) Tim Potter 2001 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -135,38 +135,39 @@ BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid) return True; } -BOOL secrets_store_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_store_domain_guid(const char *domain, GUID *guid) { fstring key; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - return secrets_store(key, guid, sizeof(struct uuid)); + return secrets_store(key, guid, sizeof(GUID)); } -BOOL secrets_fetch_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid) { - struct uuid *dyn_guid; + GUID *dyn_guid; fstring key; size_t size; - struct uuid new_guid; + GUID new_guid; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); + + DEBUG(6,("key is %s, size is %d\n", key, (int)size)); - if ((!dyn_guid) && (lp_server_role() == ROLE_DOMAIN_PDC)) { + if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) { smb_uuid_generate_random(&new_guid); if (!secrets_store_domain_guid(domain, &new_guid)) return False; - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); if (dyn_guid == NULL) return False; } - if (size != sizeof(struct uuid)) + if (size != sizeof(GUID)) { - DEBUG(1,("UUID size %d is wrong!\n", (int)size)); SAFE_FREE(dyn_guid); return False; } @@ -244,7 +245,7 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. The user of this function must have locked the trust password file using - the above secrets_lock_trust_account_password(). + the above call. ************************************************************************/ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], @@ -332,6 +333,19 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd, return True; } +/************************************************************************ + Routine to set the trust account password for a domain. +************************************************************************/ + +BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16]) +{ + struct machine_acct_pass pass; + + pass.mod_time = time(NULL); + memcpy(pass.hash, new_pwd, 16); + + return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)); +} /** * Routine to store the password for trusted domain @@ -555,8 +569,7 @@ BOOL secrets_store_ldap_pw(const char* dn, char* pw) * @return nt status code of rpc response **/ -NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, - int *num_domains, TRUSTDOM ***domains) +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, int *num_domains, TRUSTDOM ***domains) { TDB_LIST_NODE *keys, *k; TRUSTDOM *dom = NULL; diff --git a/source/passdb/util_sam_sid.c b/source/passdb/util_sam_sid.c index 3617498eec1..f6cc2491a8b 100644 --- a/source/passdb/util_sam_sid.c +++ b/source/passdb/util_sam_sid.c @@ -305,28 +305,3 @@ BOOL map_name_to_wellknown_sid(DOM_SID *sid, enum SID_NAME_USE *use, const char return False; } - -void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID)); - - if (*sids == NULL) - return; - - sid_copy(&((*sids)[*num]), sid); - *num += 1; - - return; -} - -void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - int i; - - for (i=0; i<*num; i++) { - if (sid_compare(sid, &(*sids)[i]) == 0) - return; - } - - add_sid_to_array(sid, sids, num); -} diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 3c860fc5650..a0649d0a0b7 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -992,7 +992,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr fsp = open_file_shared(conn, filepath, &stat_buf, SET_OPEN_MODE(DOS_OPEN_RDONLY), (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), - FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &action); + 0, 0, &access_mode, &action); if (!fsp) { /* Old file not found, so by definition new file is in fact newer */ DEBUG(10,("file_version_is_newer: Can't open old file [%s], errno = %d\n", @@ -1021,7 +1021,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr fsp = open_file_shared(conn, filepath, &stat_buf, SET_OPEN_MODE(DOS_OPEN_RDONLY), (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), - FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &action); + 0, 0, &access_mode, &action); if (!fsp) { /* New file not found, this shouldn't occur if the caller did its job */ DEBUG(3,("file_version_is_newer: Can't open new file [%s], errno = %d\n", @@ -1137,7 +1137,7 @@ static uint32 get_correct_cversion(const char *architecture, fstring driverpath_ fsp = open_file_shared(conn, driverpath, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY), (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), - FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &action); + 0, 0, &access_mode, &action); if (!fsp) { DEBUG(3,("get_correct_cversion: Can't open file [%s], errno = %d\n", driverpath, errno)); @@ -2576,8 +2576,7 @@ static BOOL map_nt_printer_info2_to_dsspooler(NT_PRINTER_INFO_LEVEL_2 *info2) return True; } -static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, - struct uuid guid) +static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, GUID guid) { int i; REGVAL_CTR *ctr=NULL; @@ -2589,7 +2588,7 @@ static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, regval_ctr_delvalue(ctr, "objectGUID"); regval_ctr_addvalue(ctr, "objectGUID", REG_BINARY, - (char *) &guid, sizeof(struct uuid)); + (char *) &guid, sizeof(GUID)); } static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer) @@ -2602,7 +2601,7 @@ static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer) void *res = NULL; ADS_STRUCT *ads; const char *attrs[] = {"objectGUID", NULL}; - struct uuid guid; + GUID guid; WERROR win_rc = WERR_OK; ZERO_STRUCT(guid); @@ -2786,8 +2785,7 @@ WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action) return win_rc; } -BOOL is_printer_published(Printer_entry *print_hnd, int snum, - struct uuid *guid) +BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid) { NT_PRINTER_INFO_LEVEL *printer = NULL; REGVAL_CTR *ctr; @@ -2815,8 +2813,8 @@ BOOL is_printer_published(Printer_entry *print_hnd, int snum, return False; } - if (regval_size(guid_val) == sizeof(struct uuid)) - memcpy(guid, regval_data_p(guid_val), sizeof(struct uuid)); + if (regval_size(guid_val) == sizeof(GUID)) + memcpy(guid, regval_data_p(guid_val), sizeof(GUID)); return True; } @@ -2826,8 +2824,7 @@ WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action) { return WERR_OK; } -BOOL is_printer_published(Printer_entry *print_hnd, int snum, - struct uuid *guid) +BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid) { return False; } @@ -3295,7 +3292,7 @@ static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, const char *sh info.parameters); /* Samba has to have shared raw drivers. */ - info.attributes = PRINTER_ATTRIBUTE_SAMBA; + info.attributes |= PRINTER_ATTRIBUTE_SAMBA; /* Restore the stripped strings. */ slprintf(info.servername, sizeof(info.servername)-1, "\\\\%s", get_called_name()); diff --git a/source/python/setup.py b/source/python/setup.py index 4a4f6ad3f81..a9f220f195a 100755 --- a/source/python/setup.py +++ b/source/python/setup.py @@ -57,9 +57,6 @@ for lib in string.split(samba_libs): if lib[0:2] == "-L": library_dirs.append(lib[2:]) continue - if lib[0:2] == "-W": - # Skip linker flags - continue print "Unknown entry '%s' in $LIBS variable passed to setup.py" % lib sys.exit(1) diff --git a/source/rpc_client/cli_epmapper.c b/source/rpc_client/cli_epmapper.c deleted file mode 100644 index 66362f16209..00000000000 --- a/source/rpc_client/cli_epmapper.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -NTSTATUS cli_epm_map(struct cli_state *cli, TALLOC_CTX *mem_ctx, - EPM_HANDLE *handle, EPM_TOWER **tower, - EPM_HANDLE *entry_handle, uint32 *num_towers) -{ - prs_struct qbuf, rbuf; - EPM_Q_MAP q; - EPM_R_MAP r; - BOOL result = False; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_epm_q_map(mem_ctx, &q, *tower, *num_towers); - - if (!epm_io_q_map("map_query", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, EPM_MAP_PIPE_NAME, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!epm_io_r_map("map_reply", &r, &rbuf, 0)) - goto done; - - result = True; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 980a681387f..eaf3109381e 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -538,7 +538,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, char **domain_name, char **dns_name, - char **forest_name, struct uuid **domain_guid, + char **forest_name, GUID **domain_guid, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; @@ -602,7 +602,7 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, *domain_guid = talloc(mem_ctx, sizeof(**domain_guid)); memcpy(*domain_guid, &r.info.dns_dom_info.dom_guid, - sizeof(struct uuid)); + sizeof(GUID)); } if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { @@ -935,64 +935,6 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } -/** Create a LSA user handle - * - * @param cli Handle on an initialised SMB connection - * - * FIXME: The code is actually identical to open account - * TODO: Check and code what the function should exactly do - * - * */ - -NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_CREATEACCOUNT q; - LSA_R_CREATEACCOUNT r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_lsa_q_create_account(&q, dom_pol, sid, desired_access); - - /* Marshall data and send request */ - - if (!lsa_io_q_create_account("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_CREATEACCOUNT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_create_account("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *user_pol = r.pol; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - /** Open a LSA user handle * * @param cli Handle on an initialised SMB connection */ diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c index f6d88a19501..70ac4603034 100644 --- a/source/rpc_client/cli_netlogon.c +++ b/source/rpc_client/cli_netlogon.c @@ -331,55 +331,6 @@ NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } -/* GetDCName */ - -NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx, - const char *domainname, fstring dcname) -{ - prs_struct qbuf, rbuf; - NET_Q_GETDCNAME q; - NET_R_GETDCNAME r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_net_q_getdcname(&q, cli->srv_name_slash, domainname); - - /* Marshall data and send request */ - - if (!net_io_q_getdcname("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, NET_GETDCNAME, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!net_io_r_getdcname("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - result = r.status; - - if (NT_STATUS_IS_OK(result)) - rpcstr_pull_unistr2_fstring(dcname, &r.uni_dcname); - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - /**************************************************************************** Generate the next creds to use. ****************************************************************************/ diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index df0d37a4631..82a4b21754e 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -1221,6 +1221,8 @@ static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE * static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer) { + int i = 0; + # if 0 /* JERRY -- apparently ASU forgets to fill in the server pipe name sometimes */ if ( hdr_ba->addr.len <= 0) return False; @@ -1453,7 +1455,6 @@ BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx) DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n", cli_errstr(cli))); cli_close(cli, cli->nt_pipe_fnum); - cli->nt_pipe_fnum = 0; return False; } } @@ -1464,7 +1465,6 @@ BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx) DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n", get_pipe_name_from_index(pipe_idx))); cli_close(cli, cli->nt_pipe_fnum); - cli->nt_pipe_fnum = 0; return False; } diff --git a/source/rpc_parse/parse_ds.c b/source/rpc_parse/parse_ds.c index 8d894b6c6ad..26dcdb34b8b 100644 --- a/source/rpc_parse/parse_ds.c +++ b/source/rpc_parse/parse_ds.c @@ -48,8 +48,8 @@ static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSR return False; if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) ) return False; - - if ( !smb_io_uuid("domain_guid", &p->domain_guid, ps, depth) ) + + if ( !prs_uint8s(False, "domain_guid", ps, depth, p->domain_guid.info, GUID_SIZE) ) return False; if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) ) @@ -179,7 +179,7 @@ static BOOL ds_io_domain_trusts( const char *desc, prs_struct *ps, int depth, DS if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) ) return False; - if ( !smb_io_uuid("guid", &trust->guid, ps, depth) ) + if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) ) return False; return True; diff --git a/source/rpc_parse/parse_epmapper.c b/source/rpc_parse/parse_epmapper.c deleted file mode 100644 index bc2cd175034..00000000000 --- a/source/rpc_parse/parse_epmapper.c +++ /dev/null @@ -1,482 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba end point mapper functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_RPC_PARSE - -static uint32 internal_referent_id = 0; - - -/******************************************************************* - Reads or writes a handle. -********************************************************************/ -BOOL epm_io_handle(const char *desc, EPM_HANDLE *handle, prs_struct *ps, - int depth) -{ - if (!prs_align(ps)) - return False; - - if (!prs_uint8s(False, "data", ps, depth, handle->data, - sizeof(handle->data))) - return False; - - return True; -} - -/******************************************************************* - inits an EPM_FLOOR structure. -********************************************************************/ -NTSTATUS init_epm_floor(EPM_FLOOR *efloor, uint8 protocol) -{ - /* handle lhs */ - efloor->lhs.protocol = protocol; - efloor->lhs.length = sizeof(efloor->lhs.protocol); - - switch(efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - efloor->lhs.length += sizeof(efloor->lhs.uuid.uuid); - efloor->lhs.length += sizeof(efloor->lhs.uuid.version); - break; - default: - break; - } - - /* handle rhs */ - switch(efloor->lhs.protocol) { - case EPM_FLOOR_RPC: - case EPM_FLOOR_UUID: - efloor->rhs.length = sizeof(efloor->rhs.unknown); - break; - case EPM_FLOOR_TCP: - efloor->rhs.length = sizeof(efloor->rhs.tcp.port); - break; - case EPM_FLOOR_IP: - efloor->rhs.length = sizeof(efloor->rhs.ip.addr); - break; - case EPM_FLOOR_NMPIPES: - case EPM_FLOOR_LRPC: - case EPM_FLOOR_NETBIOS: - efloor->rhs.length = strlen(efloor->rhs.string) + 1; - break; - default: - break; - } - - return NT_STATUS_OK; -} - -/******************************************************************* - inits an EPM_FLOOR structure with a UUID -********************************************************************/ -NTSTATUS init_epm_floor_uuid(EPM_FLOOR *efloor, - const struct uuid uuid, uint16 version) -{ - memcpy(&efloor->lhs.uuid.uuid, &uuid, sizeof(uuid)); - efloor->lhs.uuid.version = version; - efloor->rhs.unknown = 0; - return init_epm_floor(efloor, EPM_FLOOR_UUID); -} - -/******************************************************************* - inits an EPM_FLOOR structure for RPC -********************************************************************/ -NTSTATUS init_epm_floor_rpc(EPM_FLOOR *efloor) -{ - efloor->rhs.unknown = 0; - return init_epm_floor(efloor, EPM_FLOOR_RPC); -} - -/******************************************************************* - inits an EPM_FLOOR structure for TCP -********************************************************************/ -NTSTATUS init_epm_floor_tcp(EPM_FLOOR *efloor, uint16 port) -{ - efloor->rhs.tcp.port = htons(port); - return init_epm_floor(efloor, EPM_FLOOR_TCP); -} - -/******************************************************************* - inits an EPM_FLOOR structure for IP -********************************************************************/ -NTSTATUS init_epm_floor_ip(EPM_FLOOR *efloor, uint8 addr[4]) -{ - memcpy(&efloor->rhs.ip.addr, addr, sizeof(addr)); - return init_epm_floor(efloor, EPM_FLOOR_IP); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_np(EPM_FLOOR *efloor, const char *pipe_name) -{ - safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_NMPIPES); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_lrpc(EPM_FLOOR *efloor, const char *pipe_name) -{ - safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_LRPC); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_nb(EPM_FLOOR *efloor, char *host_name) -{ - safe_strcpy(efloor->rhs.string, host_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_NETBIOS); -} - -/******************************************************************* - reads and writes EPM_FLOOR. -********************************************************************/ -BOOL epm_io_floor(const char *desc, EPM_FLOOR *efloor, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "epm_io_floor"); - depth++; - - if (!prs_uint16("lhs_length", ps, depth, &efloor->lhs.length)) - return False; - if (!prs_uint8("protocol", ps, depth, &efloor->lhs.protocol)) - return False; - - switch (efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - if (!smb_io_uuid("uuid", &efloor->lhs.uuid.uuid, ps, depth)) - return False; - if (!prs_uint16("version", ps, depth, - &efloor->lhs.uuid.version)) - return False; - break; - } - - if (!prs_uint16("rhs_length", ps, depth, &efloor->rhs.length)) - return False; - - switch (efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - case EPM_FLOOR_RPC: - if (!prs_uint16("unknown", ps, depth, &efloor->rhs.unknown)) - return False; - break; - case EPM_FLOOR_TCP: - if (!prs_uint16("tcp_port", ps, depth, &efloor->rhs.tcp.port)) - return False; - break; - case EPM_FLOOR_IP: - if (!prs_uint8s(False, "ip_addr", ps, depth, - efloor->rhs.ip.addr, - sizeof(efloor->rhs.ip.addr))) - return False; - break; - case EPM_FLOOR_NMPIPES: - case EPM_FLOOR_LRPC: - case EPM_FLOOR_NETBIOS: - if (!prs_uint8s(False, "string", ps, depth, - efloor->rhs.string, - efloor->rhs.length)) - return False; - break; - default: - break; - } - - return True; -} - -/******************************************************************* - Inits a EPM_TOWER structure. -********************************************************************/ -NTSTATUS init_epm_tower(TALLOC_CTX *ctx, EPM_TOWER *tower, - const EPM_FLOOR *floors, int num_floors) -{ - int size = 0; - int i; - - DEBUG(5, ("init_epm_tower\n")); - - size += sizeof(uint16); /* number of floors is in tower length */ - for (i = 0; i < num_floors; i++) { - size += (sizeof(uint16) * 2); - size += floors[i].lhs.length; - size += floors[i].rhs.length; - } - - tower->max_length = tower->length = size; - tower->num_floors = num_floors; - tower->floors = talloc(ctx, sizeof(EPM_FLOOR) * num_floors); - if (!tower->floors) { - return NT_STATUS_NO_MEMORY; - } - memcpy(tower->floors, floors, sizeof(EPM_FLOOR) * num_floors); - tower->unknown = 0x7e; - - return NT_STATUS_OK; -} - -/******************************************************************* - Reads or writes an EPM_TOWER structure. -********************************************************************/ -BOOL epm_io_tower(const char *desc, EPM_TOWER *tower, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "epm_io_tower"); - depth++; - - if (!prs_align(ps)) - return False; - - if (!prs_uint32("max_length", ps, depth, &tower->max_length)) - return False; - if (!prs_uint32("length", ps, depth, &tower->length)) - return False; - if (!prs_uint16("num_floors", ps, depth, &tower->num_floors)) - return False; - - if (UNMARSHALLING(ps)) { - tower->floors = talloc(ps->mem_ctx, - sizeof(EPM_FLOOR) * tower->num_floors); - if (!tower->floors) - return False; - } - - for (i = 0; i < tower->num_floors; i++) { - if (!epm_io_floor("floor", tower->floors + i, ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* - Initialize an EPM_TOWER_ARRAY structure -********************************************************************/ -NTSTATUS init_epm_tower_array(TALLOC_CTX *ctx, EPM_TOWER_ARRAY *array, - const EPM_TOWER *towers, int num_towers) -{ - int i; - - array->max_count = num_towers; - array->offset = 0; - array->count = num_towers; - array->tower_ref_ids = talloc(ctx, sizeof(uint32) * num_towers); - if (!array->tower_ref_ids) { - return NT_STATUS_NO_MEMORY; - } - for (i=0;i<num_towers;i++) - array->tower_ref_ids[i] = ++internal_referent_id; - - array->towers = talloc(ctx, sizeof(EPM_TOWER) * num_towers); - if (!array->towers) { - return NT_STATUS_NO_MEMORY; - } - memcpy(array->towers, towers, sizeof(EPM_TOWER) * num_towers); - - return NT_STATUS_OK; -} - -/******************************************************************* - Reads or writes an EPM_TOWER_ARRAY structure. -********************************************************************/ -BOOL epm_io_tower_array(const char *desc, EPM_TOWER_ARRAY *array, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "epm_io_tower_array"); - depth++; - - if (!prs_uint32("max_count", ps, depth, &array->max_count)) - return False; - if (!prs_uint32("offset", ps, depth, &array->offset)) - return False; - if (!prs_uint32("count", ps, depth, &array->count)) - return False; - - - if (UNMARSHALLING(ps)) { - array->tower_ref_ids = talloc(ps->mem_ctx, - sizeof(uint32) * array->count); - if (!array->tower_ref_ids) { - return False; - } - } - for (i=0; i < array->count; i++) { - if (!prs_uint32("ref_id", ps, depth, &array->tower_ref_ids[i])) { - return False; - } else { - if (array->tower_ref_ids[i] > internal_referent_id) { - internal_referent_id = array->tower_ref_ids[i]; - } - } - } - - - - if (!prs_set_offset(ps, prs_offset(ps) + array->offset)) - return False; - - if (UNMARSHALLING(ps)) { - array->towers = talloc(ps->mem_ctx, - sizeof(EPM_TOWER) * array->count); - if (!array->towers) { - return False; - } - } - - for (i = 0; i < array->count; i++) { - if (!epm_io_tower("tower", &array->towers[i], ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* - Initialize EPM_R_MAP structure -******************************************************************/ -NTSTATUS init_epm_r_map(TALLOC_CTX *ctx, EPM_R_MAP *r_map, - const EPM_HANDLE *handle, const EPM_TOWER_ARRAY *array, - int num_elements, uint32 status) -{ - memcpy(&r_map->handle, handle, sizeof(*handle)); - r_map->num_results = num_elements; - r_map->results = talloc(ctx, sizeof(EPM_TOWER_ARRAY) * num_elements); - if (!r_map->results) { - return NT_STATUS_NO_MEMORY; - } - memcpy(r_map->results, array, sizeof(EPM_TOWER_ARRAY) * num_elements); - r_map->status = status; - return NT_STATUS_OK; -} - -/************************************************************************* - Inits a EPM_Q_MAP structure. -************************************************************************** -* We attempt to hide the ugliness of the wire format by taking a EPM_TOWER -* array with a defined size -**************************************************************************/ -NTSTATUS init_epm_q_map(TALLOC_CTX *ctx, EPM_Q_MAP *q_map, - const EPM_TOWER *towers, int num_towers) -{ - static uint32 handle = 1; - - ZERO_STRUCTP(q_map); - - DEBUG(5, ("init_epm_q_map\n")); - q_map->handle.data[0] = (handle >> 0) & 0xFF; - q_map->handle.data[1] = (handle >> 8) & 0xFF; - q_map->handle.data[2] = (handle >> 16) & 0xFF; - q_map->handle.data[3] = (handle >> 24) & 0xFF; - - q_map->tower = talloc(ctx, sizeof(EPM_TOWER) * (num_towers + 1)); - if (!q_map->tower) { - return NT_STATUS_NO_MEMORY; - } - - memcpy(q_map->tower, towers, sizeof(EPM_TOWER) * num_towers); - - ZERO_STRUCT(q_map->tower[num_towers]); - - /* For now let's not take more than 4 towers per result */ - q_map->max_towers = num_towers * 4; - - q_map->tower_ref_id = ++internal_referent_id; - - handle++; - - return NT_STATUS_OK; -} - -/***************************************************************** - epm_io_q_map - read or write EPM_Q_MAP structure -******************************************************************/ -BOOL epm_io_q_map(const char *desc, EPM_Q_MAP *io_map, prs_struct *ps, - int depth) -{ - prs_debug(ps, depth, desc, "epm_io_q_map"); - depth++; - - if (!epm_io_handle("handle", &io_map->handle, ps, depth)) - return False; - - if (!prs_uint32("referent_id", ps, 0, &io_map->tower_ref_id)) - return False; - if (io_map->tower_ref_id > internal_referent_id) - internal_referent_id = io_map->tower_ref_id; - - /* HACK: We need a more elegant way of doing this */ - if (UNMARSHALLING(ps)) { - io_map->tower = talloc(ps->mem_ctx, sizeof(EPM_TOWER)); - if (!io_map->tower) - return False; - } - if (!epm_io_tower("tower", io_map->tower, ps, depth)) - return False; - if (!epm_io_handle("term_handle", &io_map->term_handle, ps, depth)) - return False; - - if (!prs_uint32("max_towers", ps, 0, &io_map->max_towers)) - return False; - - return True; -} - -/******************************************************************* - epm_io_r_map - Read/Write EPM_R_MAP structure -******************************************************************/ -BOOL epm_io_r_map(const char *desc, EPM_R_MAP *io_map, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "epm_io_r_map"); - depth++; - - if (!epm_io_handle("handle", &io_map->handle, ps, depth)) - return False; - if (!prs_uint32("num_results", ps, depth, &io_map->num_results)) - return False; - - if (UNMARSHALLING(ps)) { - io_map->results = talloc(ps->mem_ctx, - sizeof(EPM_TOWER_ARRAY) * - io_map->num_results); - if (!io_map->results) - return False; - } - if (!epm_io_tower_array("results", io_map->results, ps, depth)) - return False; - - if (!prs_align(ps)) - return False; - - if (!prs_uint32("status", ps, depth, &io_map->status)) - return False; - - return True; -} diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index 50fd3beb48e..d29b7bc5803 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -1662,61 +1662,6 @@ BOOL lsa_io_r_unk_get_connuser(const char *desc, LSA_R_UNK_GET_CONNUSER *r_c, pr return True; } -void init_lsa_q_create_account(LSA_Q_CREATEACCOUNT *trn, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access) -{ - memcpy(&trn->pol, hnd, sizeof(trn->pol)); - - init_dom_sid2(&trn->sid, sid); - trn->access = desired_access; -} - - -/******************************************************************* - Reads or writes an LSA_Q_CREATEACCOUNT structure. -********************************************************************/ - -BOOL lsa_io_q_create_account(const char *desc, LSA_Q_CREATEACCOUNT *r_c, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "lsa_io_q_create_account"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth)) - return False; - - if(!smb_io_dom_sid2("sid", &r_c->sid, ps, depth)) /* domain SID */ - return False; - - if(!prs_uint32("access", ps, depth, &r_c->access)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes an LSA_R_CREATEACCOUNT structure. -********************************************************************/ - -BOOL lsa_io_r_create_account(const char *desc, LSA_R_CREATEACCOUNT *r_c, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "lsa_io_r_open_account"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth)) - return False; - - if(!prs_ntstatus("status", ps, depth, &r_c->status)) - return False; - - return True; -} - - void init_lsa_q_open_account(LSA_Q_OPENACCOUNT *trn, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access) { memcpy(&trn->pol, hnd, sizeof(trn->pol)); @@ -1873,13 +1818,11 @@ NTSTATUS init_lsa_r_enum_privsaccount(TALLOC_CTX *mem_ctx, LSA_R_ENUMPRIVSACCOUN if (!NT_STATUS_IS_OK(ret = init_priv_with_ctx(mem_ctx, &(r_u->set)))) return ret; - - r_u->set->count = count; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(r_u->set->mem_ctx, &(r_u->set->set), set, count))) + if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(r_u->set->mem_ctx, &(r_u->set->set), set))) return ret; - DEBUG(10,("init_lsa_r_enum_privsaccount: %d privileges\n", r_u->count)); + DEBUG(10,("init_lsa_r_enum_privsaccount: %d %d privileges\n", r_u->count, r_u->set->count)); return ret; } @@ -2199,7 +2142,7 @@ BOOL lsa_io_dns_dom_info(const char *desc, LSA_DNS_DOM_INFO *info, if(!prs_align(ps)) return False; - if ( !smb_io_uuid("dom_guid", &info->dom_guid, ps, depth) ) + if (!prs_uint8s(False, "dom_guid", ps, depth, info->dom_guid.info, GUID_SIZE)) return False; if(!prs_align(ps)) diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index cea31c88a80..efb2bfa97ff 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -323,34 +323,6 @@ BOOL smb_io_dom_sid2(const char *desc, DOM_SID2 *sid, prs_struct *ps, int depth) } /******************************************************************* - Reads or writes a struct uuid -********************************************************************/ - -BOOL smb_io_uuid(const char *desc, struct uuid *uuid, - prs_struct *ps, int depth) -{ - if (uuid == NULL) - return False; - - prs_debug(ps, depth, desc, "smb_io_uuid"); - depth++; - - if(!prs_uint32 ("data ", ps, depth, &uuid->time_low)) - return False; - if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid)) - return False; - if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version)) - return False; - - if(!prs_uint8s (False, "data ", ps, depth, uuid->clock_seq, sizeof(uuid->clock_seq))) - return False; - if(!prs_uint8s (False, "data ", ps, depth, uuid->node, sizeof(uuid->node))) - return False; - - return True; -} - -/******************************************************************* creates a STRHDR structure. ********************************************************************/ diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index a98738b51f0..90cd348f5a8 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -425,90 +425,6 @@ BOOL net_io_r_logon_ctrl(const char *desc, NET_R_LOGON_CTRL *r_l, prs_struct *ps } /******************************************************************* - Inits an NET_R_GETDCNAME structure. -********************************************************************/ -void init_net_q_getdcname(NET_Q_GETDCNAME *r_t, const char *logon_server, - const char *domainname) -{ - DEBUG(5,("init_r_getdcname\n")); - - r_t->ptr_logon_server = (logon_server != NULL); - init_unistr2(&r_t->uni_logon_server, logon_server, UNI_STR_TERMINATE); - r_t->ptr_domainname = (domainname != NULL); - init_unistr2(&r_t->uni_domainname, domainname, UNI_STR_TERMINATE); -} - -/******************************************************************* - Reads or writes an NET_Q_GETDCNAME structure. -********************************************************************/ - -BOOL net_io_q_getdcname(const char *desc, NET_Q_GETDCNAME *r_t, prs_struct *ps, - int depth) -{ - if (r_t == NULL) - return False; - - prs_debug(ps, depth, desc, "net_io_q_getdcname"); - depth++; - - if (!prs_uint32("ptr_logon_server", ps, depth, &r_t->ptr_logon_server)) - return False; - - if (!smb_io_unistr2("logon_server", &r_t->uni_logon_server, - r_t->ptr_logon_server, ps, depth)) - return False; - - if (!prs_align(ps)) - return False; - - if (!prs_uint32("ptr_domainname", ps, depth, &r_t->ptr_domainname)) - return False; - - if (!smb_io_unistr2("domainname", &r_t->uni_domainname, - r_t->ptr_domainname, ps, depth)) - return False; - - return True; -} - - -/******************************************************************* - Inits an NET_R_GETDCNAME structure. -********************************************************************/ -void init_net_r_getdcname(NET_R_GETDCNAME *r_t, const char *dcname) -{ - DEBUG(5,("init_r_getdcname\n")); - - init_unistr2(&r_t->uni_dcname, dcname, UNI_STR_TERMINATE); -} - -/******************************************************************* - Reads or writes an NET_R_GETDCNAME structure. -********************************************************************/ - -BOOL net_io_r_getdcname(const char *desc, NET_R_GETDCNAME *r_t, prs_struct *ps, - int depth) -{ - if (r_t == NULL) - return False; - - prs_debug(ps, depth, desc, "net_io_r_getdcname"); - depth++; - - if (!prs_uint32("ptr_dcname", ps, depth, &r_t->ptr_dcname)) - return False; - - if (!smb_io_unistr2("dcname", &r_t->uni_dcname, - r_t->ptr_dcname, ps, depth)) - return False; - - if (!prs_ntstatus("status", ps, depth, &r_t->status)) - return False; - - return True; -} - -/******************************************************************* Inits an NET_R_TRUST_DOM_LIST structure. ********************************************************************/ diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c index 696f258e5de..e2781b20088 100644 --- a/source/rpc_parse/parse_rpc.c +++ b/source/rpc_parse/parse_rpc.c @@ -34,9 +34,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } \ + { 0x9f, 0xe8, 0x08, 0x00, \ + 0x2b, 0x10, 0x48, 0x60 } \ }, 0x02 \ } @@ -44,9 +43,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } \ + { 0x9f, 0xe8, 0x08, 0x00, \ + 0x2b, 0x10, 0x48, 0x60 } \ }, 0x02 \ } @@ -54,9 +52,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x6bffd098, 0xa112, 0x3610, \ - { 0x98, 0x33 }, \ - { 0x46, 0xc3, \ - 0xf8, 0x7e, 0x34, 0x5a } \ + { 0x98, 0x33, 0x46, 0xc3, \ + 0xf8, 0x7e, 0x34, 0x5a } \ }, 0x01 \ } @@ -64,9 +61,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x4b324fc8, 0x1670, 0x01d3, \ - { 0x12, 0x78 }, \ - { 0x5a, 0x47, \ - 0xbf, 0x6e, 0xe1, 0x88 } \ + { 0x12, 0x78, 0x5a, 0x47, \ + 0xbf, 0x6e, 0xe1, 0x88 } \ }, 0x03 \ } @@ -74,9 +70,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345778, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xab } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xab } \ }, 0x00 \ } @@ -84,9 +79,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x3919286a, 0xb10c, 0x11d0, \ - { 0x9b, 0xa8 }, \ - { 0x00, 0xc0, \ - 0x4f, 0xd9, 0x2e, 0xf5 } \ + { 0x9b, 0xa8, 0x00, 0xc0, \ + 0x4f, 0xd9, 0x2e, 0xf5 } \ }, 0x00 \ } @@ -94,9 +88,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345778, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xac } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xac } \ }, 0x01 \ } @@ -104,9 +97,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345678, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0xcf, 0xfb } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0xcf, 0xfb } \ }, 0x01 \ } @@ -114,9 +106,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x338cd001, 0x2244, 0x31f1, \ - { 0xaa, 0xaa }, \ - { 0x90, 0x00, \ - 0x38, 0x00, 0x10, 0x03 } \ + { 0xaa, 0xaa, 0x90, 0x00, \ + 0x38, 0x00, 0x10, 0x03 } \ }, 0x01 \ } @@ -124,9 +115,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345678, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xab } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xab } \ }, 0x01 \ } @@ -134,9 +124,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x0, 0x0, 0x0, \ - { 0x00, 0x00 }, \ - { 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 } \ + { 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00 } \ }, 0x00 \ } @@ -144,8 +133,7 @@ interface/version dce/rpc pipe identification { \ { \ 0x4fc742e0, 0x4a10, 0x11cf, \ - { 0x82, 0x73 }, \ - { 0x00, 0xaa, \ + { 0x82, 0x73, 0x00, 0xaa, \ 0x00, 0x4a, 0xe6, 0x73 } \ }, 0x03 \ } @@ -154,8 +142,7 @@ interface/version dce/rpc pipe identification { \ { \ 0x60a15ec5, 0x4de8, 0x11d7, \ - { 0xa6, 0x37 }, \ - { 0x00, 0x50, \ + { 0xa6, 0x37, 0x00, 0x50, \ 0x56, 0xa2, 0x01, 0x82 } \ }, 0x01 \ } @@ -164,22 +151,11 @@ interface/version dce/rpc pipe identification { \ { \ 0x894de0c0, 0x0d55, 0x11d3, \ - { 0xa3, 0x22 }, \ - { 0x00, 0xc0, \ + { 0xa3, 0x22, 0x00, 0xc0, \ 0x4f, 0xa3, 0x21, 0xa1 } \ }, 0x01 \ } -#define SYNT_EPM_V3 \ -{ \ - { \ - 0xe1af8308, 0x5d1f, 0x11c9, \ - { 0x91, 0xa4 }, \ - { 0x08, 0x00, \ - 0x2b, 0x14, 0xa0, 0xfa } \ - }, 0x03 \ -} - /* * IMPORTANT!! If you update this structure, make sure to * update the index #defines in smb.h. @@ -199,7 +175,6 @@ const struct pipe_id_info pipe_names [] = { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 }, { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 }, { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 }, - { PIPE_EPM , SYNT_EPM_V3 , PIPE_EPM , TRANS_SYNT_V2 }, { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 } }; @@ -278,6 +253,34 @@ BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth) } /******************************************************************* + Reads or writes an RPC_UUID structure. +********************************************************************/ + +static BOOL smb_io_rpc_uuid(const char *desc, RPC_UUID *uuid, prs_struct *ps, int depth) +{ + if (uuid == NULL) + return False; + + prs_debug(ps, depth, desc, "smb_io_rpc_uuid"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32 ("data ", ps, depth, &uuid->time_low)) + return False; + if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid)) + return False; + if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version)) + return False; + + if(!prs_uint8s (False, "data ", ps, depth, uuid->remaining, sizeof(uuid->remaining))) + return False; + + return True; +} + +/******************************************************************* Reads or writes an RPC_IFACE structure. ********************************************************************/ @@ -289,10 +292,7 @@ static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, i prs_debug(ps, depth, desc, "smb_io_rpc_iface"); depth++; - if (!prs_align(ps)) - return False; - - if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth)) + if (!smb_io_rpc_uuid( "uuid", &ifc->uuid, ps, depth)) return False; if(!prs_uint32 ("version", ps, depth, &ifc->version)) diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 287dc3bd7f2..34b0cf28481 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -5315,6 +5315,10 @@ static BOOL sam_io_user_info11(const char *desc, SAM_USER_INFO_11 * usr, /************************************************************************* init_sam_user_infoa + + unknown_5 = 0x0001 0000 + unknown_6 = 0x0000 04ec + *************************************************************************/ void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len) diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c index a78627650ad..bf43ef288ae 100644 --- a/source/rpc_parse/parse_sec.c +++ b/source/rpc_parse/parse_sec.c @@ -83,11 +83,11 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) return False; if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) - if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) + if (!prs_uint8s(False, "obj_guid", ps, depth, psa->obj_guid.info, GUID_SIZE)) return False; if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) - if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) + if (!prs_uint8s(False, "inh_guid", ps, depth, psa->inh_guid.info, GUID_SIZE)) return False; if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c index ae087c7f774..75813167676 100644 --- a/source/rpc_parse/parse_spoolss.c +++ b/source/rpc_parse/parse_spoolss.c @@ -2561,7 +2561,7 @@ BOOL smb_io_printer_info_2(const char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 return False; /* parse the sec_desc */ - if (info->secdesc) { + if (has_secdesc) { if (!prs_set_offset(ps, sd_offset)) return False; if (!smb_io_relsecdesc("secdesc", buffer, depth, &info->secdesc)) diff --git a/source/rpc_server/srv_epmapper.c b/source/rpc_server/srv_epmapper.c deleted file mode 100644 index 70de092850b..00000000000 --- a/source/rpc_server/srv_epmapper.c +++ /dev/null @@ -1,88 +0,0 @@ - -/* - Unix SMB/CIFS implementation. - Samba end point mapper utility and mapping functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/***************************************************************** - api_handle_map_req - handles standard epm mapping request -******************************************************************/ -static BOOL api_handle_map_req(pipes_struct * p) -{ - - EPM_Q_MAP q_in; - EPM_R_MAP q_out; - - prs_struct *in_data = &p->in_data.data; - prs_struct *ret_data = &p->out_data.rdata; - - ZERO_STRUCT(q_in); - ZERO_STRUCT(q_out); - - /* process input request and parse packet */ - - if (!epm_io_q_map("", &q_in, in_data, 0)) { - DEBUG(0, - ("api_handle_map_request: unable to unmarshall EPMD_MAP\n")); - return False; - } - - _epm_map(p, &q_in, &q_out); - - if (!epm_io_r_map("", &q_out, ret_data, 0)) { - DEBUG(0, - ("api_handle_map_req: unable to marshall EPMD_MAP\n")); - return False; - } - - return True; -} - -/*******************************************************************/ -/* \pipe\epmapper commands */ -/*******************************************************************/ -/* opnum is 3 on map request */ - -struct api_struct api_epmapper_cmds[] = { - {"MAP_PIPE_NAME", EPM_MAP_PIPE_NAME, api_handle_map_req}, -}; - -/*******************************************************************/ -/* */ -/*******************************************************************/ - -void epm_get_pipe_fns(struct api_struct **funcs, int *n_funcs) -{ - *funcs = api_epmapper_cmds; - *n_funcs = sizeof(api_epmapper_cmds) / sizeof(struct api_struct); -} - -/*******************************************************************/ -/* */ -/*******************************************************************/ - -NTSTATUS rpc_epmapper_init(void) -{ - return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, - EPM_PIPE_NM, EPM_PIPE_NM, - api_epmapper_cmds, - sizeof(api_epmapper_cmds) / - sizeof(struct api_struct)); -} diff --git a/source/rpc_server/srv_epmapper_nt.c b/source/rpc_server/srv_epmapper_nt.c deleted file mode 100644 index e82484af4af..00000000000 --- a/source/rpc_server/srv_epmapper_nt.c +++ /dev/null @@ -1,70 +0,0 @@ - -/* - Unix SMB/CIFS implementation. - Samba end point mapper utility and mapping functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*******************************************************************/ -/* _epm_map - fill out mapping on input and output structs */ -/*******************************************************************/ -void _epm_map(pipes_struct *ps, const EPM_Q_MAP *q_u, EPM_R_MAP *r_u) -{ - int i; - uint8 target_address[] = { 9, 53, 95, 27 }; - EPM_FLOOR *floors = talloc(ps->mem_ctx, sizeof(EPM_FLOOR) * - q_u->tower->num_floors); - EPM_TOWER *towers = talloc(ps->mem_ctx, - sizeof(EPM_TOWER) * MAX_TOWERS); - EPM_TOWER_ARRAY array; - - if (!floors || !towers) { - DEBUG(0, ("_epm_map: talloc failed!\n")); - return; - } - - for (i = 0; i < q_u->tower->num_floors; i++) { - switch (q_u->tower->floors[i].lhs.protocol) { - case EPM_FLOOR_UUID: - init_epm_floor_uuid(&floors[i], - q_u->tower->floors[i]. - lhs.uuid.uuid, - q_u->tower->floors[i]. - lhs.uuid.version); - break; - case EPM_FLOOR_RPC: - init_epm_floor_rpc(&floors[i]); - break; - case EPM_FLOOR_TCP: - /* for now map all requests to port 135 */ - init_epm_floor_tcp(&floors[i], 135); - break; - case EPM_FLOOR_IP: - init_epm_floor_ip(&floors[i], target_address); - break; - } - } - - init_epm_tower(ps->mem_ctx, &towers[0], floors, 5); - init_epm_tower_array(ps->mem_ctx, &array, towers, 1); - init_epm_r_map(ps->mem_ctx, r_u, &q_u->term_handle, &array, 1, 0); - - return; - -} diff --git a/source/rpc_server/srv_lsa.c b/source/rpc_server/srv_lsa.c index 63e74ec8911..5d6c1551c91 100644 --- a/source/rpc_server/srv_lsa.c +++ b/source/rpc_server/srv_lsa.c @@ -393,37 +393,6 @@ static BOOL api_lsa_unk_get_connuser(pipes_struct *p) } /*************************************************************************** - api_lsa_create_user - ***************************************************************************/ - -static BOOL api_lsa_create_account(pipes_struct *p) -{ - LSA_Q_CREATEACCOUNT q_u; - LSA_R_CREATEACCOUNT r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_create_account("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_create_account: failed to unmarshall LSA_Q_CREATEACCOUNT.\n")); - return False; - } - - r_u.status = _lsa_create_account(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_create_account("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_create_account: Failed to marshall LSA_R_CREATEACCOUNT.\n")); - return False; - } - - return True; -} - -/*************************************************************************** api_lsa_open_user ***************************************************************************/ @@ -690,7 +659,6 @@ static struct api_struct api_lsa_cmds[] = { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname}, { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts }, { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser }, - { "LSA_CREATEACCOUNT" , LSA_CREATEACCOUNT , api_lsa_create_account }, { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account }, { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount}, { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount }, diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index f2fe3235a60..07c024e1ca9 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -165,11 +165,6 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, status = lookup_name(dom_name, user, &sid, &name_type); - if (name_type == SID_NAME_WKN_GRP) { - /* BUILTIN aliases are still aliases :-) */ - name_type = SID_NAME_ALIAS; - } - DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : "not found")); @@ -344,7 +339,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, const char *dns_name, const char *forest_name, - struct uuid *dom_guid, DOM_SID *dom_sid) + GUID *dom_guid, DOM_SID *dom_sid) { if (nb_name && *nb_name) { init_unistr2(&r_l->uni_nb_dom_name, nb_name, UNI_FLAGS_NONE); @@ -369,7 +364,7 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, /* how do we init the guid ? probably should write an init fn */ if (dom_guid) { - memcpy(&r_l->dom_guid, dom_guid, sizeof(struct uuid)); + memcpy(&r_l->dom_guid, dom_guid, sizeof(GUID)); } if (dom_sid) { @@ -405,12 +400,9 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", acc_granted, des_access)); DEBUGADD(4,("but overwritten by euid == 0\n")); + acc_granted = des_access; } - /* This is needed for lsa_open_account and rpcclient .... :-) */ - - if (geteuid() == 0) - acc_granted = POLICY_ALL_ACCESS; /* associate the domain SID with the (unique) handle. */ if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL) @@ -760,7 +752,7 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV LSA_PRIV_ENTRY *entry; LSA_PRIV_ENTRY *entries=NULL; - if (enum_context >= PRIV_ALL_INDEX-2) + if (enum_context >= PRIV_ALL_INDEX) return NT_STATUS_NO_MORE_ENTRIES; entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX)); @@ -782,22 +774,22 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", enum_context, PRIV_ALL_INDEX)); - for (i = 1; i < PRIV_ALL_INDEX-1; i++, entry++) { + for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) { if( i<enum_context) { init_unistr2(&entry->name, NULL, UNI_FLAGS_NONE); init_uni_hdr(&entry->hdr_name, &entry->name); entry->luid_low = 0; entry->luid_high = 0; } else { - init_unistr2(&entry->name, privs[i].priv, UNI_FLAGS_NONE); + init_unistr2(&entry->name, privs[i+1].priv, UNI_FLAGS_NONE); init_uni_hdr(&entry->hdr_name, &entry->name); - entry->luid_low = privs[i].se_priv; + entry->luid_low = privs[i+1].se_priv; entry->luid_high = 0; } } - enum_context = PRIV_ALL_INDEX-2; - init_lsa_r_enum_privs(r_u, enum_context, PRIV_ALL_INDEX-2, entries); + enum_context = PRIV_ALL_INDEX; + init_lsa_r_enum_privs(r_u, enum_context, PRIV_ALL_INDEX, entries); return NT_STATUS_OK; } @@ -827,10 +819,10 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L DEBUG(10,("_lsa_priv_get_dispname: %s", name_asc)); - while (privs[i].se_priv!=SE_ALL_PRIVS && strcmp(name_asc, privs[i].priv)) + while (privs[i].se_priv!=SE_PRIV_ALL && strcmp(name_asc, privs[i].priv)) i++; - if (privs[i].se_priv!=SE_ALL_PRIVS) { + if (privs[i].se_priv!=SE_PRIV_ALL) { DEBUG(10,(": %s\n", privs[i].description)); init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE); init_uni_hdr(&r_u->hdr_desc, &r_u->desc); @@ -852,36 +844,32 @@ _lsa_enum_accounts. NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u) { struct lsa_info *handle; - DOM_SID *sid_list; - int i, j, num_entries; + GROUP_MAP *map=NULL; + int num_entries=0; LSA_SID_ENUM *sids=&r_u->sids; + int i=0,j=0; + BOOL ret; if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) return NT_STATUS_INVALID_HANDLE; + /* check if the user have enough rights */ + + /* + * I don't know if it's the right one. not documented. + */ if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) return NT_STATUS_ACCESS_DENIED; - sid_list = NULL; - num_entries = 0; - - /* The only way we can currently find out all the SIDs that have been - privileged is to scan all privileges */ - - for (i=1; i<PRIV_ALL_INDEX-1; i++) { - DOM_SID *priv_sids = NULL; - int num_priv_sids = 0; - - if (!get_sids_from_priv(privs[i].priv, &priv_sids, - &num_priv_sids)) - continue; - - for (j=0; j<num_priv_sids; j++) { - add_sid_to_array_unique(&priv_sids[j], &sid_list, - &num_entries); - } - SAFE_FREE(priv_sids); + /* get the list of mapped groups (domain, local, builtin) */ + become_root(); + ret = pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED); + unbecome_root(); + if( !ret ) { + DEBUG(3,("_lsa_enum_accounts: enumeration of groups failed!\n")); + return NT_STATUS_OK; } + if (q_u->enum_context >= num_entries) return NT_STATUS_NO_MORE_ENTRIES; @@ -890,19 +878,19 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2)); if (sids->ptr_sid==NULL || sids->sid==NULL) { - SAFE_FREE(sid_list); + SAFE_FREE(map); return NT_STATUS_NO_MEMORY; } for (i=q_u->enum_context, j=0; i<num_entries; i++) { - init_dom_sid2( &(*sids).sid[j], &sid_list[i]); + init_dom_sid2( &(*sids).sid[j], &map[i].sid); (*sids).ptr_sid[j]=1; j++; } - SAFE_FREE(sid_list); + SAFE_FREE(map); - init_lsa_r_enum_accounts(r_u, num_entries); + init_lsa_r_enum_accounts(r_u, j); return NT_STATUS_OK; } @@ -935,50 +923,7 @@ NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA } /*************************************************************************** - Lsa Create Account - - FIXME: Actually the code is just a copy of lsa_open_account - TODO: Check and code what this function should exactly do - ***************************************************************************/ - -NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CREATEACCOUNT *r_u) -{ - struct lsa_info *handle; - struct lsa_info *info; - - r_u->status = NT_STATUS_OK; - - /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) - return NT_STATUS_INVALID_HANDLE; - - /* check if the user have enough rights */ - - /* - * I don't know if it's the right one. not documented. - * but guessed with rpcclient. - */ - if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION)) - return NT_STATUS_ACCESS_DENIED; - - /* associate the user/group SID with the (unique) handle. */ - if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL) - return NT_STATUS_NO_MEMORY; - - ZERO_STRUCTP(info); - info->sid = q_u->sid.sid; - info->access = q_u->access; - - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - return r_u->status; -} - - -/*************************************************************************** - Lsa Open Account + ***************************************************************************/ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u) @@ -1023,8 +968,8 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u) { struct lsa_info *info=NULL; + GROUP_MAP map; LUID_ATTR *set=NULL; - PRIVILEGE_SET *priv; r_u->status = NT_STATUS_OK; @@ -1032,36 +977,33 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVS if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - init_privilege(&priv); - - if (!get_priv_for_sid(&info->sid, priv)) { - /* This is probably wrong... */ - return NT_STATUS_INVALID_HANDLE; - } - - DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", priv->count)); + if (!pdb_getgrsid(&map, info->sid)) + return NT_STATUS_NO_SUCH_GROUP; - if (priv->count > 0) { - int i; - set=(LUID_ATTR *)talloc(ps->mem_ctx, - priv->count*sizeof(LUID_ATTR)); +#if 0 /* privileges currently not implemented! */ + DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set->count)); + if (map.priv_set->count!=0) { + + set=(LUID_ATTR *)talloc(map.priv_set->mem_ctx, map.priv_set.count*sizeof(LUID_ATTR)); if (set == NULL) { - destroy_privilege(&priv); + destroy_privilege(&map.priv_set); return NT_STATUS_NO_MEMORY; } - for (i = 0; i < priv->count; i++) { - set[i].luid.low = priv->set[i].luid.low; - set[i].luid.high = priv->set[i].luid.high; - set[i].attr = priv->set[i].attr; - DEBUG(10,("_lsa_enum_privsaccount: %d: %d:%d:%d\n", i, - set[i].luid.high, set[i].luid.low, - set[i].attr)); + for (i = 0; i < map.priv_set.count; i++) { + set[i].luid.low = map.priv_set->set[i].luid.low; + set[i].luid.high = map.priv_set->set[i].luid.high; + set[i].attr = map.priv_set->set[i].attr; + DEBUG(10,("_lsa_enum_privsaccount: priv %d: %d:%d:%d\n", i, + set[i].luid.high, set[i].luid.low, set[i].attr)); } } - init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, priv->count, 0); - destroy_privilege(&priv); + init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, map.priv_set->count, 0); + destroy_privilege(&map.priv_set); +#endif + + init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, 0, 0); return r_u->status; } @@ -1073,16 +1015,15 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVS NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u) { struct lsa_info *info=NULL; + GROUP_MAP map; r_u->status = NT_STATUS_OK; - fstring name, dom_name; - enum SID_NAME_USE type; /* find the connection policy handle. */ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - if (!lookup_sid(&info->sid, dom_name, name, &type)) - return NT_STATUS_INVALID_HANDLE; + if (!pdb_getgrsid(&map, info->sid)) + return NT_STATUS_NO_SUCH_GROUP; /* 0x01 -> Log on locally @@ -1288,7 +1229,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I char *dns_name = NULL; char *forest_name = NULL; DOM_SID *sid = NULL; - struct uuid guid; + GUID guid; fstring dnsdomname; ZERO_STRUCT(guid); diff --git a/source/rpc_server/srv_netlog.c b/source/rpc_server/srv_netlog.c index f06a2002e3c..9c10d86379d 100644 --- a/source/rpc_server/srv_netlog.c +++ b/source/rpc_server/srv_netlog.c @@ -317,42 +317,6 @@ static BOOL api_net_logon_ctrl(pipes_struct *p) return True; } -/************************************************************************* - api_ds_enum_dom_trusts: - *************************************************************************/ - -#if 0 /* JERRY */ -static BOOL api_ds_enum_dom_trusts(pipes_struct *p) -{ - DS_Q_ENUM_DOM_TRUSTS q_u; - DS_R_ENUM_DOM_TRUSTS r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - if ( !ds_io_q_enum_domain_trusts("", data, 0, &q_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to unmarshall DS_Q_ENUM_DOM_TRUSTS.\n")); - return False; - } - - r_u.status = _ds_enum_dom_trusts(p, &q_u, &r_u); - - if ( !ds_io_r_enum_domain_trusts("", rdata, 0, &r_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to marshall DS_R_ENUM_DOM_TRUSTS.\n")); - return False; - } - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - return True; -} -#endif /* JERRY */ - /******************************************************************* array of \PIPE\NETLOGON operations ********************************************************************/ @@ -366,10 +330,7 @@ static struct api_struct api_net_cmds [] = { "NET_SAMLOGOFF" , NET_SAMLOGOFF , api_net_sam_logoff }, { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 }, { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list }, - { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl }, -#if 0 /* JERRY */ - { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts } -#endif /* JERRY */ + { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl } }; void netlog_get_pipe_fns( struct api_struct **fns, int *n_fns ) diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 51ed79980c7..bf0e81f5c82 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -775,21 +775,4 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * return status; } -/************************************************************************* - _ds_enum_dom_trusts - *************************************************************************/ -#if 0 /* JERRY -- not correct */ -NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u, - DS_R_ENUM_DOM_TRUSTS *r_u) -{ - NTSTATUS status = NT_STATUS_OK; - /* TODO: According to MSDN, the can only be executed against a - DC or domain member running Windows 2000 or later. Need - to test against a standalone 2k server and see what it - does. A windows 2000 DC includes its own domain in the - list. --jerry */ - - return status; -} -#endif /* JERRY */ diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index 90c20a97fa6..fa24efe589b 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -737,9 +737,9 @@ BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract, { if ( strequal(pipe_names[i].client_pipe, pname) && (abstract->version == pipe_names[i].abstr_syntax.version) - && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0) + && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) == 0) && (transfer->version == pipe_names[i].trans_syntax.version) - && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) ) + && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) == 0) ) { struct api_struct *fns = NULL; int n_fns = 0; @@ -1609,9 +1609,6 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns ) echo_get_pipe_fns( &cmds, &n_cmds ); break; #endif - case PI_EPM: - epm_get_pipe_fns( &cmds, &n_cmds ); - break; default: DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx)); } diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index 64ca8388d77..514c22d471e 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -344,8 +344,6 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); - init_privilege(&p->pipe_user.privs); - dup_priv_set(p->pipe_user.privs, vuser->privs); } /* diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 642c10e26fe..70ae4d170e4 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -40,7 +40,6 @@ extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; extern rid_name builtin_alias_rids[]; -extern PRIVS privs[]; typedef struct _disp_info { BOOL user_dbloaded; @@ -76,12 +75,10 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd level of access for further checks. ********************************************************************/ -NTSTATUS access_check_samr_object(SEC_DESC *psd, pipes_struct *p, uint32 des_access, - uint32 *acc_granted, uint32 *priv_list, const char *debug) +NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access, + uint32 *acc_granted, const char *debug) { NTSTATUS status = NT_STATUS_ACCESS_DENIED; - NT_USER_TOKEN *nt_user_token = p->pipe_user.nt_user_token; - int i; if (!se_access_check(psd, nt_user_token, des_access, acc_granted, &status)) { *acc_granted = des_access; @@ -89,18 +86,12 @@ NTSTATUS access_check_samr_object(SEC_DESC *psd, pipes_struct *p, uint32 des_acc DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access)); DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n")); - return NT_STATUS_OK; + status = NT_STATUS_OK; } - if (priv_list != NULL) { - for (i = 0; priv_list[i] != SE_NONE; i++) { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), priv_list[i]))) { - DEBUG(3, ("%s: User should be denied access but was overridden by %s\n", debug, privs[priv_list[i]].priv)); - return NT_STATUS_OK; - } - } + else { + DEBUG(2,("%s: ACCESS DENIED (requested: %#010x)\n", + debug, des_access)); } - - DEBUG(2,("%s: ACCESS DENIED (requested: %#010x)\n", debug, des_access)); } return status; } @@ -109,10 +100,8 @@ NTSTATUS access_check_samr_object(SEC_DESC *psd, pipes_struct *p, uint32 des_acc Checks if access to a function can be granted ********************************************************************/ -NTSTATUS access_check_samr_function(pipes_struct *p, uint32 acc_granted, uint32 acc_required, uint32 *priv_list, const char *debug) +NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug) { - int i; - DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n", debug, acc_granted, acc_required)); if ((acc_granted & acc_required) != acc_required) { @@ -122,15 +111,6 @@ NTSTATUS access_check_samr_function(pipes_struct *p, uint32 acc_granted, uint32 DEBUGADD(4,("but overwritten by euid == 0\n")); return NT_STATUS_OK; } - if (priv_list != NULL) { - for (i = 0; priv_list[i] != SE_NONE; i++) { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), priv_list[i]))) { - DEBUG(3, ("%s: User should be denied access but was overridden by %s\n", debug, privs[priv_list[i]].priv)); - return NT_STATUS_OK; - } - } - } - DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n", debug, acc_granted, acc_required)); return NT_STATUS_ACCESS_DENIED; @@ -392,7 +372,6 @@ NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN uint32 des_access = q_u->flags; size_t sd_size; NTSTATUS status; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_NONE}; r_u->status = NT_STATUS_OK; @@ -400,7 +379,7 @@ NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(status = access_check_samr_function(p, info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN, priv_list, "_samr_open_domain"))) { + if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN,"_samr_open_domain"))) { return status; } @@ -409,8 +388,8 @@ NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN se_map_generic(&des_access,&dom_generic_mapping); if (!NT_STATUS_IS_OK(status = - access_check_samr_object(psd, p, des_access, &acc_granted, - priv_list, "_samr_open_domain"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_domain"))) { return status; } @@ -789,8 +768,8 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, domain_sid = info->sid; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, info->acc_granted, - SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, NULL, + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_users"))) { return r_u->status; } @@ -900,7 +879,7 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST Get the group entries - similar to get_sampwd_entries(). ******************************************************************/ -static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, +static NTSTATUS get_group_entries( enum SID_NAME_USE type, TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, uint32 *p_num_entries, uint32 max_entries ) { @@ -915,8 +894,7 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, needed for some passdb backends to enumerate groups */ become_root(); - pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, - ENUM_ONLY_MAPPED); + pdb_enum_group_mapping(type, &map, (int *)&group_entries, ENUM_ONLY_MAPPED); unbecome_root(); num_entries=group_entries-start_idx; @@ -937,57 +915,51 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name); fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment); sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid); - (*d_grp)[i].attr=SID_NAME_DOM_GRP; + (*d_grp)[i].attr=type; } SAFE_FREE(map); *p_num_entries = num_entries; - DEBUG(10,("get_group_domain_entries: returning %d entries\n", - *p_num_entries)); + DEBUG(10,("get_group_entries: returning %d entries\n", *p_num_entries)); return NT_STATUS_OK; } /******************************************************************* - Wrapper for enumerating local groups + Wrapper for enuemrating domain groups ******************************************************************/ -static NTSTATUS get_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, - const DOM_SID *sid, uint32 start_idx, - uint32 *p_num_entries, uint32 max_entries ) +static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, + DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries ) { - struct acct_info *info; - int i; - BOOL res; - - become_root(); - res = pdb_enum_aliases(sid, start_idx, max_entries, - p_num_entries, &info); - unbecome_root(); - - if (!res) - return NT_STATUS_ACCESS_DENIED; - - if (*p_num_entries == 0) - return NT_STATUS_OK; + return get_group_entries( SID_NAME_DOM_GRP, ctx, d_grp, sid, start_idx, + p_num_entries, max_entries ); +} - *d_grp = talloc(ctx, sizeof(DOMAIN_GRP) * (*p_num_entries)); +/******************************************************************* + Wrapper for enumerating local groups + ******************************************************************/ - if (*d_grp == NULL) { - SAFE_FREE(info); - return NT_STATUS_NO_MEMORY; +static NTSTATUS get_group_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, + DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries) +{ + if ( sid_equal(sid, &global_sid_Builtin) ) { + return get_group_entries( SID_NAME_WKN_GRP, ctx, d_grp, + sid, start_idx, p_num_entries, max_entries ); } - - for (i=0; i<*p_num_entries; i++) { - fstrcpy((*d_grp)[i].name, info[i].acct_name); - fstrcpy((*d_grp)[i].comment, info[i].acct_desc); - (*d_grp)[i].rid = info[i].rid; - (*d_grp)[i].attr = SID_NAME_ALIAS; + else if ( sid_equal(sid, get_global_sam_sid()) ) { + return get_group_entries( SID_NAME_ALIAS, ctx, d_grp, + sid, start_idx, p_num_entries, max_entries ); } - SAFE_FREE(info); + /* can't do anything with this SID */ + + *p_num_entries = 0; + return NT_STATUS_OK; } @@ -1007,7 +979,7 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, NULL, "_samr_enum_dom_groups"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) { return r_u->status; } @@ -1046,16 +1018,16 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, NULL, "_samr_enum_dom_aliases"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) { return r_u->status; } sid_to_string(sid_str, &sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); - status = get_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, - &num_entries, MAX_SAM_ENTRIES); - if (!NT_STATUS_IS_OK(status)) return status; + status = get_group_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, + &num_entries, MAX_SAM_ENTRIES); + if (NT_STATUS_IS_ERR(status)) return status; make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); @@ -1272,7 +1244,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u) { DOM_SID sid; - struct acct_info info; + GROUP_MAP map; uint32 acc_granted; BOOL ret; @@ -1283,12 +1255,16 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM /* find the policy handle. open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, NULL, "_samr_query_aliasinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) { return r_u->status; } + if (!sid_check_is_in_our_domain(&sid) && + !sid_check_is_in_builtin(&sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + become_root(); - ret = pdb_get_aliasinfo(&sid, &info); + ret = pdb_getgrsid(&map, sid); unbecome_root(); if ( !ret ) @@ -1298,13 +1274,12 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM case 1: r_u->ptr = 1; r_u->ctr.switch_value1 = 1; - init_samr_alias_info1(&r_u->ctr.alias.info1, - info.acct_name, 1, info.acct_desc); + init_samr_alias_info1(&r_u->ctr.alias.info1, map.nt_name, 1, map.comment); break; case 3: r_u->ptr = 1; r_u->ctr.switch_value1 = 3; - init_samr_alias_info3(&r_u->ctr.alias.info3, info.acct_desc); + init_samr_alias_info3(&r_u->ctr.alias.info3, map.comment); break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1403,7 +1378,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO return r_u->status; } - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, 0, NULL, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */ + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */ return r_u->status; } @@ -1625,7 +1600,6 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE size_t sd_size; BOOL ret; NTSTATUS nt_status; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; r_u->status = NT_STATUS_OK; @@ -1633,7 +1607,7 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, priv_list, "_samr_open_user"))) { + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user"))) { return nt_status; } @@ -1650,8 +1624,8 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); se_map_generic(&des_access, &usr_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - priv_list, "_samr_open_user"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_user"))) { return nt_status; } @@ -1974,7 +1948,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_USER_GET_GROUPS, NULL, "_samr_query_usergroups"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) { return r_u->status; } @@ -2157,13 +2131,12 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA uint32 new_rid = 0; /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; /* Get the domain SID stored in the domain policy */ if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, priv_list, "_samr_create_user"))) { + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) { return nt_status; } @@ -2227,33 +2200,6 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* the passdb lookup has failed; check to see if we need to run the add user/machine script */ - - /* - * we can't check both the ending $ and the acb_info. - * - * UserManager creates trust accounts (ending in $, - * normal that hidden accounts) with the acb_info equals to ACB_NORMAL. - * JFM, 11/29/2001 - */ - if (account[strlen(account)-1] == '$') { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT)) || geteuid() == 0) { - DEBUG(3, ("user [%s] has been granted Add Machines privilege!\n", p->user_name)); - become_root(); - pstrcpy(add_script, lp_addmachine_script()); - } else { - DEBUG(3, ("user [%s] doesn't have Add Machines privilege!\n", p->user_name)); - return NT_STATUS_ACCESS_DENIED; - } - } else { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS)) || geteuid() == 0) { - DEBUG(3, ("user [%s] has been granted Add Users privilege!\n", p->user_name)); - become_root(); - pstrcpy(add_script, lp_adduser_script()); - } else { - DEBUG(3, ("user [%s] doesn't have Add Users privilege!\n", p->user_name)); - return NT_STATUS_ACCESS_DENIED; - } - } pw = Get_Pwnam(account); @@ -2269,16 +2215,27 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA *********************************************************************/ if ( !pw ) { + /* + * we can't check both the ending $ and the acb_info. + * + * UserManager creates trust accounts (ending in $, + * normal that hidden accounts) with the acb_info equals to ACB_NORMAL. + * JFM, 11/29/2001 + */ + if (account[strlen(account)-1] == '$') + pstrcpy(add_script, lp_addmachine_script()); + else + pstrcpy(add_script, lp_adduser_script()); - if (add_script[0] != '\0') { + if (*add_script) { int add_ret; all_string_sub(add_script, "%u", account, sizeof(account)); add_ret = smbrun(add_script,NULL); + DEBUG(3,("_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); } else /* no add user script -- ask winbindd to do it */ { - DEBUG(0, ("_samr_create_user: lp_adduser_script() = %s add_script = %s\n", lp_adduser_script(), add_script)); - if (!winbind_create_user(account, &new_rid)) { + if ( !winbind_create_user( account, &new_rid ) ) { DEBUG(3,("_samr_create_user: winbind_create_user(%s) failed\n", account)); } @@ -2289,16 +2246,15 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* implicit call to getpwnam() next. we have a valid SID coming out of this call */ if ( !NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pass, account, new_rid)) ) - goto done; + return nt_status; pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); if (!pdb_add_sam_account(sam_pass)) { pdb_free_sam(&sam_pass); - DEBUG(0, ("could not add user/computer %s to passdb !?\n", + DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n", account)); - nt_status = NT_STATUS_ACCESS_DENIED; - goto done; + return NT_STATUS_ACCESS_DENIED; } /* Get the user's SID */ @@ -2307,16 +2263,15 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); se_map_generic(&des_access, &usr_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - priv_list, "_samr_create_user"))) { - goto done; + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_create_user"))) { + return nt_status; } /* associate the user's SID with the new handle. */ if ((info = get_samr_info_by_sid(&sid)) == NULL) { pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_NO_MEMORY; - goto done; + return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(info); @@ -2326,8 +2281,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) { pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_OBJECT_NAME_NOT_FOUND; - goto done; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; } r_u->user_rid=pdb_get_user_rid(sam_pass); @@ -2336,11 +2290,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_OK; - -done: - unbecome_root(); - return nt_status; + return NT_STATUS_OK; } /******************************************************************* @@ -2411,8 +2361,8 @@ NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access, &sam_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_connect"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_connect"))) { return nt_status; } @@ -2461,8 +2411,8 @@ NTSTATUS _samr_connect4(pipes_struct *p, SAMR_Q_CONNECT4 *q_u, SAMR_R_CONNECT4 * samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access, &sam_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_connect"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_connect"))) { return nt_status; } @@ -2499,8 +2449,8 @@ NTSTATUS _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_ if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, info->acc_granted, - SA_RIGHT_SAM_ENUM_DOMAINS, NULL, "_samr_lookup_domain"))) + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, + SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_lookup_domain"))) { return r_u->status; } @@ -2572,7 +2522,7 @@ NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_EN if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, NULL, "_samr_enum_domains"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) { return r_u->status; } @@ -2613,7 +2563,7 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, NULL, "_samr_open_alias"))) { + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias"))) { return status; } @@ -2625,8 +2575,8 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A samr_make_ali_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access,&ali_generic_mapping); if (!NT_STATUS_IS_OK(status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_open_alias"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_alias"))) { return status; } @@ -2999,8 +2949,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE SAM_USERINFO_CTR *ctr = q_u->ctr; uint32 acc_granted; uint32 acc_required; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; - BOOL priv_to_root = False; DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__)); @@ -3011,65 +2959,34 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE return NT_STATUS_INVALID_HANDLE; acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */ - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, acc_required, priv_list, "_samr_set_userinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) { return r_u->status; } - - if (geteuid() != sec_initial_uid()) { - SAM_ACCOUNT *pwd = NULL; - - pdb_init_sam(&pwd); - - become_root(); - if (!pdb_getsampwsid(pwd, &sid)) { - unbecome_root(); - pdb_free_sam(&pwd); - return NT_STATUS_ACCESS_DENIED; - } - - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS))) { - priv_to_root = True; - - } else if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT))) { - if (pdb_get_acct_ctrl(pwd) & ACB_WSTRUST) { - priv_to_root = True; - } - } else { - unbecome_root(); - return NT_STATUS_ACCESS_DENIED; - } - } - + DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value)); if (ctr == NULL) { DEBUG(5, ("_samr_set_userinfo: NULL info level\n")); - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 0x12: - if (!set_user_info_12(ctr->info.id12, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 24: if (!p->session_key.length) { - if (priv_to_root) unbecome_root(); return NT_STATUS_NO_USER_SESSION_KEY; } SamOEMhashBlob(ctr->info.id24->pass, 516, &p->session_key); dump_data(100, (char *)ctr->info.id24->pass, 516); - if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 25: @@ -3093,30 +3010,24 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE return NT_STATUS_ACCESS_DENIED; break; #endif - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; case 23: if (!p->session_key.length) { - if (priv_to_root) unbecome_root(); return NT_STATUS_NO_USER_SESSION_KEY; } SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key); dump_data(100, (char *)ctr->info.id23->pass, 516); - if (!set_user_info_23(ctr->info.id23, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_23(ctr->info.id23, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; default: - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } - if (priv_to_root) unbecome_root(); return r_u->status; } @@ -3132,8 +3043,6 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ uint16 switch_value = q_u->switch_value; uint32 acc_granted; uint32 acc_required; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; - BOOL priv_to_root = False; DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__)); @@ -3144,40 +3053,14 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ return NT_STATUS_INVALID_HANDLE; acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */ - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, acc_required, priv_list, "_samr_set_userinfo2"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) { return r_u->status; } - if (geteuid() != sec_initial_uid()) { - SAM_ACCOUNT *pwd = NULL; - - pdb_init_sam(&pwd); - - become_root(); - if (!pdb_getsampwsid(pwd, &sid)) { - unbecome_root(); - pdb_free_sam(&pwd); - return NT_STATUS_ACCESS_DENIED; - } - - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS))) { - priv_to_root = True; - - } else if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT))) { - if (pdb_get_acct_ctrl(pwd) & ACB_WSTRUST) { - priv_to_root = True; - } - } else { - unbecome_root(); - return NT_STATUS_ACCESS_DENIED; - } - } - DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid))); if (ctr == NULL) { DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n")); - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } @@ -3186,36 +3069,26 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 21: - if (!set_user_info_21(ctr->info.id21, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_21(ctr->info.id21, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 20: - if (!set_user_info_20(ctr->info.id20, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_20(ctr->info.id20, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 16: - if (!set_user_info_10(ctr->info.id10, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_10(ctr->info.id10, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 18: /* Used by AS/U JRA. */ - if (!set_user_info_12(ctr->info.id12, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; default: - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } - if (priv_to_root) unbecome_root(); return r_u->status; } @@ -3258,8 +3131,8 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - ntstatus1 = access_check_samr_function(p, info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, NULL, "_samr_query_useraliases"); - ntstatus2 = access_check_samr_function(p, info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, NULL, "_samr_query_useraliases"); + ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases"); + ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_query_useraliases"); if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) { if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) && @@ -3318,11 +3191,15 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ { int i; + GROUP_MAP map; int num_sids = 0; DOM_SID2 *sid; DOM_SID *sids=NULL; DOM_SID alias_sid; + DOM_SID als_sid; + uint32 alias_rid; + fstring alias_sid_str; uint32 acc_granted; @@ -3331,15 +3208,38 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ return NT_STATUS_INVALID_HANDLE; if (!NT_STATUS_IS_OK(r_u->status = - access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, NULL, "_samr_query_aliasmem"))) { + access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) { return r_u->status; } + + sid_copy(&als_sid, &alias_sid); + sid_to_string(alias_sid_str, &alias_sid); + sid_split_rid(&alias_sid, &alias_rid); - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!pdb_enum_aliasmem(&alias_sid, &sids, &num_sids)) + if (sid_equal(&alias_sid, &global_sid_Builtin)) { + DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n")); + if(!get_builtin_group_from_sid(&als_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + } else { + if (sid_equal(&alias_sid, get_global_sam_sid())) { + DEBUG(10, ("lookup on Server SID\n")); + if(!get_local_group_from_sid(&als_sid, &map)) { + fstring alias_sid_string; + DEBUG(10, ("Alias %s not found\n", sid_to_string(alias_sid_string, &als_sid))); + return NT_STATUS_NO_SUCH_ALIAS; + } + } + } + + if (!get_sid_list_of_group(map.gid, &sids, &num_sids)) { + fstring alias_sid_string; + DEBUG(10, ("Alias %s found, but member list unavailable\n", sid_to_string(alias_sid_string, &als_sid))); return NT_STATUS_NO_SUCH_ALIAS; + } + DEBUG(10, ("sid is %s\n", alias_sid_str)); sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_SID2) * num_sids); if (num_sids!=0 && sid == NULL) { SAFE_FREE(sids); @@ -3350,6 +3250,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ init_dom_sid2(&sid[i], &sids[i]); } + DEBUG(10, ("sid is %s\n", alias_sid_str)); init_samr_r_query_aliasmem(r_u, num_sids, sid, NT_STATUS_OK); SAFE_FREE(sids); @@ -3357,89 +3258,20 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ return NT_STATUS_OK; } -static void add_uid_to_array_unique(uid_t uid, uid_t **uids, int *num) -{ - int i; - - if ((*num) >= groups_max()) - return; - - for (i=0; i<*num; i++) { - if ((*uids)[i] == uid) - return; - } - - *uids = Realloc(*uids, (*num+1) * sizeof(uid_t)); - - if (*uids == NULL) - return; - - (*uids)[*num] = uid; - *num += 1; -} - - -static BOOL get_memberuids(gid_t gid, uid_t **uids, int *num) -{ - struct group *grp; - char **gr; - struct sys_pwent *userlist, *user; - - *uids = NULL; - *num = 0; - - /* We only look at our own sam, so don't care about imported stuff */ - - winbind_off(); - - if ((grp = getgrgid(gid)) == NULL) { - winbind_on(); - return False; - } - - /* Primary group members */ - - userlist = getpwent_list(); - - for (user = userlist; user != NULL; user = user->next) { - if (user->pw_gid != gid) - continue; - add_uid_to_array_unique(user->pw_uid, uids, num); - } - - pwent_free(userlist); - - /* Secondary group members */ - - gr = grp->gr_mem; - while ((*gr != NULL) && ((*gr)[0] != '\0')) { - struct passwd *pw = getpwnam(*gr); - - if (pw == NULL) - continue; - - add_uid_to_array_unique(pw->pw_uid, uids, num); - - gr += 1; - } - - winbind_on(); - - return True; -} - /********************************************************************* _samr_query_groupmem *********************************************************************/ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u) { - int final_num_rids, i; + int num_sids = 0; + int final_num_sids = 0; + int i; DOM_SID group_sid; fstring group_sid_str; - uid_t *uids; - int num; - gid_t gid; + DOM_SID *sids=NULL; + + GROUP_MAP map; uint32 *rid=NULL; uint32 *attr=NULL; @@ -3450,7 +3282,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, NULL, "_samr_query_groupmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_query_groupmem"))) { return r_u->status; } @@ -3464,46 +3296,35 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ DEBUG(10, ("lookup on Domain SID\n")); - if (!NT_STATUS_IS_OK(sid_to_gid(&group_sid, &gid))) + if(!get_domain_group_from_sid(group_sid, &map)) return NT_STATUS_NO_SUCH_GROUP; - if(!get_memberuids(gid, &uids, &num)) + if(!get_sid_list_of_group(map.gid, &sids, &num_sids)) return NT_STATUS_NO_SUCH_GROUP; - rid=talloc_zero(p->mem_ctx, sizeof(uint32)*num); - attr=talloc_zero(p->mem_ctx, sizeof(uint32)*num); + rid=talloc_zero(p->mem_ctx, sizeof(uint32)*num_sids); + attr=talloc_zero(p->mem_ctx, sizeof(uint32)*num_sids); - if (num!=0 && (rid==NULL || attr==NULL)) + if (num_sids!=0 && (rid==NULL || attr==NULL)) return NT_STATUS_NO_MEMORY; - final_num_rids = 0; + for (i=0; i<num_sids; i++) { + uint32 urid; - for (i=0; i<num; i++) { - DOM_SID sid; - - if (!NT_STATUS_IS_OK(uid_to_sid(&sid, uids[i]))) { - DEBUG(1, ("Could not map member uid to SID\n")); - continue; - } - - if (!sid_check_is_in_our_domain(&sid)) { - DEBUG(1, ("Inconsistent SAM -- group member uid not " - "in our domain\n")); - continue; + if (sid_peek_check_rid(get_global_sam_sid(), &sids[i], &urid)) { + rid[final_num_sids] = urid; + attr[final_num_sids] = SID_NAME_USER; + final_num_sids++; + } else { + fstring user_sid_str, domain_sid_str; + DEBUG(1, ("_samr_query_groupmem: SID %s in group %s is not in our domain %s\n", + sid_to_string(user_sid_str, &sids[i]), + sid_to_string(group_sid_str, &group_sid), + sid_to_string(domain_sid_str, get_global_sam_sid()))); } - - sid_peek_rid(&sid, &rid[final_num_rids]); - - /* Hmm. In a trace I got the constant 7 here from NT. */ - attr[final_num_rids] = SID_NAME_USER; - - final_num_rids += 1; } - SAFE_FREE(uids); - - init_samr_r_query_groupmem(r_u, final_num_rids, rid, attr, - NT_STATUS_OK); + init_samr_r_query_groupmem(r_u, final_num_sids, rid, attr, NT_STATUS_OK); return NT_STATUS_OK; } @@ -3515,21 +3336,93 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u) { DOM_SID alias_sid; + fstring alias_sid_str; + uid_t uid; + struct passwd *pwd; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + NTSTATUS ret; + SAM_ACCOUNT *sam_user = NULL; + BOOL check; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, NULL, "_samr_add_aliasmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_add_aliasmem"))) { return r_u->status; } - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!pdb_add_aliasmem(&alias_sid, &q_u->sid.sid)) - return NT_STATUS_ACCESS_DENIED; + if (sid_compare(&alias_sid, get_global_sam_sid())>0) { + DEBUG(10, ("adding member on Server SID\n")); + if(!get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else { + if (sid_compare(&alias_sid, &global_sid_Builtin)>0) { + DEBUG(10, ("adding member on BUILTIN SID\n")); + if( !get_builtin_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else + return NT_STATUS_NO_SUCH_ALIAS; + } + + ret = pdb_init_sam(&sam_user); + if (!NT_STATUS_IS_OK(ret)) + return ret; + + check = pdb_getsampwsid(sam_user, &q_u->sid.sid); + + if (check != True) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + /* check a real user exist before we run the script to add a user to a group */ + if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { + return NT_STATUS_NO_SUCH_USER; + } + + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); + return NT_STATUS_NO_SUCH_ALIAS; + } + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* if the user is already in the group */ + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_IN_ALIAS; + } + + /* + * ok, the group exist, the user exist, the user is not in the group, + * we can (finally) add it to the group ! + */ + smb_add_user_group(grp_name, pwd->pw_name); + /* check if the user has been added then ... */ + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + passwd_free(&pwd); return NT_STATUS_OK; } @@ -3540,22 +3433,62 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u) { DOM_SID alias_sid; + fstring alias_sid_str; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + SAM_ACCOUNT *sam_pass=NULL; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, NULL, "_samr_del_aliasmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_del_aliasmem"))) { return r_u->status; } - DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", - sid_string_static(&alias_sid))); + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", alias_sid_str)); - if (!pdb_del_aliasmem(&alias_sid, &q_u->sid.sid)) - return NT_STATUS_ACCESS_DENIED; - + if (!sid_check_is_in_our_domain(&alias_sid) && + !sid_check_is_in_builtin(&alias_sid)) { + DEBUG(10, ("_samr_del_aliasmem:invalid alias group\n")); + return NT_STATUS_NO_SUCH_ALIAS; + } + + if( !get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* check if the user exists before trying to remove it from the group */ + pdb_init_sam(&sam_pass); + if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) { + DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + /* if the user is not in the group */ + if(!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; + } + + smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); + + /* check if the user has been removed then ... */ + if(user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + pdb_free_sam(&sam_pass); return NT_STATUS_OK; } @@ -3567,35 +3500,73 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD { DOM_SID group_sid; DOM_SID user_sid; + fstring group_sid_str; + uid_t uid; + struct passwd *pwd; + struct group *grp; fstring grp_name; - fstring usr_name; + GROUP_MAP map; + NTSTATUS ret; + SAM_ACCOUNT *sam_user=NULL; + BOOL check; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, NULL, "_samr_add_groupmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_add_groupmem"))) { return r_u->status; } - if (!sid_to_local_dom_grp_name(&group_sid, grp_name)) { - DEBUG(1, ("Could not find group for SID %s\n", - sid_string_static(&group_sid))); + sid_to_string(group_sid_str, &group_sid); + DEBUG(10, ("sid is %s\n", group_sid_str)); + + if (sid_compare(&group_sid, get_global_sam_sid())<=0) + return NT_STATUS_NO_SUCH_GROUP; + + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map)) return NT_STATUS_NO_SUCH_GROUP; - } sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, q_u->rid); - if (!sid_to_local_user_name(&user_sid, usr_name)) { - DEBUG(1, ("Could not find user for SID %s\n", - sid_string_static(&user_sid))); + ret = pdb_init_sam(&sam_user); + if (!NT_STATUS_IS_OK(ret)) + return ret; + + check = pdb_getsampwsid(sam_user, &user_sid); + + if (check != True) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + /* check a real user exist before we run the script to add a user to a group */ + if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; } + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); + return NT_STATUS_NO_SUCH_GROUP; + } + + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ + fstrcpy(grp_name, grp->gr_name); + /* if the user is already in the group */ - if(user_in_unix_group_list(usr_name, grp_name)) { + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); return NT_STATUS_MEMBER_IN_GROUP; } @@ -3605,13 +3576,15 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD * we can (finally) add it to the group ! */ - smb_add_user_group(grp_name, usr_name); + smb_add_user_group(grp_name, pwd->pw_name); /* check if the user has been added then ... */ - if(!user_in_unix_group_list(usr_name, grp_name)) { - return NT_STATUS_ACCESS_DENIED; + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */ } + passwd_free(&pwd); return NT_STATUS_OK; } @@ -3623,8 +3596,10 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE { DOM_SID group_sid; DOM_SID user_sid; + SAM_ACCOUNT *sam_pass=NULL; + GROUP_MAP map; fstring grp_name; - fstring usr_name; + struct group *grp; uint32 acc_granted; /* @@ -3637,38 +3612,48 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, NULL, "_samr_del_groupmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_del_groupmem"))) { return r_u->status; } - if (!sid_to_local_dom_grp_name(&group_sid, grp_name)) { - DEBUG(1, ("Could not find group for SID %s\n", - sid_string_static(&group_sid))); + if (!sid_check_is_in_our_domain(&group_sid)) return NT_STATUS_NO_SUCH_GROUP; - } sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, q_u->rid); - if (!sid_to_local_user_name(&user_sid, usr_name)) { - DEBUG(1, ("Could not find user for SID %s\n", - sid_string_static(&user_sid))); + if (!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_GROUP; + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* check if the user exists before trying to remove it from the group */ + pdb_init_sam(&sam_pass); + if (!pdb_getsampwsid(sam_pass, &user_sid)) { + DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } /* if the user is not in the group */ - if (!user_in_unix_group_list(usr_name, grp_name)) { + if (!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); return NT_STATUS_MEMBER_NOT_IN_GROUP; } - smb_delete_user_group(grp_name, usr_name); + smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); /* check if the user has been removed then ... */ - if(user_in_unix_group_list(usr_name, grp_name)) { - /* don't know what to reply else */ - return NT_STATUS_ACCESS_DENIED; + if (user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_ACCESS_DENIED; /* don't know what to reply else */ } + pdb_free_sam(&sam_pass); return NT_STATUS_OK; } @@ -3720,7 +3705,7 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, NULL, "_samr_delete_dom_user"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) { return r_u->status; } @@ -3766,8 +3751,12 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, SAMR_R_DELETE_DOM_GROUP *r_u) { DOM_SID group_sid; - fstring grp_name; + DOM_SID dom_sid; + uint32 group_rid; + fstring group_sid_str; + gid_t gid; struct group *grp; + GROUP_MAP map; uint32 acc_granted; DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__)); @@ -3776,23 +3765,43 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, NULL, "_samr_delete_dom_group"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) { return r_u->status; } - if (!sid_to_local_dom_grp_name(&group_sid, grp_name)) { - DEBUG(1, ("Could not find group for SID %s\n", - sid_string_static(&group_sid))); + sid_copy(&dom_sid, &group_sid); + sid_to_string(group_sid_str, &dom_sid); + sid_split_rid(&dom_sid, &group_rid); + + DEBUG(10, ("sid is %s\n", group_sid_str)); + + /* we check if it's our SID before deleting */ + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_GROUP; - } + + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + + gid=map.gid; + + /* check if group really exists */ + if ( (grp=getgrgid(gid)) == NULL) + return NT_STATUS_NO_SUCH_GROUP; + + /* delete mapping first */ + if(!pdb_delete_group_mapping_entry(group_sid)) + return NT_STATUS_ACCESS_DENIED; /* we can delete the UNIX group */ - smb_delete_group(grp_name); + smb_delete_group(grp->gr_name); /* check if the group has been successfully deleted */ - if ( (grp=getgrnam(grp_name)) != NULL) + if ( (grp=getgrgid(gid)) != NULL) return NT_STATUS_ACCESS_DENIED; + if (!close_policy_hnd(p, &q_u->group_pol)) return NT_STATUS_OBJECT_NAME_INVALID; @@ -3806,6 +3815,12 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u) { DOM_SID alias_sid; + DOM_SID dom_sid; + uint32 alias_rid; + fstring alias_sid_str; + gid_t gid; + struct group *grp; + GROUP_MAP map; uint32 acc_granted; DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__)); @@ -3814,21 +3829,41 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, NULL, "_samr_delete_dom_alias"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) { return r_u->status; } + + sid_copy(&dom_sid, &alias_sid); + sid_to_string(alias_sid_str, &dom_sid); + sid_split_rid(&dom_sid, &alias_rid); - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!sid_check_is_in_our_domain(&alias_sid)) + /* we check if it's our SID before deleting */ + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_ALIAS; - + DEBUG(10, ("lookup on Local SID\n")); - /* Have passdb delete the alias */ - if (!pdb_delete_alias(&alias_sid)) + if(!get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + gid=map.gid; + + /* check if group really exists */ + if ( (grp=getgrgid(gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we can delete the UNIX group */ + smb_delete_group(grp->gr_name); + + /* check if the group has been successfully deleted */ + if ( (grp=getgrgid(gid)) != NULL) return NT_STATUS_ACCESS_DENIED; + /* don't check if we removed it as it could be an un-mapped group */ + pdb_delete_group_mapping_entry(alias_sid); + if (!close_policy_hnd(p, &q_u->alias_pol)) return NT_STATUS_OBJECT_NAME_INVALID; @@ -3854,7 +3889,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, NULL, "_samr_create_dom_group"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) { return r_u->status; } @@ -3906,6 +3941,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S DOM_SID dom_sid; DOM_SID info_sid; fstring name; + fstring sid_string; struct group *grp; struct samr_info *info; uint32 acc_granted; @@ -3915,7 +3951,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, NULL, "_samr_create_alias"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) { return r_u->status; } @@ -3926,20 +3962,28 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); - /* Have passdb create the alias */ - if (!pdb_create_alias(name, &r_u->rid)) - return NT_STATUS_ACCESS_DENIED; + /* check if group already exists */ + if ( (grp=getgrnam(name)) != NULL) + return NT_STATUS_ALIAS_EXISTS; - sid_copy(&info_sid, get_global_sam_sid()); - sid_append_rid(&info_sid, r_u->rid); - - if (!NT_STATUS_IS_OK(sid_to_gid(&info_sid, &gid))) + /* we can create the UNIX group */ + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; /* check if the group has been successfully created */ if ((grp=getgrgid(gid)) == NULL) return NT_STATUS_ACCESS_DENIED; + r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); + + sid_copy(&info_sid, get_global_sam_sid()); + sid_append_rid(&info_sid, r_u->rid); + sid_to_string(sid_string, &info_sid); + + /* add the group to the mapping table */ + if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL)) + return NT_STATUS_ACCESS_DENIED; + if ((info = get_samr_info_by_sid(&info_sid)) == NULL) return NT_STATUS_NO_MEMORY; @@ -3960,24 +4004,24 @@ level 1 send also the number of users of that group NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u) { DOM_SID group_sid; - gid_t gid; - uid_t *uids; - int num=0; + GROUP_MAP map; + DOM_SID *sids=NULL; + int num_sids=0; GROUP_INFO_CTR *ctr; uint32 acc_granted; - struct acct_info info; + BOOL ret; if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, NULL, "_samr_query_groupinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) { return r_u->status; } - if (!pdb_get_dom_grp_info(&group_sid, &info)) - return NT_STATUS_NO_SUCH_GROUP; - - if (!NT_STATUS_IS_OK(sid_to_gid(&group_sid, &gid))) + become_root(); + ret = get_domain_group_from_sid(group_sid, &map); + unbecome_root(); + if (!ret) return NT_STATUS_INVALID_HANDLE; ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR)); @@ -3987,12 +4031,10 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM switch (q_u->switch_level) { case 1: ctr->switch_value1 = 1; - if(!get_memberuids(gid, &uids, &num)) + if(!get_sid_list_of_group(map.gid, &sids, &num_sids)) return NT_STATUS_NO_SUCH_GROUP; - SAFE_FREE(uids); - init_samr_group_info1(&ctr->group.info1, - info.acct_name, info.acct_desc, - num); + init_samr_group_info1(&ctr->group.info1, map.nt_name, map.comment, num_sids); + SAFE_FREE(sids); break; case 3: ctr->switch_value1 = 3; @@ -4000,8 +4042,7 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM break; case 4: ctr->switch_value1 = 4; - init_samr_group_info4(&ctr->group.info4, - info.acct_desc); + init_samr_group_info4(&ctr->group.info4, map.comment); break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -4021,39 +4062,36 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u) { DOM_SID group_sid; + GROUP_MAP map; GROUP_INFO_CTR *ctr; uint32 acc_granted; - struct acct_info info; if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_SET_INFO, NULL, "_samr_set_groupinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) { return r_u->status; } - if (!pdb_get_dom_grp_info(&group_sid, &info)) - return NT_STATUS_INVALID_HANDLE; + if (!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; ctr=q_u->ctr; switch (ctr->switch_value1) { case 1: - unistr2_to_ascii(info.acct_desc, - &(ctr->group.info1.uni_acct_desc), - sizeof(info.acct_desc)-1); + unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1); break; case 4: - unistr2_to_ascii(info.acct_desc, - &(ctr->group.info4.uni_acct_desc), - sizeof(info.acct_desc)-1); + unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1); break; default: return NT_STATUS_INVALID_INFO_CLASS; } - if (!pdb_set_dom_grp_info(&group_sid, &info)) - return NT_STATUS_ACCESS_DENIED; + if(!pdb_update_group_mapping_entry(&map)) { + return NT_STATUS_NO_SUCH_GROUP; + } return NT_STATUS_OK; } @@ -4067,31 +4105,33 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u) { DOM_SID group_sid; - struct acct_info info; + GROUP_MAP map; ALIAS_INFO_CTR *ctr; uint32 acc_granted; if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_SET_INFO, NULL, "_samr_set_aliasinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) { return r_u->status; } + if (!get_local_group_from_sid(&group_sid, &map) && + !get_builtin_group_from_sid(&group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + ctr=&q_u->ctr; switch (ctr->switch_value1) { case 3: - unistr2_to_ascii(info.acct_desc, - &(ctr->alias.info3.uni_acct_desc), - sizeof(info.acct_desc)-1); + unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1); break; default: return NT_STATUS_INVALID_INFO_CLASS; } - if(!pdb_set_aliasinfo(&group_sid, &info)) { - return NT_STATUS_ACCESS_DENIED; + if(!pdb_update_group_mapping_entry(&map)) { + return NT_STATUS_NO_SUCH_GROUP; } return NT_STATUS_OK; @@ -4126,7 +4166,7 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G { DOM_SID sid; DOM_SID info_sid; - fstring grp_name; + GROUP_MAP map; struct samr_info *info; SEC_DESC *psd = NULL; uint32 acc_granted; @@ -4134,11 +4174,12 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G size_t sd_size; NTSTATUS status; fstring sid_string; + BOOL ret; if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, NULL, "_samr_open_group"))) { + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group"))) { return status; } @@ -4146,8 +4187,8 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G samr_make_grp_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access,&grp_generic_mapping); if (!NT_STATUS_IS_OK(status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_open_group"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_group"))) { return status; } @@ -4167,7 +4208,11 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string)); - if (!sid_to_local_dom_grp_name(&info->sid, grp_name)) + /* check if that group really exists */ + become_root(); + ret = get_domain_group_from_sid(info->sid, &map); + unbecome_root(); + if (!ret) return NT_STATUS_NO_SUCH_GROUP; /* get a (unique) handle. open a policy on it. */ @@ -4203,8 +4248,8 @@ NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - result = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, - NULL, "_samr_remove_sid_foreign_domain"); + result = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, + "_samr_remove_sid_foreign_domain"); if (!NT_STATUS_IS_OK(result)) return result; diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c index ae0fe84e029..dd92e0d90a3 100644 --- a/source/rpc_server/srv_samr_util.c +++ b/source/rpc_server/srv_samr_util.c @@ -280,25 +280,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { - pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pass_last_set_time(to); - new_time = old_time + expire; - if ((new_time) < time(0)) { - new_time = time(0) + expire; - } - } - if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { - DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); - } - } + pdb_set_pass_must_change_time(to,0, PDB_CHANGED); } DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2)); @@ -528,24 +510,6 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pass_last_set_time(to); - new_time = old_time + expire; - if ((new_time) < time(0)) { - new_time = time(0) + expire; - } - } - if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { - DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); - } - } } DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2)); diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index edd62fa8f62..c971ff3631f 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -4283,11 +4283,10 @@ static BOOL construct_printer_info_5(Printer_entry *print_hnd, PRINTER_INFO_5 *p static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *printer, int snum) { char *guid_str = NULL; - UUID_FLAT guid; + GUID guid; if (is_printer_published(print_hnd, snum, &guid)) { - asprintf(&guid_str, "{%s}", - smb_uuid_string_static(smb_uuid_unpack_static(guid))); + asprintf(&guid_str, "{%s}", smb_uuid_string_static(guid)); strupper_m(guid_str); init_unistr(&printer->guid, guid_str); printer->action = SPOOL_DS_PUBLISH; diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c index 9d56e1b3858..40d3a43bef9 100644 --- a/source/rpc_server/srv_srvsvc_nt.c +++ b/source/rpc_server/srv_srvsvc_nt.c @@ -1405,7 +1405,10 @@ WERROR _srv_net_share_get_info(pipes_struct *p, SRV_Q_NET_SHARE_GET_INFO *q_u, S static char *valid_share_pathname(char *dos_pathname) { + pstring saved_pathname; + pstring unix_pathname; char *ptr; + int ret; /* Convert any '\' paths to '/' */ unix_format(dos_pathname); @@ -1420,29 +1423,21 @@ static char *valid_share_pathname(char *dos_pathname) if (*ptr != '/') return NULL; - return ptr; -} - -static BOOL exist_share_pathname(char *unix_pathname) -{ - pstring saved_pathname; - int ret; - /* Can we cd to it ? */ /* First save our current directory. */ if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL) return False; + pstrcpy(unix_pathname, ptr); + ret = chdir(unix_pathname); /* We *MUST* be able to chdir back. Abort if we can't. */ if (chdir(saved_pathname) == -1) smb_panic("valid_share_pathname: Unable to restore current directory.\n"); - if (ret == -1) return False; - - return True; + return (ret != -1) ? ptr : NULL; } /******************************************************************* @@ -1459,7 +1454,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S int type; int snum; int ret; - char *path; + char *ptr; SEC_DESC *psd = NULL; DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); @@ -1554,12 +1549,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S return WERR_ACCESS_DENIED; /* Check if the pathname is valid. */ - if (!(path = valid_share_pathname( pathname ))) + if (!(ptr = valid_share_pathname( pathname ))) return WERR_OBJECT_PATH_INVALID; /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); - string_replace(path, '"', ' '); + string_replace(ptr, '"', ' '); string_replace(comment, '"', ' '); DEBUG(10,("_srv_net_share_set_info: change share command = %s\n", @@ -1567,12 +1562,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S /* Only call modify function if something changed. */ - if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) { + if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) { if (!lp_change_share_cmd() || !*lp_change_share_cmd()) return WERR_ACCESS_DENIED; slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command )); if ((ret = smbrun(command, NULL)) != 0) { @@ -1580,12 +1575,6 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S return WERR_ACCESS_DENIED; } - /* Check if the new share pathname exist, if not return an error */ - if (!exist_share_pathname(path)) { - DEBUG(1, ("_srv_net_share_set_info: change share command was ok but path (%s) has not been created!\n", path)); - return WERR_OBJECT_PATH_INVALID; - } - /* Tell everyone we updated smb.conf. */ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); @@ -1626,7 +1615,7 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S int type; int snum; int ret; - char *path; + char *ptr; SEC_DESC *psd = NULL; DEBUG(5,("_srv_net_share_add: %d\n", __LINE__)); @@ -1700,16 +1689,16 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S return WERR_ACCESS_DENIED; /* Check if the pathname is valid. */ - if (!(path = valid_share_pathname( pathname ))) + if (!(ptr = valid_share_pathname( pathname ))) return WERR_OBJECT_PATH_INVALID; /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); - string_replace(path, '"', ' '); + string_replace(ptr, '"', ' '); string_replace(comment, '"', ' '); slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_add_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); if ((ret = smbrun(command, NULL)) != 0) { @@ -1717,33 +1706,10 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S return WERR_ACCESS_DENIED; } - /* Check if the new share pathname exist, if not try to delete the - * share and return an error */ - if (!exist_share_pathname(path)) { - DEBUG(1, ("_srv_net_share_add: add share command was ok but path (%s) has not been created!\n", path)); - DEBUG(1, ("_srv_net_share_add: trying to rollback and delete the share\n")); - - if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { - DEBUG(1, ("_srv_net_share_add: Error! delete share command is not defined! Please check share (%s) in the config file\n", share_name)); - return WERR_OBJECT_PATH_INVALID; - } - - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - lp_delete_share_cmd(), dyn_CONFIGFILE, share_name); - - DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); - if ((ret = smbrun(command, NULL)) != 0) { - DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret )); - DEBUG(1, ("_srv_net_share_add: Error! delete share command failed! Please check share (%s) in the config file\n", share_name)); - } - - return WERR_OBJECT_PATH_INVALID; - } - if (psd) { - if (!set_share_security(p->mem_ctx, share_name, psd)) { - DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", share_name )); - } + if (!set_share_security(p->mem_ctx, share_name, psd)) + DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", + share_name )); } /* Tell everyone we updated smb.conf. */ @@ -1921,13 +1887,13 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename)); unix_convert(filename, conn, NULL, &bad_path, &st); fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY), - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action); if (!fsp) { /* Perhaps it is a directory */ if (errno == EISDIR) fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0, - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), &action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action); if (!fsp) { DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename)); @@ -2025,13 +1991,13 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ unix_convert(filename, conn, NULL, &bad_path, &st); fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDWR), - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action); if (!fsp) { /* Perhaps it is a directory */ if (errno == EISDIR) fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0, - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), &action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action); if (!fsp) { DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename)); diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c index 5bb8db4e062..504e6a83c00 100644 --- a/source/rpc_server/srv_util.c +++ b/source/rpc_server/srv_util.c @@ -149,11 +149,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui for (i=0;i<num_groups;i++) { - become_root(); - ret = get_group_from_gid(groups[i], &map); - unbecome_root(); - - if ( !ret ) { + if (!get_group_from_gid(groups[i], &map)) { DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i])); continue; } diff --git a/source/rpcclient/cmd_epmapper.c b/source/rpcclient/cmd_epmapper.c deleted file mode 100644 index 4998286194c..00000000000 --- a/source/rpcclient/cmd_epmapper.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "rpcclient.h" - - -static NTSTATUS cmd_epm_map(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - int argc, const char **argv) -{ - EPM_HANDLE handle, entry_handle; - EPM_TOWER *towers; - EPM_FLOOR floors[5]; - uint8 addr[4] = {0,0,0,0}; - uint32 numtowers; - /* need to allow all this stuff to be passed in, but - for now, it demonstrates the call */ - struct uuid if_uuid = {0xe3514235, 0x4b06, 0x11d1, \ - { 0xab, 0x04 }, \ - { 0x00, 0xc0, \ - 0x4f, 0xc2, 0xdc, 0xd2 } }, - syn_uuid = {0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } }; - - NTSTATUS result; - - ZERO_STRUCT(handle); - numtowers = 1; - init_epm_floor_uuid(&floors[0], if_uuid, 4); - init_epm_floor_uuid(&floors[1], syn_uuid, 2); - init_epm_floor_rpc(&floors[2]); - - /* sample for netbios named pipe query - init_epm_floor_np(&floors[3], "\\PIPE\\lsass"); - init_epm_floor_nb(&floors[4], "\\\\psflinux"); - */ - init_epm_floor_tcp(&floors[3], 135); - init_epm_floor_ip(&floors[4], addr); - towers = talloc(mem_ctx, sizeof(EPM_TOWER)); - init_epm_tower(mem_ctx, towers, floors, 5); - - result = cli_epm_map(cli, mem_ctx, &handle, &towers, &entry_handle, &numtowers); - - return result; -} - -struct cmd_set epm_commands[] = { - - { "EPMAPPER" }, - - { "map", RPC_RTYPE_NTSTATUS, cmd_epm_map, NULL, PI_EPM, "map endpoint", "" }, - { NULL } -}; - - diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index 5a646a10460..1b1ea31c96f 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -69,7 +69,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *dom_sid; - struct uuid *dom_guid; + GUID *dom_guid; fstring sid_str; char *domain_name = NULL; char *dns_name = NULL; @@ -128,7 +128,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, if (info_class == 12) { printf("domain GUID is "); - smb_uuid_string_static(*dom_guid); + print_guid(&dom_guid); } done: return result; @@ -445,48 +445,6 @@ static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, return result; } -/* Create a new account */ - -static NTSTATUS cmd_lsa_create_account(struct cli_state *cli, - TALLOC_CTX *mem_ctx, int argc, - const char **argv) -{ - POLICY_HND dom_pol; - POLICY_HND user_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 des_access = 0x000f000f; - - DOM_SID sid; - - if (argc != 2 ) { - printf("Usage: %s SID\n", argv[0]); - return NT_STATUS_OK; - } - - result = name_to_sid(cli, mem_ctx, &sid, argv[1]); - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_lsa_open_policy2(cli, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &dom_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - printf("Account for SID %s successfully created\n\n", argv[1]); - result = NT_STATUS_OK; - - done: - return result; -} - - /* Enumerate the privileges of an SID */ static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli, @@ -750,7 +708,6 @@ struct cmd_set lsarpc_commands[] = { { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, "Enumerate privileges", "" }, { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, "Get the privilege name", "" }, { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" }, - { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, "Create a new lsa account", "" }, { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" }, { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" }, diff --git a/source/rpcclient/cmd_netlogon.c b/source/rpcclient/cmd_netlogon.c index 9e281fefce4..a48b59bf6a3 100644 --- a/source/rpcclient/cmd_netlogon.c +++ b/source/rpcclient/cmd_netlogon.c @@ -45,31 +45,6 @@ static NTSTATUS cmd_netlogon_logon_ctrl2(struct cli_state *cli, return result; } -static NTSTATUS cmd_netlogon_getdcname(struct cli_state *cli, - TALLOC_CTX *mem_ctx, int argc, - const char **argv) -{ - fstring dcname; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - if (argc != 2) { - fprintf(stderr, "Usage: %s domainname\n", argv[0]); - return NT_STATUS_OK; - } - - result = cli_netlogon_getdcname(cli, mem_ctx, argv[1], dcname); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - /* Display results */ - - printf("%s\n", dcname); - - done: - return result; -} - static NTSTATUS cmd_netlogon_logon_ctrl(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) @@ -334,7 +309,6 @@ struct cmd_set netlogon_commands[] = { { "NETLOGON" }, { "logonctrl2", RPC_RTYPE_NTSTATUS, cmd_netlogon_logon_ctrl2, NULL, PI_NETLOGON, "Logon Control 2", "" }, - { "getdcname", RPC_RTYPE_NTSTATUS, cmd_netlogon_getdcname, NULL, PI_NETLOGON, "Get trusted DC name", "" }, { "logonctrl", RPC_RTYPE_NTSTATUS, cmd_netlogon_logon_ctrl, NULL, PI_NETLOGON, "Logon Control", "" }, { "samsync", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync, NULL, PI_NETLOGON, "Sam Synchronisation", "" }, { "samdeltas", RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas, NULL, PI_NETLOGON, "Query Sam Deltas", "" }, diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index 8372b75b4bd..bac11f7435f 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -465,7 +465,6 @@ extern struct cmd_set reg_commands[]; extern struct cmd_set ds_commands[]; extern struct cmd_set echo_commands[]; extern struct cmd_set shutdown_commands[]; -extern struct cmd_set epm_commands[]; static struct cmd_set *rpcclient_command_list[] = { rpcclient_commands, @@ -479,7 +478,6 @@ static struct cmd_set *rpcclient_command_list[] = { reg_commands, echo_commands, shutdown_commands, - epm_commands, NULL }; diff --git a/source/sam/account.c b/source/sam/account.c deleted file mode 100644 index b8336146cda..00000000000 --- a/source/sam/account.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Jeremy Allison 1996-2001 - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - Copyright (C) Gerald (Jerry) Carter 2000-2001 - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_ACCOUNT_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account) -{ - ZERO_STRUCT(account->private); /* Don't touch the talloc context */ - - /* Don't change these timestamp settings without a good reason. - They are important for NT member server compatibility. */ - - /* FIXME: We should actually call get_nt_time_max() or sthng - * here */ - unix_to_nt_time(&(account->private.logoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max()); - account->private.unknown_1 = 0x00ffffff; /* don't know */ - account->private.logon_divs = 168; /* hours per week */ - account->private.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */ - account->private.unknown_2 = 0x00000000; /* don't know */ - account->private.unknown_3 = 0x000004ec; /* don't know */ -} - -static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account) -{ - if (*account) { - data_blob_clear_free(&((*account)->private.lm_pw)); - data_blob_clear_free(&((*account)->private.nt_pw)); - if((*account)->private.plaintext_pw!=NULL) - memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw)); - - talloc_destroy((*account)->mem_ctx); - *account = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE)); - - if (*account==NULL) { - DEBUG(0,("sam_init_account_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*account)->mem_ctx = mem_ctx; - - (*account)->free_fn = NULL; - - sam_fill_default_account(*account); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct sam_passwd. - ************************************************************/ - -NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*account)->free_fn = destroy_sam_talloc; - - return NT_STATUS_OK; -} - -/** - * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure. - * - * Also wipes the LM and NT hashes and plaintext password from - * memory. - * - * @param account SAM_ACCOUNT_HANDLE to free members of. - **/ - -static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account) -{ - - /* Kill off sensitive data. Free()ed by the - talloc mechinism */ - - data_blob_clear_free(&(account->private.lm_pw)); - data_blob_clear_free(&(account->private.nt_pw)); - if (account->private.plaintext_pw) - memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw)); -} - - -/************************************************************ - Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes. - ***********************************************************/ - -NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account) -{ - SMB_ASSERT(account != NULL); - - sam_free_account_contents(account); - - sam_fill_default_account(account); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_ACCOUNT_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - sam_free_account_contents(*account); - - if ((*account)->free_fn) { - (*account)->free_fn(account); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) - acct_str[i] = ' '; - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - **********************************************************/ - -uint16 sam_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return acct_ctrl; -} - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ - -void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) { - int i; - for (i = 0; i < 16; i++) - slprintf(&p[i*2], 3, "%02X", pwd[i]); - } else { - if (acct_ctrl & ACB_PWNOTREQ) - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - else - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ - -BOOL sam_gethexpwd(const char *p, unsigned char *pwd) -{ - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - if (!p) - return (False); - - for (i = 0; i < 32; i += 2) { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - return (False); - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); -} diff --git a/source/sam/group.c b/source/sam/group.c deleted file mode 100644 index 101e3dd7ce1..00000000000 --- a/source/sam/group.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers - - Copyright (C) Stefan (metze) Metzmacher 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_GROUP_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_group(SAM_GROUP_HANDLE *group) -{ - ZERO_STRUCT(group->private); /* Don't touch the talloc context */ - -} - -static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group) -{ - if (*group) { - - talloc_destroy((*group)->mem_ctx); - *group = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE)); - - if (*group==NULL) { - DEBUG(0,("sam_init_group_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*group)->mem_ctx = mem_ctx; - - (*group)->free_fn = NULL; - - sam_fill_default_group(*group); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct SAM_GROUP_HANDLE. - ************************************************************/ - -NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*group)->free_fn = destroy_sam_group_handle_talloc; - - return NT_STATUS_OK; -} - - -/************************************************************ - Reset the SAM_GROUP_HANDLE. - ***********************************************************/ - -NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group) -{ - SMB_ASSERT(group != NULL); - - sam_fill_default_group(group); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_GROUP_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if ((*group)->free_fn) { - (*group)->free_fn(group); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the group control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length) -{ - static fstring group_str; - size_t i = 0; - - group_str[i++] = '['; - - if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L'; - if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G'; - - for ( ; i < length - 2 ; i++ ) - group_str[i] = ' '; - - i = length - 2; - group_str[i++] = ']'; - group_str[i++] = '\0'; - - return group_str; -} - -/********************************************************** - Decode the group control bits from a string. - **********************************************************/ - -uint16 sam_decode_group_ctrl(const char *p) -{ - uint16 group_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ } - case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ } - - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return group_ctrl; -} - diff --git a/source/sam/gums.c b/source/sam/gums.c deleted file mode 100644 index b7191535845..00000000000 --- a/source/sam/gums.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Grops and Users Management System initializations. - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -#define GMV_MAJOR 0 -#define GMV_MINOR 1 - -static GUMS_FUNCTIONS *gums_backend = NULL; - -static struct gums_init_function_entry *backends = NULL; - -static void lazy_initialize_gums(void) -{ - static BOOL initialized = False; - - if (initialized) - return; - - static_init_gums; - initialized = True; -} - -static struct gums_init_function_entry *gums_find_backend_entry(const char *name); - -NTSTATUS gums_register_module(int version, const char *name, gums_init_function init_fn) -{ - struct gums_init_function_entry *entry = backends; - - if (version != GUMS_INTERFACE_VERSION) { - DEBUG(0,("Can't register gums backend!\n" - "You tried to register a gums module with" - "GUMS_INTERFACE_VERSION %d, while this version" - "of samba uses version %d\n", version, - GUMS_INTERFACE_VERSION)); - - return NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - if (!name || !init_fn) { - return NT_STATUS_INVALID_PARAMETER; - } - - DEBUG(5,("Attempting to register gums backend %s\n", name)); - - /* Check for duplicates */ - if (gums_find_backend_entry(name)) { - DEBUG(0,("There already is a gums backend registered" - "with the name %s!\n", name)); - return NT_STATUS_OBJECT_NAME_COLLISION; - } - - entry = smb_xmalloc(sizeof(struct gums_init_function_entry)); - entry->name = smb_xstrdup(name); - entry->init_fn = init_fn; - - DLIST_ADD(backends, entry); - DEBUG(5,("Successfully added gums backend '%s'\n", name)); - return NT_STATUS_OK; -} - -static struct gums_init_function_entry *gums_find_backend_entry(const char *name) -{ - struct gums_init_function_entry *entry = backends; - - while (entry) { - if (strcmp(entry->name, name) == 0) - return entry; - entry = entry->next; - } - - return NULL; -} - -NTSTATUS gums_setup_backend(const char *backend) -{ - - TALLOC_CTX *mem_ctx; - char *module_name = smb_xstrdup(backend); - char *p, *module_data = NULL; - struct gums_init_function_entry *entry; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - lazy_initialize_gums(); - - p = strchr(module_name, ':'); - if (p) { - *p = 0; - module_data = p+1; - trim_string(module_data, " ", " "); - } - - trim_string(module_name, " ", " "); - - DEBUG(5,("Attempting to find a gums backend to match %s (%s)\n", backend, module_name)); - - entry = gums_find_backend_entry(module_name); - - /* Try to find a module that contains this module */ - if (!entry) { - DEBUG(2,("No builtin backend found, trying to load plugin\n")); - if(NT_STATUS_IS_OK(smb_probe_module("gums", module_name)) && !(entry = gums_find_backend_entry(module_name))) { - DEBUG(0,("Plugin is available, but doesn't register gums backend %s\n", module_name)); - SAFE_FREE(module_name); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* No such backend found */ - if(!entry) { - DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name)); - SAFE_FREE(module_name); - return NT_STATUS_INVALID_PARAMETER; - } - - DEBUG(5,("Found gums backend %s\n", module_name)); - - /* free current functions structure if any */ - if (gums_backend) { - gums_backend->free_private_data(gums_backend->private_data); - talloc_destroy(gums_backend->mem_ctx); - gums_backend = NULL; - } - - /* allocate a new GUMS_FUNCTIONS structure and memory context */ - mem_ctx = talloc_init("gums_backend (%s)", module_name); - if (!mem_ctx) - return NT_STATUS_NO_MEMORY; - gums_backend = talloc(mem_ctx, sizeof(GUMS_FUNCTIONS)); - if (!gums_backend) - return NT_STATUS_NO_MEMORY; - gums_backend->mem_ctx = mem_ctx; - - /* init the requested backend module */ - if (NT_STATUS_IS_OK(ret = entry->init_fn(gums_backend, module_data))) { - DEBUG(5,("gums backend %s has a valid init\n", backend)); - } else { - DEBUG(0,("gums backend %s did not correctly init (error was %s)\n", backend, nt_errstr(ret))); - } - SAFE_FREE(module_name); - return ret; -} - -NTSTATUS get_gums_fns(GUMS_FUNCTIONS **fns) -{ - if (gums_backend != NULL) { - *fns = gums_backend; - return NT_STATUS_OK; - } - - DEBUG(2, ("get_gums_fns: unable to get gums functions! backend uninitialized?\n")); - return NT_STATUS_UNSUCCESSFUL; -} diff --git a/source/sam/gums_api.c b/source/sam/gums_api.c deleted file mode 100644 index 5aafa7695f6..00000000000 --- a/source/sam/gums_api.c +++ /dev/null @@ -1,1426 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Functions to get/set info from a GUMS object */ - -NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) -{ - TALLOC_CTX *mem_ctx; - GUMS_OBJECT *go; - NTSTATUS ret; - - mem_ctx = talloc_init("gums_create_object"); - if (!mem_ctx) { - DEBUG(0, ("gums_create_object: Out of memory!\n")); - *obj = NULL; - return NT_STATUS_NO_MEMORY; - } - - go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - if (!go) { - DEBUG(0, ("gums_create_object: Out of memory!\n")); - talloc_destroy(mem_ctx); - *obj = NULL; - return NT_STATUS_NO_MEMORY; - } - - go->mem_ctx = mem_ctx; - go->type = type; - go->version = GUMS_OBJECT_VERSION; - - switch(type) { - case GUMS_OBJ_DOMAIN: - go->domain = (GUMS_DOMAIN *)talloc_zero(mem_ctx, sizeof(GUMS_DOMAIN)); - if (!(go->domain)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - go->user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER)); - if (!(go->user)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - gums_set_user_acct_ctrl(go, ACB_NORMAL); - gums_set_user_hours(go, 0, NULL); - - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - go->group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); - if (!(go->group)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - break; - - default: - /* TODO: throw error */ - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto error; - } - - *obj = go; - return NT_STATUS_OK; - -error: - talloc_destroy(go->mem_ctx); - *obj = NULL; - return ret; -} - -NTSTATUS gums_create_privilege(GUMS_PRIVILEGE **priv) -{ - TALLOC_CTX *mem_ctx; - GUMS_PRIVILEGE *pri; - - mem_ctx = talloc_init("gums_create_privilege"); - if (!mem_ctx) { - DEBUG(0, ("gums_create_privilege: Out of memory!\n")); - *priv = NULL; - return NT_STATUS_NO_MEMORY; - } - - pri = talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE)); - if (!pri) { - DEBUG(0, ("gums_create_privilege: Out of memory!\n")); - talloc_destroy(mem_ctx); - *priv = NULL; - return NT_STATUS_NO_MEMORY; - } - - pri->mem_ctx = mem_ctx; - pri->version = GUMS_PRIVILEGE_VERSION; - - *priv = pri; - return NT_STATUS_OK; -} - -NTSTATUS gums_destroy_object(GUMS_OBJECT **obj) -{ - if (!obj || !(*obj)) - return NT_STATUS_INVALID_PARAMETER; - - if ((*obj)->mem_ctx) - talloc_destroy((*obj)->mem_ctx); - *obj = NULL; - - return NT_STATUS_OK; -} - -NTSTATUS gums_destroy_privilege(GUMS_PRIVILEGE **priv) -{ - if (!priv || !(*priv)) - return NT_STATUS_INVALID_PARAMETER; - - if ((*priv)->mem_ctx) - talloc_destroy((*priv)->mem_ctx); - *priv = NULL; - - return NT_STATUS_OK; -} - -void gums_reset_object(GUMS_OBJECT *go) -{ - go->seq_num = 0; - go->sid = NULL; - go->name = NULL; - go->description = NULL; - - switch(go->type) { - case GUMS_OBJ_DOMAIN: - memset(go->domain, 0, sizeof(GUMS_DOMAIN)); - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - memset(go->user, 0, sizeof(GUMS_USER)); - gums_set_user_acct_ctrl(go, ACB_NORMAL); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - memset(go->group, 0, sizeof(GUMS_GROUP)); - break; - - default: - return; - } -} - -uint32 gums_get_object_type(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->type; -} - -uint32 gums_get_object_seq_num(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->seq_num; -} - -uint32 gums_get_object_version(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->version; -} - -const SEC_DESC *gums_get_sec_desc(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->sec_desc; -} - -const DOM_SID *gums_get_object_sid(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->sid; -} - -const char *gums_get_object_name(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->name; -} - -const char *gums_get_object_description(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->description; -} - -NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 seq_num) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->seq_num = seq_num; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_version(GUMS_OBJECT *obj, uint32 version) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->version = version; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc) -{ - if (!obj || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc); - if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - obj->sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name) -{ - if (!obj || !name) - return NT_STATUS_INVALID_PARAMETER; - - obj->name = (char *)talloc_strdup(obj->mem_ctx, name); - if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description) -{ - if (!obj || !description) - return NT_STATUS_INVALID_PARAMETER; - - obj->description = (char *)talloc_strdup(obj->mem_ctx, description); - if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj) -{ - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; - - *priv_set = obj->priv_set; - return NT_STATUS_OK; -} -*/ - -uint32 gums_get_domain_next_rid(const GUMS_OBJECT *obj) -{ - if (obj->type != GUMS_OBJ_DOMAIN) - return -1; - - return obj->domain->next_rid; -} - -NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->domain->next_rid = rid; - return NT_STATUS_OK; -} - -/* User specific functions */ - -const DOM_SID *gums_get_user_pri_group(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->group_sid; -} - -const DATA_BLOB gums_get_user_nt_pwd(const GUMS_OBJECT *obj) -{ - fstring p; - - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return data_blob(NULL, 0); - - pdb_sethexpwd(p, (unsigned char *)(obj->user->nt_pw.data), 0); - DEBUG(100, ("Reading NT Password=[%s]\n", p)); - - return obj->user->nt_pw; -} - -const DATA_BLOB gums_get_user_lm_pwd(const GUMS_OBJECT *obj) -{ - fstring p; - - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return data_blob(NULL, 0); - - pdb_sethexpwd(p, (unsigned char *)(obj->user->lm_pw.data), 0); - DEBUG(100, ("Reading LM Password=[%s]\n", p)); - - return obj->user->lm_pw; -} - -const char *gums_get_user_fullname(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->full_name; -} - -const char *gums_get_user_homedir(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->home_dir; -} - -const char *gums_get_user_dir_drive(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->dir_drive; -} - -const char *gums_get_user_profile_path(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->profile_path; -} - -const char *gums_get_user_logon_script(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->logon_script; -} - -const char *gums_get_user_workstations(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->workstations; -} - -const char *gums_get_user_unknown_str(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->unknown_str; -} - -const char *gums_get_user_munged_dial(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->munged_dial; -} - -NTTIME gums_get_user_logon_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->logon_time; -} - -NTTIME gums_get_user_logoff_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->logoff_time; -} - -NTTIME gums_get_user_kickoff_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->kickoff_time; -} - -NTTIME gums_get_user_pass_last_set_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_last_set_time; -} - -NTTIME gums_get_user_pass_can_change_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_can_change_time; -} - -NTTIME gums_get_user_pass_must_change_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_must_change_time; -} - -uint16 gums_get_user_acct_ctrl(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->acct_ctrl; -} - -uint16 gums_get_user_logon_divs(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->logon_divs; -} - -uint32 gums_get_user_hours_len(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->hours_len; -} - -const uint8 *gums_get_user_hours(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->hours; -} - -uint32 gums_get_user_unknown_3(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->unknown_3; -} - -uint16 gums_get_user_bad_password_count(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->bad_password_count; -} - -uint16 gums_get_user_logon_count(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->logon_count; -} - -uint32 gums_get_user_unknown_6(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->unknown_6; -} - -NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->group_sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->user->group_sid)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) -{ - fstring p; - unsigned char r[16]; - - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); - - memcpy(r, nt_pwd.data, 16); - pdb_sethexpwd(p, r, 0); - DEBUG(100, ("Setting NT Password=[%s]\n", p)); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) -{ - fstring p; - unsigned char r[16]; - - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); - - memcpy(r, lm_pwd.data, 16); - pdb_sethexpwd(p, r, 0); - DEBUG(100, ("Setting LM Password=[%s]\n", p)); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname) -{ - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname); - if (!(obj->user->full_name)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir) -{ - if (!obj || !homedir) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir); - if (!(obj->user->home_dir)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive) -{ - if (!obj || !dir_drive) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive); - if (!(obj->user->dir_drive)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script) -{ - if (!obj || !logon_script) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script); - if (!(obj->user->logon_script)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path) -{ - if (!obj || !profile_path) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path); - if (!(obj->user->profile_path)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations) -{ - if (!obj || !workstations) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations); - if (!(obj->user->workstations)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str) -{ - if (!obj || !unknown_str) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str); - if (!(obj->user->unknown_str)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial) -{ - if (!obj || !munged_dial) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial); - if (!(obj->user->munged_dial)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_time = logon_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logoff_time = logoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->kickoff_time = kickoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_last_set_time = pass_last_set_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_can_change_time = pass_can_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_must_change_time = pass_must_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_acct_ctrl(GUMS_OBJECT *obj, uint16 acct_ctrl) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->acct_ctrl = acct_ctrl; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_divs = logon_divs; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, uint32 hours_len, const uint8 *hours) -{ - if (!obj || !hours) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->hours_len = hours_len; - if (hours_len == 0) - DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n")); - - obj->user->hours = (uint8 *)talloc(obj->mem_ctx, MAX_HOURS_LEN); - if (!(obj->user->hours)) - return NT_STATUS_NO_MEMORY; - if (hours_len) - memcpy(obj->user->hours, hours, hours_len); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_3 = unknown_3; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_bad_password_count(GUMS_OBJECT *obj, uint16 bad_password_count) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->bad_password_count = bad_password_count; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_count(GUMS_OBJECT *obj, uint16 logon_count) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_count = logon_count; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_6 = unknown_6; - return NT_STATUS_OK; -} - -/* Group specific functions */ - -const DOM_SID *gums_get_group_members(int *count, const GUMS_OBJECT *obj) -{ - if (!count || !obj || !(obj->type == GUMS_OBJ_GROUP || obj->type == GUMS_OBJ_ALIAS)) { - *count = -1; - return NULL; - } - - *count = obj->group->count; - return obj->group->members; -} - -NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members) -{ - uint32 n; - - if (!obj || ((count > 0) && !members)) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->group->count = count; - - if (count) { - obj->group->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID)); - if (!(obj->group->members)) { - return NT_STATUS_NO_MEMORY; - } - - - n = 0; - do { - sid_copy(&(obj->group->members[n]), &(members[n])); - n++; - } while (n < count); - } else { - obj->group->members = 0; - } - - return NT_STATUS_OK; -} - -/* Privilege specific functions */ - -const LUID_ATTR *gums_get_priv_luid_attr(const GUMS_PRIVILEGE *priv) -{ - if (!priv) { - return NULL; - } - - return priv->privilege; -} - -const DOM_SID *gums_get_priv_members(int *count, const GUMS_PRIVILEGE *priv) -{ - if (!count || !priv) { - *count = -1; - return NULL; - } - - *count = priv->count; - return priv->members; -} - -NTSTATUS gums_set_priv_luid_attr(GUMS_PRIVILEGE *priv, LUID_ATTR *luid_attr) -{ - if (!luid_attr || !priv) - return NT_STATUS_INVALID_PARAMETER; - - priv->privilege = (LUID_ATTR *)talloc_memdup(priv->mem_ctx, luid_attr, sizeof(LUID_ATTR)); - if (!(priv->privilege)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_priv_members(GUMS_PRIVILEGE *priv, uint32 count, DOM_SID *members) -{ - uint32 n; - - if (!priv || !members || !members) - return NT_STATUS_INVALID_PARAMETER; - - priv->count = count; - priv->members = (DOM_SID *)talloc(priv->mem_ctx, count * sizeof(DOM_SID)); - if (!(priv->members)) - return NT_STATUS_NO_MEMORY; - - n = 0; - do { - sid_copy(&(priv->members[n]), &(members[n])); - n++; - } while (n < count); - - return NT_STATUS_OK; -} - -/* data_store set functions */ - -NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, DOM_SID *sid, uint32 type) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("commit_set"); - if (mem_ctx == NULL) - return NT_STATUS_NO_MEMORY; - - *com_set = (GUMS_COMMIT_SET *)talloc_zero(mem_ctx, sizeof(GUMS_COMMIT_SET)); - if (*com_set == NULL) { - talloc_destroy(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - - (*com_set)->mem_ctx = mem_ctx; - (*com_set)->type = type; - sid_copy(&((*com_set)->sid), sid); - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_grow_data_set(GUMS_COMMIT_SET *com_set, int size) -{ - GUMS_DATA_SET *data_set; - - com_set->count = com_set->count + size; - if (com_set->count == size) { /* data set is empty*/ - data_set = (GUMS_DATA_SET *)talloc_zero(com_set->mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(com_set->mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data = data_set; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_sec_desc(GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - SEC_DESC *new_sec_desc; - - if (!com_set || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SEC_DESC; - new_sec_desc = dup_sec_desc(com_set->mem_ctx, sec_desc); - if (new_sec_desc == NULL) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_sec_desc; - - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_cs_add_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!com_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_del_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!com_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_privilege_set(GUMS_PRIV_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - PRIVILEGE_SET *new_priv_set; - - if (!com_set || !priv_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = init_priv_set_with_ctx(com_set->mem_ctx, &new_priv_set))) - return ret; - - if (!NT_STATUS_IS_OK(ret = dup_priv_set(new_priv_set, priv_set))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv_set; - - return NT_STATUS_OK; -} -*/ - -NTSTATUS gums_cs_set_string(GUMS_COMMIT_SET *com_set, uint32 type, char *str) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - char *new_str; - - if (!com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_str = talloc_strdup(com_set->mem_ctx, str); - if (new_str == NULL) - return NT_STATUS_NO_MEMORY; - - (char *)(data_set->data) = new_str; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_name(GUMS_COMMIT_SET *com_set, char *name) -{ - return gums_cs_set_string(com_set, GUMS_SET_NAME, name); -} - -NTSTATUS gums_cs_set_description(GUMS_COMMIT_SET *com_set, char *desc) -{ - return gums_cs_set_string(com_set, GUMS_SET_DESCRIPTION, desc); -} - -NTSTATUS gums_cs_set_full_name(GUMS_COMMIT_SET *com_set, char *full_name) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, full_name); -} - -NTSTATUS gums_cs_set_home_directory(GUMS_COMMIT_SET *com_set, char *home_dir) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, home_dir); -} - -NTSTATUS gums_cs_set_drive(GUMS_COMMIT_SET *com_set, char *drive) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, drive); -} - -NTSTATUS gums_cs_set_logon_script(GUMS_COMMIT_SET *com_set, char *logon_script) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, logon_script); -} - -NTSTATUS gums_cs_set_profile_path(GUMS_COMMIT_SET *com_set, char *prof_path) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, prof_path); -} - -NTSTATUS gums_cs_set_workstations(GUMS_COMMIT_SET *com_set, char *wks) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, wks); -} - -NTSTATUS gums_cs_set_unknown_string(GUMS_COMMIT_SET *com_set, char *unkn_str) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, unkn_str); -} - -NTSTATUS gums_cs_set_munged_dial(GUMS_COMMIT_SET *com_set, char *munged_dial) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, munged_dial); -} - -NTSTATUS gums_cs_set_nttime(GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - NTTIME *new_time; - - if (!com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_time = talloc(com_set->mem_ctx, sizeof(NTTIME)); - if (new_time == NULL) - return NT_STATUS_NO_MEMORY; - - new_time->low = nttime->low; - new_time->high = nttime->high; - (char *)(data_set->data) = new_time; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_logon_time(GUMS_COMMIT_SET *com_set, NTTIME *logon_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, logon_time); -} - -NTSTATUS gums_cs_set_logoff_time(GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGOFF_TIME, logoff_time); -} - -NTSTATUS gums_cs_set_kickoff_time(GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); -} - -NTSTATUS gums_cs_set_pass_last_set_time(GUMS_COMMIT_SET *com_set, NTTIME *pls_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pls_time); -} - -NTSTATUS gums_cs_set_pass_can_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pcc_time); -} - -NTSTATUS gums_cs_set_pass_must_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pmc_time); -} - -NTSTATUS gums_cs_add_sids_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_add_users_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(com_set, sids, count); -} - -NTSTATUS gums_cs_add_groups_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(com_set, sids, count); -} - -NTSTATUS gums_cs_del_sids_from_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_ds_set_sids_in_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) -{ - NTSTATUS ret; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) { - DEBUG(0, ("gums_commit_data: unable to get gums functions! backend uninitialized?\n")); - return ret; - } - return fns->set_object_values(&(set->sid), set->count, set->data); -} - -NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set) -{ - talloc_destroy((*com_set)->mem_ctx); - *com_set = NULL; - - return NT_STATUS_OK; -} - diff --git a/source/sam/gums_helper.c b/source/sam/gums_helper.c deleted file mode 100644 index fcb9366cda8..00000000000 --- a/source/sam/gums_helper.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS backends helper functions - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -extern DOM_SID global_sid_World; -extern DOM_SID global_sid_Builtin; -extern DOM_SID global_sid_Builtin_Administrators; -extern DOM_SID global_sid_Builtin_Power_Users; -extern DOM_SID global_sid_Builtin_Account_Operators; -extern DOM_SID global_sid_Builtin_Server_Operators; -extern DOM_SID global_sid_Builtin_Print_Operators; -extern DOM_SID global_sid_Builtin_Backup_Operators; -extern DOM_SID global_sid_Builtin_Replicator; -extern DOM_SID global_sid_Builtin_Users; -extern DOM_SID global_sid_Builtin_Guests; - - -/* defines */ - -#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define NTSTATUS_CHECK(err, label, str1, str2) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s\n", str1, str2)); } } while(0) - -/**************************************************************************** - Check if a user is a mapped group. - - This function will check if the group SID is mapped onto a - system managed gid or onto a winbind manged sid. - In the first case it will be threated like a mapped group - and the backend should take the member list with a getgrgid - and ignore any user that have been possibly set into the group - object. - - In the second case, the group is a fully SAM managed group - served back to the system through winbind. In this case the - members of a Local group are "unrolled" to cope with the fact - that unix cannot contain groups inside groups. - The backend MUST never call any getgr* / getpw* function or - loops with winbind may happen. - ****************************************************************************/ - -#if 0 -NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) -{ - NTSTATUS result; - gid_t id; - - /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ - result = idmap_get_gid_from_sid(&id, sid, False); - if (NT_STATUS_IS_OK(result)) { - *mapped = gid_is_in_winbind_range(id); - } else { - *mapped = False; - } - - return result; -} -#endif - -#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013 -#define ALIAS_DEFAULT_DACL_SA_RIGHTS \ - (READ_CONTROL_ACCESS | \ - SA_RIGHT_ALIAS_LOOKUP_INFO | \ - SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */ - -#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ - - -NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) -{ - DOM_SID *world = &global_sid_World; - DOM_SID *admins = &global_sid_Builtin_Administrators; - SEC_ACCESS sa; - SEC_ACE sacl_ace; - SEC_ACE dacl_aces[2]; - SEC_ACL *sacl = NULL; - SEC_ACL *dacl = NULL; - size_t psize; - - init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS); - init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG); - - sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS); - init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS); - init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - - dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, admins, admins, sacl, dacl, &psize); - if (!(*sec_desc)) { - DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - -NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask) -{ - NTSTATUS result; - SEC_ACE *new_aces; - unsigned num_aces; - int i; - - num_aces = sec_desc->dacl->num_aces + 1; - result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask); - if (NT_STATUS_IS_OK(result)) { - sec_desc->dacl->ace = new_aces; - sec_desc->dacl->num_aces = num_aces; - sec_desc->dacl->size = SEC_ACL_HEADER_SIZE; - for (i = 0; i < num_aces; i++) { - sec_desc->dacl->size += sec_desc->dacl->ace[i].size; - } - } - return result; -} - -NTSTATUS gums_make_domain(DOM_SID *sid, const char *name, const char *description) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) - return ret; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_DOMAIN))) - return ret; - - ret = gums_set_object_sid(go, sid); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - - ret = gums_set_object_name(go, name); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - - if (description) { - ret = gums_set_object_description(go, description); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); - } - - /* make security descriptor * / - ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); - NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); - */ - - ret = fns->set_object(go); - - gums_destroy_object(&go); - return ret; -} - -NTSTATUS gums_make_alias(DOM_SID *sid, const char *name, const char *description) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) - return ret; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_ALIAS))) - return ret; - - ret = gums_set_object_sid(go, sid); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - - ret = gums_set_object_name(go, name); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - - if (description) { - ret = gums_set_object_description(go, description); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); - } - - /* make security descriptor * / - ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); - NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); - */ - - ret = fns->set_object(go); - - gums_destroy_object(&go); - return ret; -} - -NTSTATUS gums_init_domain(DOM_SID *sid, const char *name, const char * description) -{ - NTSTATUS ret; - - /* Add the weelknown Builtin Domain */ - if (!NT_STATUS_IS_OK(ret = gums_make_domain( - sid, - name, - description - ))) { - return ret; - } - - /* Add default users and groups */ - /* Administrator - Guest - Domain Administrators - Domain Users - Domain Guests - */ - - return ret; -} - -NTSTATUS gums_init_builtin_domain(void) -{ - NTSTATUS ret; - - generate_wellknown_sids(); - - /* Add the weelknown Builtin Domain */ - if (!NT_STATUS_IS_OK(ret = gums_make_domain( - &global_sid_Builtin, - "BUILTIN", - "Builtin Domain" - ))) { - return ret; - } - - /* Add the well known Builtin Local Groups */ - - /* Administrators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Administrators, - "Administrators", - "Members can fully administer the computer/domain" - ))) { - return ret; - } - /* Administrator privilege set */ - /* From BDC join trace: - SeSecurityPrivilege, SeBackupPrivilege, SeRestorePrivilege, - SeSystemtimePrivilege, SeShutdownPrivilege, - SeRemoteShutdownPrivilege, SeTakeOwnershipPrivilege, - SeDebugPrivilege, SeSystemEnvironmentPrivilege, - SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, - SeIncreaseBasePriorityPrivilege, SeLocalDriverPrivilege, - SeCreatePagefilePrivilege, SeIncreaseQuotaPrivilege - */ - - /* Power Users */ - /* Domain Controllers Does NOT have Power Users (?) */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Power_Users, - "Power Users", - "Power Users" - ))) { - return ret; - } - - /* Power Users privilege set */ - /* (?) */ - - /* Account Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Account_Operators, - "Account Operators", - "Members can administer domain user and group accounts" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* Server Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Server_Operators, - "Server Operators", - "Members can administer domain servers" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeSystemtimePrivilege, - SeShutdownPrivilege, SeRemoteShutdownPrivilege - */ - - /* Print Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Print_Operators, - "Print Operators", - "Members can administer domain printers" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* Backup Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Backup_Operators, - "Backup Operators", - "Members can bypass file security to backup files" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege - */ - - /* Replicator */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Replicator, - "Replicator", - "Supports file replication in a domain" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege - */ - - /* Users */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Users, - "Users", - "Ordinary users" - ))) { - return ret; - } - - /* Users specific ACEs * / - sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); - sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); - */ - - /* Guests */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Guests, - "Guests", - "Users granted guest access to the computer/domain" - ))) { - return ret; - } - - return ret; -} - diff --git a/source/sam/gums_tdbsam2.c b/source/sam/gums_tdbsam2.c deleted file mode 100644 index 7fb9a1a997f..00000000000 --- a/source/sam/gums_tdbsam2.c +++ /dev/null @@ -1,1220 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * tdbsam2 - sam backend - * Copyright (C) Simo Sorce 2002-2003 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" -#include "tdbsam2_parse_info.h" - -#if 0 -static int gums_tdbsam2_debug_class = DBGC_ALL; -#endif -/* -#undef DBGC_CLASS -#define DBGC_CLASS gums_tdbsam2_debug_class -*/ - -#define TDBSAM_VERSION 20021215 -#define TDB_FILE_NAME "tdbsam2.tdb" -#define NAMEPREFIX "NAME_" -#define SIDPREFIX "SID_" -#define PRIVILEGEPREFIX "PRIV_" - -#define TDB_BASIC_OBJ_STRING "ddd" -#define TDB_FORMAT_STRING "dddB" -#define TDB_PRIV_FORMAT_STRING "ddB" - -#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - - - -struct tdbsam2_enum_objs { - uint32 type; - DOM_SID *dom_sid; - TDB_CONTEXT *db; - TDB_DATA key; - struct tdbsam2_enum_objs *next; -}; - -struct tdbsam2_private_data { - - const char *storage; - struct tdbsam2_enum_objs *teo_handlers; -}; - -static struct tdbsam2_private_data *ts2_privs; - -static NTSTATUS init_object_from_buffer(GUMS_OBJECT **go, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx; - int iret; - char *obj_data = NULL; - int data_size = 0; - int version, type, seqnum; - int len; - - mem_ctx = talloc_init("init_object_from_buffer"); - if (!mem_ctx) { - DEBUG(0, ("init_object_from_buffer: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - len = tdb_unpack (buffer, size, TDB_FORMAT_STRING, - &version, - &type, - &seqnum, - &data_size, &obj_data); - - if (len == -1 || data_size <= 0) - goto done; - - /* version is checked inside this function so that backward - compatibility code can be called eventually. - This way we can easily handle database format upgrades */ - if (version != TDBSAM_VERSION) { - DEBUG(3,("init_object_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - *go = (GUMS_OBJECT *)talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - TALLOC_CHECK(*go, ret, done); - - switch (type) { - - case GUMS_OBJ_DOMAIN: - iret = gen_parse(mem_ctx, pinfo_gums_domain, (char *)(*go), obj_data); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - iret = gen_parse(mem_ctx, pinfo_gums_group, (char *)(*go), obj_data); - break; - - case GUMS_OBJ_NORMAL_USER: - iret = gen_parse(mem_ctx, pinfo_gums_user, (char *)(*go), obj_data); - break; - - default: - DEBUG(3,("init_object_from_buffer: Error, wrong object type number!\n")); - goto done; - } - - if (iret != 0) { - DEBUG(0, ("init_object_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0, ("init_object_from_buffer: DB Corrupt ?")); - goto done; - } - - (*go)->mem_ctx = mem_ctx; - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_privilege_from_buffer(GUMS_PRIVILEGE **priv, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx; - int iret; - char *obj_data = NULL; - int data_size = 0; - int version, seqnum; - int len; - - mem_ctx = talloc_init("init_privilege_from_buffer"); - if (!mem_ctx) { - DEBUG(0, ("init_privilege_from_buffer: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - len = tdb_unpack (buffer, size, TDB_PRIV_FORMAT_STRING, - &version, - &seqnum, - &data_size, &obj_data); - - if (len == -1 || data_size <= 0) - goto done; - - /* version is checked inside this function so that backward - compatibility code can be called eventually. - This way we can easily handle database format upgrades */ - if (version != TDBSAM_VERSION) { - DEBUG(3,("init_privilege_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - *priv = (GUMS_PRIVILEGE *)talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE)); - TALLOC_CHECK(*priv, ret, done); - - iret = gen_parse(mem_ctx, pinfo_gums_privilege, (char *)(*priv), obj_data); - - if (iret != 0) { - DEBUG(0, ("init_privilege_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0, ("init_privilege_from_buffer: DB Corrupt ?")); - goto done; - } - - (*priv)->mem_ctx = mem_ctx; - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_buffer_from_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_OBJECT *object) -{ - - NTSTATUS ret; - char *genbuf = NULL; - size_t buflen; - - if (!buffer) - return NT_STATUS_INVALID_PARAMETER; - - switch (gums_get_object_type(object)) { - - case GUMS_OBJ_DOMAIN: - genbuf = gen_dump(mem_ctx, pinfo_gums_domain, (char *)object, 0); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - genbuf = gen_dump(mem_ctx, pinfo_gums_group, (char *)object, 0); - break; - - case GUMS_OBJ_NORMAL_USER: - genbuf = gen_dump(mem_ctx, pinfo_gums_user, (char *)object, 0); - break; - - default: - DEBUG(3,("init_buffer_from_object: Error, wrong object type number!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (genbuf == NULL) { - DEBUG(0, ("init_buffer_from_object: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - object->seq_num, - strlen(genbuf) + 1, genbuf); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - object->seq_num, - strlen(genbuf) + 1, genbuf); - - if (*len != buflen) { - DEBUG(0, ("init_buffer_from_object: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS init_buffer_from_privilege(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_PRIVILEGE *priv) -{ - - NTSTATUS ret; - char *genbuf = NULL; - size_t buflen; - - if (!buffer || !len || !mem_ctx || !priv) - return NT_STATUS_INVALID_PARAMETER; - - genbuf = gen_dump(mem_ctx, pinfo_gums_privilege, (char *)priv, 0); - - if (genbuf == NULL) { - DEBUG(0, ("init_buffer_from_privilege: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_PRIV_FORMAT_STRING, - TDBSAM_VERSION, - priv->seq_num, - strlen(genbuf) + 1, genbuf); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_PRIV_FORMAT_STRING, - TDBSAM_VERSION, - priv->seq_num, - strlen(genbuf) + 1, genbuf); - - if (*len != buflen) { - DEBUG(0, ("init_buffer_from_privilege: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS opentdb(TDB_CONTEXT **tdb, BOOL readonly) -{ - if (!tdb) - return NT_STATUS_INVALID_PARAMETER; - - *tdb = tdb_open_log(ts2_privs->storage, 0, TDB_DEFAULT, readonly?(O_RDONLY):(O_RDWR | O_CREAT), 0600); - if (!(*tdb)) - { - DEBUG(0, ("opentdb: Unable to open database (%s)!\n", ts2_privs->storage)); - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -static NTSTATUS get_object_by_sid(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const DOM_SID *sid) -{ - NTSTATUS ret; - TDB_DATA data, key; - fstring keystr; - - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_sid: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - if (!NT_STATUS_IS_OK(init_object_from_buffer(obj, data.dptr, data.dsize))) { - DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; - -done: - SAFE_FREE(data.dptr); - return ret; -} - -static NTSTATUS make_full_object_name(TDB_CONTEXT *tdb, fstring objname, GUMS_OBJECT *object) -{ - NTSTATUS ret; - - objname[0] = '\0'; - - if (gums_get_object_type(object) == GUMS_OBJ_DOMAIN) { - - fstrcpy(objname, gums_get_object_name(object)); - - } else { - GUMS_OBJECT *domain_object; - DOM_SID domain_sid; - uint32 *discard_rid; - - sid_copy(&domain_sid, gums_get_object_sid(object)); - sid_split_rid(&domain_sid, discard_rid); - - if (!NT_STATUS_IS_OK(get_object_by_sid(tdb, - &domain_object, - &domain_sid))) { - - DEBUG(3, ("Object's domain not found!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - fstrcpy(objname, gums_get_object_name(domain_object)); - fstrcat(objname, "\\"); - fstrcat(objname, gums_get_object_name(object)); - } - - ret = NT_STATUS_OK; - -done: - return ret; -} - -/* name should be in DOMAIN\NAME format */ -static NTSTATUS get_object_by_name(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const char *fullname) -{ - - NTSTATUS ret = NT_STATUS_OK; - TDB_DATA data, key; - fstring keystr; - fstring objname; - DOM_SID sid; - fstring sidstr; - int sidstr_len; - - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - /* Data is stored in all lower-case */ - fstrcpy(objname, fullname); - strlower_m(objname); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_name: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - fstrcpy(sidstr, data.dptr); - sidstr_len = data.dsize; - - SAFE_FREE(data.dptr); - - if (sidstr_len <= 0) { - DEBUG(5, ("get_object_by_name: Error unpacking database object!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!string_to_sid(&sid, sidstr)) { - DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -done: - if (NT_STATUS_IS_OK(ret)) - return get_object_by_sid(tdb, obj, &sid); - return ret; -} - -/* Get object's sequence number */ - -static NTSTATUS get_object_seq_num(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int *seq_num) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_DATA data, key; - fstring keystr; - fstring sidstr; - int version, type, seqnum; - - if (!object || !seq_num) - return NT_STATUS_INVALID_PARAMETER; - - fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object))); - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_seq_num: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - if (tdb_unpack (data.dptr, data.dsize, TDB_BASIC_OBJ_STRING, &version, &type, &seqnum) == -1) - goto done; - - *seq_num = seqnum; - ret = NT_STATUS_OK; - -done: - SAFE_FREE(data.dptr); - return ret; -} - -/* store a gums object - * flag: TDB_REPLACE or TDB_MODIFY or TDB_INSERT - */ - -static NTSTATUS store_object(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int flag) -{ - NTSTATUS ret = NT_STATUS_OK; - TDB_DATA data, data2, key, key2; - TALLOC_CTX *mem_ctx; - fstring keystr; - fstring sidstr; - fstring namestr; - fstring objname; - int r; - - /* TODO: on object renaming/replacing this function should - * check name->sid record and delete the old one - */ - - mem_ctx = talloc_init("store_object"); - if (!mem_ctx) { - DEBUG(0, ("store_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - make_full_object_name(tdb, objname, object); - - /* Data is stored in all lower-case */ - strlower_m(objname); - - if (flag == TDB_MODIFY) { - if (!NT_STATUS_IS_OK(ret = get_object_seq_num(tdb, object, &(object->seq_num)))) - goto done; - object->seq_num += 1; - } - - if (!NT_STATUS_IS_OK(ret = init_buffer_from_object(&(data.dptr), &(data.dsize), mem_ctx, object))) - goto done; - - fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object))); - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sidstr); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, objname); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if ((r = tdb_store(tdb, key, data, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify TDBSAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb))); - DEBUGADD(0, (" occured while storing sid record (%s)\n", keystr)); - if (r == TDB_ERR_EXISTS) - ret = NT_STATUS_UNSUCCESSFUL; - else - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - data2.dptr = sidstr; - data2.dsize = strlen(sidstr) + 1; - key2.dptr = namestr; - key2.dsize = strlen(namestr) + 1; - - if ((r = tdb_store(tdb, key2, data2, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify TDBSAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb))); - DEBUGADD(0, (" occured while storing name record (%s)\n", keystr)); - DEBUGADD(0, (" attempting rollback operation.\n")); - if ((tdb_delete(tdb, key)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to rollback! Check database consitency!\n")); - } - if (r == TDB_ERR_EXISTS) - ret = NT_STATUS_UNSUCCESSFUL; - else - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - -/* TODO: update the general database counter */ -/* TODO: update this entry counter too */ - -done: - talloc_destroy(mem_ctx); - return ret; -} - -/* GUMM object functions */ - -static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name) -{ - - NTSTATUS ret; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - fstring domname; - - if (!sid || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - /* Data is stored in all lower-case */ - fstrcpy(domname, name); - strlower_m(domname); - - if (!NT_STATUS_IS_OK(ret = get_object_by_name(tdb, &go, domname))) { - go = NULL; - DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); - goto done; - } - - if (gums_get_object_type(go) != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto done; - } - - sid_copy(sid, gums_get_object_sid(go)); - - ret = NT_STATUS_OK; - -done: - if (go) - gums_destroy_object(&go); - tdb_close(tdb); - return ret; -} - -static NTSTATUS get_next_sid(TDB_CONTEXT *tdb, DOM_SID *sid) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - DOM_SID dom_sid; - TDB_DATA dom_sid_key; - fstring dom_sid_str; - uint32 new_rid; - - /* Find the domain SID */ - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) { - DEBUG(0, ("get_next_sid: cannot found the domain sid!!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Lock the domain record */ - sid_to_string(dom_sid_str, &dom_sid); - dom_sid_key.dptr = dom_sid_str; - dom_sid_key.dsize = strlen(dom_sid_key.dptr) + 1; - - if(tdb_chainlock(tdb, dom_sid_key) != 0) { - DEBUG(0, ("get_next_sid: unable to lock domain record!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Get the domain object */ - ret = get_object_by_sid(tdb, &go, &dom_sid); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("get_next_sid: unable to get root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - new_rid = gums_get_domain_next_rid(go); - - /* Increment the RID Counter */ - gums_set_domain_next_rid(go, new_rid+1); - - /* Store back Domain object */ - ret = store_object(tdb, go, TDB_MODIFY); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("get_next_sid: unable to update root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - /* Build the Domain SID to return */ - sid_copy(sid, &dom_sid); - - if (!sid_append_rid(sid, new_rid)) { - DEBUG(0, ("get_next_sid: unable to build new SID !?!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* Unlock the Domain object */ - tdb_chainunlock(tdb, dom_sid_key); - - return ret; -} - -/* TODO */ - NTSTATUS (*get_sequence_number) (void); - - -extern DOM_SID global_sid_NULL; - -static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type) -{ - - NTSTATUS ret = NT_STATUS_OK; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - NTTIME null_time; - DATA_BLOB pw; - const char *defpw = "NOPASSWORDXXXXXX"; - uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}; - - if (!name) { - DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, obj_type))) { - go = NULL; - goto done; - } - - if (obj_type == GUMS_OBJ_DOMAIN) { - sid_copy(sid, get_global_sam_sid()); - } else { - if (!NT_STATUS_IS_OK(ret = get_next_sid(tdb, sid))) - goto done; - } - - gums_set_object_sid(go, sid); - gums_set_object_name(go, name); - gums_set_object_seq_num(go, 1); - - /*obj.domain->sec_desc*/ - - switch (obj_type) { - case GUMS_OBJ_NORMAL_USER: - - init_nt_time(&null_time); - - gums_set_user_logon_time(go, null_time); - gums_set_user_logoff_time(go, null_time); - gums_set_user_kickoff_time(go, null_time); - gums_set_user_pass_last_set_time(go, null_time); - gums_set_user_pass_can_change_time(go, null_time); - gums_set_user_pass_must_change_time(go, null_time); - - pw = data_blob(defpw, NT_HASH_LEN); - gums_set_user_nt_pwd(go, pw); - gums_set_user_lm_pwd(go, pw); - data_blob_free(&pw); - - gums_set_user_logon_divs(go, 168); - gums_set_user_hours(go, 21, defhours); - - gums_set_user_bad_password_count(go, 0); - gums_set_user_logon_count(go, 0); - gums_set_user_unknown_6(go, 0x000004ec); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - - break; - - case GUMS_OBJ_DOMAIN: - - gums_set_domain_next_rid(go, 0x3e9); - - break; - - default: - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto done; - } - - ret = store_object(tdb, go, TDB_INSERT); - -done: - if (go) - gums_destroy_object(&go); - tdb_close(tdb); - return ret; -} - -/* TODO: handle privileges objects */ - -static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) -{ - /* TODO: need to address privilege deletion */ - NTSTATUS ret = NT_STATUS_OK; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - TDB_DATA data, key; - fstring keystr; - - if (!sid) { - DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (tdb_delete(tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!NT_STATUS_IS_OK(init_object_from_buffer(&go, data.dptr, data.dsize))) { - DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, gums_get_object_name(go)); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if (tdb_delete(tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -/* TODO: update the general database counter */ - -done: - gums_destroy_object(&go); - SAFE_FREE(data.dptr); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - - if (!object || !sid) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - ret = get_object_by_sid(tdb, object, sid); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: %s\n", nt_errstr(ret))); - goto error; - } - if (obj_type && gums_get_object_type(*object) != obj_type) { - DEBUG(0, ("tdbsam2_get_object_from_sid: the object is not of the rerquested type!\n")); - goto error; - } - - tdb_close(tdb); - return NT_STATUS_OK; - -error: - gums_destroy_object(object); - tdb_close(tdb); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - fstring objname; - - if (!object || !name) { - DEBUG(0, ("tdbsam2_get_object_from_name: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - if (obj_type == GUMS_OBJ_DOMAIN) { - fstrcpy(objname, name); - } else { - if (!domain) { - domain = global_myname(); - } - fstrcpy(objname, domain); - fstrcat(objname, "\\"); - fstrcat(objname, name); - } - - *object = NULL; - ret = get_object_by_name(tdb, object, name); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_name: %s\n", nt_errstr(ret))); - goto error; - } - if (obj_type && gums_get_object_type(*object) != obj_type) { - DEBUG(0, ("tdbsam2_get_object_from_name: the object is not of the rerquested type!\n")); - goto error; - } - - tdb_close(tdb); - return NT_STATUS_OK; - -error: - gums_destroy_object(object); - tdb_close(tdb); - return ret; -} - - /* This function is used to get the list of all objects changed since base_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - -static NTSTATUS tdbsam2_enumerate_objects_start(void **handle, const DOM_SID *sid, const int obj_type) -{ - struct tdbsam2_enum_objs *teo, *t; - - teo = (struct tdbsam2_enum_objs *)malloc(sizeof(struct tdbsam2_enum_objs)); - if (!teo) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - memset(teo, 0, sizeof(struct tdbsam2_enum_objs)); - - teo->type = obj_type; - if (sid) { - teo->dom_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - if (!teo->dom_sid) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - sid_copy(teo->dom_sid, sid); - } - - if (!NT_STATUS_IS_OK(opentdb(&(teo->db), True))) - { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", ts2_privs->storage)); - SAFE_FREE(teo); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!ts2_privs->teo_handlers) { - ts2_privs->teo_handlers = teo; - } else { - t = ts2_privs->teo_handlers; - while (t->next) { - t = t->next; - } - t->next = teo; - } - - *handle = teo; - - teo->key = tdb_firstkey(teo->db); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle) -{ - NTSTATUS ret; - TDB_DATA data; - struct tdbsam2_enum_objs *teo; - const char *prefix = SIDPREFIX; - const int preflen = strlen(prefix); - fstring dom_sid_str; - int dom_sid_str_len = 0; - - if (!object || !handle) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - teo = (struct tdbsam2_enum_objs *)handle; - - if (teo->dom_sid) { - sid_to_string(dom_sid_str, teo->dom_sid); - dom_sid_str_len = strlen(dom_sid_str); - } - - while ((teo->key.dptr != NULL)) { - int len, version, type, size, seqnum; - char *ptr; - - if (strncmp(teo->key.dptr, prefix, preflen)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - if (dom_sid_str_len != 0) { - if (strncmp(&(teo->key.dptr[preflen]), dom_sid_str, dom_sid_str_len)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - } - - data = tdb_fetch(teo->db, teo->key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db))); - DEBUGADD(5, (" Key: %s\n", teo->key.dptr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING, - &version, - &type, - &seqnum, - &size, &ptr); - - if (len == -1) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(ptr); - - if (teo->type && type != teo->type) { - SAFE_FREE(data.dptr); - data.dsize = 0; - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - break; - } - - if (teo->key.dptr == NULL) { /* no more objs */ - ret = NT_STATUS_NO_MORE_ENTRIES; - goto done; - } - - if (!NT_STATUS_IS_OK(ret = init_object_from_buffer(object, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(data.dptr); - - /* prepare next run */ - teo->key = tdb_nextkey(teo->db, teo->key); - -done: - return ret; -} - -static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle) -{ - struct tdbsam2_enum_objs *teo, *t, *p; - - teo = (struct tdbsam2_enum_objs *)handle; - - if (ts2_privs->teo_handlers == teo) { - ts2_privs->teo_handlers = teo->next; - } else { - t = ts2_privs->teo_handlers; - while (t != teo) { - p = t; - t = t->next; - if (t == NULL) { - DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - } - p = t->next; - } - - tdb_close(teo->db); - SAFE_FREE(teo->dom_sid); - SAFE_FREE(teo); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_set_object(GUMS_OBJECT *go) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - - if (!go) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - ret = store_object(tdb, go, TDB_REPLACE); - - tdb_close(tdb); - return ret; -} - -#if 0 - /* set object values function */ -static NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ -static NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); -static NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - -static NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - -static NTSTATUS (*lock_sid) (const DOM_SID *sid); -static NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - -static NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name); -static NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members); -static NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members); -static NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members); -static NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs); - - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ -static NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); -#endif - -static void free_tdbsam2_private_data(void **vp) -{ - struct tdbsam2_private_data **tdb_privs = (struct tdbsam2_private_data **)vp; - while (ts2_privs->teo_handlers) - tdbsam2_enumerate_objects_stop(ts2_privs->teo_handlers); - *tdb_privs = NULL; - /* No need to free any further, as it is talloc()ed */ -} - -static NTSTATUS init_tdbsam2(GUMS_FUNCTIONS *fns, const char *storage) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - DOM_SID dom_sid; - - fns->name = talloc_strdup(fns->mem_ctx, "tdbsam2"); - - fns->get_domain_sid = tdbsam2_get_domain_sid; - /* fns->get_sequence_number = tdbsam2_get_sequence_number; */ - fns->new_object = tdbsam2_new_object; - fns->delete_object = tdbsam2_delete_object; - fns->get_object_from_sid = tdbsam2_get_object_from_sid; - fns->get_object_from_name = tdbsam2_get_object_from_name; - /* fns->get_updated_objects = tdbsam2_get_updated_objects; */ - fns->enumerate_objects_start = tdbsam2_enumerate_objects_start; - fns->enumerate_objects_get_next = tdbsam2_enumerate_objects_get_next; - fns->enumerate_objects_stop = tdbsam2_enumerate_objects_stop; - fns->set_object = tdbsam2_set_object; - /* fns->set_object_values = tdbsam2_set_object_values; - fns->add_members_to_group = tdbsam2_add_members_to_group; - fns->delete_members_from_group = tdbsam2_delete_members_from_group; - fns->enumerate_group_members = tdbsam2_enumerate_group_members; - fns->get_sid_groups = tdbsam2_get_sid_groups; - fns->lock_sid = tdbsam2_lock_sid; - fns->unlock_sid = tdbsam2_unlock_sid; - fns->get_privilege = tdbsam2_get_privilege; - fns->add_members_to_privilege = tdbsam2_add_members_to_privilege; - fns->delete_members_from_privilege = tdbsam2_delete_members_from_privilege; - fns->enumerate_privilege_members = tdbsam2_enumerate_privilege_members; - fns->get_sid_privileges = tdbsam2_get_sid_privileges; - fns->set_privilege = tdbsam2_set_privilege; */ - - ts2_privs = talloc_zero(fns->mem_ctx, sizeof(struct tdbsam2_private_data)); - if (!ts2_privs) { - DEBUG(0, ("talloc() failed for tdbsam2 private_data!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (storage) { - ts2_privs->storage = talloc_strdup(fns->mem_ctx, storage); - } else { - pstring tdbfile; - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, TDB_FILE_NAME); - ts2_privs->storage = talloc_strdup(fns->mem_ctx, tdbfile); - } - - /* check tdb exist (or create it) */ - - /* Find the domain SID */ - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) { - /* db file does not exist or it is not inited */ - /* make the tdb file */ - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - tdb_close(tdb); - - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, "BUILTIN"))) { - gums_init_builtin_domain(); - } - - gums_init_domain(get_global_sam_sid(), global_myname(), "The Domain"); - } - - fns->private_data = &ts2_privs; - fns->free_private_data = free_tdbsam2_private_data; - - return NT_STATUS_OK; -} - -NTSTATUS gums_tdbsam2_init(void) -{ - /* - if ((gums_tdbsam2_debug_class = debug_add_class("gums_tdbsam2")) == -1) { - DEBUG(0, ("gums_tdbsam2: unable to register my own debug class! going on ...\n")); - gums_tdbsam2_debug_class = DBGC_ALL; - } - */ - return gums_register_module(GUMS_INTERFACE_VERSION, "tdbsam2", init_tdbsam2); -} diff --git a/source/sam/interface.c b/source/sam/interface.c deleted file mode 100644 index 51ae561999c..00000000000 --- a/source/sam/interface.c +++ /dev/null @@ -1,1338 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Kai Krüger 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -extern DOM_SID global_sid_Builtin; - -/** List of various built-in sam modules */ - -const struct sam_init_function_entry builtin_sam_init_functions[] = { - { "plugin", sam_init_plugin }, -#ifdef HAVE_LDAP - { "ads", sam_init_ads }, -#endif - { "skel", sam_init_skel }, - { NULL, NULL} -}; - - -static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (sid_equal(domainsid, &(tmp_methods->domain_sid))) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid))); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (strequal(domainname, tmp_methods->domain_name)) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname)); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods) -{ - *methods = talloc(mem_ctx, sizeof(SAM_METHODS)); - - if (!*methods) { - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*methods); - - return NT_STATUS_OK; -} - -/****************************************************************** - Free and cleanup a sam context, any associated data and anything - that the attached modules might have associated. - *******************************************************************/ - -void free_sam_context(SAM_CONTEXT **context) -{ - SAM_METHODS *sam_selected = (*context)->methods; - - while (sam_selected) { - if (sam_selected->free_private_data) { - sam_selected->free_private_data(&(sam_selected->private_data)); - } - sam_selected = sam_selected->next; - } - - talloc_destroy((*context)->mem_ctx); - *context = NULL; -} - -/****************************************************************** - Make a backend_entry from scratch - *******************************************************************/ - -static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string) -{ - char *tmp = NULL; - char *tmp_string = sam_backend_string; - - DEBUG(5,("make_backend_entry: %d\n", __LINE__)); - - SAM_ASSERT(sam_backend_string && backend_entry); - - backend_entry->module_name = sam_backend_string; - - DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name)); - - if ((tmp = strrchr(tmp_string, '|')) != NULL) { - DEBUGADD(20,("a domain name has been specified\n")); - *tmp = 0; - backend_entry->domain_name = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if ((tmp = strchr(tmp_string, ':')) != NULL) { - DEBUG(20,("options for the backend have been specified\n")); - *tmp = 0; - backend_entry->module_params = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if (backend_entry->domain_name == NULL) { - DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n", - backend_entry->module_name, lp_workgroup())); - backend_entry->domain_name = smb_xstrdup(lp_workgroup()); - } - - if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) { - DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n")); - return NT_STATUS_NO_MEMORY; - } - - DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name)); - - if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) { - DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n", - backend_entry->domain_name)); - DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__)); - ZERO_STRUCTP(backend_entry->domain_sid); - } - - DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n", - backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid))); - - return NT_STATUS_OK; -} - -/****************************************************************** - create sam_methods struct based on sam_backend_entry - *****************************************************************/ - -static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SAM_METHODS *methods; - int i; - - DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__)); - - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) { - return nt_status; - } - - methods = *methods_ptr; - methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name); - methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name); - sid_copy(&methods->domain_sid, backend_entry->domain_sid); - methods->parent = context; - - DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name)); - for (i = 0; builtin_sam_init_functions[i].module_name; i++) - { - if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name)) - { - DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i)); - DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid))); - nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params); - if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name)); - } else { - DEBUG(2,("sam backend %s did not correctly init (error was %s)\n", - backend_entry->module_name, nt_errstr(nt_status))); - } - return nt_status; - } - } - - DEBUG(2,("could not find backend %s\n", backend_entry->module_name)); - - return NT_STATUS_INVALID_PARAMETER; -} - -static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context) -{ - SAM_BACKEND_ENTRY entry; - DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */ - SAM_METHODS *methods, *tmpmethods; - NTSTATUS ntstatus; - - DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__)); - - /* Make sure domain lp_workgroup() is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n", - lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND)); - - SAM_ASSERT(global_sam_sid); - - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = lp_workgroup(); - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, global_sam_sid); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup())); - return ntstatus; - } - - /* Make sure the BUILTIN domain is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n", - SAM_DEFAULT_BACKEND)); - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = "BUILTIN"; - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, &global_sid_Builtin); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n")); - return ntstatus; - } - - return NT_STATUS_OK; -} - -static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends) -{ - int i, j; - - DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__)); - - for (i = 0; i < *nBackends; i++) { - for (j = i + 1; j < *nBackends; j++) { - if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) { - DEBUG(0,("two backend modules claim the same domain %s\n", - sid_string_static((*backend_entries)[j].domain_sid))); - return NT_STATUS_INVALID_PARAMETER; - } - } - } - - return NT_STATUS_OK; -} - -NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param) -{ - int i = 0, j = 0; - SAM_METHODS *curmethods, *tmpmethods; - int nBackends = 0; - SAM_BACKEND_ENTRY *backends = NULL; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__)); - - if (!sam_backends_param) { - DEBUG(1, ("no SAM backeds specified!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) { - DEBUG(4,("make_sam_context failed\n")); - return nt_status; - } - - while (sam_backends_param[nBackends]) - nBackends++; - - DEBUG(6,("There are %d domains listed with their backends\n", nBackends)); - - if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) { - DEBUG(0,("make_sam_context_list: failed to allocate backends\n")); - return NT_STATUS_NO_MEMORY; - } - - memset(backends, '\0', sizeof(*backends)*nBackends); - - for (i = 0; i < nBackends; i++) { - DEBUG(8,("processing %s\n",sam_backends_param[i])); - if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) { - DEBUG(4,("make_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - } - - if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) { - DEBUG(4,("check_duplicate_backend_entries failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - - for (i = 0; i < nBackends; i++) { - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - DLIST_ADD_END((*context)->methods, curmethods, tmpmethods); - } - - for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid); - - SAFE_FREE(backends); - return NT_STATUS_OK; -} - -/****************************************************************** - Make a sam_context from scratch. - *******************************************************************/ - -NTSTATUS make_sam_context(SAM_CONTEXT **context) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("sam_context internal allocation context"); - - if (!mem_ctx) { - DEBUG(0, ("make_sam_context: talloc init failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - *context = talloc(mem_ctx, sizeof(**context)); - if (!*context) { - DEBUG(0, ("make_sam_context: talloc failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*context); - - (*context)->mem_ctx = mem_ctx; - - (*context)->free_fn = free_sam_context; - - return NT_STATUS_OK; -} - -/****************************************************************** - Return an already initialised sam_context, to facilitate backward - compatibility (see functions below). - *******************************************************************/ - -static struct sam_context *sam_get_static_context(BOOL reload) -{ - static SAM_CONTEXT *sam_context = NULL; - - if ((sam_context) && (reload)) { - sam_context->free_fn(&sam_context); - sam_context = NULL; - } - - if (!sam_context) { - if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) { - DEBUG(4,("make_sam_context_list failed\n")); - return NULL; - } - - /* Make sure the required domains (default domain, builtin) are available */ - if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) { - DEBUG(4,("sam_context_check_default_backends failed\n")); - return NULL; - } - } - - return sam_context; -} - -/*************************************************************** - Initialize the static context (at smbd startup etc). - - If uninitialised, context will auto-init on first use. - ***************************************************************/ - -BOOL initialize_sam(BOOL reload) -{ - return (sam_get_static_context(reload) != NULL); -} - - -/************************************************************** - External API. This is what the rest of the world calls... -***************************************************************/ - -/****************************************************************** - sam_* functions are used to link the external SAM interface - with the internal backends. These functions lookup the appropriate - backends for the domain and pass on to the function in sam_methods - in the selected backend - - When the context parmater is NULL, the default is used. - *******************************************************************/ - -#define SAM_SETUP_CONTEXT if (!context) \ - context = sam_get_static_context(False);\ - if (!context) {\ - return NT_STATUS_UNSUCCESSFUL; \ - }\ - - - -NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_sec_desc) { - DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_set_sec_desc) { - DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_lookup_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_name) { - DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) { - DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n", - tmp_methods->domain_name, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_lookup_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - sid_copy(&domainsid, sid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_lookup_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_sid) { - DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) { - DEBUG(4,("sam_lookup_name for %s in backend %s failed\n", - sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid domain specified */ - SAM_ASSERT(domain && domain->current_sam_methods); - - tmp_methods = domain->current_sam_methods; - - if (!tmp_methods->sam_update_domain) { - DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){ - DEBUG(4,("sam_update_domain in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - int i = 0; - - DEBUG(5,("sam_enum_domains: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters specified */ - SAM_ASSERT(domain_count && domains && domain_names); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) { - DEBUG(3,("sam_enum_domains: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - *domain_count = 0; - - while (tmp_methods) { - (*domain_count)++; - tmp_methods= tmp_methods->next; - } - - DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count))); - - tmp_methods = context->methods; - - if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n")); - return NT_STATUS_NO_MEMORY; - } - - if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n")); - SAFE_FREE((*domains)); - return NT_STATUS_NO_MEMORY; - } - - while (tmp_methods) { - DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid))); - sid_copy(domains[i],&tmp_methods->domain_sid); - *domain_names[i] = smb_xstrdup(tmp_methods->domain_name); - i++; - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - - DEBUG(5,("sam_lookup_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid paramters */ - SAM_ASSERT(access_token && domain && domainsid); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) { - DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - - while (tmp_methods) { - if (strcmp(domain, tmp_methods->domain_name) == 0) { - (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy((*domainsid), &tmp_methods->domain_sid); - return NT_STATUS_OK; - } - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_NO_SUCH_DOMAIN; -} - - -NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && domain); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_domain_handle) { - DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) { - DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n", - sid_string_static(domainsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(access_token && domainsid && account_name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_account) { - DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) { - DEBUG(4,("sam_create_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - DOM_SID domainsid; - const DOM_SID *accountsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) { - DEBUG(0,("Can't get account SID\n")); - return nt_status; - } - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_account) { - DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){ - DEBUG(4,("sam_add_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_update_account) { - DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){ - DEBUG(4,("sam_update_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_delete_account) { - DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){ - DEBUG(4,("sam_delete_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_accounts: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && account_count && accounts); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) { - DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - DOM_SID domainsid; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && accountsid && account); - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_sid) { - DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) { - DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n", - sid_string_static(accountsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_name) { - DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) { - DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && group_name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_group) { - DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) { - DEBUG(4,("sam_create_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - DOM_SID domainsid; - const DOM_SID *groupsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) { - DEBUG(0,("Can't get group SID\n")); - return nt_status; - } - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_group) { - DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){ - DEBUG(4,("sam_add_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_update_group) { - DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){ - DEBUG(4,("sam_update_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_group) { - DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){ - DEBUG(4,("sam_delete_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_groups: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && groups_count && groups); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) { - DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && groupsid && group); - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_sid) { - DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) { - DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n", - sid_string_static(groupsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_name) { - DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) { - DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_add_member_to_group) { - DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) { - DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; - -} - -NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_member_from_group) { - DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) { - DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods && members_count && members); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_enum_groupmembers) { - DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) { - DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - uint32 tmp_group_count; - SAM_GROUP_ENUM *tmp_groups; - - DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid sam_context specified */ - SAM_ASSERT(access_token && sids && context && context->methods); - - *group_count = 0; - - *groups = NULL; - - tmp_methods= context->methods; - - while (tmp_methods) { - DEBUG(5,("getting groups from domain \n")); - if (!tmp_methods->sam_get_groups_of_sid) { - DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n")); - SAFE_FREE(*groups); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) { - DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname)); - SAFE_FREE(*groups); - return nt_status; - } - - *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM)); - - memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count); - - SAFE_FREE(tmp_groups); - - *group_count += tmp_group_count; - - tmp_methods = tmp_methods->next; - } - - return NT_STATUS_OK; -} - - diff --git a/source/script/genstruct.pl b/source/script/genstruct.pl deleted file mode 100755 index a6abd718c95..00000000000 --- a/source/script/genstruct.pl +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/perl -w -# a simple system for generating C parse info -# this can be used to write generic C structer load/save routines -# Copyright 2002 Andrew Tridgell <genstruct@tridgell.net> -# released under the GNU General Public License v2 or later - -use strict; - -my(%enum_done) = (); -my(%struct_done) = (); - -################################################### -# general handler -sub handle_general($$$$$$$$) -{ - my($name) = shift; - my($ptr_count) = shift; - my($size) = shift; - my($element) = shift; - my($flags) = shift; - my($dump_fn) = shift; - my($parse_fn) = shift; - my($tflags) = shift; - my($array_len) = 0; - my($dynamic_len) = "NULL"; - - # handle arrays, currently treat multidimensional arrays as 1 dimensional - while ($element =~ /(.*)\[(.*?)\]$/) { - $element = $1; - if ($array_len == 0) { - $array_len = $2; - } else { - $array_len = "$2 * $array_len"; - } - } - - if ($flags =~ /_LEN\((\w*?)\)/) { - $dynamic_len = "\"$1\""; - } - - if ($flags =~ /_NULLTERM/) { - $tflags = "FLAG_NULLTERM"; - } - - print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n"; -} - - -#################################################### -# parse one element -sub parse_one($$$$) -{ - my($name) = shift; - my($type) = shift; - my($element) = shift; - my($flags) = shift; - my($ptr_count) = 0; - my($size) = "sizeof($type)"; - my($tflags) = "0"; - - # enums get the FLAG_ALWAYS flag - if ($type =~ /^enum /) { - $tflags = "FLAG_ALWAYS"; - } - - - # make the pointer part of the base type - while ($element =~ /^\*(.*)/) { - $ptr_count++; - $element = $1; - } - - # convert spaces to _ - $type =~ s/ /_/g; - - my($dump_fn) = "gen_dump_$type"; - my($parse_fn) = "gen_parse_$type"; - - handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags); -} - -#################################################### -# parse one element -sub parse_element($$$) -{ - my($name) = shift; - my($element) = shift; - my($flags) = shift; - my($type); - my($data); - - # pull the base type - if ($element =~ /^struct (\S*) (.*)/) { - $type = "struct $1"; - $data = $2; - } elsif ($element =~ /^enum (\S*) (.*)/) { - $type = "enum $1"; - $data = $2; - } elsif ($element =~ /^unsigned (\S*) (.*)/) { - $type = "unsigned $1"; - $data = $2; - } elsif ($element =~ /^(\S*) (.*)/) { - $type = $1; - $data = $2; - } else { - die "Can't parse element '$element'"; - } - - # handle comma separated lists - while ($data =~ /(\S*),[\s]?(.*)/) { - parse_one($name, $type, $1, $flags); - $data = $2; - } - parse_one($name, $type, $data, $flags); -} - - -my($first_struct) = 1; - -#################################################### -# parse the elements of one structure -sub parse_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_struct) { - $first_struct = 0; - print "Parsing structs: $name"; - } else { - print ", $name"; - } - - print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n"; - print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n"; - - print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n"; - - - while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) { - my($element) = $1; - my($flags) = $2; - $elements = $3; - parse_element($name, $element, $flags); - } - - print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n"; - - print OFILE " -int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent); -} -int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) { - return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str); -} - -"; -} - -my($first_enum) = 1; - -#################################################### -# parse out the enum declarations -sub parse_enum_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_enum) { - $first_enum = 0; - print "Parsing enums: $name"; - } else { - print ", $name"; - } - - print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n"; - - my(@enums) = split(/,/s, $elements); - for (my($i)=0; $i <= $#{@enums}; $i++) { - my($enum) = $enums[$i]; - if ($enum =~ /\s*(\w*)/) { - my($e) = $1; - print OFILE "{\"$e\", $e},\n"; - } - } - - print OFILE "{NULL, 0}};\n"; - - print OFILE " -int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_enum(einfo_$name, p, ptr, indent); -} - -int gen_parse_enum_$name(char *ptr, const char *str) { - return gen_parse_enum(einfo_$name, ptr, str); -} - -"; -} - -#################################################### -# parse out the enum declarations -sub parse_enums($) -{ - my($data) = shift; - - while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - - if (!defined($enum_done{$name})) { - $enum_done{$name} = 1; - parse_enum_elements($name, $elements); - } - } - - if (! $first_enum) { - print "\n"; - } -} - -#################################################### -# parse all the structures -sub parse_structs($) -{ - my($data) = shift; - - # parse into structures - while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - if (!defined($struct_done{$name})) { - $struct_done{$name} = 1; - parse_elements($name, $elements); - } - } - - if (! $first_struct) { - print "\n"; - } else { - print "No GENSTRUCT structures found?\n"; - } -} - - -#################################################### -# parse a header file, generating a dumper structure -sub parse_data($) -{ - my($data) = shift; - - # collapse spaces - $data =~ s/[\t ]+/ /sg; - $data =~ s/\s*\n\s+/\n/sg; - # strip debug lines - $data =~ s/^\#.*?\n//smg; - - parse_enums($data); - parse_structs($data); -} - - -######################################### -# display help text -sub ShowHelp() -{ - print " -generator for C structure dumpers -Copyright Andrew Tridgell <genstruct\@tridgell.net> - -Sample usage: - genstruct -o output.h gcc -E -O2 -g test.h - -Options: - --help this help page - -o OUTPUT place output in OUTPUT -"; - exit(0); -} - -######################################## -# main program -if ($ARGV[0] ne "-o" || $#ARGV < 2) { - ShowHelp(); -} - -shift; -my($opt_ofile)=shift; - -print "creating $opt_ofile\n"; - -open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile"; - -print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n"; - -parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`); -exit(0); diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index 4192cc3a239..d928445d94e 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -991,7 +991,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw if (!push_sec_ctx()) return NT_STATUS_UNSUCCESSFUL; - set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL); + set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL); set_re_uid(); } diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 0805f8e6902..9bac0acdb9f 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -249,14 +249,6 @@ void conn_free(connection_struct *conn) conn->ngroups = 0; } - if (conn->nt_user_token) { - delete_nt_token(&(conn->nt_user_token)); - } - - if (conn->privs) { - destroy_privilege(&(conn->privs)); - } - free_namearray(conn->veto_list); free_namearray(conn->hide_list); free_namearray(conn->veto_oplock_list); diff --git a/source/smbd/dir.c b/source/smbd/dir.c index 06ef23ab8cd..bbd79e16597 100644 --- a/source/smbd/dir.c +++ b/source/smbd/dir.c @@ -707,7 +707,7 @@ static BOOL user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S if(S_ISDIR(pst->st_mode)) fsp = open_directory(conn, name, pst, 0, SET_DENY_MODE(DENY_NONE), (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), - &smb_action); + unix_mode(conn,aRONLY|aDIR, name), &smb_action); else fsp = open_file_stat(conn, name, pst); @@ -763,7 +763,7 @@ static BOOL user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_ return True; else fsp = open_file_shared1(conn, name, pst, FILE_WRITE_ATTRIBUTES, SET_DENY_MODE(DENY_NONE), - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &smb_action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &smb_action); if (!fsp) return False; diff --git a/source/smbd/dosmode.c b/source/smbd/dosmode.c index d7dc63bb2fd..fb72a2eafc8 100644 --- a/source/smbd/dosmode.c +++ b/source/smbd/dosmode.c @@ -21,8 +21,8 @@ #include "includes.h" /**************************************************************************** - Change a dos mode to a unix mode. - Base permission for files: + change a dos mode to a unix mode + base permission for files: if inheriting apply read/write bits from parent directory. else @@ -35,91 +35,92 @@ Then apply create mask, then add force bits. } - Base permission for directories: + base permission for directories: dos directory is represented in unix by unix's dir bit and the exec bit if !inheriting { Then apply create mask, then add force bits. } ****************************************************************************/ - -mode_t unix_mode(connection_struct *conn, int dosmode, const char *fname) +mode_t unix_mode(connection_struct *conn,int dosmode,const char *fname) { - mode_t result = (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH); - mode_t dir_mode = 0; /* Mode of the parent directory if inheriting. */ - - if (!lp_store_dos_attributes(SNUM(conn)) && IS_DOS_READONLY(dosmode)) { - result &= ~(S_IWUSR | S_IWGRP | S_IWOTH); - } - - if (fname && lp_inherit_perms(SNUM(conn))) { - char *dname; - SMB_STRUCT_STAT sbuf; - - dname = parent_dirname(fname); - DEBUG(2,("unix_mode(%s) inheriting from %s\n",fname,dname)); - if (SMB_VFS_STAT(conn,dname,&sbuf) != 0) { - DEBUG(4,("unix_mode(%s) failed, [dir %s]: %s\n",fname,dname,strerror(errno))); - return(0); /* *** shouldn't happen! *** */ - } - - /* Save for later - but explicitly remove setuid bit for safety. */ - dir_mode = sbuf.st_mode & ~S_ISUID; - DEBUG(2,("unix_mode(%s) inherit mode %o\n",fname,(int)dir_mode)); - /* Clear "result" */ - result = 0; - } - - if (IS_DOS_DIR(dosmode)) { - /* We never make directories read only for the owner as under DOS a user - can always create a file in a read-only directory. */ - result |= (S_IFDIR | S_IWUSR); - - if (dir_mode) { - /* Inherit mode of parent directory. */ - result |= dir_mode; - } else { - /* Provisionally add all 'x' bits */ - result |= (S_IXUSR | S_IXGRP | S_IXOTH); - - /* Apply directory mask */ - result &= lp_dir_mask(SNUM(conn)); - /* Add in force bits */ - result |= lp_force_dir_mode(SNUM(conn)); - } - } else { - if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode)) - result |= S_IXUSR; - - if (lp_map_system(SNUM(conn)) && IS_DOS_SYSTEM(dosmode)) - result |= S_IXGRP; + mode_t result = (S_IRUSR | S_IRGRP | S_IROTH); + mode_t dir_mode = 0; /* Mode of the parent directory if inheriting. */ + + if ( !IS_DOS_READONLY(dosmode) ) + result |= (S_IWUSR | S_IWGRP | S_IWOTH); + + if (fname && lp_inherit_perms(SNUM(conn))) { + char *dname; + SMB_STRUCT_STAT sbuf; + + dname = parent_dirname(fname); + DEBUG(2,("unix_mode(%s) inheriting from %s\n",fname,dname)); + if (SMB_VFS_STAT(conn,dname,&sbuf) != 0) { + DEBUG(4,("unix_mode(%s) failed, [dir %s]: %s\n",fname,dname,strerror(errno))); + return(0); /* *** shouldn't happen! *** */ + } + + /* Save for later - but explicitly remove setuid bit for safety. */ + dir_mode = sbuf.st_mode & ~S_ISUID; + DEBUG(2,("unix_mode(%s) inherit mode %o\n",fname,(int)dir_mode)); + /* Clear "result" */ + result = 0; + } + + if (IS_DOS_DIR(dosmode)) { + /* We never make directories read only for the owner as under DOS a user + can always create a file in a read-only directory. */ + result |= (S_IFDIR | S_IWUSR); + + if (dir_mode) { + /* Inherit mode of parent directory. */ + result |= dir_mode; + } else { + /* Provisionally add all 'x' bits */ + result |= (S_IXUSR | S_IXGRP | S_IXOTH); + + /* Apply directory mask */ + result &= lp_dir_mask(SNUM(conn)); + /* Add in force bits */ + result |= lp_force_dir_mode(SNUM(conn)); + } + } else { + if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode)) + result |= S_IXUSR; + + if (lp_map_system(SNUM(conn)) && IS_DOS_SYSTEM(dosmode)) + result |= S_IXGRP; - if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) - result |= S_IXOTH; - - if (dir_mode) { - /* Inherit 666 component of parent directory mode */ - result |= dir_mode & (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH); - } else { - /* Apply mode mask */ - result &= lp_create_mask(SNUM(conn)); - /* Add in force bits */ - result |= lp_force_create_mode(SNUM(conn)); - } - } - - DEBUG(3,("unix_mode(%s) returning 0%o\n",fname,(int)result )); - return(result); + if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) + result |= S_IXOTH; + + if (dir_mode) { + /* Inherit 666 component of parent directory mode */ + result |= dir_mode + & (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH); + } else { + /* Apply mode mask */ + result &= lp_create_mask(SNUM(conn)); + /* Add in force bits */ + result |= lp_force_create_mode(SNUM(conn)); + } + } + + DEBUG(3,("unix_mode(%s) returning 0%o\n",fname,(int)result )); + return(result); } + /**************************************************************************** - Change a unix mode to a dos mode. + change a unix mode to a dos mode ****************************************************************************/ - -uint32 dos_mode_from_sbuf(connection_struct *conn, SMB_STRUCT_STAT *sbuf) +uint32 dos_mode(connection_struct *conn,char *path,SMB_STRUCT_STAT *sbuf) { int result = 0; + DEBUG(8,("dos_mode: %s\n", path)); + if ((sbuf->st_mode & S_IWUSR) == 0) result |= aRONLY; @@ -148,142 +149,9 @@ uint32 dos_mode_from_sbuf(connection_struct *conn, SMB_STRUCT_STAT *sbuf) #endif #endif - DEBUG(8,("dos_mode_from_sbuf returning ")); - - if (result & aHIDDEN) DEBUG(8, ("h")); - if (result & aRONLY ) DEBUG(8, ("r")); - if (result & aSYSTEM) DEBUG(8, ("s")); - if (result & aDIR ) DEBUG(8, ("d")); - if (result & aARCH ) DEBUG(8, ("a")); - - DEBUG(8,("\n")); - return result; -} - -/**************************************************************************** - Get DOS attributes from an EA. -****************************************************************************/ - -static BOOL get_ea_dos_attribute(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf, uint32 *pattr) -{ - ssize_t sizeret; - fstring attrstr; - unsigned int dosattr; - - if (!lp_store_dos_attributes(SNUM(conn))) { - return False; - } - - *pattr = 0; - - sizeret = SMB_VFS_GETXATTR(conn, path, SAMBA_XATTR_DOS_ATTRIB, attrstr, sizeof(attrstr)); - if (sizeret == -1) { -#if defined(ENOTSUP) && defined(ENOATTR) - if ((errno != ENOTSUP) && (errno != ENOATTR) && (errno != EACCES)) { - DEBUG(1,("get_ea_dos_attributes: Cannot get attribute from EA on file %s: Error = %s\n", - path, strerror(errno) )); - } -#endif - return False; - } - /* Null terminate string. */ - attrstr[sizeret] = 0; - DEBUG(10,("get_ea_dos_attribute: %s attrstr = %s\n", path, attrstr)); - - if (sizeret < 2 || attrstr[0] != '0' || attrstr[1] != 'x' || - sscanf(attrstr, "%x", &dosattr) != 1) { - DEBUG(1,("get_ea_dos_attributes: Badly formed DOSATTRIB on file %s - %s\n", path, attrstr)); - return False; - } - - if (S_ISDIR(sbuf->st_mode)) { - dosattr |= aDIR; - } - *pattr = (uint32)(dosattr & SAMBA_ATTRIBUTES_MASK); - - DEBUG(8,("get_ea_dos_attribute returning (0x%x)", dosattr)); - - if (dosattr & aHIDDEN) DEBUG(8, ("h")); - if (dosattr & aRONLY ) DEBUG(8, ("r")); - if (dosattr & aSYSTEM) DEBUG(8, ("s")); - if (dosattr & aDIR ) DEBUG(8, ("d")); - if (dosattr & aARCH ) DEBUG(8, ("a")); - - DEBUG(8,("\n")); - - return True; -} - -/**************************************************************************** - Set DOS attributes in an EA. -****************************************************************************/ - -static BOOL set_ea_dos_attribute(connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf, uint32 dosmode) -{ - fstring attrstr; - files_struct *fsp = NULL; - BOOL ret = False; - - snprintf(attrstr, sizeof(attrstr)-1, "0x%x", dosmode & SAMBA_ATTRIBUTES_MASK); - if (SMB_VFS_SETXATTR(conn, path, SAMBA_XATTR_DOS_ATTRIB, attrstr, strlen(attrstr), 0) == -1) { - if((errno != EPERM) && (errno != EACCES)) { - return False; - } - - /* We want DOS semantics, ie allow non owner with write permission to change the - bits on a file. Just like file_utime below. - */ - - /* Check if we have write access. */ - if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn))) - return False; - - /* - * We need to open the file with write access whilst - * still in our current user context. This ensures we - * are not violating security in doing the setxattr. - */ - - fsp = open_file_fchmod(conn,path,sbuf); - if (!fsp) - return ret; - become_root(); - if (SMB_VFS_SETXATTR(conn, path, SAMBA_XATTR_DOS_ATTRIB, attrstr, strlen(attrstr), 0) == 0) { - ret = True; - } - unbecome_root(); - close_file_fchmod(fsp); - return ret; - } - DEBUG(10,("set_ea_dos_attribute: set EA %s on file %s\n", attrstr, path)); - return True; -} - -/**************************************************************************** - Change a unix mode to a dos mode. -****************************************************************************/ - -uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) -{ - uint32 result = 0; - - DEBUG(8,("dos_mode: %s\n", path)); - - if (!VALID_STAT(*sbuf)) { - return 0; - } - - /* Get the DOS attributes from an EA by preference. */ - if (get_ea_dos_attribute(conn, path, sbuf, &result)) { - return result; - } - - result = dos_mode_from_sbuf(conn, sbuf); - - /* Now do any modifications that depend on the path name. */ /* hide files with a name starting with a . */ if (lp_hide_dot_files(SNUM(conn))) { - const char *p = strrchr_m(path,'/'); + char *p = strrchr_m(path,'/'); if (p) p++; else @@ -313,10 +181,10 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) } /******************************************************************* - chmod a file - but preserve some bits. +chmod a file - but preserve some bits ********************************************************************/ -int file_set_dosmode(connection_struct *conn, const char *fname, uint32 dosmode, SMB_STRUCT_STAT *st) +int file_chmod(connection_struct *conn,char *fname, uint32 dosmode,SMB_STRUCT_STAT *st) { SMB_STRUCT_STAT st1; int mask=0; @@ -324,7 +192,6 @@ int file_set_dosmode(connection_struct *conn, const char *fname, uint32 dosmode, mode_t unixmode; int ret = -1; - DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n", dosmode, fname)); if (!st) { st = &st1; if (SMB_VFS_STAT(conn,fname,st)) @@ -341,11 +208,6 @@ int file_set_dosmode(connection_struct *conn, const char *fname, uint32 dosmode, if (dos_mode(conn,fname,st) == dosmode) return(0); - /* Store the DOS attributes in an EA by preference. */ - if (set_ea_dos_attribute(conn, fname, st, dosmode)) { - return 0; - } - unixmode = unix_mode(conn,dosmode,fname); /* preserve the s bits */ @@ -413,71 +275,70 @@ int file_set_dosmode(connection_struct *conn, const char *fname, uint32 dosmode, return( ret ); } + /******************************************************************* - Wrapper around dos_utime that possibly allows DOS semantics rather - than POSIX. +Wrapper around dos_utime that possibly allows DOS semantics rather +than POSIX. *******************************************************************/ - int file_utime(connection_struct *conn, char *fname, struct utimbuf *times) { - extern struct current_user current_user; - SMB_STRUCT_STAT sb; - int ret = -1; - - errno = 0; - - if(SMB_VFS_UTIME(conn,fname, times) == 0) - return 0; - - if((errno != EPERM) && (errno != EACCES)) - return -1; - - if(!lp_dos_filetimes(SNUM(conn))) - return -1; - - /* We have permission (given by the Samba admin) to - break POSIX semantics and allow a user to change - the time on a file they don't own but can write to - (as DOS does). - */ - - if(SMB_VFS_STAT(conn,fname,&sb) != 0) - return -1; - - /* Check if we have write access. */ - if (CAN_WRITE(conn)) { - if (((sb.st_mode & S_IWOTH) || conn->admin_user || - ((sb.st_mode & S_IWUSR) && current_user.uid==sb.st_uid) || - ((sb.st_mode & S_IWGRP) && - in_group(sb.st_gid,current_user.gid, - current_user.ngroups,current_user.groups)))) { - /* We are allowed to become root and change the filetime. */ - become_root(); - ret = SMB_VFS_UTIME(conn,fname, times); - unbecome_root(); - } - } - - return ret; + extern struct current_user current_user; + SMB_STRUCT_STAT sb; + int ret = -1; + + errno = 0; + + if(SMB_VFS_UTIME(conn,fname, times) == 0) + return 0; + + if((errno != EPERM) && (errno != EACCES)) + return -1; + + if(!lp_dos_filetimes(SNUM(conn))) + return -1; + + /* We have permission (given by the Samba admin) to + break POSIX semantics and allow a user to change + the time on a file they don't own but can write to + (as DOS does). + */ + + if(SMB_VFS_STAT(conn,fname,&sb) != 0) + return -1; + + /* Check if we have write access. */ + if (CAN_WRITE(conn)) { + if (((sb.st_mode & S_IWOTH) || + conn->admin_user || + ((sb.st_mode & S_IWUSR) && current_user.uid==sb.st_uid) || + ((sb.st_mode & S_IWGRP) && + in_group(sb.st_gid,current_user.gid, + current_user.ngroups,current_user.groups)))) { + /* We are allowed to become root and change the filetime. */ + become_root(); + ret = SMB_VFS_UTIME(conn,fname, times); + unbecome_root(); + } + } + + return ret; } /******************************************************************* - Change a filetime - possibly allowing DOS semantics. +Change a filetime - possibly allowing DOS semantics. *******************************************************************/ - BOOL set_filetime(connection_struct *conn, char *fname, time_t mtime) { - struct utimbuf times; + struct utimbuf times; - if (null_mtime(mtime)) - return(True); + if (null_mtime(mtime)) return(True); - times.modtime = times.actime = mtime; + times.modtime = times.actime = mtime; - if (file_utime(conn, fname, ×)) { - DEBUG(4,("set_filetime(%s) failed: %s\n",fname,strerror(errno))); - return False; - } + if (file_utime(conn, fname, ×)) { + DEBUG(4,("set_filetime(%s) failed: %s\n",fname,strerror(errno))); + return False; + } - return(True); + return(True); } diff --git a/source/smbd/fake_file.c b/source/smbd/fake_file.c index 5ccb548ba5b..86d78e039a1 100644 --- a/source/smbd/fake_file.c +++ b/source/smbd/fake_file.c @@ -26,7 +26,7 @@ files_struct *open_fake_file_shared1(enum FAKE_FILE_TYPE fake_file_type, connection_struct *conn,char *fname, SMB_STRUCT_STAT *psbuf, uint32 desired_access, - int share_mode,int ofun, uint32 new_dos_attr, int oplock_request, + int share_mode,int ofun, mode_t mode,int oplock_request, int *Access,int *action) { extern struct current_user current_user; @@ -35,7 +35,7 @@ files_struct *open_fake_file_shared1(enum FAKE_FILE_TYPE fake_file_type, connect if (fake_file_type == 0) { return open_file_shared1(conn,fname,psbuf,desired_access, - share_mode,ofun,new_dos_attr, + share_mode,ofun,mode, oplock_request,Access,action); } @@ -51,8 +51,8 @@ files_struct *open_fake_file_shared1(enum FAKE_FILE_TYPE fake_file_type, connect if(!fsp) return NULL; - DEBUG(5,("open_fake_file_shared1: fname = %s, FID = %d, share_mode = %x, ofun = %x, oplock request = %d\n", - fname, fsp->fnum, share_mode, ofun, oplock_request )); + DEBUG(5,("open_fake_file_shared1: fname = %s, FID = %d, share_mode = %x, ofun = %x, mode = %o, oplock request = %d\n", + fname, fsp->fnum, share_mode, ofun, (int)mode, oplock_request )); if (!check_name(fname,conn)) { file_free(fsp); diff --git a/source/smbd/fileio.c b/source/smbd/fileio.c index c2fb6e34566..3462a3b9fa5 100644 --- a/source/smbd/fileio.c +++ b/source/smbd/fileio.c @@ -176,9 +176,8 @@ ssize_t write_file(files_struct *fsp, char *data, SMB_OFF_T pos, size_t n) if (SMB_VFS_FSTAT(fsp,fsp->fd,&st) == 0) { int dosmode = dos_mode(fsp->conn,fsp->fsp_name,&st); fsp->size = (SMB_BIG_UINT)st.st_size; - if ((lp_store_dos_attributes(SNUM(fsp->conn)) || MAP_ARCHIVE(fsp->conn)) && !IS_DOS_ARCHIVE(dosmode)) { - file_set_dosmode(fsp->conn,fsp->fsp_name,dosmode | aARCH,&st); - } + if (MAP_ARCHIVE(fsp->conn) && !IS_DOS_ARCHIVE(dosmode)) + file_chmod(fsp->conn,fsp->fsp_name,dosmode | aARCH,&st); /* * If this is the first write and we have an exclusive oplock then setup diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index d715ab4ddc3..c4df84e76c7 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -1557,87 +1557,87 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - fstring sharename; - fstring comment; - pstring pathname; - char *command, *cmdname; - unsigned int offset; - int snum; - int res = ERRunsup; + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel = SVAL(p,0); + fstring sharename; + fstring comment; + pstring pathname; + char *command, *cmdname; + unsigned int offset; + int snum; + int res = ERRunsup; - /* check it's a supported varient */ - if (!prefix_ok(str1, RAP_WShareAdd_REQ)) return False; - if (!check_share_info(uLevel, str2)) return False; - if (uLevel != 2) return False; - - pull_ascii_fstring(sharename, data); - snum = find_service(sharename); - if (snum >= 0) { /* already exists */ - res = ERRfilexists; - goto error_exit; - } + /* check it's a supported varient */ + if (!prefix_ok(str1,RAP_WShareAdd_REQ)) return False; + if (!check_share_info(uLevel,str2)) return False; + if (uLevel != 2) return False; - /* only support disk share adds */ - if (SVAL(data,14) != STYPE_DISKTREE) return False; + pull_ascii_fstring(sharename,data); + snum = find_service(sharename); + if (snum >= 0) { /* already exists */ + res = ERRfilexists; + goto error_exit; + } - offset = IVAL(data, 16); - if (offset >= mdrcnt) { - res = ERRinvalidparam; - goto error_exit; - } - pull_ascii_fstring(comment, offset? (data+offset) : ""); + /* only support disk share adds */ + if (SVAL(data,14)!=STYPE_DISKTREE) return False; - offset = IVAL(data, 26); - if (offset >= mdrcnt) { - res = ERRinvalidparam; - goto error_exit; - } - pull_ascii_pstring(pathname, offset? (data+offset) : ""); + offset = IVAL(data, 16); + if (offset >= mdrcnt) { + res = ERRinvalidparam; + goto error_exit; + } + pull_ascii_fstring(comment, offset? (data+offset) : ""); - string_replace(sharename, '"', ' '); - string_replace(pathname, '"', ' '); - string_replace(comment, '"', ' '); + offset = IVAL(data, 26); + if (offset >= mdrcnt) { + res = ERRinvalidparam; + goto error_exit; + } + pull_ascii_pstring(pathname, offset? (data+offset) : ""); - cmdname = lp_add_share_cmd(); + string_replace(sharename, '"', ' '); + string_replace(pathname, '"', ' '); + string_replace(comment, '"', ' '); - if (!cmdname || *cmdname == '\0') return False; + cmdname = lp_add_share_cmd(); - asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment); + if (!cmdname || *cmdname == '\0') return False; - if (command) { - DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command )); - if ((res = smbrun(command, NULL)) != 0) { - DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res )); - SAFE_FREE(command); - res = ERRnoaccess; - goto error_exit; - } else { - SAFE_FREE(command); - message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); - } - } else return False; + asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"", + lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment); - *rparam_len = 6; - *rparam = REALLOC(*rparam, *rparam_len); - SSVAL(*rparam, 0, NERR_Success); - SSVAL(*rparam, 2, 0); /* converter word */ - SSVAL(*rparam, 4, *rdata_len); - *rdata_len = 0; + if (command) { + DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command )); + if ((res = smbrun(command, NULL)) != 0) { + DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res )); + SAFE_FREE(command); + res = ERRnoaccess; + goto error_exit; + } else { + SAFE_FREE(command); + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + } + } else return False; + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,4,*rdata_len); + *rdata_len = 0; - return True; + return True; -error_exit: - *rparam_len = 4; - *rparam = REALLOC(*rparam, *rparam_len); - *rdata_len = 0; - SSVAL(*rparam, 0, res); - SSVAL(*rparam, 2, 0); - return True; + error_exit: + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); + *rdata_len = 0; + SSVAL(*rparam,0,res); + SSVAL(*rparam,2,0); + return True; } diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 018f6bbbece..21b6db8b469 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -43,7 +43,6 @@ static const char *known_nt_pipes[] = { "\\spoolss", "\\netdfs", "\\rpcecho", - "\\epmapper", NULL }; @@ -587,9 +586,11 @@ int reply_ntcreate_and_X(connection_struct *conn, SMB_BIG_UINT allocation_size = 0; int smb_ofun; int smb_open_mode; + int smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK); /* Breakout the oplock request bits so we can set the reply bits separately. */ int oplock_request = 0; + mode_t unixmode; int fmode=0,rmode=0; SMB_OFF_T file_len = 0; SMB_STRUCT_STAT sbuf; @@ -765,6 +766,8 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib unix_convert(fname,conn,0,&bad_path,&sbuf); + unixmode = unix_mode(conn,smb_attr | aARCH, fname); + /* * If it's a request for a directory open, deal with it separately. */ @@ -778,7 +781,7 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } - fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); + fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); restore_case_semantics(file_attributes); @@ -808,14 +811,14 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib fsp = open_file_shared1(conn,fname,&sbuf, desired_access, smb_open_mode, - smb_ofun,file_attributes,oplock_request, + smb_ofun,unixmode, oplock_request, &rmode,&smb_action); } else { /* to open a fake_file --metze */ fsp = open_fake_file_shared1(fake_file_type,conn,fname,&sbuf, desired_access, smb_open_mode, - smb_ofun,file_attributes, oplock_request, + smb_ofun,unixmode, oplock_request, &rmode,&smb_action); } @@ -854,7 +857,7 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib } oplock_request = 0; - fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); + fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); if(!fsp) { restore_case_semantics(file_attributes); @@ -1131,6 +1134,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o char *data = *ppdata; /* Breakout the oplock request bits so we can set the reply bits separately. */ int oplock_request = 0; + mode_t unixmode; int fmode=0,rmode=0; SMB_OFF_T file_len = 0; SMB_STRUCT_STAT sbuf; @@ -1150,6 +1154,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o SMB_BIG_UINT allocation_size = 0; int smb_ofun; int smb_open_mode; + int smb_attr; time_t c_time; NTSTATUS status; @@ -1187,6 +1192,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o create_options = IVAL(params,32); sd_len = IVAL(params,36); root_dir_fid = (uint16)IVAL(params,4); + smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK); if (create_options & FILE_OPEN_BY_FILE_ID) { return ERROR_NT(NT_STATUS_NOT_SUPPORTED); @@ -1291,6 +1297,8 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o unix_convert(fname,conn,0,&bad_path,&sbuf); + unixmode = unix_mode(conn,smb_attr | aARCH, fname); + /* * If it's a request for a directory open, deal with it separately. */ @@ -1310,7 +1318,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o * CreateDirectory() call. */ - fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); + fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); if(!fsp) { restore_case_semantics(file_attributes); @@ -1324,7 +1332,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o */ fsp = open_file_shared1(conn,fname,&sbuf,desired_access, - smb_open_mode,smb_ofun,file_attributes, + smb_open_mode,smb_ofun,unixmode, oplock_request,&rmode,&smb_action); if (!fsp) { @@ -1342,7 +1350,7 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o } oplock_request = 0; - fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); + fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action); if(!fsp) { restore_case_semantics(file_attributes); diff --git a/source/smbd/open.c b/source/smbd/open.c index 8ab5dab6ac9..e688f8de485 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -741,10 +741,20 @@ static void kernel_flock(files_struct *fsp, int deny_mode) } -static BOOL open_match_attributes(connection_struct *conn, const char *path, uint32 old_dos_mode, uint32 new_dos_mode, - mode_t existing_mode, mode_t new_mode, mode_t *returned_mode) +static BOOL open_match_attributes(connection_struct *conn, char *path, mode_t existing_mode, + mode_t new_mode, mode_t *returned_mode) { + uint32 old_dos_mode, new_dos_mode; uint32 noarch_old_dos_mode, noarch_new_dos_mode; + SMB_STRUCT_STAT sbuf; + + ZERO_STRUCT(sbuf); + + sbuf.st_mode = existing_mode; + old_dos_mode = dos_mode(conn, path, &sbuf); + + sbuf.st_mode = new_mode; + new_dos_mode = dos_mode(conn, path, &sbuf); noarch_old_dos_mode = (old_dos_mode & ~FILE_ATTRIBUTE_ARCHIVE); noarch_new_dos_mode = (new_dos_mode & ~FILE_ATTRIBUTE_ARCHIVE); @@ -760,11 +770,11 @@ static BOOL open_match_attributes(connection_struct *conn, const char *path, uin old_dos_mode, (unsigned int)existing_mode, new_dos_mode, (unsigned int)*returned_mode )); /* If we're mapping SYSTEM and HIDDEN ensure they match. */ - if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) { + if (lp_map_system(SNUM(conn))) { if ((old_dos_mode & FILE_ATTRIBUTE_SYSTEM) && !(new_dos_mode & FILE_ATTRIBUTE_SYSTEM)) return False; } - if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) { + if (lp_map_hidden(SNUM(conn))) { if ((old_dos_mode & FILE_ATTRIBUTE_HIDDEN) && !(new_dos_mode & FILE_ATTRIBUTE_HIDDEN)) return False; } @@ -776,10 +786,10 @@ static BOOL open_match_attributes(connection_struct *conn, const char *path, uin ****************************************************************************/ files_struct *open_file_shared(connection_struct *conn,char *fname, SMB_STRUCT_STAT *psbuf, - int share_mode,int ofun, uint32 new_dos_mode, int oplock_request, + int share_mode,int ofun, mode_t mode,int oplock_request, int *Access,int *action) { - return open_file_shared1(conn, fname, psbuf, 0, share_mode, ofun, new_dos_mode, + return open_file_shared1(conn, fname, psbuf, 0, share_mode, ofun, mode, oplock_request, Access, action); } @@ -789,9 +799,8 @@ files_struct *open_file_shared(connection_struct *conn,char *fname, SMB_STRUCT_S files_struct *open_file_shared1(connection_struct *conn,char *fname, SMB_STRUCT_STAT *psbuf, uint32 desired_access, - int share_mode,int ofun, uint32 new_dos_mode, - int oplock_request, - int *Access,int *paction) + int share_mode,int ofun, mode_t mode,int oplock_request, + int *Access,int *action) { int flags=0; int flags2=0; @@ -810,10 +819,6 @@ files_struct *open_file_shared1(connection_struct *conn,char *fname, SMB_STRUCT_ int open_mode=0; uint16 port = 0; mode_t new_mode = (mode_t)0; - int action; - uint32 existing_dos_mode = 0; - /* We add aARCH to this as this mode is only used if the file is created new. */ - mode_t mode = unix_mode(conn,new_dos_mode | aARCH,fname); if (conn->printer) { /* printers are handled completely differently. Most of the passed parameters are @@ -821,7 +826,7 @@ files_struct *open_file_shared1(connection_struct *conn,char *fname, SMB_STRUCT_ if (Access) *Access = DOS_OPEN_WRONLY; if (action) - *paction = FILE_WAS_CREATED; + *action = FILE_WAS_CREATED; return print_fsp_open(conn, fname); } @@ -829,19 +834,14 @@ files_struct *open_file_shared1(connection_struct *conn,char *fname, SMB_STRUCT_ if(!fsp) return NULL; - DEBUG(10,("open_file_shared: fname = %s, dos_attrs = %x, share_mode = %x, ofun = %x, mode = %o, oplock request = %d\n", - fname, new_dos_mode, share_mode, ofun, (int)mode, oplock_request )); + DEBUG(10,("open_file_shared: fname = %s, share_mode = %x, ofun = %x, mode = %o, oplock request = %d\n", + fname, share_mode, ofun, (int)mode, oplock_request )); if (!check_name(fname,conn)) { file_free(fsp); return NULL; } - new_dos_mode &= SAMBA_ATTRIBUTES_MASK; - if (file_existed) { - existing_dos_mode = dos_mode(conn, fname, psbuf); - } - /* ignore any oplock requests if oplocks are disabled */ if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break) { oplock_request = 0; @@ -882,11 +882,9 @@ files_struct *open_file_shared1(connection_struct *conn,char *fname, SMB_STRUCT_ /* We only care about matching attributes on file exists and truncate. */ if (file_existed && (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_TRUNCATE)) { - if (!open_match_attributes(conn, fname, existing_dos_mode, new_dos_mode, - psbuf->st_mode, mode, &new_mode)) { - DEBUG(5,("open_file_shared: attributes missmatch for file %s (%x %x) (0%o, 0%o)\n", - fname, existing_dos_mode, new_dos_mode, - (int)psbuf->st_mode, (int)mode )); + if (!open_match_attributes(conn, fname, psbuf->st_mode, mode, &new_mode)) { + DEBUG(5,("open_file_shared: attributes missmatch for file %s (0%o, 0%o)\n", + fname, (int)psbuf->st_mode, (int)mode )); file_free(fsp); errno = EACCES; return NULL; @@ -930,7 +928,7 @@ files_struct *open_file_shared1(connection_struct *conn,char *fname, SMB_STRUCT_ #endif /* O_SYNC */ if (flags != O_RDONLY && file_existed && - (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_mode))) { + (!CAN_WRITE(conn) || IS_DOS_READONLY(dos_mode(conn,fname,psbuf)))) { if (!fcbopen) { DEBUG(5,("open_file_shared: read/write access requested for file %s on read only %s\n", fname, !CAN_WRITE(conn) ? "share" : "file" )); @@ -1121,19 +1119,16 @@ flags=0x%X flags2=0x%X mode=0%o returned %d\n", DEBUG(10,("open_file_shared : share_mode = %x\n", fsp->share_mode )); - if (Access) { + if (Access) (*Access) = open_mode; - } - - if (file_existed && !(flags2 & O_TRUNC)) - action = FILE_WAS_OPENED; - if (file_existed && (flags2 & O_TRUNC)) - action = FILE_WAS_OVERWRITTEN; - if (!file_existed) - action = FILE_WAS_CREATED; - if (paction) { - *paction = action; + if (action) { + if (file_existed && !(flags2 & O_TRUNC)) + *action = FILE_WAS_OPENED; + if (!file_existed) + *action = FILE_WAS_CREATED; + if (file_existed && (flags2 & O_TRUNC)) + *action = FILE_WAS_OVERWRITTEN; } /* @@ -1168,13 +1163,6 @@ flags=0x%X flags2=0x%X mode=0%o returned %d\n", } } - if (action == FILE_WAS_OVERWRITTEN || action == FILE_WAS_CREATED) { - /* Files should be initially set as archive */ - if (lp_map_archive(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) { - file_set_dosmode(conn, fname, new_dos_mode | aARCH, NULL); - } - } - /* * Take care of inherited ACLs on created files - if default ACL not * selected. @@ -1268,7 +1256,7 @@ int close_file_fchmod(files_struct *fsp) ****************************************************************************/ files_struct *open_directory(connection_struct *conn, char *fname, SMB_STRUCT_STAT *psbuf, - uint32 desired_access, int share_mode, int smb_ofun, int *action) + uint32 desired_access, int share_mode, int smb_ofun, mode_t unixmode, int *action) { extern struct current_user current_user; BOOL got_stat = False; diff --git a/source/smbd/password.c b/source/smbd/password.c index 9f6dad423ad..10c6aadb1fc 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -87,7 +87,6 @@ void invalidate_vuid(uint16 vuid) SAFE_FREE(vuser->groups); delete_nt_token(&vuser->nt_user_token); - destroy_privilege(&vuser->privs); SAFE_FREE(vuser); num_validated_vuids--; } @@ -235,11 +234,6 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, return UID_FIELD_INVALID; } - if (server_info->privs) { - init_privilege(&(vuser->privs)); - dup_priv_set(vuser->privs, server_info->privs); - } - /* use this to keep tabs on all our info from the authentication */ vuser->server_info = server_info; @@ -275,14 +269,10 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, vuser->homes_snum = -1; } - if (srv_is_signing_negotiated() && !vuser->guest && !srv_signing_started()) { + if (lp_server_signing() && !vuser->guest && !srv_is_signing_active()) { /* Try and turn on server signing on the first non-guest sessionsetup. */ srv_set_signing(vuser->session_key, response_blob); } - - /* fill in the current_user_info struct */ - set_current_user_info( &vuser->user ); - return vuser->vuid; } diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 620e123e14d..8033c694f5d 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -57,6 +57,8 @@ typedef struct canon_ace { * +------+------+-------------+---------------------+-------------+--------------------+ */ +#define SAMBA_POSIX_INHERITANCE_EA_NAME "user.SAMBA_PAI" + #define PAI_VERSION_OFFSET 0 #define PAI_FLAG_OFFSET 1 #define PAI_NUM_ENTRIES_OFFSET 2 @@ -3181,7 +3183,7 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) the mask bits, not the real group bits, for a file with an ACL. ****************************************************************************/ -int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ) +int get_acl_group_bits( connection_struct *conn, char *fname, mode_t *mode ) { int entry_id = SMB_ACL_FIRST_ENTRY; SMB_ACL_ENTRY_T entry; diff --git a/source/smbd/reply.c b/source/smbd/reply.c index ac239c7e042..f5c4f25e408 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -61,10 +61,6 @@ NTSTATUS check_path_syntax(pstring destname, const pstring srcname) while (IS_DIRECTORY_SEP(*s)) { s++; } - if ((s[0] == '.') && (s[1] == '\0')) { - ret = NT_STATUS_OBJECT_NAME_INVALID; - break; - } if ((d != destname) && (*s != '\0')) { /* We only care about non-leading or trailing '/' or '\\' */ *d++ = '/'; @@ -88,8 +84,7 @@ NTSTATUS check_path_syntax(pstring destname, const pstring srcname) } /* Are we at the start ? Can't go back further if so. */ if (d == destname) { - ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD; - break; + return NT_STATUS_OBJECT_PATH_SYNTAX_BAD; } /* Go back one level... */ /* We know this is safe as '/' cannot be part of a mb sequence. */ @@ -100,7 +95,7 @@ NTSTATUS check_path_syntax(pstring destname, const pstring srcname) d--; } s += 3; - } else if ((s[0] == '.') && (IS_DIRECTORY_SEP(s[1]) || (s[1] == '\0'))) { + } else if ((s[0] == '.') && IS_DIRECTORY_SEP(s[1])) { /* * No mb char starts with '.' so we're safe checking the directory separator here. @@ -110,14 +105,11 @@ NTSTATUS check_path_syntax(pstring destname, const pstring srcname) if (s == srcname) { ret = NT_STATUS_OBJECT_NAME_INVALID; - break; } else { - if (s[1] != '\0' && s[2] == '\0') { - ret = NT_STATUS_INVALID_PARAMETER; - break; + if (s[2] == '\0') { + return NT_STATUS_INVALID_PARAMETER; } ret = NT_STATUS_OBJECT_PATH_NOT_FOUND; - break; } s++; } else { @@ -136,7 +128,6 @@ NTSTATUS check_path_syntax(pstring destname, const pstring srcname) break; default: DEBUG(0,("check_path_syntax: character length assumptions invalid !\n")); - *d = '\0'; return NT_STATUS_INVALID_PARAMETER; } } @@ -687,9 +678,8 @@ int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size else mode &= ~aDIR; - if (check_name(fname,conn)) { - ok = (file_set_dosmode(conn,fname,mode,NULL) == 0); - } + if (check_name(fname,conn)) + ok = (file_chmod(conn,fname,mode,NULL) == 0); } else { ok = True; } @@ -1018,12 +1008,12 @@ int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int share_mode; SMB_OFF_T size = 0; time_t mtime=0; + mode_t unixmode; int rmode=0; SMB_STRUCT_STAT sbuf; BOOL bad_path = False; files_struct *fsp; int oplock_request = CORE_OPLOCK_REQUEST(inbuf); - uint16 dos_attr = SVAL(inbuf,smb_vwv1); NTSTATUS status; START_PROFILE(SMBopen); @@ -1039,8 +1029,10 @@ int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, unix_convert(fname,conn,0,&bad_path,&sbuf); + unixmode = unix_mode(conn,aARCH,fname); + fsp = open_file_shared(conn,fname,&sbuf,share_mode,(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), - (uint32)dos_attr, oplock_request,&rmode,NULL); + unixmode, oplock_request,&rmode,NULL); if (!fsp) { END_PROFILE(SMBopen); @@ -1097,6 +1089,7 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt uint32 smb_time = make_unix_date3(inbuf+smb_vwv6); #endif int smb_ofun = SVAL(inbuf,smb_vwv8); + mode_t unixmode; SMB_OFF_T size=0; int fmode=0,mtime=0,rmode=0; SMB_STRUCT_STAT sbuf; @@ -1128,7 +1121,9 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt unix_convert(fname,conn,0,&bad_path,&sbuf); - fsp = open_file_shared(conn,fname,&sbuf,smb_mode,smb_ofun,(uint32)smb_attr, + unixmode = unix_mode(conn,smb_attr | aARCH, fname); + + fsp = open_file_shared(conn,fname,&sbuf,smb_mode,smb_ofun,unixmode, oplock_request, &rmode,&smb_action); if (!fsp) { @@ -1220,6 +1215,7 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int com; int outsize = 0; int createmode; + mode_t unixmode; int ofun = 0; BOOL bad_path = False; files_struct *fsp; @@ -1244,6 +1240,8 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, if (createmode & aVOLID) DEBUG(0,("Attempt to create file (%s) with volid set - please report this\n",fname)); + unixmode = unix_mode(conn,createmode,fname); + if(com == SMBmknew) { /* We should fail if file exists. */ ofun = FILE_CREATE_IF_NOT_EXIST; @@ -1254,7 +1252,7 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, /* Open file in dos compatibility share mode. */ fsp = open_file_shared(conn,fname,&sbuf,SET_DENY_MODE(DENY_FCB)|SET_OPEN_MODE(DOS_OPEN_FCB), - ofun, (uint32)createmode, oplock_request, NULL, NULL); + ofun, unixmode, oplock_request, NULL, NULL); if (!fsp) { END_PROFILE(SMBcreate); @@ -1271,7 +1269,7 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED); DEBUG( 2, ( "new file %s\n", fname ) ); - DEBUG( 3, ( "mknew %s fd=%d dmode=%d\n", fname, fsp->fd, createmode ) ); + DEBUG( 3, ( "mknew %s fd=%d dmode=%d umode=%o\n", fname, fsp->fd, createmode, (int)unixmode ) ); END_PROFILE(SMBcreate); return(outsize); @@ -1285,7 +1283,8 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, { pstring fname; int outsize = 0; - int createattr; + int createmode; + mode_t unixmode; BOOL bad_path = False; files_struct *fsp; int oplock_request = CORE_OPLOCK_REQUEST(inbuf); @@ -1293,26 +1292,23 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, SMB_STRUCT_STAT sbuf; char *p, *s; NTSTATUS status; - unsigned int namelen; START_PROFILE(SMBctemp); - createattr = SVAL(inbuf,smb_vwv0); + createmode = SVAL(inbuf,smb_vwv0); srvstr_get_path(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), 0, STR_TERMINATE, &status); if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBctemp); return ERROR_NT(status); } - if (*fname) { - pstrcat(fname,"/TMXXXXXX"); - } else { - pstrcat(fname,"TMXXXXXX"); - } + pstrcat(fname,"\\TMXXXXXX"); RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); unix_convert(fname,conn,0,&bad_path,&sbuf); + unixmode = unix_mode(conn,createmode,fname); + tmpfd = smb_mkstemp(fname); if (tmpfd == -1) { END_PROFILE(SMBctemp); @@ -1326,7 +1322,7 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, fsp = open_file_shared(conn,fname,&sbuf, SET_DENY_MODE(DENY_FCB)|SET_OPEN_MODE(DOS_OPEN_FCB), FILE_EXISTS_OPEN|FILE_FAIL_IF_NOT_EXIST, - (uint32)createattr, oplock_request, NULL, NULL); + unixmode, oplock_request, NULL, NULL); /* close fd from smb_mkstemp() */ close(tmpfd); @@ -1347,13 +1343,10 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, s++; p = smb_buf(outbuf); -#if 0 - /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only - thing in the byte section. JRA */ SSVALS(p, 0, -1); /* what is this? not in spec */ -#endif - namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE); - p += namelen; + SSVAL(p, 2, strlen(s)); + p += 4; + p += srvstr_push(outbuf, p, s, -1, STR_ASCII); outsize = set_message_end(outbuf, p); if (oplock_request && lp_fake_oplocks(SNUM(conn))) @@ -1363,8 +1356,8 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED); DEBUG( 2, ( "created temp file %s\n", fname ) ); - DEBUG( 3, ( "ctemp %s fd=%d umode=%o\n", - fname, fsp->fd, sbuf.st_mode ) ); + DEBUG( 3, ( "ctemp %s fd=%d dmode=%d umode=%o\n", + fname, fsp->fd, createmode, (int)unixmode ) ); END_PROFILE(SMBctemp); return(outsize); @@ -1391,7 +1384,7 @@ static NTSTATUS can_rename(char *fname,connection_struct *conn, SMB_STRUCT_STAT unix_ERR_code = 0; fsp = open_file_shared1(conn, fname, pst, DELETE_ACCESS, SET_DENY_MODE(DENY_ALL), - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &smb_action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &smb_action); if (!fsp) { NTSTATUS ret = NT_STATUS_ACCESS_DENIED; @@ -1456,7 +1449,7 @@ static NTSTATUS can_delete(char *fname,connection_struct *conn, int dirtype, BOO unix_ERR_code = 0; fsp = open_file_shared1(conn, fname, &sbuf, DELETE_ACCESS, SET_DENY_MODE(DENY_ALL), - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, 0, &access_mode, &smb_action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &smb_action); if (!fsp) { NTSTATUS ret = NT_STATUS_ACCESS_DENIED; @@ -1575,14 +1568,13 @@ NTSTATUS unlink_internals(connection_struct *conn, int dirtype, char *name) if (sys_direntry) { error = NT_STATUS_OBJECT_NAME_INVALID; - break; + continue; } slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname); error = can_delete(fname,conn,dirtype,bad_path); - if (!NT_STATUS_IS_OK(error)) { + if (!NT_STATUS_IS_OK(error)) continue; - } if (SMB_VFS_UNLINK(conn,fname) == 0) count++; DEBUG(3,("unlink_internals: succesful unlink [%s]\n",fname)); @@ -3409,9 +3401,6 @@ static BOOL resolve_wildcards(const char *name1, char *name2) if (*p2 == '?') { *p2 = *p; p2++; - } else if (*p2 == '*') { - pstrcpy(p2, p); - break; } else { p2++; } @@ -3425,9 +3414,6 @@ static BOOL resolve_wildcards(const char *name1, char *name2) if (*p2 == '?') { *p2 = *p; p2++; - } else if (*p2 == '*') { - pstrcpy(p2, p); - break; } else { p2++; } @@ -3844,7 +3830,7 @@ directory = %s, newname = %s, last_component_dest = %s, is_8_3 = %d\n", if (sysdir_entry) { error = NT_STATUS_OBJECT_NAME_INVALID; - break; + continue; } error = NT_STATUS_ACCESS_DENIED; @@ -3867,14 +3853,6 @@ directory = %s, newname = %s, last_component_dest = %s, is_8_3 = %d\n", continue; } - if (strcsequal(fname,destname)) { - rename_open_files(conn, sbuf1.st_dev, sbuf1.st_ino, newname); - DEBUG(3,("rename_internals: identical names in wildcard rename %s - success\n", fname)); - count++; - error = NT_STATUS_OK; - continue; - } - if (!replace_if_exists && vfs_file_exist(conn,destname, NULL)) { DEBUG(6,("file_exist %s\n", destname)); @@ -3971,8 +3949,7 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun, SMB_OFF_T ret=-1; files_struct *fsp1,*fsp2; pstring dest; - uint32 dosattrs; - + *err_ret = 0; pstrcpy(dest,dest1); @@ -3990,7 +3967,7 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun, return(False); fsp1 = open_file_shared(conn,src,&src_sbuf,SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDONLY), - (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),FILE_ATTRIBUTE_NORMAL,0,&Access,&action); + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),0,0,&Access,&action); if (!fsp1) return(False); @@ -3998,12 +3975,11 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun, if (!target_is_directory && count) ofun = FILE_EXISTS_OPEN; - dosattrs = dos_mode(conn, src, &src_sbuf); if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) ZERO_STRUCTP(&sbuf2); fsp2 = open_file_shared(conn,dest,&sbuf2,SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_WRONLY), - ofun,dosattrs,0,&Access,&action); + ofun,src_sbuf.st_mode,0,&Access,&action); if (!fsp2) { close_file(fsp1,False); diff --git a/source/smbd/sec_ctx.c b/source/smbd/sec_ctx.c index fee71b5ec96..8a85792ead5 100644 --- a/source/smbd/sec_ctx.c +++ b/source/smbd/sec_ctx.c @@ -28,7 +28,6 @@ struct sec_ctx { int ngroups; gid_t *groups; NT_USER_TOKEN *token; - PRIVILEGE_SET *privs; }; /* A stack of security contexts. We include the current context as being @@ -272,14 +271,6 @@ BOOL push_sec_ctx(void) ctx_p->groups = NULL; } - init_privilege(&ctx_p->privs); - if (! NT_STATUS_IS_OK(dup_priv_set(ctx_p->privs, sec_ctx_stack[sec_ctx_stack_ndx-1].privs))) { - DEBUG(0, ("Out of memory on dup_priv_set() in push_sec_ctx()\n")); - delete_nt_token(&ctx_p->token); - destroy_privilege(&ctx_p->privs); - return False; - } - return True; } @@ -287,7 +278,7 @@ BOOL push_sec_ctx(void) Set the current security context to a given user. ****************************************************************************/ -void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token, PRIVILEGE_SET *privs) +void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token) { struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; @@ -312,14 +303,9 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN smb_panic("DUPLICATE_TOKEN"); delete_nt_token(&ctx_p->token); - if (ctx_p->privs) - reset_privilege(ctx_p->privs); - else - init_privilege(&ctx_p->privs); ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups); ctx_p->token = dup_nt_token(token); - dup_priv_set(ctx_p->privs, privs); become_id(uid, gid); @@ -333,7 +319,6 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN current_user.ngroups = ngroups; current_user.groups = groups; current_user.nt_user_token = ctx_p->token; - current_user.privs = ctx_p->privs; } /**************************************************************************** @@ -344,7 +329,7 @@ void set_root_sec_ctx(void) { /* May need to worry about supplementary groups at some stage */ - set_sec_ctx(0, 0, 0, NULL, NULL, NULL); + set_sec_ctx(0, 0, 0, NULL, NULL); } /**************************************************************************** @@ -374,7 +359,6 @@ BOOL pop_sec_ctx(void) ctx_p->ngroups = 0; delete_nt_token(&ctx_p->token); - destroy_privilege(&ctx_p->privs); /* Pop back previous user */ @@ -397,7 +381,6 @@ BOOL pop_sec_ctx(void) current_user.ngroups = prev_ctx_p->ngroups; current_user.groups = prev_ctx_p->groups; current_user.nt_user_token = prev_ctx_p->token; - current_user.privs = prev_ctx_p->privs; DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", (unsigned int)geteuid(), (unsigned int)getegid(), sec_ctx_stack_ndx)); @@ -430,7 +413,6 @@ void init_sec_ctx(void) get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups); ctx_p->token = NULL; /* Maps to guest user. */ - ctx_p->privs = NULL; /* Initialise current_user global */ @@ -445,5 +427,4 @@ void init_sec_ctx(void) current_user.conn = NULL; current_user.vuid = UID_FIELD_INVALID; current_user.nt_user_token = NULL; - current_user.privs = NULL; } diff --git a/source/smbd/server.c b/source/smbd/server.c index 53d07fd905c..1de33739b24 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -249,10 +249,7 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ /* ready to listen */ set_socket_options(s,"SO_KEEPALIVE"); set_socket_options(s,user_socket_options); - - /* Set server socket to non-blocking for the accept. */ - set_blocking(s,False); - + if (listen(s, SMBD_LISTEN_BACKLOG) == -1) { DEBUG(0,("listen: %s\n",strerror(errno))); close(s); @@ -289,9 +286,6 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ set_socket_options(s,"SO_KEEPALIVE"); set_socket_options(s,user_socket_options); - /* Set server socket to non-blocking for the accept. */ - set_blocking(s,False); - if (listen(s, SMBD_LISTEN_BACKLOG) == -1) { DEBUG(0,("open_sockets_smbd: listen: %s\n", strerror(errno))); @@ -384,9 +378,6 @@ static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ continue; } - /* Ensure child is set to blocking mode */ - set_blocking(smbd_server_fd(),True); - if (smbd_server_fd() != -1 && interactive) return True; diff --git a/source/smbd/service.c b/source/smbd/service.c index 1910ef9b72b..08b66482496 100644 --- a/source/smbd/service.c +++ b/source/smbd/service.c @@ -363,7 +363,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, string_set(&conn->dirpath,""); string_set(&conn->user,user); conn->nt_user_token = NULL; - conn->privs = NULL; conn->read_only = lp_readonly(conn->service); conn->admin_user = False; @@ -472,9 +471,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, guest); - - init_privilege(&(conn->privs)); - pdb_get_privilege_set(conn->nt_user_token->user_sids, conn->nt_user_token->num_sids, conn->privs); } /* diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c index b8777be6971..d91aa947286 100644 --- a/source/smbd/sesssetup.c +++ b/source/smbd/sesssetup.c @@ -282,9 +282,6 @@ static int reply_spnego_kerberos(connection_struct *conn, if (sess_vuid == -1) { ret = NT_STATUS_LOGON_FAILURE; } else { - /* current_user_info is changed on new vuid */ - reload_services( True ); - set_message(outbuf,4,0,True); SSVAL(outbuf, smb_vwv3, 0); @@ -294,14 +291,14 @@ static int reply_spnego_kerberos(connection_struct *conn, SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info->guest && !srv_signing_started()) { + if (!server_info->guest) { /* We need to start the signing engine * here but a W2K client sends the old * "BSRSPYL " signature instead of the * correct one. Subsequent packets will * be correct. */ - srv_check_sign_mac(inbuf, False); + srv_check_sign_mac(inbuf); } } @@ -358,9 +355,6 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out nt_status = NT_STATUS_LOGON_FAILURE; } else { - /* current_user_info is changed on new vuid */ - reload_services( True ); - set_message(outbuf,4,0,True); SSVAL(outbuf, smb_vwv3, 0); @@ -370,15 +364,14 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info->guest && !srv_signing_started()) { + if (!server_info->guest) { /* We need to start the signing engine * here but a W2K client sends the old * "BSRSPYL " signature instead of the * correct one. Subsequent packets will * be correct. */ - - srv_check_sign_mac(inbuf, False); + srv_check_sign_mac(inbuf); } } } @@ -918,10 +911,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - /* current_user_info is changed on new vuid */ - reload_services( True ); - - if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) { + if (!server_info->guest && !srv_check_sign_mac(inbuf)) { exit_server("reply_sesssetup_and_X: bad smb signature"); } diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index a88722edde5..2f164dafa28 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -50,325 +50,6 @@ SMB_BIG_UINT get_allocation_size(files_struct *fsp, SMB_STRUCT_STAT *sbuf) } /**************************************************************************** - Utility functions for dealing with extended attributes. -****************************************************************************/ - -static const char *prohibited_ea_names[] = { - SAMBA_POSIX_INHERITANCE_EA_NAME, - SAMBA_XATTR_DOS_ATTRIB, - NULL -}; - -/**************************************************************************** - Refuse to allow clients to overwrite our private xattrs. -****************************************************************************/ - -static BOOL samba_private_attr_name(const char *unix_ea_name) -{ - int i; - - for (i = 0; prohibited_ea_names[i]; i++) { - if (strequal( prohibited_ea_names[i], unix_ea_name)) - return True; - } - return False; -} - -struct ea_list { - struct ea_list *next, *prev; - struct ea_struct ea; -}; - -/**************************************************************************** - Get one EA value. Fill in a struct ea_struct. -****************************************************************************/ - -static BOOL get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp, - const char *fname, char *ea_name, struct ea_struct *pea) -{ - /* Get the value of this xattr. Max size is 64k. */ - size_t attr_size = 256; - char *val = NULL; - ssize_t sizeret; - - again: - - val = talloc_realloc(mem_ctx, val, attr_size); - if (!val) { - return False; - } - - if (fsp && fsp->fd != -1) { - sizeret = SMB_VFS_FGETXATTR(fsp, fsp->fd, ea_name, val, attr_size); - } else { - sizeret = SMB_VFS_GETXATTR(conn, fname, ea_name, val, attr_size); - } - - if (sizeret == -1 && errno == ERANGE && attr_size != 65536) { - attr_size = 65536; - goto again; - } - - if (sizeret == -1) { - return False; - } - - DEBUG(10,("get_ea_value: EA %s is of length %d: ", ea_name, sizeret)); - dump_data(10, val, sizeret); - - pea->flags = 0; - if (strnequal(ea_name, "user.", 5)) { - pea->name = &ea_name[5]; - } else { - pea->name = ea_name; - } - pea->value.data = val; - pea->value.length = (size_t)sizeret; - return True; -} - -/**************************************************************************** - Return a linked list of the total EA's. Plus a guess as to the total size - (NB. The is not the total size on the wire - we need to convert to DOS - codepage for that). -****************************************************************************/ - -static struct ea_list *get_ea_list(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp, const char *fname, size_t *pea_total_len) -{ - /* Get a list of all xattrs. Max namesize is 64k. */ - size_t ea_namelist_size = 1024; - char *ea_namelist; - char *p; - ssize_t sizeret; - int i; - struct ea_list *ea_list_head = NULL; - - if (pea_total_len) { - *pea_total_len = 0; - } - - if (!lp_ea_support(SNUM(conn))) { - return NULL; - } - - for (i = 0, ea_namelist = talloc(mem_ctx, ea_namelist_size); i < 6; - ea_namelist = talloc_realloc(mem_ctx, ea_namelist, ea_namelist_size), i++) { - if (fsp && fsp->fd != -1) { - sizeret = SMB_VFS_FLISTXATTR(fsp, fsp->fd, ea_namelist, ea_namelist_size); - } else { - sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist, ea_namelist_size); - } - - if (sizeret == -1 && errno == ERANGE) { - ea_namelist_size *= 2; - } else { - break; - } - } - - if (sizeret == -1) - return NULL; - - DEBUG(10,("get_ea_list: ea_namelist size = %d\n", sizeret )); - - if (sizeret) { - for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p) + 1) { - struct ea_list *listp, *tmp; - - if (strnequal(p, "system.", 7) || samba_private_attr_name(p)) - continue; - - listp = talloc(mem_ctx, sizeof(struct ea_list)); - if (!listp) - return NULL; - - if (!get_ea_value(mem_ctx, conn, fsp, fname, p, &listp->ea)) { - return NULL; - } - - if (pea_total_len) { - *pea_total_len += 4 + strlen(p) + 1 + listp->ea.value.length; - } - DLIST_ADD_END(ea_list_head, listp, tmp); - } - } - - /* Add on 4 for total length. */ - if (pea_total_len) { - *pea_total_len += 4; - } - return ea_list_head; -} - -/**************************************************************************** - Fill a qfilepathinfo buffer with EA's. -****************************************************************************/ - -static unsigned int fill_ea_buffer(char *pdata, unsigned int total_data_size, - connection_struct *conn, files_struct *fsp, const char *fname) -{ - unsigned int ret_data_size = 4; - char *p = pdata; - size_t total_ea_len; - TALLOC_CTX *mem_ctx = talloc_init("fill_ea_buffer"); - struct ea_list *ea_list = get_ea_list(mem_ctx, conn, fsp, fname, &total_ea_len); - - SMB_ASSERT(total_data_size >= 4); - - SIVAL(pdata,0,0); - if (!mem_ctx) { - return 4; - } - - if (!ea_list) { - talloc_destroy(mem_ctx); - return 4; - } - - if (total_ea_len > total_data_size) { - talloc_destroy(mem_ctx); - return 4; - } - - total_data_size -= 4; - for (p = pdata + 4; ea_list; ea_list = ea_list->next) { - size_t dos_namelen; - fstring dos_ea_name; - push_ascii_fstring(dos_ea_name, ea_list->ea.name); - dos_namelen = strlen(dos_ea_name); - if (dos_namelen > 255 || dos_namelen == 0) { - break; - } - if (ea_list->ea.value.length > 65535) { - break; - } - if (4 + dos_namelen + 1 + ea_list->ea.value.length > total_data_size) { - break; - } - - /* We know we have room. */ - SCVAL(p,0,ea_list->ea.flags); - SCVAL(p,1,dos_namelen); - SSVAL(p,2,ea_list->ea.value.length); - fstrcpy(p+4, dos_ea_name); - memcpy( p + 4 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length); - - total_data_size -= 4 + dos_namelen + 1 + ea_list->ea.value.length; - p += 4 + dos_namelen + 1 + ea_list->ea.value.length; - } - - ret_data_size = PTR_DIFF(p, pdata); - talloc_destroy(mem_ctx); - SIVAL(pdata,0,ret_data_size); - return ret_data_size; -} - -static unsigned int estimate_ea_size(connection_struct *conn, files_struct *fsp, const char *fname) -{ - size_t total_ea_len = 0; - TALLOC_CTX *mem_ctx = talloc_init("estimate_ea_size"); - - (void)get_ea_list(mem_ctx, conn, fsp, fname, &total_ea_len); - talloc_destroy(mem_ctx); - return total_ea_len; -} - -/**************************************************************************** - Set or delete an extended attribute. -****************************************************************************/ - -static NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, const char *fname, - char *pdata, int total_data) -{ - unsigned int namelen; - unsigned int ealen; - int ret; - fstring unix_ea_name; - - if (!lp_ea_support(SNUM(conn))) { - return NT_STATUS_EAS_NOT_SUPPORTED; - } - - if (total_data < 8) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (IVAL(pdata,0) > total_data) { - DEBUG(10,("set_ea: bad total data size (%u) > %u\n", IVAL(pdata,0), (unsigned int)total_data)); - return NT_STATUS_INVALID_PARAMETER; - } - - pdata += 4; - namelen = CVAL(pdata,1); - ealen = SVAL(pdata,2); - pdata += 4; - if (total_data < 8 + namelen + 1 + ealen) { - DEBUG(10,("set_ea: bad total data size (%u) < 8 + namelen (%u) + 1 + ealen (%u)\n", - (unsigned int)total_data, namelen, ealen)); - return NT_STATUS_INVALID_PARAMETER; - } - - if (pdata[namelen] != '\0') { - DEBUG(10,("set_ea: ea name not null terminated\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - fstrcpy(unix_ea_name, "user."); /* All EA's must start with user. */ - pull_ascii(&unix_ea_name[5], pdata, sizeof(fstring) - 5, -1, STR_TERMINATE); - pdata += (namelen + 1); - - DEBUG(10,("set_ea: ea_name %s ealen = %u\n", unix_ea_name, ealen)); - if (ealen) { - DEBUG(10,("set_ea: data :\n")); - dump_data(10, pdata, ealen); - } - - if (samba_private_attr_name(unix_ea_name)) { - DEBUG(10,("set_ea: ea name %s is a private Samba name.\n", unix_ea_name)); - return NT_STATUS_ACCESS_DENIED; - } - - if (ealen == 0) { - /* Remove the attribute. */ - if (fsp && (fsp->fd != -1)) { - DEBUG(10,("set_ea: deleting ea name %s on file %s by file descriptor.\n", - unix_ea_name, fsp->fsp_name)); - ret = SMB_VFS_FREMOVEXATTR(fsp, fsp->fd, unix_ea_name); - } else { - DEBUG(10,("set_ea: deleting ea name %s on file %s.\n", - unix_ea_name, fname)); - ret = SMB_VFS_REMOVEXATTR(conn, fname, unix_ea_name); - } -#ifdef ENOATTR - /* Removing a non existent attribute always succeeds. */ - DEBUG(10,("set_ea: deleting ea name %s didn't exist - succeeding by default.\n", unix_ea_name)); - if (ret == -1 && errno == ENOATTR) { - ret = 0; - } -#endif - } else { - if (fsp && (fsp->fd != -1)) { - DEBUG(10,("set_ea: setting ea name %s on file %s by file descriptor.\n", - unix_ea_name, fsp->fsp_name)); - ret = SMB_VFS_FSETXATTR(fsp, fsp->fd, unix_ea_name, pdata, ealen, 0); - } else { - DEBUG(10,("set_ea: setting ea name %s on file %s.\n", - unix_ea_name, fname)); - ret = SMB_VFS_SETXATTR(conn, fname, unix_ea_name, pdata, ealen, 0); - } - } - - if (ret == -1) { - if (errno == ENOTSUP) { - return NT_STATUS_EAS_NOT_SUPPORTED; - } - return map_nt_error_from_unix(errno); - } - - return NT_STATUS_OK; -} - -/**************************************************************************** Send the required number of replies back. We assume all fields other than the data fields are set correctly for the type of call. @@ -539,6 +220,7 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i int32 open_size; char *pname; pstring fname; + mode_t unixmode; SMB_OFF_T size=0; int fmode=0,mtime=0,rmode; SMB_INO_T inode = 0; @@ -586,7 +268,9 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRnoaccess); } - fsp = open_file_shared(conn,fname,&sbuf,open_mode,open_ofun,(uint32)open_attr, + unixmode = unix_mode(conn,open_attr | aARCH, fname); + + fsp = open_file_shared(conn,fname,&sbuf,open_mode,open_ofun,unixmode, oplock_request, &rmode,&smb_action); if (!fsp) { @@ -2364,8 +2048,8 @@ static int call_trans2qfilepathinfo(connection_struct *conn, break; case SMB_INFO_QUERY_ALL_EAS: - /* We have data_size bytes to put EA's into. */ - data_size = fill_ea_buffer(pdata, data_size, conn, fsp, fname); + data_size = 4; + SIVAL(pdata,0,0); /* ea size */ break; case SMB_FILE_BASIC_INFORMATION: @@ -2411,12 +2095,8 @@ static int call_trans2qfilepathinfo(connection_struct *conn, case SMB_FILE_EA_INFORMATION: case SMB_QUERY_FILE_EA_INFO: - { - unsigned int ea_size = estimate_ea_size(conn, fsp, fname); data_size = 4; - SIVAL(pdata,0,ea_size); break; - } /* Get the 8.3 name - used if NT SMB was negotiated. */ case SMB_QUERY_FILE_ALT_NAME_INFO: @@ -3023,10 +2703,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn, } case SMB_INFO_SET_EA: - status = set_ea(conn, fsp, fname, pdata, total_data); - if (NT_STATUS_V(status) != NT_STATUS_V(NT_STATUS_OK)) - return ERROR_NT(status); - break; + return(ERROR_DOS(ERRDOS,ERReasnotsupported)); /* XXXX um, i don't think this is right. it's also not in the cifs6.txt spec. @@ -3131,8 +2808,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn, new_fsp = open_file_shared1(conn, fname, &sbuf,FILE_WRITE_DATA, SET_OPEN_MODE(DOS_OPEN_RDWR), (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), - FILE_ATTRIBUTE_NORMAL, - 0, &access_mode, &action); + 0, 0, &access_mode, &action); if (new_fsp == NULL) return(UNIXERROR(ERRDOS,ERRbadpath)); @@ -3527,8 +3203,8 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", DEBUG(10,("call_trans2setfilepathinfo: file %s : setting dos mode %x\n", fname, dosmode )); - if(file_set_dosmode(conn, fname, dosmode, NULL)) { - DEBUG(2,("file_set_dosmode of %s failed (%s)\n", fname, strerror(errno))); + if(file_chmod(conn, fname, dosmode, NULL)) { + DEBUG(2,("chmod of %s failed (%s)\n", fname, strerror(errno))); return(UNIXERROR(ERRDOS,ERRnoaccess)); } } @@ -3558,8 +3234,7 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", new_fsp = open_file_shared(conn, fname, &sbuf, SET_OPEN_MODE(DOS_OPEN_RDWR), (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), - FILE_ATTRIBUTE_NORMAL, - 0, &access_mode, &action); + 0, 0, &access_mode, &action); if (new_fsp == NULL) return(UNIXERROR(ERRDOS,ERRbadpath)); diff --git a/source/smbd/uid.c b/source/smbd/uid.c index ff3dd1a56ef..3859298055b 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -44,7 +44,7 @@ BOOL change_to_guest(void) initgroups(pass->pw_name, pass->pw_gid); #endif - set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL); + set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL); current_user.conn = NULL; current_user.vuid = UID_FIELD_INVALID; @@ -161,9 +161,8 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) gid_t gid; uid_t uid; char group_c; - BOOL must_free_token_priv = False; + BOOL must_free_token = False; NT_USER_TOKEN *token = NULL; - PRIVILEGE_SET *privs = NULL; if (!conn) { DEBUG(2,("change_to_user: Connection not open\n")); @@ -196,14 +195,12 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) current_user.groups = conn->groups; current_user.ngroups = conn->ngroups; token = conn->nt_user_token; - privs = conn->privs; } else if ((vuser) && check_user_ok(conn, vuser, snum)) { uid = conn->admin_user ? 0 : vuser->uid; gid = vuser->gid; current_user.ngroups = vuser->n_groups; current_user.groups = vuser->groups; token = vuser->nt_user_token; - privs = vuser->privs; } else { DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid)); return False; @@ -251,20 +248,17 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) DEBUG(1, ("change_to_user: create_nt_token failed!\n")); return False; } - pdb_get_privilege_set(token->user_sids, token->num_sids, privs); - must_free_token_priv = True; + must_free_token = True; } - set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token, privs); + set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token); /* * Free the new token (as set_sec_ctx copies it). */ - if (must_free_token_priv) { + if (must_free_token) delete_nt_token(&token); - destroy_privilege(&privs); - } current_user.conn = conn; current_user.vuid = vuid; @@ -305,7 +299,7 @@ BOOL become_authenticated_pipe_user(pipes_struct *p) return False; set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token, p->pipe_user.privs); + p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token); return True; } diff --git a/source/tdb/spinlock.c b/source/tdb/spinlock.c index 24c4371decc..3b3ebefded3 100644 --- a/source/tdb/spinlock.c +++ b/source/tdb/spinlock.c @@ -1,27 +1,21 @@ /* Unix SMB/CIFS implementation. - - trivial database library - + Samba database functions Copyright (C) Anton Blanchard 2001 - ** NOTE! The following LGPL license applies to the tdb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #if HAVE_CONFIG_H #include <config.h> diff --git a/source/tdb/tdb.c b/source/tdb/tdb.c index cda9fc24750..7b10cfb3777 100644 --- a/source/tdb/tdb.c +++ b/source/tdb/tdb.c @@ -1,29 +1,24 @@ /* Unix SMB/CIFS implementation. - - trivial database library - - Copyright (C) Andrew Tridgell 1999-2004 + Samba database functions + Copyright (C) Andrew Tridgell 1999-2000 + Copyright (C) Luke Kenneth Casson Leighton 2000 Copyright (C) Paul `Rusty' Russell 2000 Copyright (C) Jeremy Allison 2000-2003 - ** NOTE! The following LGPL license applies to the tdb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ @@ -1304,7 +1299,7 @@ static int tdb_next_lock(TDB_CONTEXT *tdb, struct tdb_traverse_lock *tlock, if fn is NULL then it is not called a non-zero return value from fn() indicates that the traversal should stop */ -int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *private) +int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *state) { TDB_DATA key, dbuf; struct list_struct rec; @@ -1342,7 +1337,7 @@ int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *private) ret = -1; goto out; } - if (fn && fn(tdb, key, dbuf, private)) { + if (fn && fn(tdb, key, dbuf, state)) { /* They want us to terminate traversal */ ret = count; if (unlock_record(tdb, tl.off) != 0) { @@ -1491,13 +1486,9 @@ int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag) /* first try in-place update, on modify or replace. */ if (tdb_update_hash(tdb, key, hash, dbuf) == 0) goto out; - if (tdb->ecode == TDB_ERR_NOEXIST && - flag == TDB_MODIFY) { - /* if the record doesn't exist and we are in TDB_MODIFY mode then - we should fail the store */ + if (flag == TDB_MODIFY && tdb->ecode == TDB_ERR_NOEXIST) goto fail; } - } /* reset the error code potentially set by the tdb_update() */ tdb->ecode = TDB_SUCCESS; @@ -1519,7 +1510,9 @@ int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag) if (dbuf.dsize) memcpy(p+key.dsize, dbuf.dptr, dbuf.dsize); - /* we have to allocate some space */ + /* now we're into insert / modify / replace of a record which + * we know could not be optimised by an in-place store (for + * various reasons). */ if (!(rec_ptr = tdb_allocate(tdb, key.dsize + dbuf.dsize, &rec))) goto fail; diff --git a/source/tdb/tdb.h b/source/tdb/tdb.h index eb120a8cecd..6f3b1ff7562 100644 --- a/source/tdb/tdb.h +++ b/source/tdb/tdb.h @@ -3,28 +3,22 @@ /* Unix SMB/CIFS implementation. + Samba database functions + Copyright (C) Andrew Tridgell 1999 - trivial database library + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. - Copyright (C) Andrew Tridgell 1999-2004 - - ** NOTE! The following LGPL license applies to the tdb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #ifdef __cplusplus @@ -50,8 +44,7 @@ extern "C" { /* error codes */ enum TDB_ERROR {TDB_SUCCESS=0, TDB_ERR_CORRUPT, TDB_ERR_IO, TDB_ERR_LOCK, - TDB_ERR_OOM, TDB_ERR_EXISTS, TDB_ERR_NOLOCK, TDB_ERR_LOCK_TIMEOUT, - TDB_ERR_NOEXIST}; + TDB_ERR_OOM, TDB_ERR_EXISTS, TDB_ERR_NOEXIST, TDB_ERR_NOLOCK, TDB_ERR_LOCK_TIMEOUT }; #ifndef u32 #define u32 unsigned @@ -126,7 +119,7 @@ int tdb_append(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA new_dbuf); int tdb_close(TDB_CONTEXT *tdb); TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb); TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA key); -int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *); +int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *state); int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key); int tdb_lockkeys(TDB_CONTEXT *tdb, u32 number, TDB_DATA keys[]); void tdb_unlockkeys(TDB_CONTEXT *tdb); diff --git a/source/torture/torture.c b/source/torture/torture.c index 86bdca62a86..07d568e8795 100644 --- a/source/torture/torture.c +++ b/source/torture/torture.c @@ -3326,7 +3326,7 @@ static BOOL run_rename(int dummy) const char *fname = "\\test.txt"; const char *fname1 = "\\test1.txt"; BOOL correct = True; - int fnum1, fnum2; + int fnum1; printf("starting rename test\n"); @@ -4310,114 +4310,8 @@ BOOL torture_chkpath_test(int dummy) return ret; } -static BOOL run_eatest(int dummy) -{ - static struct cli_state *cli; - const char *fname = "\\eatest.txt"; - BOOL correct = True; - int fnum, i; - size_t num_eas; - struct ea_struct *ea_list = NULL; - TALLOC_CTX *mem_ctx = talloc_init("eatest"); - - printf("starting eatest\n"); - - if (!torture_open_connection(&cli)) { - return False; - } - - cli_unlink(cli, fname); - fnum = cli_nt_create_full(cli, fname, 0, - FIRST_DESIRED_ACCESS, FILE_ATTRIBUTE_ARCHIVE, - FILE_SHARE_NONE, FILE_OVERWRITE_IF, - 0x4044, 0); - - if (fnum == -1) { - printf("open failed - %s\n", cli_errstr(cli)); - return False; - } - - for (i = 0; i < 10; i++) { - fstring ea_name, ea_val; - - slprintf(ea_name, sizeof(ea_name), "EA_%d", i); - memset(ea_val, (char)i+1, i+1); - if (!cli_set_ea_fnum(cli, fnum, ea_name, ea_val, i+1)) { - printf("ea_set of name %s failed - %s\n", ea_name, cli_errstr(cli)); - return False; - } - } - - cli_close(cli, fnum); - for (i = 0; i < 10; i++) { - fstring ea_name, ea_val; - - slprintf(ea_name, sizeof(ea_name), "EA_%d", i+10); - memset(ea_val, (char)i+1, i+1); - if (!cli_set_ea_path(cli, fname, ea_name, ea_val, i+1)) { - printf("ea_set of name %s failed - %s\n", ea_name, cli_errstr(cli)); - return False; - } - } - - if (!cli_get_ea_list_path(cli, fname, mem_ctx, &num_eas, &ea_list)) { - printf("ea_get list failed - %s\n", cli_errstr(cli)); - correct = False; - } - - printf("num_eas = %d\n", num_eas); - - if (num_eas != 20) { - printf("Should be 20 EA's stored... failing.\n"); - correct = False; - } - - for (i = 0; i < num_eas; i++) { - printf("%d: ea_name = %s. Val = ", i, ea_list[i].name); - dump_data(0, ea_list[i].value.data, ea_list[i].value.length); - } - - /* Setting EA's to zero length deletes them. Test this */ - printf("Now deleting all EA's....\n"); - - for (i = 0; i < 20; i++) { - fstring ea_name; - slprintf(ea_name, sizeof(ea_name), "EA_%d", i); - if (!cli_set_ea_path(cli, fname, ea_name, "", 0)) { - printf("ea_set of name %s failed - %s\n", ea_name, cli_errstr(cli)); - return False; - } - } - - if (!cli_get_ea_list_path(cli, fname, mem_ctx, &num_eas, &ea_list)) { - printf("ea_get list failed - %s\n", cli_errstr(cli)); - correct = False; - } - - printf("num_eas = %d\n", num_eas); - for (i = 0; i < num_eas; i++) { - printf("%d: ea_name = %s. Val = ", i, ea_list[i].name); - dump_data(0, ea_list[i].value.data, ea_list[i].value.length); - } - if (num_eas != 0) { - printf("deleting EA's failed.\n"); - correct = False; - } - /* Try and delete a non existant EA. */ - if (!cli_set_ea_path(cli, fname, "foo", "", 0)) { - printf("deleting non-existant EA 'foo' should succeed. %s\n", cli_errstr(cli)); - correct = False; - } - - talloc_destroy(mem_ctx); - if (!torture_close_connection(cli)) { - correct = False; - } - - return correct; -} static BOOL run_dirtest1(int dummy) { @@ -4756,7 +4650,6 @@ static struct { {"IOCTL", torture_ioctl_test, 0}, {"CHKPATH", torture_chkpath_test, 0}, {"FDSESS", run_fdsesstest, 0}, - { "EATEST", run_eatest, 0}, {NULL, NULL, 0}}; diff --git a/source/utils/net.c b/source/utils/net.c index e4484488b61..f6d6de0a74f 100644 --- a/source/utils/net.c +++ b/source/utils/net.c @@ -647,7 +647,6 @@ static struct functable net_func[] = { #ifdef WITH_FAKE_KASERVER {"AFSKEY", net_afskey}, #endif - {"PRIV", net_priv}, {"HELP", net_help}, {NULL, NULL} diff --git a/source/utils/net_ads_cldap.c b/source/utils/net_ads_cldap.c index 1903172cf75..44de9cb8911 100644 --- a/source/utils/net_ads_cldap.c +++ b/source/utils/net_ads_cldap.c @@ -29,7 +29,7 @@ struct cldap_netlogon_reply { uint32 type; uint32 flags; - UUID_FLAT guid; + GUID guid; char forest[MAX_DNS_LABEL]; char domain[MAX_DNS_LABEL]; @@ -241,8 +241,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) reply->type = IVAL(p, 0); p += 4; reply->flags = IVAL(p, 0); p += 4; - memcpy(&reply->guid.info, p, UUID_FLAT_SIZE); - p += UUID_FLAT_SIZE; + memcpy(&reply->guid.info, p, GUID_SIZE); + p += GUID_SIZE; p += pull_netlogon_string(reply->forest, p, (const char *)os3.data); p += pull_netlogon_string(reply->domain, p, (const char *)os3.data); @@ -316,8 +316,8 @@ int ads_cldap_netlogon(ADS_STRUCT *ads) d_printf("0x%x\n", reply.type); break; } - d_printf("GUID: %s\n", - smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); + d_printf("GUID: "); + print_guid(&reply.guid); d_printf("Flags:\n" "\tIs a PDC: %s\n" "\tIs a GC of the forest: %s\n" diff --git a/source/utils/net_groupmap.c b/source/utils/net_groupmap.c index 78e763e1818..2b487ef17b4 100644 --- a/source/utils/net_groupmap.c +++ b/source/utils/net_groupmap.c @@ -608,102 +608,6 @@ static int net_groupmap_cleanup(int argc, const char **argv) return 0; } -static int net_groupmap_addmem(int argc, const char **argv) -{ - DOM_SID alias, member; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap addmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_add_aliasmem(&alias, &member)) { - d_printf("Could not add sid %s to alias %s\n", - argv[1], argv[0]); - return -1; - } - - return 0; -} - -static int net_groupmap_delmem(int argc, const char **argv) -{ - DOM_SID alias, member; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap delmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_del_aliasmem(&alias, &member)) { - d_printf("Could not delete sid %s from alias %s\n", - argv[1], argv[0]); - return -1; - } - - return 0; -} - -static int net_groupmap_listmem(int argc, const char **argv) -{ - DOM_SID alias; - DOM_SID *members; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&alias, argv[0]) ) { - d_printf("Usage: net groupmap listmem alias-sid\n"); - return -1; - } - - if (!pdb_enum_aliasmem(&alias, &members, &num)) { - d_printf("Could not list members for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(members[i]))); - } - - SAFE_FREE(members); - - return 0; -} - -static int net_groupmap_memberships(int argc, const char **argv) -{ - DOM_SID member; - DOM_SID *aliases; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&member, argv[0]) ) { - d_printf("Usage: net groupmap memberof sid\n"); - return -1; - } - - if (!pdb_enum_alias_memberships(&member, &aliases, &num)) { - d_printf("Could not list memberships for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(aliases[i]))); - } - - SAFE_FREE(aliases); - - return 0; -} - int net_help_groupmap(int argc, const char **argv) { d_printf("net groupmap add"\ @@ -712,14 +616,6 @@ int net_help_groupmap(int argc, const char **argv) "\n Update a group mapping\n"); d_printf("net groupmap delete"\ "\n Remove a group mapping\n"); - d_printf("net groupmap addmember"\ - "\n Add a foreign alias member\n"); - d_printf("net groupmap delmember"\ - "\n Delete a foreign alias member\n"); - d_printf("net groupmap listmembers"\ - "\n List foreign group members\n"); - d_printf("net groupmap memberships"\ - "\n List foreign group memberships\n"); d_printf("net groupmap list"\ "\n List current group map\n"); d_printf("net groupmap set"\ @@ -742,22 +638,16 @@ int net_groupmap(int argc, const char **argv) {"delete", net_groupmap_delete}, {"set", net_groupmap_set}, {"cleanup", net_groupmap_cleanup}, - {"addmem", net_groupmap_addmem}, - {"delmem", net_groupmap_delmem}, - {"listmem", net_groupmap_listmem}, - {"memberships", net_groupmap_memberships}, {"list", net_groupmap_list}, {"help", net_help_groupmap}, {NULL, NULL} }; /* we shouldn't have silly checks like this */ -#if 0 if (getuid() != 0) { d_printf("You must be root to edit group mappings.\nExiting...\n"); return -1; } -#endif if ( argc ) return net_run_function(argc, argv, func, net_help_groupmap); diff --git a/source/utils/net_privileges.c b/source/utils/net_privileges.c deleted file mode 100644 index 95a3326ce3e..00000000000 --- a/source/utils/net_privileges.c +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. - * Copyright (C) Gerald Carter 2003. - * Copyright (C) Simo Sorce 2003. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -#include "includes.h" -#include "../utils/net.h" - -extern PRIVS privs[]; - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static uint32 get_int_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return 0; - - return atoi(p+1); -} - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static char* get_string_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return NULL; - - return (p+1); -} - -/********************************************************* - Dump a GROUP_MAP entry to stdout (long or short listing) -**********************************************************/ - -static void print_priv_entry(const char *privname, const char *description, const char *sid_list) -{ - d_printf("%s\n", privname); - - if (description) { - d_printf("\tdescription: %s\n", description); - } - - if (sid_list) { - d_printf("\tSIDs: %s\n", sid_list); - } else { - d_printf("\tNo SIDs in this privilege\n"); - } -} - -/********************************************************* - List the groups. -**********************************************************/ -static int net_priv_list(int argc, const char **argv) -{ - fstring privname = ""; - fstring sid_string = ""; - int i; - BOOL verbose = False; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (StrnCaseCmp(argv[i], "privname", strlen("privname")) == 0) { - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "sid", strlen("sid")) == 0) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "verbose", strlen("verbose")) == 0) { - verbose = True; - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (sid_string[0] != '\0') { - /* list all privileges of a single sid */ - - } else { - char *sid_list = NULL; - - if (privname[0] != '\0') { - const char *description = NULL; - - BOOL found = False; - - for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - if (StrCaseCmp(privs[i].priv, privname) == 0) { - description = privs[i].description; - found = True; - break; - } - } - if (!found) { - d_printf("No such privilege!\n"); - return -1; - } - - /* Get the current privilege from the database */ - pdb_get_privilege_entry(privname, &sid_list); - print_priv_entry(privname, description, sid_list); - - SAFE_FREE(sid_list); - - } else for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - - if (!pdb_get_privilege_entry(privs[i].priv, &sid_list)) { - if (!verbose) - continue; - - sid_list = NULL; - } - - print_priv_entry(privs[i].priv, privs[i].description, sid_list); - - SAFE_FREE(sid_list); - } - } - - return 0; -} - -/********************************************************* - Add a sid to a privilege entry -**********************************************************/ - -static int net_priv_add(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (StrnCaseCmp(argv[i], "rid", strlen("rid")) == 0) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "privilege", strlen("privilege")) == 0) { - BOOL found = False; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (StrCaseCmp(privs[j].priv, privname) == 0) { - found = True; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "sid", strlen("sid")) == 0) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (privname[0] == '\0') { - d_printf("Usage: net priv add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net priv add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (sid_string[0] == '\0') { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } else { - string_to_sid(&sid, sid_string); - } - - if (!pdb_add_sid_to_privilege(privname, &sid)) { - d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully added SID %s to privilege %s\n", sid_string, privname); - return 0; -} - -/********************************************************* - Remove a SID froma privilege entry -**********************************************************/ - -static int net_priv_remove(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (StrnCaseCmp(argv[i], "rid", strlen("rid")) == 0) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "privilege", strlen("privilege")) == 0) { - BOOL found = False; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (StrCaseCmp(privs[j].priv, privname) == 0) { - found = True; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "sid", strlen("sid")) == 0) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (privname[0] == '\0') { - d_printf("Usage: net priv remove {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net priv remove {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (sid_string[0] == '\0') { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } else { - string_to_sid(&sid, sid_string); - } - - if (!pdb_remove_sid_from_privilege(privname, &sid)) { - d_printf("removing sid %s from privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully removed SID %s from privilege %s\n", sid_string, privname); - return 0; -} - -int net_help_priv(int argc, const char **argv) -{ - d_printf("net priv add sid\n" \ - " Add sid to privilege\n"); - d_printf("net priv remove sid\n"\ - " Remove sid from privilege\n"); - d_printf("net priv list\n"\ - " List sids per privilege\n"); - - return -1; -} - - -/*********************************************************** - migrated functionality from smbgroupedit - **********************************************************/ -int net_priv(int argc, const char **argv) -{ - struct functable func[] = { - {"add", net_priv_add}, - {"remove", net_priv_remove}, - {"list", net_priv_list}, - {"help", net_help_priv}, - {NULL, NULL} - }; - - /* we shouldn't have silly checks like this */ - if (getuid() != 0) { - d_printf("You must be root to edit privilege mappings.\nExiting...\n"); - return -1; - } - - if ( argc ) - return net_run_function(argc, argv, func, net_help_priv); - - return net_help_priv(argc, argv); -} - diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c index 2213a9bae37..ec0f4041769 100644 --- a/source/utils/ntlm_auth.c +++ b/source/utils/ntlm_auth.c @@ -1111,8 +1111,7 @@ static BOOL manage_client_krb5_init(SPNEGO_DATA spnego) pstr_sprintf(user, "%s@%s", opt_username, opt_domain); - if ((retval = kerberos_kinit_password(user, opt_password, - 0, NULL))) { + if ((retval = kerberos_kinit_password(user, opt_password, 0))) { DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval))); x_fprintf(x_stdout, "NA\n"); return True; diff --git a/source/utils/pdbedit.c b/source/utils/pdbedit.c index af96413c5ae..3f7aba83668 100644 --- a/source/utils/pdbedit.c +++ b/source/utils/pdbedit.c @@ -49,10 +49,6 @@ #define BIT_EXPORT 0x02000000 #define BIT_FIX_INIT 0x04000000 #define BIT_BADPWRESET 0x08000000 -#define BIT_TRUSTDOM 0x10000000 -#define BIT_TRUSTPW 0x20000000 -#define BIT_TRUSTSID 0x40000000 -#define BIT_TRUSTFLAGS 0x80000000 #define MASK_ALWAYS_GOOD 0x0000001F #define MASK_USER_GOOD 0x00401F00 @@ -228,121 +224,6 @@ static int print_user_info (struct pdb_context *in, const char *username, BOOL v return ret; } - - -/** - * Trust password flag name to flag conversion - * - * @param flag_name SAM_TRUST_PASSWD structure flag name - * @return flag value - **/ - -static int trustpw_flag(const char* flag_name) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (!StrCaseCmp(flags[i].name, flag_name)) { - return flags[i].val; - } - } - - return 0; -} - - -/** - * Trust password flag to flag name conversion - * - * @param val SAM_TRUST_PASSWD structure flag - * @return passed flag name - **/ - -static char* trustpw_flag_name(const int val) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (flags[i].val == val) { - return strdup(flags[i].name); - } - } - - return strdup("unknown flag"); -} - - -/** - * Print trust password structure information - * - * @param mem_ctx memory context (for unicode name conversion) - * @param trust SAM_TRUST_PASSWD structure - * @param verbose verbose mode on/off - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_info(TALLOC_CTX *mem_ctx, SAM_TRUST_PASSWD *trust, BOOL verbose) -{ - char *dom_name; - if (!mem_ctx || !trust) return -1; - - /* convert unicode domain name to char* */ - if (!pull_ucs2_talloc(mem_ctx, &dom_name, trust->private.uni_name)) return -1; - dom_name[trust->private.uni_name_len] = 0; - - /* different output depending on level of verbosity */ - if (verbose) { - printf("Domain name: %s\n", dom_name); - printf("Domain SID: %s\n", sid_string_static(&trust->private.domain_sid)); - printf("Trust password %s\n", trust->private.pass); - printf("Trust type: %s\n", trustpw_flag_name(trust->private.flags)); - printf("Last modified %s\n", trust->private.mod_time ? http_timestring(trust->private.mod_time) : "0"); - - } else { - printf("%s:%s\n", dom_name, sid_string_static(&trust->private.domain_sid)); - } - - return 0; -} - - -/** - * Print trust password information by given name - * - * @param in initialised pdb_context - * @param name domain name of the trust password - * @param verbose verbose mode on/off - * @param smbpwdstyle smbpassword-style output (ignored here) - * @return 0 on success, otherwise failure - **/ - -static int print_trust_info(struct pdb_context *in, const char *name, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - if (NT_STATUS_IS_OK(in->pdb_gettrustpwnam(in, &trust, name))) { - return print_trustpw_info(mem_ctx, &trust, verbose); - } - - return -1; -} /********************************************************* List Users @@ -373,47 +254,6 @@ static int print_users_list (struct pdb_context *in, BOOL verbosity, BOOL smbpwd return 0; } - -/** - * List trust passwords - * - * @param in initialised pdb context - * @param verbose turn on/off verbose mode - * @param smbpwdstyle ignored here (there was no trust passwords in smbpasswd file) - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_list(struct pdb_context *in, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - - /* start enumeration and initialise memory context */ - status = in->pdb_settrustpwent(in); - if (NT_STATUS_IS_ERR(status)) return -1; - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - /* small separation to make it clear these are not regular accounts */ - if (!verbose) printf("---\n"); - - do { - /* fetch next trust password */ - status = in->pdb_gettrustpwent(in, &trust); - - if (trust.private.uni_name_len) { - /* print trust password info */ - if (verbose) printf ("---------------\n"); - print_trustpw_info(mem_ctx, &trust, verbose); - } - - } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) || NT_STATUS_EQUAL(status, NT_STATUS_OK)); - - talloc_destroy(mem_ctx); - return 0; -} - - /********************************************************* Fix a list of Users for uninitialised passwords **********************************************************/ @@ -698,129 +538,6 @@ static int new_machine (struct pdb_context *in, const char *machine_in) return 0; } - -/** - * Add new trusting domain account - * - * @param in initialised pdb_context - * @param dom_name trusted domain name given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustdom(struct pdb_context *in, const char *dom_name) -{ - /* TODO */ - return -1; -} - - -/** - * Add new trust relationship password - * - * @param in initialised pdb_context - * @param dom_name trusting domain name given in command line - * @param dom_sid domain sid given in command line - * @param flag trust password type flag given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustpw(struct pdb_context *in, const char *dom_name, - const char *dom_sid, const char* flag) -{ - TALLOC_CTX *mem_ctx = NULL; - SAM_TRUST_PASSWD trust; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - POLICY_HND connect_hnd; - DOM_SID *domain_sid = NULL; - smb_ucs2_t *uni_name = NULL; - char *givenpass, *domain_name = NULL; - struct in_addr srv_ip; - fstring srv_name, myname; - struct cli_state *cli; - time_t lct; - - if (!dom_name) return -1; - - mem_ctx = talloc_init("pdbedit: adding new trust password"); - - /* unicode name */ - trust.private.uni_name_len = strnlen(dom_name, 32); - push_ucs2_talloc(mem_ctx, &uni_name, dom_name); - strncpy_w(trust.private.uni_name, uni_name, 32); - - /* flags */ - trust.private.flags = trustpw_flag(flag); - - /* trusting SID */ - if (!dom_sid) { - /* if sid is not specified in command line, do our best - to establish it */ - - /* find domain PDC */ - if (!get_pdc_ip(dom_name, &srv_ip)) - return -1; - if (is_zero_ip(srv_ip)) - return -1; - if (!name_status_find(dom_name, 0x1b, 0x20, srv_ip, srv_name)) - return -1; - - get_myname(myname); - - /* Connect the domain pdc... */ - nt_status = cli_full_connection(&cli, myname, srv_name, &srv_ip, 139, - "IPC$", "IPC", "", "", "", 0, Undefined, NULL); - if (NT_STATUS_IS_ERR(nt_status)) - return -1; - if (!cli_nt_session_open(cli, PI_LSARPC)) - return -1; - - /* ...and query the domain sid */ - nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, - &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd, - 5, &domain_name, &domain_sid); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - cli_nt_session_close(cli); - cli_shutdown(cli); - - /* copying sid to trust password structure */ - sid_copy(&trust.private.domain_sid, domain_sid); - - } else { - if (!string_to_sid(&trust.private.domain_sid, dom_sid)) { - printf("Error: wrong SID specified !\n"); - return -1; - } - } - - /* password */ - givenpass = getpass("password:"); - memset(trust.private.pass, '\0', FSTRING_LEN); - strncpy(trust.private.pass, givenpass, FSTRING_LEN); - - /* last change time */ - lct = time(NULL); - trust.private.mod_time = lct; - - /* store trust password in passdb */ - nt_status = in->pdb_add_trust_passwd(in, &trust); - - talloc_destroy(mem_ctx); - if (NT_STATUS_IS_OK(nt_status)) - return 0; - - return -1; -} - - /********************************************************* Delete user entry **********************************************************/ @@ -886,7 +603,6 @@ int main (int argc, char **argv) static BOOL verbose = False; static BOOL spstyle = False; static BOOL machine = False; - static BOOL trustdom = False; static BOOL add_user = False; static BOOL delete_user = False; static BOOL modify_user = False; @@ -910,10 +626,6 @@ int main (int argc, char **argv) static long int account_policy_value = 0; BOOL account_policy_value_set = False; static BOOL badpw_reset = False; - /* trust password parameters */ - static char *trustpw = NULL; - static char *trustsid = NULL; - static char *trustflags = NULL; struct pdb_context *bin; struct pdb_context *bout; @@ -934,12 +646,8 @@ int main (int argc, char **argv) {"group SID", 'G', POPT_ARG_STRING, &group_sid, 0, "set group SID or RID", NULL}, {"create", 'a', POPT_ARG_NONE, &add_user, 0, "create user", NULL}, {"modify", 'r', POPT_ARG_NONE, &modify_user, 0, "modify user", NULL}, - {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"machine", 'm', POPT_ARG_NONE, &machine, 0, "account is a machine account", NULL}, - {"trustdom", 'I', POPT_ARG_NONE, &trustdom, 0, "account is a domain trust account", NULL}, - {"trustpw", 'N', POPT_ARG_STRING, &trustpw, 0, "trust password's domain name", NULL}, - {"trustsid", 'T', POPT_ARG_STRING, &trustsid, 0, "trust password's domain sid", NULL}, - {"trustflags", 'F', POPT_ARG_STRING, &trustflags, 0, "trust password flags", NULL}, + {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"backend", 'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL}, {"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL}, {"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL}, @@ -991,10 +699,6 @@ int main (int argc, char **argv) (logon_script ? BIT_LOGSCRIPT : 0) + (profile_path ? BIT_PROFILE : 0) + (machine ? BIT_MACHINE : 0) + - (trustdom ? BIT_TRUSTDOM : 0) + - (trustpw ? BIT_TRUSTPW : 0) + - (trustsid ? BIT_TRUSTSID : 0) + - (trustflags ? BIT_TRUSTFLAGS : 0) + (user_name ? BIT_USER : 0) + (list_users ? BIT_LIST : 0) + (force_initialised_password ? BIT_FIX_INIT : 0) + @@ -1094,14 +798,10 @@ int main (int argc, char **argv) /* list users operations */ if (checkparms & BIT_LIST) { if (!(checkparms & ~BIT_LIST)) { - print_users_list (bdef, verbose, spstyle); - return print_trustpw_list(bdef, verbose, spstyle); + return print_users_list (bdef, verbose, spstyle); } if (!(checkparms & ~(BIT_USER + BIT_LIST))) { return print_user_info (bdef, user_name, verbose, spstyle); - - } else if (!(checkparms & ~(BIT_TRUSTPW + BIT_LIST))) { - return print_trust_info(bdef, trustpw, verbose, spstyle); } } @@ -1117,21 +817,15 @@ int main (int argc, char **argv) /* account operation */ if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { /* check use of -u option */ - if (!(checkparms & (BIT_USER + BIT_TRUSTPW))) { + if (!(checkparms & BIT_USER)) { fprintf (stderr, "Username not specified! (use -u option)\n"); return -1; } /* account creation operations */ - if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE + BIT_TRUSTDOM))) { - /* machine trust account */ + if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE))) { if (checkparms & BIT_MACHINE) { return new_machine (bdef, user_name); - /* interdomain trust account */ - } else if (checkparms & BIT_TRUSTDOM) { - return new_trustdom(bdef, user_name); - - /* ordinary user account */ } else { return new_user (bdef, user_name, full_name, home_dir, home_drive, logon_script, @@ -1160,15 +854,6 @@ int main (int argc, char **argv) } } - /* trust password operation */ - if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { - /* trust password creation */ - if (!(checkparms & ~(BIT_CREATE + BIT_TRUSTPW + BIT_TRUSTSID + BIT_TRUSTFLAGS))) { - return new_trustpw(bdef, trustpw, trustsid, trustflags); - } - } - - if (setparms >= 0x20) { fprintf (stderr, "Incompatible or insufficient options on command line!\n"); } @@ -1176,4 +861,3 @@ int main (int argc, char **argv) return 1; } - |