diff options
Diffstat (limited to 'source/passdb')
| -rw-r--r-- | source/passdb/login_cache.c | 2 | ||||
| -rw-r--r-- | source/passdb/lookup_sid.c | 443 | ||||
| -rw-r--r-- | source/passdb/passdb.c | 45 | ||||
| -rw-r--r-- | source/passdb/pdb_get_set.c | 113 | ||||
| -rw-r--r-- | source/passdb/pdb_interface.c | 189 | ||||
| -rw-r--r-- | source/passdb/pdb_ldap.c | 152 | ||||
| -rw-r--r-- | source/passdb/pdb_nds.c | 11 | ||||
| -rw-r--r-- | source/passdb/pdb_smbpasswd.c | 76 | ||||
| -rw-r--r-- | source/passdb/pdb_tdb.c | 43 | ||||
| -rw-r--r-- | source/passdb/secrets.c | 253 |
10 files changed, 873 insertions, 454 deletions
diff --git a/source/passdb/login_cache.c b/source/passdb/login_cache.c index 9a19dcf437a..7fd3b47826f 100644 --- a/source/passdb/login_cache.c +++ b/source/passdb/login_cache.c @@ -140,7 +140,7 @@ BOOL login_cache_write(const struct samu *sampass, LOGIN_CACHE entry) entry.acct_ctrl, entry.bad_password_count, entry.bad_password_time); - databuf.dptr = SMB_MALLOC(databuf.dsize); + databuf.dptr = SMB_MALLOC_ARRAY(char, databuf.dsize); if (!databuf.dptr) { SAFE_FREE(keybuf.dptr); return False; diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index 7082cd3abd4..0b596fc8d7f 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -33,7 +33,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, const char *full_name, int flags, const char **ret_domain, const char **ret_name, - DOM_SID *ret_sid, enum SID_NAME_USE *ret_type) + DOM_SID *ret_sid, enum lsa_SidType *ret_type) { char *p; const char *tmp; @@ -41,7 +41,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, const char *name = NULL; uint32 rid; DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { @@ -65,6 +65,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, if ((domain == NULL) || (name == NULL)) { DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(tmp_ctx); return False; } @@ -76,7 +77,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, sid_append_rid(&sid, rid); goto ok; } - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } if (strequal(domain, builtin_domain_name())) { @@ -88,7 +90,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, type = SID_NAME_ALIAS; goto ok; } - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } /* Try the explicit winbind lookup first, don't let it guess the @@ -104,7 +107,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, type = SID_NAME_USER; goto ok; } - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } if (strequal(domain, unix_groups_domain_name())) { @@ -112,11 +116,13 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, type = SID_NAME_DOM_GRP; goto ok; } - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) { - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } /* Now the guesswork begins, we haven't been given an explicit @@ -146,7 +152,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, if (strequal(name, get_global_sam_name())) { if (!secrets_fetch_domain_sid(name, &sid)) { DEBUG(3, ("Could not fetch my SID\n")); - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } /* Swap domain and name */ tmp = name; name = domain; domain = tmp; @@ -159,7 +166,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, if (!IS_DC && strequal(name, lp_workgroup())) { if (!secrets_fetch_domain_sid(name, &sid)) { DEBUG(3, ("Could not fetch the domain SID\n")); - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } /* Swap domain and name */ tmp = name; name = domain; domain = tmp; @@ -203,7 +211,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, /* Now our local possibilities are exhausted. */ if (!(flags & LOOKUP_NAME_REMOTE)) { - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } /* If we are not a DC, we have to ask in our primary domain. Let @@ -223,7 +232,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, if (IS_DC && winbind_lookup_name("", name, &sid, &type)) { DOM_SID dom_sid; uint32 tmp_rid; - enum SID_NAME_USE domain_type; + enum lsa_SidType domain_type; if (type == SID_NAME_DOMAIN) { /* Swap name and type */ @@ -243,7 +252,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, (domain_type != SID_NAME_DOMAIN)) { DEBUG(2, ("winbind could not find the domain's name " "it just looked up for us\n")); - goto failed; + TALLOC_FREE(tmp_ctx); + return False; } goto ok; } @@ -265,7 +275,10 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, goto ok; } - failed: + /* + * Ok, all possibilities tried. Fail. + */ + TALLOC_FREE(tmp_ctx); return False; @@ -276,14 +289,26 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, return False; } - if (ret_name != NULL) { - *ret_name = talloc_steal(mem_ctx, name); + /* + * Hand over the results to the talloc context we've been given. + */ + + if ((ret_name != NULL) && + !(*ret_name = talloc_strdup(mem_ctx, name))) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(tmp_ctx); + return False; } if (ret_domain != NULL) { - char *tmp_dom = talloc_strdup(tmp_ctx, domain); + char *tmp_dom; + if (!(tmp_dom = talloc_strdup(mem_ctx, domain))) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(tmp_ctx); + return False; + } strupper_m(tmp_dom); - *ret_domain = talloc_steal(mem_ctx, tmp_dom); + *ret_domain = tmp_dom; } if (ret_sid != NULL) { @@ -307,7 +332,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx, const char *full_name, int flags, const char **ret_domain, const char **ret_name, - DOM_SID *ret_sid, enum SID_NAME_USE *ret_type) + DOM_SID *ret_sid, enum lsa_SidType *ret_type) { char *qualified_name; const char *p; @@ -348,7 +373,7 @@ BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx, ret_sid, ret_type)) { return True; } - + /* Finally try with "Unix Users" or "Unix Group" */ qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", flags & LOOKUP_NAME_GROUP ? @@ -364,46 +389,60 @@ BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx, ret_sid, ret_type); } -static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx, - const DOM_SID *domain_sid, - int num_rids, uint32 *rids, - const char **domain_name, - const char **names, uint32 *types) +static BOOL wb_lookup_rids(TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + int num_rids, uint32 *rids, + const char **domain_name, + const char **names, enum lsa_SidType *types) { - /* Unless the winbind interface is upgraded, fall back to ask for - * individual sids. I imagine introducing a lookuprids operation that - * directly proxies to lsa_lookupsids to the correct DC. -- vl */ - int i; - for (i=0; i<num_rids; i++) { - DOM_SID sid; + const char **my_names; + enum lsa_SidType *my_types; + TALLOC_CTX *tmp_ctx; - sid_copy(&sid, domain_sid); - sid_append_rid(&sid, rids[i]); + if (!(tmp_ctx = talloc_init("wb_lookup_rids"))) { + return False; + } - if (winbind_lookup_sid(mem_ctx, &sid, - *domain_name == NULL ? - domain_name : NULL, - &names[i], &types[i])) { - if ((names[i] == NULL) || ((*domain_name) == NULL)) { - return False; - } - } else { + if (!winbind_lookup_rids(tmp_ctx, domain_sid, num_rids, rids, + domain_name, &my_names, &my_types)) { + *domain_name = ""; + for (i=0; i<num_rids; i++) { + names[i] = ""; types[i] = SID_NAME_UNKNOWN; } + return True; + } + + /* + * winbind_lookup_rids allocates its own array. We've been given the + * array, so copy it over + */ + + for (i=0; i<num_rids; i++) { + if (my_names[i] == NULL) { + TALLOC_FREE(tmp_ctx); + return False; + } + if (!(names[i] = talloc_strdup(names, my_names[i]))) { + TALLOC_FREE(tmp_ctx); + return False; + } + types[i] = my_types[i]; } + TALLOC_FREE(tmp_ctx); return True; } static BOOL lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, int num_rids, uint32_t *rids, const char **domain_name, - const char ***names, enum SID_NAME_USE **types) + const char ***names, enum lsa_SidType **types) { int i; *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids); - *types = TALLOC_ARRAY(mem_ctx, enum SID_NAME_USE, num_rids); + *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); if ((*names == NULL) || (*types == NULL)) { return False; @@ -500,8 +539,8 @@ static BOOL lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, return True; } - return winbind_lookup_rids(mem_ctx, domain_sid, num_rids, rids, - domain_name, *names, *types); + return wb_lookup_rids(mem_ctx, domain_sid, num_rids, rids, + domain_name, *names, *types); } /* @@ -512,7 +551,7 @@ static BOOL lookup_as_domain(const DOM_SID *sid, TALLOC_CTX *mem_ctx, const char **name) { const char *tmp; - enum SID_NAME_USE type; + enum lsa_SidType type; if (sid_check_is_domain(sid)) { *name = talloc_strdup(mem_ctx, get_global_sam_name()); @@ -638,18 +677,17 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, int i, j; - tmp_ctx = talloc_new(mem_ctx); - if (tmp_ctx == NULL) { + if (!(tmp_ctx = talloc_new(mem_ctx))) { DEBUG(0, ("talloc_new failed\n")); return NT_STATUS_NO_MEMORY; } - name_infos = TALLOC_ARRAY(tmp_ctx, struct lsa_name_info, num_sids); - dom_infos = TALLOC_ZERO_ARRAY(tmp_ctx, struct lsa_dom_info, + name_infos = TALLOC_ARRAY(mem_ctx, struct lsa_name_info, num_sids); + dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info, MAX_REF_DOMAINS); if ((name_infos == NULL) || (dom_infos == NULL)) { result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } /* First build up the data structures: @@ -684,7 +722,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, */ if (domain_name == NULL) { result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } name_infos[i].rid = 0; @@ -698,14 +736,14 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, name_infos, builtin_domain_name()); if (name_infos[i].name == NULL) { result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } } } else { /* This is a normal SID with rid component */ if (!sid_split_rid(&sid, &rid)) { result = NT_STATUS_INVALID_PARAMETER; - goto done; + goto fail; } } @@ -728,7 +766,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, if (j == MAX_REF_DOMAINS) { /* TODO: What's the right error message here? */ result = NT_STATUS_NONE_MAPPED; - goto done; + goto fail; } if (!dom_infos[j].valid) { @@ -741,7 +779,11 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, /* This name was being found above in the case * when we found a domain SID */ dom_infos[j].name = - talloc_steal(dom_infos, domain_name); + talloc_strdup(dom_infos, domain_name); + if (dom_infos[j].name == NULL) { + result = NT_STATUS_NO_MEMORY; + goto fail; + } } else { /* lookup_rids will take care of this */ dom_infos[j].name = NULL; @@ -758,7 +800,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, if (dom_infos[j].idxs == NULL) { result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } } } @@ -767,8 +809,9 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, for (i=0; i<MAX_REF_DOMAINS; i++) { uint32_t *rids; + const char *domain_name = NULL; const char **names; - enum SID_NAME_USE *types; + enum lsa_SidType *types; struct lsa_dom_info *dom = &dom_infos[i]; if (!dom->valid) { @@ -776,11 +819,9 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, break; } - rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs); - - if (rids == NULL) { + if (!(rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs))) { result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } for (j=0; j<dom->num_idxs; j++) { @@ -788,31 +829,40 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, } if (!lookup_rids(tmp_ctx, &dom->sid, - dom->num_idxs, rids, &dom->name, + dom->num_idxs, rids, &domain_name, &names, &types)) { result = NT_STATUS_NO_MEMORY; - goto done; + goto fail; } - talloc_steal(dom_infos, dom->name); - + if (!(dom->name = talloc_strdup(dom_infos, domain_name))) { + result = NT_STATUS_NO_MEMORY; + goto fail; + } + for (j=0; j<dom->num_idxs; j++) { int idx = dom->idxs[j]; name_infos[idx].type = types[j]; if (types[j] != SID_NAME_UNKNOWN) { name_infos[idx].name = - talloc_steal(name_infos, names[j]); + talloc_strdup(name_infos, names[j]); + if (name_infos[idx].name == NULL) { + result = NT_STATUS_NO_MEMORY; + goto fail; + } } else { name_infos[idx].name = NULL; } } } - *ret_domains = talloc_steal(mem_ctx, dom_infos); - *ret_names = talloc_steal(mem_ctx, name_infos); - result = NT_STATUS_OK; + *ret_domains = dom_infos; + *ret_names = name_infos; + return NT_STATUS_OK; - done: + fail: + TALLOC_FREE(dom_infos); + TALLOC_FREE(name_infos); TALLOC_FREE(tmp_ctx); return result; } @@ -823,16 +873,14 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, BOOL lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid, const char **ret_domain, const char **ret_name, - enum SID_NAME_USE *ret_type) + enum lsa_SidType *ret_type) { struct lsa_dom_info *domain; struct lsa_name_info *name; TALLOC_CTX *tmp_ctx; BOOL ret = False; - tmp_ctx = talloc_new(mem_ctx); - - if (tmp_ctx == NULL) { + if (!(tmp_ctx = talloc_new(mem_ctx))) { DEBUG(0, ("talloc_new failed\n")); return False; } @@ -846,12 +894,14 @@ BOOL lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid, goto done; } - if (ret_domain != NULL) { - *ret_domain = talloc_steal(mem_ctx, domain->name); + if ((ret_domain != NULL) && + !(*ret_domain = talloc_strdup(mem_ctx, domain->name))) { + goto done; } - if (ret_name != NULL) { - *ret_name = talloc_steal(mem_ctx, name->name); + if ((ret_name != NULL) && + !(*ret_name = talloc_strdup(mem_ctx, name->name))) { + goto done; } if (ret_type != NULL) { @@ -893,14 +943,14 @@ static struct uid_sid_cache { struct uid_sid_cache *next, *prev; uid_t uid; DOM_SID sid; - enum SID_NAME_USE sidtype; + enum lsa_SidType sidtype; } *uid_sid_cache_head; static struct gid_sid_cache { struct gid_sid_cache *next, *prev; gid_t gid; DOM_SID sid; - enum SID_NAME_USE sidtype; + enum lsa_SidType sidtype; } *gid_sid_cache_head; /***************************************************************** @@ -1062,29 +1112,16 @@ void store_gid_sid_cache(const DOM_SID *psid, gid_t gid) } /***************************************************************** - *THE CANONICAL* convert uid_t to SID function. + *THE LEGACY* convert uid_t to SID function. *****************************************************************/ -void uid_to_sid(DOM_SID *psid, uid_t uid) +void legacy_uid_to_sid(DOM_SID *psid, uid_t uid) { - uid_t low, high; uint32 rid; BOOL ret; ZERO_STRUCTP(psid); - if (fetch_sid_from_uid_cache(psid, uid)) - return; - - if ((lp_winbind_trusted_domains_only() || - (lp_idmap_uid(&low, &high) && (uid >= low) && (uid <= high))) && - winbind_uid_to_sid(psid, uid)) { - - DEBUG(10,("uid_to_sid: winbindd %u -> %s\n", - (unsigned int)uid, sid_string_static(psid))); - goto done; - } - become_root_uid_only(); ret = pdb_uid_to_rid(uid, &rid); unbecome_root_uid_only(); @@ -1101,7 +1138,7 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) uid_to_unix_users_sid(uid, psid); done: - DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, + DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid, sid_string_static(psid))); store_uid_sid_cache(psid, uid); @@ -1109,28 +1146,15 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) } /***************************************************************** - *THE CANONICAL* convert gid_t to SID function. + *THE LEGACY* convert gid_t to SID function. *****************************************************************/ -void gid_to_sid(DOM_SID *psid, gid_t gid) +void legacy_gid_to_sid(DOM_SID *psid, gid_t gid) { BOOL ret; - gid_t low, high; ZERO_STRUCTP(psid); - if (fetch_sid_from_gid_cache(psid, gid)) - return; - - if ((lp_winbind_trusted_domains_only() || - (lp_idmap_gid(&low, &high) && (gid >= low) && (gid <= high))) && - winbind_gid_to_sid(psid, gid)) { - - DEBUG(10,("gid_to_sid: winbindd %u -> %s\n", - (unsigned int)gid, sid_string_static(psid))); - goto done; - } - become_root_uid_only(); ret = pdb_gid_to_sid(gid, psid); unbecome_root_uid_only(); @@ -1145,7 +1169,7 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) gid_to_unix_groups_sid(gid, psid); done: - DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, + DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid, sid_string_static(psid))); store_gid_sid_cache(psid, gid); @@ -1153,21 +1177,13 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) } /***************************************************************** - *THE CANONICAL* convert SID to uid function. + *THE LEGACY* convert SID to uid function. *****************************************************************/ -BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) +BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid) { - enum SID_NAME_USE type; + enum lsa_SidType type; uint32 rid; - gid_t gid; - - if (fetch_uid_from_cache(puid, psid)) - return True; - - if (fetch_gid_from_cache(&gid, psid)) { - return False; - } if (sid_peek_check_rid(&global_sid_Unix_Users, psid, &rid)) { uid_t uid = rid; @@ -1195,35 +1211,13 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) } /* This was ours, but it was not mapped. Fail */ - - return False; - } - - if (winbind_lookup_sid(NULL, psid, NULL, NULL, &type)) { - - if (type != SID_NAME_USER) { - DEBUG(10, ("sid_to_uid: sid %s is a %s\n", - sid_string_static(psid), - sid_type_lookup(type))); - return False; } - if (!winbind_sid_to_uid(puid, psid)) { - DEBUG(5, ("sid_to_uid: winbind failed to allocate a " - "new uid for sid %s\n", - sid_string_static(psid))); - return False; - } - goto done; - } - - /* TODO: Here would be the place to allocate both a gid and a uid for - * the SID in question */ - + DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid))); return False; - done: - DEBUG(10,("sid_to_uid: %s -> %u\n", sid_string_static(psid), +done: + DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_static(psid), (unsigned int)*puid )); store_uid_sid_cache(psid, *puid); @@ -1231,23 +1225,16 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) } /***************************************************************** - *THE CANONICAL* convert SID to gid function. + *THE LEGACY* convert SID to gid function. Group mapping is used for gids that maps to Wellknown SIDs *****************************************************************/ -BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) +BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) { uint32 rid; GROUP_MAP map; union unid_t id; - enum SID_NAME_USE type; - uid_t uid; - - if (fetch_gid_from_cache(pgid, psid)) - return True; - - if (fetch_uid_from_cache(&uid, psid)) - return False; + enum lsa_SidType type; if (sid_peek_check_rid(&global_sid_Unix_Groups, psid, &rid)) { gid_t gid = rid; @@ -1267,6 +1254,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) *pgid = map.gid; goto done; } + DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid))); return False; } @@ -1280,7 +1268,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) if (ret) { if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS)) { - DEBUG(5, ("sid %s is a %s, expected a group\n", + DEBUG(5, ("LEGACY: sid %s is a %s, expected a group\n", sid_string_static(psid), sid_type_lookup(type))); return False; @@ -1290,37 +1278,146 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) } /* This was ours, but it was not mapped. Fail */ + } + DEBUG(10,("LEGACY: mapping failed for sid %s\n", sid_string_static(psid))); return False; + + done: + DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_static(psid), + (unsigned int)*pgid )); + + store_gid_sid_cache(psid, *pgid); + + return True; +} + +/***************************************************************** + *THE CANONICAL* convert uid_t to SID function. +*****************************************************************/ + +void uid_to_sid(DOM_SID *psid, uid_t uid) +{ + ZERO_STRUCTP(psid); + + if (fetch_sid_from_uid_cache(psid, uid)) + return; + + if (!winbind_uid_to_sid(psid, uid)) { + if (!winbind_ping()) { + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); + legacy_uid_to_sid(psid, uid); + return; + } + + DEBUG(5, ("uid_to_sid: winbind failed to find a sid for uid %u\n", + uid)); + return; } - if (!winbind_lookup_sid(NULL, psid, NULL, NULL, &type)) { - DEBUG(11,("sid_to_gid: no one knows the SID %s (tried local, " - "then winbind)\n", sid_string_static(psid))); + DEBUG(10,("uid %u -> sid %s\n", + (unsigned int)uid, sid_string_static(psid))); + + store_uid_sid_cache(psid, uid); + return; +} + +/***************************************************************** + *THE CANONICAL* convert gid_t to SID function. +*****************************************************************/ + +void gid_to_sid(DOM_SID *psid, gid_t gid) +{ + ZERO_STRUCTP(psid); + if (fetch_sid_from_gid_cache(psid, gid)) + return; + + if (!winbind_gid_to_sid(psid, gid)) { + if (!winbind_ping()) { + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); + legacy_gid_to_sid(psid, gid); + return; + } + + DEBUG(5, ("gid_to_sid: winbind failed to find a sid for gid %u\n", + gid)); + return; + } + + DEBUG(10,("gid %u -> sid %s\n", + (unsigned int)gid, sid_string_static(psid))); + + store_gid_sid_cache(psid, gid); + return; +} + +/***************************************************************** + *THE CANONICAL* convert SID to uid function. +*****************************************************************/ + +BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) +{ + gid_t gid; + + if (fetch_uid_from_cache(puid, psid)) + return True; + + if (fetch_gid_from_cache(&gid, psid)) { return False; } - /* winbindd knows it; Ensure this is a group sid */ + if (!winbind_sid_to_uid(puid, psid)) { + if (!winbind_ping()) { + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); + return legacy_sid_to_uid(psid, puid); + } - if ((type != SID_NAME_DOM_GRP) && (type != SID_NAME_ALIAS) && - (type != SID_NAME_WKN_GRP)) { - DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is " - "a %s\n", sid_type_lookup(type))); + DEBUG(5, ("winbind failed to find a uid for sid %s\n", + sid_string_static(psid))); return False; } - /* winbindd knows it and it is a type of group; sid_to_gid must succeed - or we are dead in the water */ + /* TODO: Here would be the place to allocate both a gid and a uid for + * the SID in question */ + + DEBUG(10,("sid %s -> uid %u\n", sid_string_static(psid), + (unsigned int)*puid )); + + store_uid_sid_cache(psid, *puid); + return True; +} + +/***************************************************************** + *THE CANONICAL* convert SID to gid function. + Group mapping is used for gids that maps to Wellknown SIDs +*****************************************************************/ + +BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) +{ + uid_t uid; + + if (fetch_gid_from_cache(pgid, psid)) + return True; + + if (fetch_uid_from_cache(&uid, psid)) + return False; + + /* Ask winbindd if it can map this sid to a gid. + * (Idmap will check it is a valid SID and of the right type) */ if ( !winbind_sid_to_gid(pgid, psid) ) { - DEBUG(10,("sid_to_gid: winbind failed to allocate a new gid " - "for sid %s\n", sid_string_static(psid))); + if (!winbind_ping()) { + DEBUG(2, ("WARNING: Winbindd not running, mapping ids with legacy code\n")); + return legacy_sid_to_gid(psid, pgid); + } + + DEBUG(10,("winbind failed to find a gid for sid %s\n", + sid_string_static(psid))); return False; } - done: - DEBUG(10,("sid_to_gid: %s -> %u\n", sid_string_static(psid), + DEBUG(10,("sid %s -> gid %u\n", sid_string_static(psid), (unsigned int)*pgid )); store_gid_sid_cache(psid, *pgid); diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 47b6b958000..d354a485c2d 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -50,10 +50,8 @@ const char *my_sam_name(void) /********************************************************************** ***********************************************************************/ -static int samu_destroy(void *p) +static int samu_destroy(struct samu *user) { - struct samu *user = p; - data_blob_clear_free( &user->lm_pw ); data_blob_clear_free( &user->nt_pw ); @@ -111,7 +109,7 @@ struct samu *samu_new( TALLOC_CTX *ctx ) user->profile_path = ""; user->acct_desc = ""; user->workstations = ""; - user->unknown_str = ""; + user->comment = ""; user->munged_dial = ""; user->plaintext_pw = NULL; @@ -348,9 +346,9 @@ void pdb_sethexpwd(char *p, const unsigned char *pwd, uint32 acct_ctrl) slprintf(&p[i*2], 3, "%02X", pwd[i]); } else { if (acct_ctrl & ACB_PWNOTREQ) - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); + safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32); else - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); + safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32); } } @@ -553,7 +551,7 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid) ********************************************************************/ BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid, - enum SID_NAME_USE *type) + enum lsa_SidType *type) { GROUP_MAP map; BOOL ret; @@ -932,14 +930,15 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen) if (homedir) { fstrcpy( tmpstring, homedir ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_homedir(sampass, tmpstring, PDB_SET); } else { pdb_set_homedir(sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), + talloc_sub_basic(sampass, username, domain, + lp_logon_home()), PDB_DEFAULT); } @@ -951,28 +950,29 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen) if (logon_script) { fstrcpy( tmpstring, logon_script ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_logon_script(sampass, tmpstring, PDB_SET); } else { pdb_set_logon_script(sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), + talloc_sub_basic(sampass, username, domain, + lp_logon_script()), PDB_DEFAULT); } if (profile_path) { fstrcpy( tmpstring, profile_path ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_profile_path(sampass, tmpstring, PDB_SET); } else { pdb_set_profile_path(sampass, - talloc_sub_basic(sampass, username, lp_logon_path()), + talloc_sub_basic(sampass, username, domain, lp_logon_path()), PDB_DEFAULT); } @@ -996,7 +996,7 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen) pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen) { - uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); + uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); if (!pw_hist) { ret = False; goto done; @@ -1023,7 +1023,6 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen) } pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); - pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET); pdb_set_hours_len(sampass, hours_len, PDB_SET); pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET); pdb_set_logon_count(sampass, logon_count, PDB_SET); @@ -1107,7 +1106,7 @@ uint32 init_buffer_from_sam_v3 (uint8 **buf, struct samu *sampass, BOOL size_onl logoff_time = (uint32)pdb_get_logoff_time(sampass); kickoff_time = (uint32)pdb_get_kickoff_time(sampass); bad_password_time = (uint32)pdb_get_bad_password_time(sampass); - pass_can_change_time = (uint32)pdb_get_pass_can_change_time(sampass); + pass_can_change_time = (uint32)pdb_get_pass_can_change_time_noncalc(sampass); pass_must_change_time = (uint32)pdb_get_pass_must_change_time(sampass); pass_last_set_time = (uint32)pdb_get_pass_last_set_time(sampass); @@ -1367,6 +1366,7 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated) time_t LastBadPassword; uint16 BadPasswordCount; uint32 resettime; + BOOL res; BadPasswordCount = pdb_get_bad_password_count(sampass); if (!BadPasswordCount) { @@ -1374,7 +1374,11 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated) return True; } - if (!pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime)) { + become_root(); + res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime); + unbecome_root(); + + if (!res) { DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n")); return False; } @@ -1407,6 +1411,7 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated) { uint32 duration; time_t LastBadPassword; + BOOL res; if (!(pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK)) { DEBUG(9, ("pdb_update_autolock_flag: Account %s not autolocked, no check needed\n", @@ -1414,7 +1419,11 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated) return True; } - if (!pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration)) { + become_root(); + res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration); + unbecome_root(); + + if (!res) { DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n")); return False; } diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c index f1b1a7673ca..62898f3dac8 100644 --- a/source/passdb/pdb_get_set.c +++ b/source/passdb/pdb_get_set.c @@ -72,12 +72,59 @@ time_t pdb_get_pass_last_set_time(const struct samu *sampass) time_t pdb_get_pass_can_change_time(const struct samu *sampass) { + uint32 allow; + + /* if the last set time is zero, it means the user cannot + change their password, and this time must be zero. jmcd + */ + if (sampass->pass_last_set_time == 0) + return (time_t) 0; + + /* if the time is max, and the field has been changed, + we're trying to update this real value from the sampass + to indicate that the user cannot change their password. jmcd + */ + if (sampass->pass_can_change_time == get_time_t_max() && + pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED) + return sampass->pass_can_change_time; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &allow)) + allow = 0; + + /* in normal cases, just calculate it from policy */ + return sampass->pass_last_set_time + allow; +} + +/* we need this for loading from the backend, so that we don't overwrite + non-changed max times, otherwise the pass_can_change checking won't work */ +time_t pdb_get_pass_can_change_time_noncalc(const struct samu *sampass) +{ return sampass->pass_can_change_time; } time_t pdb_get_pass_must_change_time(const struct samu *sampass) { - return sampass->pass_must_change_time; + uint32 expire; + + if (sampass->pass_last_set_time == 0) + return (time_t) 0; + + if (sampass->acct_ctrl & ACB_PWNOEXP) + return get_time_t_max(); + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) + || expire == (uint32)-1 || expire == 0) + return get_time_t_max(); + + return sampass->pass_last_set_time + expire; +} + +BOOL pdb_get_pass_can_change(const struct samu *sampass) +{ + if (sampass->pass_can_change_time == get_time_t_max() && + sampass->pass_last_set_time != 0) + return False; + return True; } uint16 pdb_get_logon_divs(const struct samu *sampass) @@ -166,7 +213,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass) } if ( pdb_gid_to_sid(pwd->pw_gid, gsid) ) { - enum SID_NAME_USE type = SID_NAME_UNKNOWN; + enum lsa_SidType type = SID_NAME_UNKNOWN; TALLOC_CTX *mem_ctx = talloc_init("pdb_get_group_sid"); BOOL lookup_ret; @@ -288,9 +335,9 @@ const char *pdb_get_workstations(const struct samu *sampass) return sampass->workstations; } -const char *pdb_get_unknown_str(const struct samu *sampass) +const char *pdb_get_comment(const struct samu *sampass) { - return sampass->unknown_str; + return sampass->comment; } const char *pdb_get_munged_dial(const struct samu *sampass) @@ -752,23 +799,22 @@ BOOL pdb_set_workstations(struct samu *sampass, const char *workstations, enum p } /********************************************************************* - Set the user's 'unknown_str', whatever the heck this actually is... ********************************************************************/ -BOOL pdb_set_unknown_str(struct samu *sampass, const char *unknown_str, enum pdb_value_state flag) +BOOL pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag) { - if (unknown_str) { - sampass->unknown_str = talloc_strdup(sampass, unknown_str); + if (comment) { + sampass->comment = talloc_strdup(sampass, comment); - if (!sampass->unknown_str) { - DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n")); + if (!sampass->comment) { + DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n")); return False; } } else { - sampass->unknown_str = PDB_NOT_QUITE_NULL; + sampass->comment = PDB_NOT_QUITE_NULL; } - return pdb_set_init_flags(sampass, PDB_UNKNOWNSTR, flag); + return pdb_set_init_flags(sampass, PDB_COMMENT, flag); } /********************************************************************* @@ -925,43 +971,14 @@ BOOL pdb_set_backend_private_data(struct samu *sampass, void *private_data, /* Helpful interfaces to the above */ -/********************************************************************* - Sets the last changed times and must change times for a normal - password change. - ********************************************************************/ - -BOOL pdb_set_pass_changed_now(struct samu *sampass) +BOOL pdb_set_pass_can_change(struct samu *sampass, BOOL canchange) { - uint32 expire; - uint32 min_age; - - if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED)) - return False; - - if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &expire) - || (expire==(uint32)-1) || (expire == 0)) { - if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED)) - return False; - } else { - if (!pdb_set_pass_must_change_time (sampass, - pdb_get_pass_last_set_time(sampass) - + expire, PDB_CHANGED)) - return False; - } - - if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &min_age) - || (min_age==(uint32)-1)) { - if (!pdb_set_pass_can_change_time (sampass, 0, PDB_CHANGED)) - return False; - } else { - if (!pdb_set_pass_can_change_time (sampass, - pdb_get_pass_last_set_time(sampass) - + min_age, PDB_CHANGED)) - return False; - } - return True; + return pdb_set_pass_can_change_time(sampass, + canchange ? 0 : get_time_t_max(), + PDB_CHANGED); } + /********************************************************************* Set the user's PLAINTEXT password. Used as an interface to the above. Also sets the last change time to NOW. @@ -997,7 +1014,7 @@ BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) return False; - if (!pdb_set_pass_changed_now (sampass)) + if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED)) return False; /* Store the password history. */ @@ -1021,7 +1038,7 @@ BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) if (current_history_len < pwHistLen) { /* Ensure we have space for the needed history. */ - uchar *new_history = TALLOC(sampass, + uchar *new_history = (uchar *)TALLOC(sampass, pwHistLen*PW_HISTORY_ENTRY_LEN); if (!new_history) { return False; diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index 8fefd989114..ba251bc4cfb 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -46,45 +46,8 @@ static void lazy_initialize_passdb(void) static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, const char **name, - enum SID_NAME_USE *psid_name_use, + enum lsa_SidType *psid_name_use, union unid_t *unix_id); -/******************************************************************* - Clean up uninitialised passwords. The only way to tell - that these values are not 'real' is that they do not - have a valid last set time. Instead, the value is fixed at 0. - Therefore we use that as the key for 'is this a valid password'. - However, it is perfectly valid to have a 'default' last change - time, such LDAP with a missing attribute would produce. -********************************************************************/ - -static void pdb_force_pw_initialization(struct samu *pass) -{ - const uint8 *lm_pwd, *nt_pwd; - - /* only reset a password if the last set time has been - explicitly been set to zero. A default last set time - is ignored */ - - if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT) - && (pdb_get_pass_last_set_time(pass) == 0) ) - { - - if (pdb_get_init_flags(pass, PDB_LMPASSWD) != PDB_DEFAULT) - { - lm_pwd = pdb_get_lanman_passwd(pass); - if (lm_pwd) - pdb_set_lanman_passwd(pass, NULL, PDB_CHANGED); - } - if (pdb_get_init_flags(pass, PDB_NTPASSWD) != PDB_DEFAULT) - { - nt_pwd = pdb_get_nt_passwd(pass); - if (nt_pwd) - pdb_set_nt_passwd(pass, NULL, PDB_CHANGED); - } - } - - return; -} NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init) { @@ -250,7 +213,7 @@ BOOL pdb_getsampwent(struct samu *user) if ( !NT_STATUS_IS_OK(pdb->getsampwent(pdb, user) ) ) { return False; } - pdb_force_pw_initialization( user ); + return True; } @@ -266,8 +229,6 @@ BOOL pdb_getsampwnam(struct samu *sam_acct, const char *username) TALLOC_FREE(csamuser); } - pdb_force_pw_initialization( sam_acct ); - csamuser = samu_new( NULL ); if (!csamuser) { return False; @@ -369,6 +330,15 @@ static NTSTATUS pdb_default_create_user(struct pdb_methods *methods, if (add_ret == 0) { smb_nscd_flush_user_cache(); } + +#ifdef ENABLE_BUILD_FARM_HACKS + if (add_ret != 0) { + DEBUG(1, ("Creating a faked user %s for build farm " + "purposes\n", name)); + faked_create_user(name); + } +#endif + flush_pwnam_cache(); pwd = Get_Pwnam_alloc(tmp_ctx, name); @@ -693,7 +663,7 @@ NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid) return pdb->delete_group_mapping_entry(pdb, sid); } -BOOL pdb_enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, +BOOL pdb_enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { struct pdb_methods *pdb = pdb_get_methods(); @@ -985,34 +955,57 @@ NTSTATUS pdb_lookup_rids(const DOM_SID *domain_sid, int num_rids, uint32 *rids, const char **names, - uint32 *attrs) + enum lsa_SidType *attrs) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->lookup_rids(pdb, domain_sid, - num_rids, rids, names, attrs); + return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs); } +/* + * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere + * in the samba code. + * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually + * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time, + * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come + * down to are pdb_getsampwnam and pdb_getgrnam instead of + * pdb_lookup_names. + * But in principle, it the call belongs to the API and might get + * used in this context some day. + */ +#if 0 NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid, int num_names, const char **names, uint32 *rids, - uint32 *attrs) + enum lsa_SidType *attrs) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->lookup_names(pdb, domain_sid, - num_names, names, rids, attrs); + return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs); } +#endif BOOL pdb_get_account_policy(int policy_index, uint32 *value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb->get_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_set_account_policy(int policy_index, uint32 value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb->set_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_get_seq_num(time_t *seq_num) @@ -1027,6 +1020,12 @@ BOOL pdb_uid_to_rid(uid_t uid, uint32 *rid) return pdb->uid_to_rid(pdb, uid, rid); } +BOOL pdb_uid_to_sid(uid_t uid, DOM_SID *sid) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->uid_to_sid(pdb, uid, sid); +} + BOOL pdb_gid_to_sid(gid_t gid, DOM_SID *sid) { struct pdb_methods *pdb = pdb_get_methods(); @@ -1034,7 +1033,7 @@ BOOL pdb_gid_to_sid(gid_t gid, DOM_SID *sid) } BOOL pdb_sid_to_id(const DOM_SID *sid, union unid_t *id, - enum SID_NAME_USE *type) + enum lsa_SidType *type) { struct pdb_methods *pdb = pdb_get_methods(); return pdb->sid_to_id(pdb, sid, id, type); @@ -1057,7 +1056,7 @@ BOOL pdb_new_rid(uint32 *rid) { struct pdb_methods *pdb = pdb_get_methods(); const char *name = NULL; - enum SID_NAME_USE type; + enum lsa_SidType type; uint32 allocated_rid = 0; int i; TALLOC_CTX *ctx; @@ -1193,8 +1192,8 @@ static NTSTATUS pdb_default_get_seq_num(struct pdb_methods *methods, time_t *seq return NT_STATUS_OK; } -static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid, - uint32 *rid) +static BOOL pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid, + DOM_SID *sid) { struct samu *sampw = NULL; struct passwd *unix_pw; @@ -1225,15 +1224,31 @@ static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid, return False; } - ret = sid_peek_check_rid(get_global_sam_sid(), - pdb_get_user_sid(sampw), rid); + sid_copy(sid, pdb_get_user_sid(sampw)); + + TALLOC_FREE(sampw); + + return True; +} + +static BOOL pdb_default_uid_to_rid(struct pdb_methods *methods, uid_t uid, + uint32 *rid) +{ + DOM_SID sid; + BOOL ret; + + ret = pdb_default_uid_to_sid(methods, uid, &sid); + if (!ret) { + return ret; + } + + ret = sid_peek_check_rid(get_global_sam_sid(), &sid, rid); if (!ret) { DEBUG(1, ("Could not peek rid out of sid %s\n", - sid_string_static(pdb_get_user_sid(sampw)))); + sid_string_static(&sid))); } - TALLOC_FREE(sampw); return ret; } @@ -1252,7 +1267,7 @@ static BOOL pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid, static BOOL pdb_default_sid_to_id(struct pdb_methods *methods, const DOM_SID *sid, - union unid_t *id, enum SID_NAME_USE *type) + union unid_t *id, enum lsa_SidType *type) { TALLOC_CTX *mem_ctx; BOOL ret = False; @@ -1303,23 +1318,24 @@ static BOOL pdb_default_sid_to_id(struct pdb_methods *methods, return ret; } -static void add_uid_to_array_unique(TALLOC_CTX *mem_ctx, +static BOOL add_uid_to_array_unique(TALLOC_CTX *mem_ctx, uid_t uid, uid_t **pp_uids, size_t *p_num) { size_t i; for (i=0; i<*p_num; i++) { if ((*pp_uids)[i] == uid) - return; + return True; } *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1); if (*pp_uids == NULL) - return; + return False; (*pp_uids)[*p_num] = uid; *p_num += 1; + return True; } static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num) @@ -1328,6 +1344,7 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size char **gr; struct passwd *pwd; BOOL winbind_env; + BOOL ret = False; *pp_uids = NULL; *p_num = 0; @@ -1338,19 +1355,17 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size if ((grp = getgrgid(gid)) == NULL) { /* allow winbindd lookups, but only if they weren't already disabled */ - if (!winbind_env) { - winbind_on(); - } - - return False; + goto done; } /* Primary group members */ setpwent(); while ((pwd = getpwent()) != NULL) { if (pwd->pw_gid == gid) { - add_uid_to_array_unique(mem_ctx, pwd->pw_uid, - pp_uids, p_num); + if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid, + pp_uids, p_num)) { + goto done; + } } } endpwent(); @@ -1361,18 +1376,24 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size if (pw == NULL) continue; - add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num); + if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) { + goto done; + } } + ret = True; + + done: + /* allow winbindd lookups, but only if they weren't already disabled */ if (!winbind_env) { winbind_on(); } - return True; + return ret; } -NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, +static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const DOM_SID *group, uint32 **pp_member_rids, @@ -1414,7 +1435,7 @@ NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, return NT_STATUS_OK; } -NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, +static NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, struct samu *user, DOM_SID **pp_sids, @@ -1466,7 +1487,7 @@ NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, const char **name, - enum SID_NAME_USE *psid_name_use, + enum lsa_SidType *psid_name_use, union unid_t *unix_id) { struct samu *sam_account = NULL; @@ -1553,12 +1574,12 @@ static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, return False; } -NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, +static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, const DOM_SID *domain_sid, int num_rids, uint32 *rids, const char **names, - uint32 *attrs) + enum lsa_SidType *attrs) { int i; NTSTATUS result; @@ -1616,12 +1637,13 @@ NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, return result; } -NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, +#if 0 +static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, const DOM_SID *domain_sid, int num_names, const char **names, uint32 *rids, - uint32 *attrs) + enum lsa_SidType *attrs) { int i; NTSTATUS result; @@ -1672,6 +1694,7 @@ NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, return result; } +#endif static struct pdb_search *pdb_search_init(enum pdb_search_type type) { @@ -1738,7 +1761,7 @@ struct user_search { static BOOL next_entry_users(struct pdb_search *s, struct samr_displayentry *entry) { - struct user_search *state = s->private_data; + struct user_search *state = (struct user_search *)s->private_data; struct samu *user = NULL; next: @@ -1813,7 +1836,7 @@ struct group_search { static BOOL next_entry_groups(struct pdb_search *s, struct samr_displayentry *entry) { - struct group_search *state = s->private_data; + struct group_search *state = (struct group_search *)s->private_data; uint32 rid; GROUP_MAP *map = &state->groups[state->current_group]; @@ -1831,12 +1854,13 @@ static BOOL next_entry_groups(struct pdb_search *s, static void search_end_groups(struct pdb_search *search) { - struct group_search *state = search->private_data; + struct group_search *state = + (struct group_search *)search->private_data; SAFE_FREE(state->groups); } static BOOL pdb_search_grouptype(struct pdb_search *search, - const DOM_SID *sid, enum SID_NAME_USE type) + const DOM_SID *sid, enum lsa_SidType type) { struct group_search *state; @@ -2040,6 +2064,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->set_account_policy = pdb_default_set_account_policy; (*methods)->get_seq_num = pdb_default_get_seq_num; (*methods)->uid_to_rid = pdb_default_uid_to_rid; + (*methods)->uid_to_sid = pdb_default_uid_to_sid; (*methods)->gid_to_sid = pdb_default_gid_to_sid; (*methods)->sid_to_id = pdb_default_sid_to_id; diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 54c250033dd..533b936efd9 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -650,12 +650,13 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), homedir)) { pdb_set_homedir( sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), + talloc_sub_basic(sampass, username, domain, + lp_logon_home()), PDB_DEFAULT ); } else { pstrcpy( tmpstring, homedir ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_homedir(sampass, tmpstring, PDB_SET); @@ -665,12 +666,13 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), logon_script)) { pdb_set_logon_script( sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), + talloc_sub_basic(sampass, username, domain, + lp_logon_script()), PDB_DEFAULT ); } else { pstrcpy( tmpstring, logon_script ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_logon_script(sampass, tmpstring, PDB_SET); @@ -680,12 +682,13 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), profile_path)) { pdb_set_profile_path( sampass, - talloc_sub_basic( sampass, username, lp_logon_path()), + talloc_sub_basic( sampass, username, domain, + lp_logon_path()), PDB_DEFAULT ); } else { pstrcpy( tmpstring, profile_path ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_profile_path(sampass, tmpstring, PDB_SET); @@ -787,7 +790,7 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state, pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN); - if ((pwhist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){ + if ((pwhist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){ DEBUG(0, ("init_sam_from_ldap: malloc failed!\n")); return False; } @@ -967,15 +970,14 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, /* only update the RID if we actually need to */ if (need_update(sampass, PDB_USERSID)) { fstring sid_string; - fstring dom_sid_string; const DOM_SID *user_sid = pdb_get_user_sid(sampass); switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) { DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n", - sid_to_string(sid_string, user_sid), - sid_to_string(dom_sid_string, &ldap_state->domain_sid))); + sid_string_static(user_sid), + sid_string_static(&ldap_state->domain_sid))); return False; } slprintf(temp, sizeof(temp) - 1, "%i", rid); @@ -1001,15 +1003,14 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, if (need_update(sampass, PDB_GROUPSID)) { fstring sid_string; - fstring dom_sid_string; const DOM_SID *group_sid = pdb_get_group_sid(sampass); switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBAACCOUNT: if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) { DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n", - sid_to_string(sid_string, group_sid), - sid_to_string(dom_sid_string, &ldap_state->domain_sid))); + sid_string_static(group_sid), + sid_string_static(&ldap_state->domain_sid))); return False; } @@ -1095,7 +1096,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp); - slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass)); + slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time_noncalc(sampass)); if (need_update(sampass, PDB_CANCHANGETIME)) smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp); @@ -1592,12 +1593,14 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, } if (push_utf8_allocate(&utf8_dn, dn) == (size_t)-1) { + SAFE_FREE(utf8_password); return NT_STATUS_NO_MEMORY; } if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) { DEBUG(0,("ber_alloc_t returns NULL\n")); SAFE_FREE(utf8_password); + SAFE_FREE(utf8_dn); return NT_STATUS_UNSUCCESSFUL; } @@ -1747,7 +1750,7 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc LDAPMod **mods = NULL; const char **attr_list; - result = pdb_get_backend_private_data(newpwd, my_methods); + result = (LDAPMessage *)pdb_get_backend_private_data(newpwd, my_methods); if (!result) { attr_list = get_userattr_list(NULL, ldap_state->schema_ver); if (pdb_get_username(newpwd) == NULL) { @@ -2159,7 +2162,7 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE))); return False; } - map->sid_name_use = (enum SID_NAME_USE)atol(temp); + map->sid_name_use = (enum lsa_SidType)atol(temp); if ((map->sid_name_use < SID_NAME_USER) || (map->sid_name_use > SID_NAME_UNKNOWN)) { @@ -2467,8 +2470,11 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, sid_peek_rid(&sid, &rid); - add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, - p_num_members); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, + p_num_members)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } } @@ -2503,8 +2509,11 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, goto done; } - add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, - p_num_members); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, + p_num_members)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } ret = NT_STATUS_OK; @@ -2586,7 +2595,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, primary_gid = strtoul(gidstr, NULL, 10); break; default: - DEBUG(1, ("found more than one accoutn with the same user name ?!\n")); + DEBUG(1, ("found more than one account with the same user name ?!\n")); ret = NT_STATUS_INTERNAL_DB_CORRUPTION; goto done; } @@ -2615,11 +2624,17 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, /* We need to add the primary group as the first gid/sid */ - add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids); + if (!add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } /* This sid will be replaced later */ - add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids); + if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } for (entry = ldap_first_entry(conn->ldap_struct, result); entry != NULL; @@ -2651,10 +2666,16 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, if (gid == primary_gid) { sid_copy(&(*pp_sids)[0], &sid); } else { - add_gid_to_array_unique(mem_ctx, gid, pp_gids, - &num_gids); - add_sid_to_array_unique(mem_ctx, &sid, pp_sids, - &num_sids); + if (!add_gid_to_array_unique(mem_ctx, gid, pp_gids, + &num_gids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } + if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids, + &num_sids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } } @@ -3107,7 +3128,7 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods, *********************************************************************/ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, - const DOM_SID *domsid, enum SID_NAME_USE sid_name_use, + const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) @@ -3169,7 +3190,7 @@ static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods, int count; LDAPMod **mods = NULL; int rc; - enum SID_NAME_USE type = SID_NAME_USE_NONE; + enum lsa_SidType type = SID_NAME_USE_NONE; pstring filter; @@ -3281,7 +3302,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, int i; pstring filter; size_t num_members = 0; - enum SID_NAME_USE type = SID_NAME_USE_NONE; + enum lsa_SidType type = SID_NAME_USE_NONE; *pp_members = NULL; *p_num_members = 0; @@ -3351,7 +3372,11 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, if (!string_to_sid(&member, values[i])) continue; - add_sid_to_array(NULL, &member, pp_members, &num_members); + if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) { + ldap_value_free(values); + ldap_msgfree(result); + return NT_STATUS_NO_MEMORY; + } } *p_num_members = num_members; @@ -3380,7 +3405,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, int i; int rc; char *filter; - enum SID_NAME_USE type = SID_NAME_USE_NONE; + enum lsa_SidType type = SID_NAME_USE_NONE; if (sid_check_is_builtin(domain_sid)) { type = SID_NAME_ALIAS; @@ -3439,8 +3464,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, if (!sid_peek_check_rid(domain_sid, &sid, &rid)) continue; - add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, - p_num_alias_rids); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, + p_num_alias_rids)) { + ldap_msgfree(result); + return NT_STATUS_NO_MEMORY; + } } ldap_msgfree(result); @@ -3460,8 +3488,6 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)methods->private_data; - const char *attrs[2]; - DEBUG(10,("ldapsam_set_account_policy_in_ldap\n")); if (!ldap_state->domain_dn) { @@ -3475,9 +3501,6 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, return ntstatus; } - attrs[0] = policy_attr; - attrs[1] = NULL; - slprintf(value_string, sizeof(value_string) - 1, "%i", value); smbldap_set_mod(&mods, LDAP_MOD_REPLACE, policy_attr, value_string); @@ -3503,11 +3526,6 @@ static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int policy_index, uint32 value) { - if (!account_policy_migrated(False)) { - return (account_policy_set(policy_index, value)) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - } - return ldapsam_set_account_policy_in_ldap(methods, policy_index, value); } @@ -3596,11 +3614,6 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, { NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; - if (!account_policy_migrated(False)) { - return (account_policy_get(policy_index, value)) - ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - } - if (cache_account_policy_get(policy_index, value)) { DEBUG(11,("ldapsam_get_account_policy: got valid value from " "cache\n")); @@ -3652,7 +3665,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods, int num_rids, uint32 *rids, const char **names, - uint32 *attrs) + enum lsa_SidType *attrs) { struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)methods->private_data; @@ -3802,7 +3815,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods, uint32 rid; int rid_index; const char *attr; - enum SID_NAME_USE type; + enum lsa_SidType type; const char *dn = smbldap_talloc_dn(mem_ctx, ld, entry); attr = smbldap_talloc_single_attribute(ld, entry, "sambaGroupType", @@ -3813,7 +3826,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods, continue; } - type = atol(attr); + type = (enum lsa_SidType)atol(attr); /* Consistency checks */ if ((is_builtin && (type != SID_NAME_ALIAS)) || @@ -3940,7 +3953,8 @@ struct ldap_search_state { static BOOL ldapsam_search_firstpage(struct pdb_search *search) { - struct ldap_search_state *state = search->private_data; + struct ldap_search_state *state = + (struct ldap_search_state *)search->private_data; LDAP *ld; int rc = LDAP_OPERATIONS_ERROR; @@ -3992,7 +4006,8 @@ static BOOL ldapsam_search_firstpage(struct pdb_search *search) static BOOL ldapsam_search_nextpage(struct pdb_search *search) { - struct ldap_search_state *state = search->private_data; + struct ldap_search_state *state = + (struct ldap_search_state *)search->private_data; int rc; if (!state->connection->paged_results) { @@ -4022,7 +4037,8 @@ static BOOL ldapsam_search_nextpage(struct pdb_search *search) static BOOL ldapsam_search_next_entry(struct pdb_search *search, struct samr_displayentry *entry) { - struct ldap_search_state *state = search->private_data; + struct ldap_search_state *state = + (struct ldap_search_state *)search->private_data; BOOL result; retry: @@ -4057,7 +4073,8 @@ static BOOL ldapsam_search_next_entry(struct pdb_search *search, static void ldapsam_search_end(struct pdb_search *search) { - struct ldap_search_state *state = search->private_data; + struct ldap_search_state *state = + (struct ldap_search_state *)search->private_data; int rc; if (state->pagedresults_cookie == NULL) @@ -4173,7 +4190,8 @@ static BOOL ldapsam_search_users(struct pdb_methods *methods, struct pdb_search *search, uint32 acct_flags) { - struct ldapsam_privates *ldap_state = methods->private_data; + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)methods->private_data; struct ldap_search_state *state; state = TALLOC_P(search->mem_ctx, struct ldap_search_state); @@ -4329,9 +4347,10 @@ static BOOL ldapgroup2displayentry(struct ldap_search_state *state, static BOOL ldapsam_search_grouptype(struct pdb_methods *methods, struct pdb_search *search, const DOM_SID *sid, - enum SID_NAME_USE type) + enum lsa_SidType type) { - struct ldapsam_privates *ldap_state = methods->private_data; + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)methods->private_data; struct ldap_search_state *state; state = TALLOC_P(search->mem_ctx, struct ldap_search_state); @@ -4490,8 +4509,8 @@ static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32 *ri int i; for (i=0; i<10; i++) { - NTSTATUS result = ldapsam_get_new_rid(methods->private_data, - rid); + NTSTATUS result = ldapsam_get_new_rid( + (struct ldapsam_privates *)methods->private_data, rid); if (NT_STATUS_IS_OK(result)) { return result; } @@ -4515,9 +4534,10 @@ static BOOL ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid) static BOOL ldapsam_sid_to_id(struct pdb_methods *methods, const DOM_SID *sid, - union unid_t *id, enum SID_NAME_USE *type) + union unid_t *id, enum lsa_SidType *type) { - struct ldapsam_privates *priv = methods->private_data; + struct ldapsam_privates *priv = + (struct ldapsam_privates *)methods->private_data; char *filter; const char *attrs[] = { "sambaGroupType", "gidNumber", "uidNumber", NULL }; @@ -4577,7 +4597,7 @@ static BOOL ldapsam_sid_to_id(struct pdb_methods *methods, } id->gid = strtoul(gid_str, NULL, 10); - *type = strtoul(value, NULL, 10); + *type = (enum lsa_SidType)strtoul(value, NULL, 10); ret = True; goto done; } @@ -5504,7 +5524,7 @@ NTSTATUS pdb_init_ldapsam_compat(struct pdb_methods **pdb_method, const char *lo (*pdb_method)->name = "ldapsam_compat"; - ldap_state = (*pdb_method)->private_data; + ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data); ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT; sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); @@ -5567,7 +5587,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) } } - ldap_state = (*pdb_method)->private_data; + ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data); ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT; /* Try to setup the Domain Name, Domain SID, algorithmic rid base */ diff --git a/source/passdb/pdb_nds.c b/source/passdb/pdb_nds.c index 08ad96efa4b..ab4a1a7f208 100644 --- a/source/passdb/pdb_nds.c +++ b/source/passdb/pdb_nds.c @@ -241,7 +241,7 @@ static int berDecodeLoginData( if(retData) { retOctStrLen = *retDataLen + 1; - retOctStr = SMB_MALLOC(retOctStrLen); + retOctStr = SMB_MALLOC_ARRAY(char, retOctStrLen); if(!retOctStr) { err = LDAP_OPERATIONS_ERROR; @@ -404,7 +404,7 @@ static int nmasldap_get_simple_pwd( size_t pwdBufLen, bufferLen; bufferLen = pwdBufLen = pwdLen+2; - pwdBuf = SMB_MALLOC(pwdBufLen); /* digest and null */ + pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen); /* digest and null */ if(pwdBuf == NULL) { return LDAP_NO_MEMORY; @@ -568,7 +568,7 @@ static int nmasldap_get_password( } bufferLen = pwdBufLen = *pwdSize; - pwdBuf = SMB_MALLOC(pwdBufLen+2); + pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen+2); if(pwdBuf == NULL) { return LDAP_NO_MEMORY; @@ -769,7 +769,7 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods, DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n", success ? "Successful" : "Failed", username)); - result = pdb_get_backend_private_data(sam_acct, methods); + result = (LDAPMessage *)pdb_get_backend_private_data(sam_acct, methods); if (!result) { attr_list = get_userattr_list(NULL, ldap_state->schema_ver); @@ -854,7 +854,8 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods, static NTSTATUS pdb_init_NDS_ldapsam_common(struct pdb_methods **pdb_method, const char *location) { - struct ldapsam_privates *ldap_state = (*pdb_method)->private_data; + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)((*pdb_method)->private_data); /* Mark this as eDirectory ldap */ ldap_state->is_nds_ldap = True; diff --git a/source/passdb/pdb_smbpasswd.c b/source/passdb/pdb_smbpasswd.c index 1bc6813603e..e01b4b1855c 100644 --- a/source/passdb/pdb_smbpasswd.c +++ b/source/passdb/pdb_smbpasswd.c @@ -64,6 +64,52 @@ struct smbpasswd_privates enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE }; +static SIG_ATOMIC_T gotalarm; + +/*************************************************************** + Signal function to tell us we timed out. +****************************************************************/ + +static void gotalarm_sig(void) +{ + gotalarm = 1; +} + +/*************************************************************** + Lock or unlock a fd for a known lock type. Abandon after waitsecs + seconds. +****************************************************************/ + +static BOOL do_file_lock(int fd, int waitsecs, int type) +{ + SMB_STRUCT_FLOCK lock; + int ret; + void (*oldsig_handler)(int); + + gotalarm = 0; + oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + + lock.l_type = type; + lock.l_whence = SEEK_SET; + lock.l_start = 0; + lock.l_len = 1; + lock.l_pid = 0; + + alarm(waitsecs); + /* Note we must *NOT* use sys_fcntl here ! JRA */ + ret = fcntl(fd, SMB_F_SETLKW, &lock); + alarm(0); + CatchSignal(SIGALRM, SIGNAL_CAST oldsig_handler); + + if (gotalarm) { + DEBUG(0, ("do_file_lock: failed to %s file.\n", + type == F_UNLCK ? "unlock" : "lock")); + return False; + } + + return (ret == 0); +} + /*************************************************************** Lock an fd. Abandon after waitsecs seconds. ****************************************************************/ @@ -584,7 +630,8 @@ static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd) Routine to add an entry to the smbpasswd file. *************************************************************************/ -static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, struct smb_passwd *newpwd) +static NTSTATUS add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, + struct smb_passwd *newpwd) { const char *pfile = smbpasswd_state->smbpasswd_file; struct smb_passwd *pwd = NULL; @@ -605,7 +652,7 @@ static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, str if (fp == NULL) { DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n")); - return False; + return map_nt_error_from_unix(errno); } /* @@ -616,7 +663,7 @@ static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, str if (strequal(newpwd->smb_name, pwd->smb_name)) { DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return False; + return NT_STATUS_USER_EXISTS; } } @@ -630,17 +677,18 @@ static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, str fd = fileno(fp); if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { + NTSTATUS result = map_nt_error_from_unix(errno); DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return False; + return result; } if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) { DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return False; + return NT_STATUS_NO_MEMORY; } new_entry_length = strlen(new_entry); @@ -651,6 +699,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); #endif if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) { + NTSTATUS result = map_nt_error_from_unix(errno); DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno))); @@ -663,12 +712,12 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); free(new_entry); - return False; + return result; } free(new_entry); endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); - return True; + return NT_STATUS_OK; } /************************************************************************ @@ -1080,7 +1129,8 @@ static BOOL del_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con size_t new_entry_length; if (strequal(name, pwd->smb_name)) { - DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name)); + DEBUG(10, ("del_smbfilepwd_entry: found entry with " + "name %s - deleting it.\n", name)); continue; } @@ -1308,7 +1358,7 @@ static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; - void *fp = NULL; + FILE *fp = NULL; DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username)); @@ -1352,7 +1402,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; - void *fp = NULL; + FILE *fp = NULL; fstring sid_str; uint32 rid; @@ -1423,11 +1473,7 @@ static NTSTATUS smbpasswd_add_sam_account(struct pdb_methods *my_methods, struct } /* add the entry */ - if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) { - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; + return add_smbfilepwd_entry(smbpasswd_state, &smb_pw); } static NTSTATUS smbpasswd_update_sam_account(struct pdb_methods *my_methods, struct samu *sampass) diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c index 262e68eb007..e9beaa05368 100644 --- a/source/passdb/pdb_tdb.c +++ b/source/passdb/pdb_tdb.c @@ -169,7 +169,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf } else { pdb_set_homedir(sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), + talloc_sub_basic(sampass, username, domain, + lp_logon_home()), PDB_DEFAULT); } @@ -177,7 +178,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_dir_drive(sampass, dir_drive, PDB_SET); else { pdb_set_dir_drive(sampass, - talloc_sub_basic(sampass, username, lp_logon_drive()), + talloc_sub_basic(sampass, username, domain, + lp_logon_drive()), PDB_DEFAULT); } @@ -185,7 +187,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_logon_script(sampass, logon_script, PDB_SET); else { pdb_set_logon_script(sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), + talloc_sub_basic(sampass, username, domain, + lp_logon_script()), PDB_DEFAULT); } @@ -193,7 +196,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_profile_path(sampass, profile_path, PDB_SET); } else { pdb_set_profile_path(sampass, - talloc_sub_basic(sampass, username, lp_logon_path()), + talloc_sub_basic(sampass, username, domain, + lp_logon_path()), PDB_DEFAULT); } @@ -356,7 +360,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf } else { pdb_set_homedir(sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), + talloc_sub_basic(sampass, username, domain, + lp_logon_home()), PDB_DEFAULT); } @@ -364,7 +369,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_dir_drive(sampass, dir_drive, PDB_SET); else { pdb_set_dir_drive(sampass, - talloc_sub_basic(sampass, username, lp_logon_drive()), + talloc_sub_basic(sampass, username, domain, + lp_logon_drive()), PDB_DEFAULT); } @@ -372,7 +378,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_logon_script(sampass, logon_script, PDB_SET); else { pdb_set_logon_script(sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), + talloc_sub_basic(sampass, username, domain, + lp_logon_script()), PDB_DEFAULT); } @@ -380,7 +387,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf pdb_set_profile_path(sampass, profile_path, PDB_SET); } else { pdb_set_profile_path(sampass, - talloc_sub_basic(sampass, username, lp_logon_path()), + talloc_sub_basic(sampass, username, domain, + lp_logon_path()), PDB_DEFAULT); } @@ -541,14 +549,15 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) if (homedir) { fstrcpy( tmpstring, homedir ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_homedir(sampass, tmpstring, PDB_SET); } else { pdb_set_homedir(sampass, - talloc_sub_basic(sampass, username, lp_logon_home()), + talloc_sub_basic(sampass, username, domain, + lp_logon_home()), PDB_DEFAULT); } @@ -560,28 +569,30 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) if (logon_script) { fstrcpy( tmpstring, logon_script ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_logon_script(sampass, tmpstring, PDB_SET); } else { pdb_set_logon_script(sampass, - talloc_sub_basic(sampass, username, lp_logon_script()), + talloc_sub_basic(sampass, username, domain, + lp_logon_script()), PDB_DEFAULT); } if (profile_path) { fstrcpy( tmpstring, profile_path ); if (expand_explicit) { - standard_sub_basic( username, tmpstring, + standard_sub_basic( username, domain, tmpstring, sizeof(tmpstring) ); } pdb_set_profile_path(sampass, tmpstring, PDB_SET); } else { pdb_set_profile_path(sampass, - talloc_sub_basic(sampass, username, lp_logon_path()), + talloc_sub_basic(sampass, username, domain, + lp_logon_path()), PDB_DEFAULT); } @@ -606,7 +617,7 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen) /* Change from V1 is addition of password history field. */ pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen); if (pwHistLen) { - uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); + uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN); if (!pw_hist) { ret = False; goto done; @@ -901,7 +912,7 @@ static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, /* save a copy of the key */ - ptr->key.dptr = memdup( key.dptr, key.dsize ); + ptr->key.dptr = (char *)memdup( key.dptr, key.dsize ); if (!ptr->key.dptr) { DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n")); /* just return 0 and let the traversal continue */ diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 04d6da2814a..3ac3a932338 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -104,8 +104,9 @@ BOOL secrets_store(const char *key, const void *data, size_t size) secrets_init(); if (!tdb) return False; - return tdb_store(tdb, string_tdb_data(key), make_tdb_data(data, size), - TDB_REPLACE) == 0; + return tdb_trans_store(tdb, string_tdb_data(key), + make_tdb_data((const char *)data, size), + TDB_REPLACE) == 0; } @@ -157,39 +158,39 @@ BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid) return True; } -BOOL secrets_store_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_store_domain_guid(const char *domain, struct GUID *guid) { fstring key; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - return secrets_store(key, guid, sizeof(struct uuid)); + return secrets_store(key, guid, sizeof(struct GUID)); } -BOOL secrets_fetch_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_fetch_domain_guid(const char *domain, struct GUID *guid) { - struct uuid *dyn_guid; + struct GUID *dyn_guid; fstring key; size_t size = 0; - struct uuid new_guid; + struct GUID new_guid; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (struct GUID *)secrets_fetch(key, &size); if (!dyn_guid) { if (lp_server_role() == ROLE_DOMAIN_PDC) { smb_uuid_generate_random(&new_guid); if (!secrets_store_domain_guid(domain, &new_guid)) return False; - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (struct GUID *)secrets_fetch(key, &size); } if (dyn_guid == NULL) { return False; } } - if (size != sizeof(struct uuid)) { + if (size != sizeof(struct GUID)) { DEBUG(1,("UUID size %d is wrong!\n", (int)size)); SAFE_FREE(dyn_guid); return False; @@ -207,7 +208,7 @@ BOOL secrets_fetch_domain_guid(const char *domain, struct uuid *guid) * * @return stored password's key **/ -const char *trust_keystr(const char *domain) +static const char *trust_keystr(const char *domain) { static fstring keystr; @@ -288,7 +289,8 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } - if (!(pass = secrets_fetch(trust_keystr(domain), &size))) { + if (!(pass = (struct machine_acct_pass *)secrets_fetch( + trust_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } @@ -319,6 +321,136 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], return True; } +/** + * Pack SID passed by pointer + * + * @param pack_buf pointer to buffer which is to be filled with packed data + * @param bufsize size of packing buffer + * @param sid pointer to sid to be packed + * + * @return length of the packed representation of the whole structure + **/ +static size_t tdb_sid_pack(char* pack_buf, int bufsize, DOM_SID* sid) +{ + int idx; + size_t len = 0; + + if (!sid || !pack_buf) return -1; + + len += tdb_pack(pack_buf + len, bufsize - len, "bb", sid->sid_rev_num, + sid->num_auths); + + for (idx = 0; idx < 6; idx++) { + len += tdb_pack(pack_buf + len, bufsize - len, "b", + sid->id_auth[idx]); + } + + for (idx = 0; idx < MAXSUBAUTHS; idx++) { + len += tdb_pack(pack_buf + len, bufsize - len, "d", + sid->sub_auths[idx]); + } + + return len; +} + +/** + * Unpack SID into a pointer + * + * @param pack_buf pointer to buffer with packed representation + * @param bufsize size of the buffer + * @param sid pointer to sid structure to be filled with unpacked data + * + * @return size of structure unpacked from buffer + **/ +static size_t tdb_sid_unpack(char* pack_buf, int bufsize, DOM_SID* sid) +{ + int idx, len = 0; + + if (!sid || !pack_buf) return -1; + + len += tdb_unpack(pack_buf + len, bufsize - len, "bb", + &sid->sid_rev_num, &sid->num_auths); + + for (idx = 0; idx < 6; idx++) { + len += tdb_unpack(pack_buf + len, bufsize - len, "b", + &sid->id_auth[idx]); + } + + for (idx = 0; idx < MAXSUBAUTHS; idx++) { + len += tdb_unpack(pack_buf + len, bufsize - len, "d", + &sid->sub_auths[idx]); + } + + return len; +} + +/** + * Pack TRUSTED_DOM_PASS passed by pointer + * + * @param pack_buf pointer to buffer which is to be filled with packed data + * @param bufsize size of the buffer + * @param pass pointer to trusted domain password to be packed + * + * @return length of the packed representation of the whole structure + **/ +static size_t tdb_trusted_dom_pass_pack(char* pack_buf, int bufsize, + TRUSTED_DOM_PASS* pass) +{ + int idx, len = 0; + + if (!pack_buf || !pass) return -1; + + /* packing unicode domain name and password */ + len += tdb_pack(pack_buf + len, bufsize - len, "d", + pass->uni_name_len); + + for (idx = 0; idx < 32; idx++) + len += tdb_pack(pack_buf + len, bufsize - len, "w", + pass->uni_name[idx]); + + len += tdb_pack(pack_buf + len, bufsize - len, "dPd", pass->pass_len, + pass->pass, pass->mod_time); + + /* packing SID structure */ + len += tdb_sid_pack(pack_buf + len, bufsize - len, &pass->domain_sid); + + return len; +} + + +/** + * Unpack TRUSTED_DOM_PASS passed by pointer + * + * @param pack_buf pointer to buffer with packed representation + * @param bufsize size of the buffer + * @param pass pointer to trusted domain password to be filled with unpacked data + * + * @return size of structure unpacked from buffer + **/ +static size_t tdb_trusted_dom_pass_unpack(char* pack_buf, int bufsize, + TRUSTED_DOM_PASS* pass) +{ + int idx, len = 0; + + if (!pack_buf || !pass) return -1; + + /* unpack unicode domain name and plaintext password */ + len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len); + + for (idx = 0; idx < 32; idx++) + len += tdb_unpack(pack_buf + len, bufsize - len, "w", + &pass->uni_name[idx]); + + len += tdb_unpack(pack_buf + len, bufsize - len, "dPd", + &pass->pass_len, &pass->pass, &pass->mod_time); + + /* unpack domain sid */ + len += tdb_sid_unpack(pack_buf + len, bufsize - len, + &pass->domain_sid); + + return len; +} + /************************************************************************ Routine to get account password to trusted domain ************************************************************************/ @@ -336,7 +468,8 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd, ZERO_STRUCT(pass); /* fetching trusted domain password structure */ - if (!(pass_buf = secrets_fetch(trustdom_keystr(domain), &size))) { + if (!(pass_buf = (char *)secrets_fetch(trustdom_keystr(domain), + &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } @@ -494,7 +627,7 @@ char *secrets_fetch_machine_password(const char *domain, uint32 *last_set_time; asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain); strupper_m(key); - last_set_time = secrets_fetch(key, &size); + last_set_time = (unsigned int *)secrets_fetch(key, &size); if (last_set_time) { *pass_last_set_time = IVAL(last_set_time,0); SAFE_FREE(last_set_time); @@ -509,7 +642,7 @@ char *secrets_fetch_machine_password(const char *domain, uint32 *channel_type; asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain); strupper_m(key); - channel_type = secrets_fetch(key, &size); + channel_type = (unsigned int *)secrets_fetch(key, &size); if (channel_type) { *channel = IVAL(channel_type,0); SAFE_FREE(channel_type); @@ -613,7 +746,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n")); } - *pw=secrets_fetch(key, &size); + *pw=(char *)secrets_fetch(key, &size); SAFE_FREE(key); if (!size) { @@ -631,7 +764,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw) for (p=old_style_key; *p; p++) if (*p == ',') *p = '/'; - data=secrets_fetch(old_style_key, &size); + data=(char *)secrets_fetch(old_style_key, &size); if (!size && size < sizeof(old_style_pw)) { DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); SAFE_FREE(old_style_key); @@ -672,20 +805,35 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, { TDB_LIST_NODE *keys, *k; char *pattern; + TALLOC_CTX *tmp_ctx; + + if (!(tmp_ctx = talloc_new(mem_ctx))) { + return NT_STATUS_NO_MEMORY; + } if (!secrets_init()) return NT_STATUS_ACCESS_DENIED; /* generate searching pattern */ - pattern = talloc_asprintf(mem_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS); + pattern = talloc_asprintf(tmp_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS); if (pattern == NULL) { DEBUG(0, ("secrets_trusted_domains: talloc_asprintf() " "failed!\n")); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - *domains = NULL; *num_domains = 0; + /* + * Make sure that a talloc context for the trustdom_info structs + * exists + */ + + if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + /* fetching trusted domains' data and collecting them in a list */ keys = tdb_search_keys(tdb, pattern); @@ -698,16 +846,17 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, struct trustdom_info *dom_info; /* important: ensure null-termination of the key string */ - secrets_key = talloc_strndup(mem_ctx, + secrets_key = talloc_strndup(tmp_ctx, k->node_key.dptr, k->node_key.dsize); if (!secrets_key) { DEBUG(0, ("strndup failed!\n")); tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - packed_pass = secrets_fetch(secrets_key, &size); + packed_pass = (char *)secrets_fetch(secrets_key, &size); packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size, &pass); /* packed representation isn't needed anymore */ @@ -727,30 +876,31 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, continue; } - dom_info = TALLOC_P(mem_ctx, struct trustdom_info); - if (dom_info == NULL) { + if (!(dom_info = TALLOC_P(*domains, struct trustdom_info))) { DEBUG(0, ("talloc failed\n")); tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - if (pull_ucs2_talloc(mem_ctx, &dom_info->name, + if (pull_ucs2_talloc(dom_info, &dom_info->name, pass.uni_name) == (size_t)-1) { DEBUG(2, ("pull_ucs2_talloc failed\n")); tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } sid_copy(&dom_info->sid, &pass.domain_sid); - ADD_TO_ARRAY(mem_ctx, struct trustdom_info *, dom_info, + ADD_TO_ARRAY(*domains, struct trustdom_info *, dom_info, domains, num_domains); if (*domains == NULL) { tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - talloc_steal(*domains, dom_info); } DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n", @@ -758,6 +908,7 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains, /* free the results of searching the keys */ tdb_search_list_free(keys); + TALLOC_FREE(tmp_ctx); return NT_STATUS_OK; } @@ -858,9 +1009,9 @@ BOOL secrets_fetch_afs_key(const char *cell, struct afs_key *result) *******************************************************************************/ void secrets_fetch_ipc_userpass(char **username, char **domain, char **password) { - *username = secrets_fetch(SECRETS_AUTH_USER, NULL); - *domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); - *password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); + *username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL); + *domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); + *password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); if (*username && **username) { @@ -965,7 +1116,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, pdc->remote_machine, pdc->domain); - value.dptr = TALLOC(mem_ctx, value.dsize); + value.dptr = (char *)TALLOC(mem_ctx, value.dsize); if (!value.dptr) { TALLOC_FREE(keystr); return False; @@ -1101,3 +1252,45 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx, return True; } + +BOOL secrets_store_generic(const char *owner, const char *key, const char *secret) +{ + char *tdbkey = NULL; + BOOL ret; + + if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) { + DEBUG(0, ("asprintf failed!\n")); + return False; + } + + ret = secrets_store(tdbkey, secret, strlen(secret)+1); + + SAFE_FREE(tdbkey); + return ret; +} + +/******************************************************************* + Find the ldap password. +******************************************************************/ + +char *secrets_fetch_generic(const char *owner, const char *key) +{ + char *secret = NULL; + char *tdbkey = NULL; + + if (( ! owner) || ( ! key)) { + DEBUG(1, ("Invalid Paramters")); + return NULL; + } + + if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) { + DEBUG(0, ("Out of memory!\n")); + return NULL; + } + + secret = (char *)secrets_fetch(tdbkey, NULL); + SAFE_FREE(tdbkey); + + return secret; +} + |