diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-03-23 02:22:41 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-03-23 02:22:41 +0000 |
commit | 0e55d8d6e5d49f61cd6c27c0697bde3a76d7eee5 (patch) | |
tree | bb1c554dd4458b0d319954449817b85bf6f38901 | |
parent | 79f3265893a60c9109b02407d15d13f18925c751 (diff) | |
download | samba-0e55d8d6e5d49f61cd6c27c0697bde3a76d7eee5.tar.gz samba-0e55d8d6e5d49f61cd6c27c0697bde3a76d7eee5.tar.bz2 samba-0e55d8d6e5d49f61cd6c27c0697bde3a76d7eee5.zip |
Merge of patch by waider to our samsync code.
(Decode all database names, and set only changes, not all info from the samsync
record).
Andrew Bartlett
(This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419)
-rw-r--r-- | source3/utils/net_rpc_samsync.c | 190 |
1 files changed, 155 insertions, 35 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 7d5c8681ad..dc2ae2caa1 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -111,6 +111,37 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) case SAM_DELTA_GROUP_INFO: display_group_info(hdr_delta->target_rid, &delta->group_info); break; + /* The following types are recognised but not handled */ + case SAM_DELTA_RENAME_GROUP: + d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + break; + case SAM_DELTA_RENAME_USER: + d_printf("SAM_DELTA_RENAME_USER not handled\n"); + break; + case SAM_DELTA_RENAME_ALIAS: + d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + break; + case SAM_DELTA_POLICY_INFO: + d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + break; + case SAM_DELTA_TRUST_DOMS: + d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + break; + case SAM_DELTA_PRIVS_INFO: + d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + break; + case SAM_DELTA_SECRET_INFO: + d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + break; + case SAM_DELTA_DELETE_GROUP: + d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + break; + case SAM_DELTA_DELETE_USER: + d_printf("SAM_DELTA_DELETE_USER not handled\n"); + break; + case SAM_DELTA_MODIFIED_COUNT: + d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + break; default: d_printf("Unknown delta record type %d\n", hdr_delta->type); break; @@ -132,7 +163,20 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret return; } - d_printf("Dumping database %u\n", db_type); + switch( db_type ) { + case SAM_DATABASE_DOMAIN: + d_printf("Dumping DOMAIN database\n"); + break; + case SAM_DATABASE_BUILTIN: + d_printf("Dumping BUILTIN database\n"); + break; + case SAM_DATABASE_PRIVS: + d_printf("Dumping PRIVS databases\n"); + break; + default: + d_printf("Dumping unknown database type %u\n", db_type ); + break; + } do { result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, @@ -197,70 +241,143 @@ fail: } /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ +#define STRING_CHANGED (old_string && !new_string) ||\ + (!old_string && new_string) ||\ + (old_string && new_string && (strcmp(old_string, new_string) != 0)) static NTSTATUS sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) { - fstring s; + const char *old_string, *new_string; + time_t unix_time, stored_time; uchar lm_passwd[16], nt_passwd[16]; static uchar zero_buf[16]; /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ - unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1); - pdb_set_nt_username(account, s, PDB_CHANGED); + if (delta->hdr_acct_name.buffer) { + old_string = pdb_get_nt_username(account); + new_string = unistr2_static(&delta->uni_acct_name); + + if (STRING_CHANGED) { + pdb_set_nt_username(account, new_string, PDB_CHANGED); + + } + + /* Unix username is the same - for sanity */ + old_string = pdb_get_username( account ); + if (STRING_CHANGED) { + pdb_set_username(account, new_string, PDB_CHANGED); + } + } + + if (delta->hdr_full_name.buffer) { + old_string = pdb_get_fullname(account); + new_string = unistr2_static(&delta->uni_full_name); + + if (STRING_CHANGED) + pdb_set_fullname(account, new_string, PDB_CHANGED); + } - /* Unix username is the same - for sainity */ - pdb_set_username(account, s, PDB_CHANGED); + if (delta->hdr_home_dir.buffer) { + old_string = pdb_get_homedir(account); + new_string = unistr2_static(&delta->uni_home_dir); + + if (STRING_CHANGED) + pdb_set_homedir(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1); - pdb_set_fullname(account, s, PDB_CHANGED); + if (delta->hdr_dir_drive.buffer) { + old_string = pdb_get_dir_drive(account); + new_string = unistr2_static(&delta->uni_dir_drive); - unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1); - pdb_set_homedir(account, s, PDB_CHANGED); + if (STRING_CHANGED) + pdb_set_dir_drive(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1); - pdb_set_dir_drive(account, s, PDB_CHANGED); + if (delta->hdr_logon_script.buffer) { + old_string = pdb_get_logon_script(account); + new_string = unistr2_static(&delta->uni_logon_script); - unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1); - pdb_set_logon_script(account, s, PDB_CHANGED); + if (STRING_CHANGED) + pdb_set_logon_script(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1); - pdb_set_acct_desc(account, s, PDB_CHANGED); + if (delta->hdr_acct_desc.buffer) { + old_string = pdb_get_acct_desc(account); + new_string = unistr2_static(&delta->uni_acct_desc); - unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1); - pdb_set_workstations(account, s, PDB_CHANGED); + if (STRING_CHANGED) + pdb_set_acct_desc(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1); - pdb_set_profile_path(account, s, PDB_CHANGED); + if (delta->hdr_workstations.buffer) { + old_string = pdb_get_workstations(account); + new_string = unistr2_static(&delta->uni_workstations); - /* User and group sid */ + if (STRING_CHANGED) + pdb_set_workstations(account, new_string, PDB_CHANGED); + } - pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); - pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); + if (delta->hdr_profile.buffer) { + old_string = pdb_get_profile_path(account); + new_string = unistr2_static(&delta->uni_profile); + + if (STRING_CHANGED) + pdb_set_profile_path(account, new_string, PDB_CHANGED); + } + + /* User and group sid */ + if (pdb_get_user_rid(account) != delta->user_rid) + pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); + if (pdb_get_group_rid(account) != delta->group_rid) + pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); /* Logon and password information */ + if (!nt_time_is_zero(&delta->logon_time)) { + unix_time = nt_time_to_unix(&delta->logon_time); + stored_time = pdb_get_logon_time(account); + if (stored_time != unix_time) + pdb_set_logon_time(account, unix_time, PDB_CHANGED); + } - pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED); - pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), - PDB_CHANGED); - pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); + if (!nt_time_is_zero(&delta->logoff_time)) { + unix_time = nt_time_to_unix(&delta->logoff_time); + stored_time = pdb_get_logoff_time(account); + if (stored_time != unix_time) + pdb_set_logoff_time(account, unix_time,PDB_CHANGED); + } + + if (pdb_get_logon_divs(account) != delta->logon_divs) + pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); /* TODO: logon hours */ /* TODO: bad password count */ /* TODO: logon count */ - pdb_set_pass_last_set_time( - account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED); + if (!nt_time_is_zero(&delta->pwd_last_set_time)) { + unix_time = nt_time_to_unix(&delta->pwd_last_set_time); + stored_time = pdb_get_pass_last_set_time(account); + if (stored_time != unix_time) + pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); + } - pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED); +#if 0 + /* No kickoff time in the delta? */ + if (!nt_time_is_zero(&delta->kickoff_time)) { + unix_time = nt_time_to_unix(&delta->kickoff_time); + stored_time = pdb_get_kickoff_time(account); + if (stored_time != unix_time) + pdb_set_kickoff_time(account, unix_time, PDB_CHANGED); + } +#endif /* Decode hashes from password hash Note that win2000 may send us all zeros for the hashes if it doesn't think this channel is secure enough - don't set the passwords at all in that case - */ + */ if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) { sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); @@ -273,7 +390,9 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) /* TODO: account expiry time */ - pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + if (pdb_get_acct_ctrl(account) != delta->acb_info) + pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + return NT_STATUS_OK; } @@ -300,7 +419,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (delta->acb_info & ACB_NORMAL) { pstrcpy(add_script, lp_adduser_script()); } else if ( (delta->acb_info & ACB_WSTRUST) || - (delta->acb_info & ACB_SVRTRUST) ) { + (delta->acb_info & ACB_SVRTRUST) || + (delta->acb_info & ACB_DOMTRUST) ) { pstrcpy(add_script, lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", @@ -386,7 +506,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { - /* No appropriate group found, create one */ + /* No appropriate group found, create one */ d_printf("Creating unix group: '%s'\n", name); if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; @@ -565,7 +685,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { - /* No appropriate group found, create one */ + /* No appropriate group found, create one */ d_printf("Creating unix group: '%s'\n", name); if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; |