diff options
author | Luke Leighton <lkcl@samba.org> | 1998-11-17 16:19:04 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-11-17 16:19:04 +0000 |
commit | 74d539f5573a3ed3ff1b96c54752a389da4c3e14 (patch) | |
tree | cc4cee5bc8c5ff3e7ebfef04c4ed3ff6a199df48 | |
parent | b7c4cd9fc6460c2138750237ee4525f929e93a76 (diff) | |
download | samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.tar.gz samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.tar.bz2 samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.zip |
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
47 files changed, 3044 insertions, 2310 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 73931ef651..96ba7306d4 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -42,6 +42,9 @@ LMHOSTSFILE = $(LIBDIR)/lmhosts DRIVERFILE = $(LIBDIR)/printers.def PASSWD_PROGRAM = /bin/passwd SMB_PASSWD_FILE = $(BASEDIR)/private/smbpasswd +SMB_PASSGRP_FILE = $(BASEDIR)/private/smbpassgrp +SMB_GROUP_FILE = $(BASEDIR)/private/smbgroup +SMB_ALIAS_FILE = $(BASEDIR)/private/smbalias SMB_PASSWD_PROGRAM = $(BASEDIR)/bin/smbpasswd # This is where SWAT images and help files go @@ -64,7 +67,13 @@ CODEPAGELIST= 437 737 850 852 861 932 866 949 950 936 SMBRUN = $(BINDIR)/smbrun -PASSWD_FLAGS = -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DSMB_PASSWD_PROGRAM=\"$(SMB_PASSWD_PROGRAM)\" +PASSWD_FLAGS = \ + -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" \ + -DSMB_PASSWD_PROGRAM=\"$(SMB_PASSWD_PROGRAM)\" \ + -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \ + -DSMB_PASSGRP_FILE=\"$(SMB_PASSGRP_FILE)\" \ + -DSMB_GROUP_FILE=\"$(SMB_GROUP_FILE)\" \ + -DSMB_ALIAS_FILE=\"$(SMB_ALIAS_FILE)\" FLAGS1 = $(CFLAGS) -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper -DSMBLOGFILE=\"$(SMBLOGFILE)\" -DNMBLOGFILE=\"$(NMBLOGFILE)\" FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" FLAGS3 = -DSWATDIR=\"$(SWATDIR)\" -DSBINDIR=\"$(SBINDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" -DSMBRUN=\"$(SMBRUN)\" -DCODEPAGEDIR=\"$(CODEPAGEDIR)\" @@ -90,11 +99,11 @@ LIB_OBJ = lib/charcnv.o lib/charset.o lib/debug.o lib/fault.o \ lib/getsmbpass.o lib/interface.o lib/kanji.o lib/md4.o \ lib/membuffer.o lib/netmask.o lib/pidfile.o lib/replace.o \ lib/signal.o lib/slprintf.o lib/system.o lib/time.o lib/ufc.o \ - lib/genrand.o lib/username.o lib/access.o lib/smbrun.o \ - lib/bitmap.o lib/crc32.o lib/snprintf.o \ - lib/util_str.o lib/util_sid.o \ - lib/util_unistr.o lib/util_file.o \ - lib/util.o lib/util_sock.o + lib/util.o lib/genrand.o lib/username.o lib/access.o lib/smbrun.o \ + lib/bitmap.o lib/crc32.o lib/util_sid.o lib/snprintf.o \ + lib/util_str.o lib/util_unistr.o \ + lib/util_file.o mem_man/mem_man.o \ + lib/util_sock.o UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o ubiqx/debugparse.o @@ -106,12 +115,18 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/namequery.o libsmb/nmblib.o \ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/passchange.o -RPC_SERVER_OBJ = rpc_server/srv_lsa.o \ - rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o \ - rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o \ - rpc_server/srv_samr.o rpc_server/srv_srvsvc.o \ - rpc_server/srv_util.o rpc_server/srv_wkssvc.o \ - rpc_server/srv_pipe.o +RPC_SERVER_OBJ = \ + rpc_server/srv_sid.o \ + rpc_server/srv_lsa.o \ + rpc_server/srv_lsa_hnd.o \ + rpc_server/srv_netlog.o \ + rpc_server/srv_pipe_hnd.o \ + rpc_server/srv_reg.o \ + rpc_server/srv_samr.o \ + rpc_server/srv_srvsvc.o \ + rpc_server/srv_pipe.o \ + rpc_server/srv_lookup.o \ + rpc_server/srv_wkssvc.o RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_misc.o \ rpc_parse/parse_net.o rpc_parse/parse_prs.o \ @@ -122,19 +137,24 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_misc.o \ RPC_CLIENT_OBJ = \ rpc_client/cli_login.o \ rpc_client/cli_netlogon.o \ + rpc_client/cli_reg.o \ rpc_client/cli_pipe.o \ rpc_client/cli_lsarpc.o \ rpc_client/cli_wkssvc.o \ rpc_client/cli_srvsvc.o \ - rpc_client/cli_reg.o \ rpc_client/cli_samr.o LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \ locking/shmem.o locking/shmem_sysv.o +GROUPDB_OBJ = groupdb/groupdb.o groupdb/groupfile.o \ + groupdb/aliasdb.o groupdb/aliasfile.o + PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o \ - passdb/pass_check.o passdb/ldap.o passdb/nispass.o passdb/smbpasschange.o + passdb/pass_check.o passdb/ldap.o passdb/nispass.o \ + passdb/passgrp.o passdb/smbpassgroup.o \ + passdb/smbpasschange.o SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \ @@ -142,13 +162,15 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/message.o smbd/nttrans.o smbd/pipes.o smbd/predict.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/ssl.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ - smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o + smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o \ + smbd/groupname.o PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/printing.o SMBD_OBJ = $(SMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ - $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(LIB_OBJ) + $(LOCKING_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(PRINTING_OBJ) \ + $(LIB_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ @@ -192,7 +214,8 @@ TESTPARM_OBJ = utils/testparm.o \ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ $(LIB_OBJ) -SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ +SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(PASSDB_OBJ) \ $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) RPCCLIENT_OBJ = rpcclient/rpcclient.o \ @@ -204,7 +227,8 @@ RPCCLIENT_OBJ = rpcclient/rpcclient.o \ rpcclient/cmd_srvsvc.o \ rpcclient/cmd_netlogon.o \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ - $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) + $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ + $(PASSDB_OBJ) SMBWRAPPER_OBJ = smbwrapper/smbw.o smbwrapper/wrapped.o \ smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \ @@ -238,7 +262,8 @@ RPCTORTURE_OBJ = utils/rpctorture.o \ rpcclient/cmd_srvsvc.o \ rpcclient/cmd_netlogon.o \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ - $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) + $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ + $(PASSDB_OBJ) DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o diff --git a/source3/configure b/source3/configure index 0cd5e39d74..0ec5ebb0b3 100755 --- a/source3/configure +++ b/source3/configure @@ -1532,7 +1532,7 @@ else fi done -for ac_hdr in compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h rpc/clnt.h +for ac_hdr in compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 diff --git a/source3/configure.in b/source3/configure.in index 5030c7ffe9..55fe56fe9e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -30,7 +30,7 @@ AC_HEADER_TIME AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h) AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h) -AC_CHECK_HEADERS(compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h rpc/clnt.h) +AC_CHECK_HEADERS(compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h ) AC_CHECK_HEADERS(rpcsvc/yp_prot.h rpcsvc/ypclnt.h sys/param.h ctype.h ) AC_CHECK_HEADERS(sys/wait.h sys/resource.h sys/ioctl.h sys/mode.h) AC_CHECK_HEADERS(sys/filio.h string.h strings.h stdlib.h sys/socket.h) diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c index 4b8bbe3079..fc87b47c47 100644 --- a/source3/groupdb/aliasfile.c +++ b/source3/groupdb/aliasfile.c @@ -130,24 +130,36 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members { DOM_SID sid; uint8 type; + BOOL found = False; - if (lookup_sid(name, &sid, &type)) + if (strnequal(name, "S-", 2)) { - (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); - (*num_mem)++; + /* sid entered directly */ + string_to_sid(&sid, name); + found = lookup_name(&sid, name, &type) == 0x0; } else { + found = lookup_sid(name, &sid, &type) == 0x0; + } + + if (!found) + { DEBUG(0,("alias database: could not resolve alias named %s\n", name)); continue; } + + (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); + if ((*members) == NULL) { return NULL; } - fstrcpy((*members)[(*num_mem)-1].name, name); - (*members)[(*num_mem)-1].sid_use = type; - sid_copy(&(*members)[(*num_mem)-1].sid, &sid); + + fstrcpy((*members)[*num_mem].name, name); + (*members)[*num_mem].sid_use = type; + sid_copy(&(*members)[*num_mem].sid, &sid); + (*num_mem)++; } return p; } diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c index 88d362e7d4..8044071391 100644 --- a/source3/groupdb/groupfile.c +++ b/source3/groupdb/groupfile.c @@ -26,6 +26,9 @@ extern int DEBUGLEVEL; static char s_readbuf[1024]; +extern DOM_SID global_sam_sid; +extern fstring global_sam_name; + /*************************************************************** Start to enumerate the grppasswd list. Returns a void pointer to ensure no modification outside this module. @@ -128,11 +131,36 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member while (next_token(&p, name, ",", sizeof(fstring))) { + DOM_SID sid; + uint8 type; + BOOL found = False; + + if (isdigit(name)) + { + uint32 rid = get_number(name); + sid_copy(&sid, &global_sam_sid); + sid_append_rid(&sid, rid); + + found = lookup_name(&sid, name, &type) == 0x0; + } + else + { + found = lookup_sid(name, &sid, &type) == 0x0; + } + + if (!found) + { + DEBUG(0,("alias database: could not resolve name %s in domain %s\n", + name, global_sam_name)); + continue; + } + (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER)); if ((*members) == NULL) { return NULL; } + fstrcpy((*members)[(*num_mem)].name, name); (*members)[(*num_mem)].attr = 0x07; (*num_mem)++; diff --git a/source3/include/config.h.in b/source3/include/config.h.in index 01bc2ee0d8..49379cfe9c 100644 --- a/source3/include/config.h.in +++ b/source3/include/config.h.in @@ -633,9 +633,6 @@ /* Define if you have the <rpc/auth.h> header file. */ #undef HAVE_RPC_AUTH_H -/* Define if you have the <rpc/clnt.h> header file. */ -#undef HAVE_RPC_CLNT_H - /* Define if you have the <rpc/rpc.h> header file. */ #undef HAVE_RPC_RPC_H diff --git a/source3/include/proto.h b/source3/include/proto.h index d1aa8383c2..329903f787 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -17,6 +17,54 @@ void cmd_tar(void); int process_tar(void); int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); +/*The following definitions come from groupdb/aliasdb.c */ + +BOOL initialise_alias_db(void); +LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als); +BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss); +BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss); +void *startaliasent(BOOL update); +void endaliasent(void *vp); +LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL add_alias_entry(LOCAL_GRP *newals); +BOOL mod_alias_entry(LOCAL_GRP* als); +LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss); +void aldb_init_als(LOCAL_GRP *als); + +/*The following definitions come from groupdb/aliasfile.c */ + +struct aliasdb_ops *file_initialise_alias_db(void); + +/*The following definitions come from groupdb/groupdb.c */ + +BOOL initialise_group_db(void); +DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); +BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp); +BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps); +BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps); +void *startgroupent(BOOL update); +void endgroupent(void *vp); +DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem); +BOOL add_group_entry(DOMAIN_GRP *newgrp); +BOOL mod_group_entry(DOMAIN_GRP* grp); +DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps); +void gpdb_init_grp(DOMAIN_GRP *grp); + +/*The following definitions come from groupdb/groupfile.c */ + +struct groupdb_ops *file_initialise_group_db(void); + /*The following definitions come from lib/access.c */ BOOL allow_access(char *deny_list,char *allow_list, @@ -49,6 +97,7 @@ uint32 crc32_calc_buffer( uint32 count, char *buffer); /*The following definitions come from lib/debug.c */ +BOOL dbg_interactive(void); void sig_usr2( int sig ); void sig_usr1( int sig ); void setup_logging( char *pname, BOOL interactive ); @@ -208,6 +257,7 @@ BOOL user_in_list(char *user,char *list); char *tmpdir(void); BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups); +int get_number(char *tmp); char *Atoic(char *p, int *n, char *c); char *get_numlist(char *p, uint32 **num, int *count); void putip(void *dest,void *src); @@ -454,6 +504,7 @@ BOOL cli_establish_connection(struct cli_state *cli, struct nmb_name *calling, struct nmb_name *called, char *service, char *service_type, BOOL do_shutdown, BOOL do_tcon); +BOOL cli_connect_serverlist(struct cli_state *cli, char *p); int cli_printjob_del(struct cli_state *cli, int job); int cli_print_queue(struct cli_state *cli, void (*fn)(struct print_job_info *)); @@ -487,7 +538,7 @@ BOOL name_status(int fd,char *name,int name_type,BOOL recurse, struct in_addr *name_query(int fd,const char *name,int name_type, BOOL bcast,BOOL recurse, struct in_addr to_ip, int *count, void (*fn)(struct packet_struct *)); FILE *startlmhosts(char *fname); -BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr); +BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr); void endlmhosts(FILE *fp); BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type); BOOL find_master_ip(char *group, struct in_addr *master_ip); @@ -595,6 +646,23 @@ struct shmem_ops *smb_shm_open(int ronly); struct shmem_ops *sysv_shm_open(int ronly); +/*The following definitions come from mem_man/mem_man.c */ + +void *smb_mem_malloc(size_t size,char *file,int line); +char *smb_mem_strdup(char *s, char *file, int line); +int smb_mem_free(void *ptr,char *file,int line); +void smb_mem_write_info(void *ptr,FILE *outfile); +size_t smb_mem_query_size(void *ptr); +size_t smb_mem_query_real_size(void *ptr); +char *smb_mem_query_file(void *ptr); +int smb_mem_query_line(void *ptr); +int smb_mem_test(void *ptr); +void smb_mem_write_status(FILE *outfile); +void smb_mem_write_verbose(FILE *outfile); +void smb_mem_write_errors(FILE *outfile); +void smb_mem_set_multiplier(int multiplier); +void *smb_mem_resize(void *ptr,size_t newsize); + /*The following definitions come from nmbd/asyncdns.c */ int asyncdns_fd(void); @@ -939,6 +1007,9 @@ char *lp_logfile(void); char *lp_smbrun(void); char *lp_configfile(void); char *lp_smb_passwd_file(void); +char *lp_smb_passgrp_file(void); +char *lp_smb_group_file(void); +char *lp_smb_alias_file(void); char *lp_serverstring(void); char *lp_printcapname(void); char *lp_lockdir(void); @@ -953,6 +1024,7 @@ char *lp_passwordserver(void); char *lp_name_resolve_order(void); char *lp_workgroup(void); char *lp_username_map(void); +char *lp_aliasname_map(void); char *lp_groupname_map(void); char *lp_logon_script(void); char *lp_logon_path(void); @@ -967,11 +1039,6 @@ char *lp_nis_home_map_name(void); char *lp_netbios_aliases(void); char *lp_driverfile(void); char *lp_panic_action(void); -char *lp_domain_groups(void); -char *lp_domain_admin_group(void); -char *lp_domain_guest_group(void); -char *lp_domain_admin_users(void); -char *lp_domain_guest_users(void); char *lp_ldap_server(void); char *lp_ldap_suffix(void); char *lp_ldap_filter(void); @@ -1174,7 +1241,7 @@ BOOL pass_check(char *user,char *password, int pwlen, struct passwd *pwd, /*The following definitions come from passdb/passdb.c */ -BOOL initialize_password_db(void); +BOOL initialise_password_db(void); struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid); struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid); struct smb_passwd *iterate_getsmbpwnam(char *name); @@ -1193,32 +1260,60 @@ struct sam_disp_info *getsamdisprid(uint32 rid); struct sam_passwd *getsam21pwent(void *vp); struct sam_passwd *getsam21pwnam(char *name); struct sam_passwd *getsam21pwrid(uint32 rid); -void pdb_init_smb(struct smb_passwd *user); -void pdb_init_sam(struct sam_passwd *user); -struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user); -struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user); -struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user); -char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); -uint16 pdb_decode_acct_ctrl(char *p); -time_t pdb_get_last_set_time(char *p); -void pdb_set_logon_time(char *p, int max_len, time_t t); -void pdb_set_logoff_time(char *p, int max_len, time_t t); -void pdb_set_kickoff_time(char *p, int max_len, time_t t); -void pdb_set_can_change_time(char *p, int max_len, time_t t); -void pdb_set_must_change_time(char *p, int max_len, time_t t); -void pdb_set_last_set_time(char *p, int max_len, time_t t); -void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl); -BOOL pdb_gethexpwd(char *p, char *pwd); -BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid); -BOOL pdb_generate_sam_sid(void); -uid_t pdb_user_rid_to_uid(uint32 user_rid); -uint32 pdb_uid_to_user_rid(uid_t uid); -uint32 pdb_gid_to_group_rid(gid_t gid); -BOOL pdb_rid_is_user(uint32 rid); +void pwdb_init_smb(struct smb_passwd *user); +void pwdb_init_sam(struct sam_passwd *user); +struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user); +struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user); +struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user); +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); +uint16 pwdb_decode_acct_ctrl(char *p); +time_t pwdb_get_last_set_time(char *p); +void pwdb_set_logon_time(char *p, int max_len, time_t t); +void pwdb_set_logoff_time(char *p, int max_len, time_t t); +void pwdb_set_kickoff_time(char *p, int max_len, time_t t); +void pwdb_set_can_change_time(char *p, int max_len, time_t t); +void pwdb_set_must_change_time(char *p, int max_len, time_t t); +void pwdb_set_last_set_time(char *p, int max_len, time_t t); +void pwdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl); +BOOL pwdb_gethexpwd(char *p, char *pwd); +uid_t pwdb_user_rid_to_uid(uint32 user_rid); +uint32 pwdb_uid_to_user_rid(uid_t uid); +uint32 pwdb_gid_to_group_rid(gid_t gid); +gid_t pwdb_group_rid_to_gid(uint32 group_rid); +uint32 pwdb_gid_to_alias_rid(gid_t gid); +gid_t pwdb_alias_rid_to_gid(uint32 alias_rid); +BOOL pwdb_rid_is_user(uint32 rid); + +/*The following definitions come from passdb/passgrp.c */ + +BOOL initialise_passgrp_db(void); +struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *iterate_getsmbgrpnam(char *name, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +void *startsmbgrpent(BOOL update); +void endsmbgrpent(void *vp); +struct smb_passwd *getsmbgrpent(void *vp, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *getsmbgrpnam(char *name, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *getsmbgrprid(uint32 user_rid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *getsmbgrpuid(uid_t smb_userid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); /*The following definitions come from passdb/smbpass.c */ -struct passdb_ops *file_initialize_password_db(void); +struct passdb_ops *file_initialise_password_db(void); /*The following definitions come from passdb/smbpasschange.c */ @@ -1230,8 +1325,6 @@ BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user, /*The following definitions come from passdb/smbpassfile.c */ -BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth); -BOOL pw_file_unlock(int fd, int *plock_depth); BOOL trust_password_lock( char *domain, char *name, BOOL update); BOOL trust_password_unlock(void); BOOL trust_password_delete( char *domain, char *name ); @@ -1239,6 +1332,10 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t BOOL set_trust_account_password( unsigned char *md4_new_pwd); BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname); +/*The following definitions come from passdb/smbpassgroup.c */ + +struct passgrp_ops *file_initialise_password_grp(void); + /*The following definitions come from printing/pcap.c */ BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname); @@ -1808,7 +1905,7 @@ void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struc void make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol, uint32 size); void samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_struct *ps, int depth); void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, - uint32 num_sam_entries, SAM_USER_INFO_21 grps[MAX_SAM_ENTRIES], + uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status); void samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth); void make_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_e, POLICY_HND *pol, @@ -1828,7 +1925,7 @@ void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, void samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth); void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, uint32 start_idx, uint32 num_sam_entries, - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES], + DOMAIN_GRP *grp, uint32 status); void samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth); void make_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_e, @@ -1845,7 +1942,7 @@ void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u, void samr_io_r_lookup_ids(char *desc, SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, int depth); void samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth); void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, - uint32 num_rids, uint32 *rid, uint32 status); + uint32 num_rids, uint32 *rid, uint8 *type, uint32 status); void samr_io_r_lookup_names(char *desc, SAMR_R_LOOKUP_NAMES *r_u, prs_struct *ps, int depth); void samr_io_q_unknown_12(char *desc, SAMR_Q_UNKNOWN_12 *q_u, prs_struct *ps, int depth); void make_samr_r_unknown_12(SAMR_R_UNKNOWN_12 *r_u, @@ -2051,6 +2148,37 @@ void make_wks_r_query_info(WKS_R_QUERY_INFO *r_u, int status) ; void wks_io_r_query_info(char *desc, WKS_R_QUERY_INFO *r_u, prs_struct *ps, int depth); +/*The following definitions come from rpc_server/srv_lookup.c */ + +int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids); +int get_domain_user_groups(DOMAIN_GRP_MEMBER **grp_members, uint32 group_rid); +uint32 lookup_builtin_names(DOM_SID *sid, char *name, uint8 *type); +uint32 lookup_added_name(DOM_SID *sid, char *name, uint8 *type); +uint32 lookup_name(DOM_SID *sid, char *name, uint8 *type); +uint32 lookup_wk_group_name(DOM_SID *sid, char *group_name, uint8 *type); +uint32 lookup_group_name(DOM_SID *sid, char *group_name, uint8 *type); +uint32 lookup_wk_alias_name(DOM_SID *sid, char *alias_name, uint8 *type); +uint32 lookup_alias_name(DOM_SID *sid, char *alias_name, uint8 *type); +uint32 lookup_wk_user_name(DOM_SID *sid, char *user_name, uint8 *type); +uint32 lookup_user_name(DOM_SID *sid, char *user_name, uint8 *type); +uint32 lookup_group_rid(char *group_name, uint32 *rid, uint8 *type); +uint32 lookup_wk_group_rid(char *group_name, uint32 *rid, uint8 *type); +uint32 lookup_alias_sid(char *alias_name, DOM_SID *sid, uint8 *type); +uint32 lookup_alias_rid(char *alias_name, uint32 *rid, uint8 *type); +uint32 lookup_wk_alias_sid(char *alias_name, DOM_SID *sid, uint8 *type); +uint32 lookup_wk_alias_rid(char *alias_name, uint32 *rid, uint8 *type); +uint32 lookup_sid(char *name, DOM_SID *sid, uint8 *type); +uint32 lookup_added_user_rids(char *user_name, + uint32 *usr_rid, uint32 *grp_rid); +uint32 lookup_added_user_rid(char *user_name, uint32 *rid, uint8 *type); +uint32 lookup_wk_user_rid(char *user_name, uint32 *rid, uint8 *type); +uint32 lookup_added_grp_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_builtin_grp_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_grp_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_user_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid); + /*The following definitions come from rpc_server/srv_lsa.c */ BOOL api_ntlsa_rpc(pipes_struct *p, prs_struct *data); @@ -2103,20 +2231,18 @@ BOOL api_reg_rpc(pipes_struct *p, prs_struct *data); BOOL api_samr_rpc(pipes_struct *p, prs_struct *data); -/*The following definitions come from rpc_server/srv_srvsvc.c */ +/*The following definitions come from rpc_server/srv_sid.c */ -BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data); +BOOL get_member_domain_sid(void); +void generate_wellknown_sids(void); +BOOL generate_sam_sid(void); +BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain); +BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain); +BOOL split_domain_name(char *fullname, char *domain, char *name); -/*The following definitions come from rpc_server/srv_util.c */ +/*The following definitions come from rpc_server/srv_srvsvc.c */ -int make_dom_gids(char *gids_str, DOM_GID **ppgids); -void get_domain_user_groups(char *domain_groups, char *user); -uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type); -uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type); -uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type); -uint32 lookup_group_rid(char *group_name, uint32 *rid); -uint32 lookup_alias_rid(char *alias_name, uint32 *rid); -uint32 lookup_user_rid(char *user_name, uint32 *rid); +BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data); /*The following definitions come from rpc_server/srv_wkssvc.c */ @@ -2355,6 +2481,17 @@ void file_chain_reset(void); void file_chain_save(void); void file_chain_restore(void); +/*The following definitions come from smbd/groupname.c */ + +BOOL map_group_sid_to_name(DOM_SID *psid, char *group_name, char *nt_domain); +BOOL map_alias_sid_to_name(DOM_SID *psid, char *alias_name, char *nt_domain); +BOOL map_group_name_to_sid(char *group_name, DOM_SID *psid); +BOOL map_alias_name_to_sid(char *alias_name, DOM_SID *psid); +BOOL map_gid_to_alias_sid(gid_t gid, DOM_SID *psid); +BOOL map_gid_to_group_sid( gid_t gid, DOM_SID *psid); +BOOL map_group_sid_to_gid( DOM_SID *psid, gid_t *gid); +BOOL map_alias_sid_to_gid( DOM_SID *psid, gid_t *gid); + /*The following definitions come from smbd/ipc.c */ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize); @@ -2431,7 +2568,7 @@ BOOL set_challenge(unsigned char *challenge); user_struct *get_valid_user_struct(uint16 vuid); void invalidate_vuid(uint16 vuid); char *validated_username(uint16 vuid); -int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups); +int get_unixgroups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups); uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, BOOL guest); void add_session_user(char *user); BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8); diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index e984a4842b..aa1f100dfb 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -56,13 +56,14 @@ * NT RIDS. */ -/* Take the bottom bit. */ -#define RID_TYPE_MASK 1 -#define RID_MULTIPLIER 2 - -/* The two common types. */ -#define USER_RID_TYPE 0 -#define GROUP_RID_TYPE 1 +/* Take the bottom bits. */ +#define RID_TYPE_MASK 2 +#define RID_MULTIPLIER 4 + +/* The three common types. */ +#define RID_TYPE_USER 0 +#define RID_TYPE_GROUP 1 +#define RID_TYPE_ALIAS 2 /* ENUM_HND */ typedef struct enum_hnd_info diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index d45cb23388..ef7fefc72e 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -769,7 +769,7 @@ itself. the response to the lookup rids is relative to this SID. /* SAMR_Q_LOOKUP_IDS */ typedef struct q_samr_lookup_ids_info { - POLICY_HND pol; /* policy handle */ + POLICY_HND pol; /* policy handle */ uint32 num_sids1; /* number of rids being looked up */ uint32 ptr; /* buffer pointer */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 0ffbcded13..63aa7c098d 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -463,30 +463,31 @@ typedef struct local_grp_info { fstring name; fstring comment; + uint32 rid; /* alias rid */ } LOCAL_GRP; -/*** enumerate these to get list of domain groups ***/ +/*** query a domain group, get a list of these: shows who is in that group ***/ -/* domain group member info */ -typedef struct domain_grp_info +/* domain group info */ +typedef struct domain_grp_member_info { fstring name; - fstring comment; - uint32 rid; /* group rid */ uint8 attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */ -} DOMAIN_GRP; +} DOMAIN_GRP_MEMBER; -/*** query a domain group, get a list of these: shows who is in that group ***/ +/*** enumerate these to get list of domain groups ***/ -/* domain group info */ -typedef struct domain_grp_member_info +/* domain group member info */ +typedef struct domain_grp_info { fstring name; + fstring comment; + uint32 rid; /* group rid */ uint8 attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */ -} DOMAIN_GRP_MEMBER; +} DOMAIN_GRP; /* DOM_CHAL - challenge info */ typedef struct chal_info @@ -814,6 +815,110 @@ struct passdb_ops { #endif }; +/* + * Each implementation of the passgrp database code needs + * to support the following operations. + */ + +struct passgrp_ops { + /* + * Password database ops. + */ + void *(*startsmbgrpent)(BOOL); + void (*endsmbgrpent)(void *); + SMB_BIG_UINT (*getsmbgrppos)(void *); + BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT); + + /* + * smb passgrp database query functions. + */ + struct smb_passwd *(*getsmbgrpnam)(char *, uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*); + +}; + +/* + * Each implementation of the group database code needs + * to support the following operations. + * + * This allows enumeration, modification and addition of groups. there + * is _no_ deletion of groups: you can only modify them to a status of + * "deleted" (this by the way is a requirement of c2 rating) + */ + +struct groupdb_ops +{ + /* + * Group database ops. + */ + void *(*startgroupent)(BOOL); + void (*endgroupent)(void *); + SMB_BIG_UINT (*getgrouppos)(void *); + BOOL (*setgrouppos)(void *, SMB_BIG_UINT); + + /* + * group database query functions. set the BOOL to Tru + * if you want the members in the group as well. + */ + DOMAIN_GRP *(*getgroupnam)(char *, DOMAIN_GRP_MEMBER **, int *); + DOMAIN_GRP *(*getgroupgid)(gid_t , DOMAIN_GRP_MEMBER **, int *); + DOMAIN_GRP *(*getgrouprid)(uint32, DOMAIN_GRP_MEMBER **, int *); + DOMAIN_GRP *(*getgroupent)(void *, DOMAIN_GRP_MEMBER **, int *); + + /* + * group database modification functions. + */ + BOOL (*add_group_entry)(DOMAIN_GRP *); + BOOL (*mod_group_entry)(DOMAIN_GRP *); + + /* + * user group functions + */ + BOOL (*getusergroupsnam)(char *, DOMAIN_GRP **, int *); +}; + +/* + * Each implementation of the alias database code needs + * to support the following operations. + * + * This allows enumeration, modification and addition of aliases. there + * is _no_ deletion of aliases: you can only modify them to a status of + * "deleted" (this by the way is a requirement of c2 rating) + */ + +struct aliasdb_ops +{ + /* + * Alias database ops. + */ + void *(*startaliasent)(BOOL); + void (*endaliasent)(void *); + SMB_BIG_UINT (*getaliaspos)(void *); + BOOL (*setaliaspos)(void *, SMB_BIG_UINT); + + /* + * alias database query functions. set the BOOL to Tru + * if you want the members in the alias as well. + */ + LOCAL_GRP *(*getaliasnam)(char *, LOCAL_GRP_MEMBER **, int *); + LOCAL_GRP *(*getaliasgid)(gid_t , LOCAL_GRP_MEMBER **, int *); + LOCAL_GRP *(*getaliasrid)(uint32, LOCAL_GRP_MEMBER **, int *); + LOCAL_GRP *(*getaliasent)(void *, LOCAL_GRP_MEMBER **, int *); + + /* + * alias database modification functions. + */ + BOOL (*add_alias_entry)(LOCAL_GRP *); + BOOL (*mod_alias_entry)(LOCAL_GRP *); + + /* + * user alias functions + */ + BOOL (*getuseraliasnam)(char *, LOCAL_GRP **, int *); +}; + /* this is used for smbstatus */ struct connect_record @@ -1650,11 +1755,8 @@ extern int unix_ERR_code; /* zero a structure */ #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) -/* zero a structure given a pointer to the structure - no zero check */ -#define ZERO_STRUCTPN(x) memset((char *)(x), 0, sizeof(*(x))) - /* zero a structure given a pointer to the structure */ -#define ZERO_STRUCTP(x) { if ((x) != NULL) ZERO_STRUCTPN(x); } +#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } /* zero an array - note that sizeof(array) must work - ie. it must not be a pointer */ diff --git a/source3/lib/debug.c b/source3/lib/debug.c index 6b7b9341a3..619a917747 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -75,6 +75,7 @@ * debugf - Debug file name. * append_log - If True, then the output file will be opened in append * mode. + * timestamp_log - * DEBUGLEVEL - System-wide debug message limit. Messages with message- * levels higher than DEBUGLEVEL will not be processed. */ @@ -82,6 +83,7 @@ FILE *dbf = NULL; pstring debugf = ""; BOOL append_log = False; +BOOL timestamp_log = True; int DEBUGLEVEL = 1; @@ -119,7 +121,17 @@ static int format_pos = 0; * Functions... */ -#if defined(SIGUSR2) +/* ************************************************************************** ** + * tells us if interactive logging was requested + * ************************************************************************** ** + */ + +BOOL dbg_interactive(void) +{ + return stdout_logging; +} + +#if defined(SIGUSR2) && !defined(MEM_MAN) /* ************************************************************************** ** * catch a sigusr2 - decrease the debug log level. * ************************************************************************** ** @@ -140,7 +152,7 @@ void sig_usr2( int sig ) } /* sig_usr2 */ #endif /* SIGUSR2 */ -#if defined(SIGUSR1) +#if defined(SIGUSR1) && !defined(MEM_MAN) /* ************************************************************************** ** * catch a sigusr1 - increase the debug log level. * ************************************************************************** ** @@ -429,7 +441,7 @@ static void bufr_print( void ) static void format_debug_text( char *msg ) { int i; - BOOL timestamp = (!stdout_logging && (lp_timestamp_logs() || + BOOL timestamp = (timestamp_log && !stdout_logging && (lp_timestamp_logs() || !(lp_loaded()))); for( i = 0; msg[i]; i++ ) @@ -527,7 +539,7 @@ BOOL dbghdr( int level, char *file, char *func, int line ) /* Print the header if timestamps are turned on. If parameters are * not yet loaded, then default to timestamps on. */ - if( lp_timestamp_logs() || !(lp_loaded()) ) + if( timestamp_log && (lp_timestamp_logs() || !(lp_loaded()) )) { /* Print it all out at once to prevent split syslog output. */ (void)Debug1( "[%s, %d] %s:%s(%d)\n", diff --git a/source3/lib/util.c b/source3/lib/util.c index 1710205f3c..df3faa569a 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -143,6 +143,21 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups) /**************************************************************************** +gets either a hex number (0xNNN) or decimal integer (NNN). +****************************************************************************/ +int get_number(char *tmp) +{ + if (strnequal(tmp, "0x", 2)) + { + return strtol(tmp, (char**)NULL, 16); + } + else + { + return strtol(tmp, (char**)NULL, 10); + } +} + +/**************************************************************************** like atoi but gets the value up to the separater character ****************************************************************************/ char *Atoic(char *p, int *n, char *c) @@ -153,7 +168,12 @@ char *Atoic(char *p, int *n, char *c) return NULL; } - (*n) = atoi(p); + (*n) = get_number(p); + + if (strnequal(p, "0x", 2)) + { + p += 2; + } while ((*p) && isdigit(*p)) { diff --git a/source3/lib/util_hnd.c b/source3/lib/util_hnd.c index b807c40604..dabc5520ff 100644 --- a/source3/lib/util_hnd.c +++ b/source3/lib/util_hnd.c @@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) { struct policy *p = find_lsa_policy(hnd); - if (!p) { + if (!p) + { DEBUG(3,("Error closing policy\n")); return False; } @@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) bitmap_clear(bmap, p->pnum); ZERO_STRUCTP(p); + ZERO_STRUCTP(hnd); free(p); diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 550f7cc391..bb792b7e2b 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -39,18 +39,27 @@ static BOOL cli_receive_smb(struct cli_state *cli) /**************************************************************************** send an smb to a fd and re-establish if necessary ****************************************************************************/ -static BOOL cli_send_smb(struct cli_state *cli) +static BOOL cli_send_smb(struct cli_state *cli, BOOL show) { size_t len; size_t nwritten=0; ssize_t ret; BOOL reestablished=False; + if (show) + { + show_msg(cli->outbuf); + } + len = smb_len(cli->outbuf) + 4; while (nwritten < len) { ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten); - if (ret <= 0 && errno == EPIPE && !reestablished) { + if (ret <= 0 && errno == EPIPE && !reestablished) + { + DEBUG(5,("cli_send_smb: write error (%s) - reconnecting\n", + strerror(errno))); + if (cli_reestablish_connection(cli)) { reestablished = True; nwritten=0; @@ -60,8 +69,7 @@ static BOOL cli_send_smb(struct cli_state *cli) if (ret <= 0) { DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n", len,ret)); - close_sockets(); - exit(1); + return False; } nwritten += ret; } @@ -259,8 +267,7 @@ static BOOL cli_send_trans(struct cli_state *cli, int trans, set_message(cli->outbuf,14+lsetup, /* wcnt, bcc */ PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False); - show_msg(cli->outbuf); - cli_send_smb(cli); + cli_send_smb(cli, True); if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ @@ -300,8 +307,7 @@ static BOOL cli_send_trans(struct cli_state *cli, int trans, set_message(cli->outbuf,trans==SMBtrans?8:9, /* wcnt, bcc */ PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False); - show_msg(cli->outbuf); - cli_send_smb(cli); + cli_send_smb(cli, True); tot_data += this_ldata; tot_param += this_lparam; @@ -328,8 +334,6 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans, if (!cli_receive_smb(cli)) return False; - show_msg(cli->inbuf); - /* sanity check */ if (CVAL(cli->inbuf,smb_com) != trans) { DEBUG(0,("Expected %s response, got command 0x%02x\n", @@ -382,8 +386,6 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans, if (!cli_receive_smb(cli)) return False; - show_msg(cli->inbuf); - /* sanity check */ if (CVAL(cli->inbuf,smb_com) != trans) { DEBUG(0,("Expected %s response, got command 0x%02x\n", @@ -759,11 +761,12 @@ BOOL cli_session_setup(struct cli_state *cli, set_message(cli->outbuf,13,PTR_DIFF(p,smb_buf(cli->outbuf)),False); } - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) + { + DEBUG(10,("cli_session_setup: receive smb failed\n")); return False; - - show_msg(cli->inbuf); + } if (CVAL(cli->inbuf,smb_rcls) != 0) { return False; @@ -804,7 +807,7 @@ BOOL cli_ulogoff(struct cli_state *cli) SSVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */ - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) return False; @@ -858,7 +861,7 @@ BOOL cli_send_tconX(struct cli_state *cli, SCVAL(cli->inbuf,smb_rcls, 1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) return False; @@ -899,7 +902,7 @@ BOOL cli_tdis(struct cli_state *cli) SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) return False; @@ -931,7 +934,7 @@ BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst) *p++ = 4; pstrcpy(p,fname_dst); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -965,7 +968,7 @@ BOOL cli_unlink(struct cli_state *cli, char *fname) *p++ = 4; pstrcpy(p,fname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -997,7 +1000,7 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname) *p++ = 4; pstrcpy(p,dname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1029,7 +1032,7 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname) *p++ = 4; pstrcpy(p,dname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1074,7 +1077,7 @@ int cli_nt_create(struct cli_state *cli, char *fname) pstrcpy(p,fname); p = skip_string(p,1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return -1; } @@ -1145,7 +1148,7 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode) pstrcpy(p,fname); p = skip_string(p,1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return -1; } @@ -1177,7 +1180,7 @@ BOOL cli_close(struct cli_state *cli, int fnum) SSVAL(cli->outbuf,smb_vwv0,fnum); SIVALS(cli->outbuf,smb_vwv1,-1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1218,7 +1221,7 @@ BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int ti SSVAL(p, 0, cli->pid); SIVAL(p, 2, offset); SIVAL(p, 6, len); - cli_send_smb(cli); + cli_send_smb(cli, True); cli->timeout = (timeout == -1) ? 0x7FFFFFFF : timeout; @@ -1264,7 +1267,7 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int SIVAL(p, 2, offset); SIVAL(p, 6, len); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1300,7 +1303,7 @@ static void cli_issue_read(struct cli_state *cli, int fnum, off_t offset, SSVAL(cli->outbuf,smb_vwv6,size); SSVAL(cli->outbuf,smb_mid,cli->mid + i); - cli_send_smb(cli); + cli_send_smb(cli, True); } /**************************************************************************** @@ -1406,8 +1409,7 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint1 SSVAL(cli->outbuf,smb_mid,cli->mid + i); - show_msg(cli->outbuf); - cli_send_smb(cli); + cli_send_smb(cli, True); } /**************************************************************************** @@ -1495,7 +1497,7 @@ BOOL cli_getattrE(struct cli_state *cli, int fd, SSVAL(cli->outbuf,smb_vwv0,fd); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1549,7 +1551,7 @@ BOOL cli_getatr(struct cli_state *cli, char *fname, *p = 4; pstrcpy(p+1, fname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1600,7 +1602,7 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t) p = skip_string(p,1); *p = 4; - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -2163,13 +2165,14 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char data_len = 532; - if (cli_send_trans(cli,SMBtrans, + if (!cli_send_trans(cli,SMBtrans, PIPE_LANMAN,strlen(PIPE_LANMAN), /* name, length */ 0,0, /* fid, flags */ NULL,0,0, /* setup, length, max */ param,param_len,2, /* param, length, max */ data,data_len,0 /* data, length, max */ - ) == False) { + )) + { DEBUG(0,("cli_oem_change_password: Failed to send password change for user %s\n", user )); return False; @@ -2223,11 +2226,11 @@ BOOL cli_negprot(struct cli_state *cli) CVAL(smb_buf(cli->outbuf),0) = 2; - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) + { return False; - - show_msg(cli->inbuf); + } if (CVAL(cli->inbuf,smb_rcls) != 0 || ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) { @@ -2305,7 +2308,7 @@ BOOL cli_session_request(struct cli_state *cli, retry: #endif /* WITH_SSL */ - cli_send_smb(cli); + cli_send_smb(cli, False); DEBUG(5,("Sent session request\n")); if (!cli_receive_smb(cli)) @@ -2401,6 +2404,7 @@ shutdown a client structure ****************************************************************************/ void cli_shutdown(struct cli_state *cli) { + DEBUG(10,("cli_shutdown\n")); if (cli->outbuf) { free(cli->outbuf); @@ -2414,7 +2418,9 @@ void cli_shutdown(struct cli_state *cli) sslutil_disconnect(cli->fd); #endif /* WITH_SSL */ if (cli->fd != -1) - close(cli->fd); + { + close(cli->fd); + } memset(cli, 0, sizeof(*cli)); } @@ -2429,10 +2435,18 @@ void cli_shutdown(struct cli_state *cli) ****************************************************************************/ int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num) { - int flgs2 = SVAL(cli->inbuf,smb_flg2); + int flgs2; char rcls; int code; + if (!cli->initialised) + { + DEBUG(0,("cli_error: client state uninitialised!\n")); + return EINVAL; + } + + flgs2 = SVAL(cli->inbuf,smb_flg2); + if (eclass) *eclass = 0; if (num ) *num = 0; @@ -2671,7 +2685,9 @@ BOOL cli_establish_connection(struct cli_state *cli, { DEBUG(1,("failed session setup\n")); if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return False; } @@ -2682,20 +2698,105 @@ BOOL cli_establish_connection(struct cli_state *cli, { DEBUG(1,("failed tcon_X\n")); if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return False; } } } if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return True; } /**************************************************************************** + connect to one of multiple servers: don't care which +****************************************************************************/ +BOOL cli_connect_serverlist(struct cli_state *cli, char *p) +{ + extern pstring global_myname; + extern pstring scope; + fstring remote_machine; + struct in_addr dest_ip; + struct nmb_name calling, called; + BOOL connected_ok = True; + + ZERO_STRUCT(cli); + + if (!cli_initialise(cli)) + { + DEBUG(0,("cli_connect_serverlist: unable to initialize client connection.\n")); + return False; + } + + /* + * Treat each name in the 'password server =' line as a potential + * PDC/BDC. Contact each in turn and try and authenticate. + */ + + while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) + { + standard_sub_basic(remote_machine); + strupper(remote_machine); + + if (!resolve_name( remote_machine, &dest_ip, 0x20)) + { + DEBUG(1,("cli_connect_serverlist: Can't resolve address for %s\n", remote_machine)); + continue; + } + + if (ismyip(dest_ip)) + { + DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_machine)); + continue; + } + + make_nmb_name(&calling, global_myname , 0x0 , scope); + make_nmb_name(&called , remote_machine, 0x20, scope); + + pwd_set_nullpwd(&cli->pwd); + + if (!cli_establish_connection(cli, remote_machine, &dest_ip, + &calling, &called, + "IPC$", "IPC", + False, True)) + { + cli_shutdown(cli); + continue; + } + + if (!IS_BITS_SET_ALL(cli->sec_mode, 1)) + { + DEBUG(1,("cli_connect_serverlist: machine %s isn't in user level security mode\n", + remote_machine)); + cli_shutdown(cli); + continue; + } + + /* + * We have an anonymous connection to IPC$. + */ + + connected_ok = True; + break; + } + + if (!connected_ok) + { + DEBUG(0,("cli_connect_serverlist: Domain password server not available.\n")); + cli_shutdown(cli); + } + + return connected_ok; +} + +/**************************************************************************** cancel a print job ****************************************************************************/ int cli_printjob_del(struct cli_state *cli, int job) @@ -2826,7 +2927,7 @@ BOOL cli_chkpath(struct cli_state *cli, char *path) *p++ = 4; fstrcpy(p,path2); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -2862,7 +2963,7 @@ BOOL cli_message_start(struct cli_state *cli, char *host, char *username, set_message(cli->outbuf,0,PTR_DIFF(p,smb_buf(cli->outbuf)),False); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; @@ -2895,7 +2996,7 @@ BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp) *p = 1; SSVAL(p,1,len); memcpy(p+3,msg,len); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; @@ -2920,7 +3021,7 @@ BOOL cli_message_end(struct cli_state *cli, int grp) cli_setup_packet(cli); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; @@ -2943,7 +3044,7 @@ BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail) SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index 5e6e101883..51b6e8d25b 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -29,6 +29,12 @@ extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; +extern fstring global_sam_name; +extern DOM_SID global_member_sid; +extern fstring global_myworkgroup; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_3; +extern DOM_SID global_sid_S_1_5; /*************************************************************************** lsa_reply_open_policy2 @@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; - d_q->buffer_dom_name = 4; /* domain buffer pointer */ - d_q->buffer_dom_sid = 2; /* domain sid pointer */ + d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */ /* this string is supposed to be character short */ make_unistr2(&(d_q->uni_domain_name), dom_name, domlen); @@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, /*************************************************************************** -make_dom_ref +make_dom_ref - adds a domain if it's not already in, returns the index ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, int num_domains, - char **dom_names, DOM_SID **dom_sids) +static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) { - int i; + int num = 0; + int len; - if (num_domains > MAX_REF_DOMAINS) + if (dom_name != NULL) { - num_domains = MAX_REF_DOMAINS; + for (num = 0; num < ref->num_ref_doms_1; num++) + { + fstring domname; + fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name)); + if (strequal(domname, dom_name)) + { + return num; + } + } + + } + else + { + num = ref->num_ref_doms_1; + } + + if (num >= MAX_REF_DOMAINS) + { + /* index not found, already at maximum domain limit */ + return -1; } ref->undoc_buffer = 1; - ref->num_ref_doms_1 = num_domains; + ref->num_ref_doms_1 = num+1; ref->undoc_buffer2 = 1; ref->max_entries = MAX_REF_DOMAINS; - ref->num_ref_doms_2 = num_domains; + ref->num_ref_doms_2 = num+1; - for (i = 0; i < num_domains; i++) - { - int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0; + len = dom_name != NULL ? strlen(dom_name) : 0; - make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0); - ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0; + make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0); + ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0; - make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len); - make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]); - } + make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len); + make_dom_sid2(&(ref->ref_dom[num].ref_dom ), dom_sid ); + return num; } /*************************************************************************** make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { int i; - make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids); + r_l->num_entries = 0; + r_l->undoc_buffer = 0; + r_l->num_entries2 = 0; +#if 0 r_l->num_entries = num_entries; r_l->undoc_buffer = 1; r_l->num_entries2 = num_entries; @@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, for (i = 0; i < num_entries; i++) { - make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01); + make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid); + make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]); } r_l->num_entries3 = num_entries; +#endif } /*************************************************************************** make_lsa_trans_names ***************************************************************************/ -static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, +static void make_lsa_trans_names(DOM_R_REF *ref, + LSA_TRANS_NAME_ENUM *trn, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - uint32 *total) + uint32 *mapped_count) { - uint32 status = 0x0; int i; - (*total) = 0; + int total = 0; + (*mapped_count) = 0; SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); for (i = 0; i < num_entries; i++) { + uint32 status = 0x0; + DOM_SID find_sid = sid[i].sid; + DOM_SID tmp = sid[i].sid; uint32 rid = 0xffffffff; - uint8 num_auths = sid[i].sid.num_auths; + int dom_idx = -1; fstring name; - uint32 type; + fstring dom_name; + uint8 sid_name_use = 0; - SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths); + memset(dom_name, 0, sizeof(dom_name)); + memset(name , 0, sizeof(name )); - /* find the rid to look up */ - if (num_auths != 0) + if (map_domain_sid_to_name(&find_sid, dom_name)) + { + sid_name_use = SID_NAME_DOMAIN; + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + } + else if (sid_split_rid (&find_sid, &rid) && + map_domain_sid_to_name(&find_sid, dom_name)) + { + if (sid_equal(&find_sid, &global_sam_sid)) + { + status = lookup_name(&tmp, name, &sid_name_use); + } + else + { + status = 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + } + else { - rid = sid[i].sid.sub_auths[num_auths-1]; - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status; - status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status; - status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status; } + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + if (status == 0x0) { - make_lsa_trans_name(&(trn->name [(*total)]), - &(trn->uni_name[(*total)]), - type, name, (*total)); - (*total)++; + (*mapped_count)++; + } + else + { + snprintf(name, sizeof(name), "%08x", rid); + sid_name_use = SID_NAME_UNKNOWN; + } + make_lsa_trans_name(&(trn->name [total]), + &(trn->uni_name[total]), + sid_name_use, name, dom_idx); + total++; } - trn->num_entries = (*total); + trn->num_entries = total; trn->ptr_trans_names = 1; - trn->num_entries2 = (*total); + trn->num_entries2 = total; } /*************************************************************************** @@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, - int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + DOM_SID2 *sid, int num_entries) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, ZERO_STRUCT(names); /* set up the LSA Lookup SIDs response */ - make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids); - make_lsa_trans_names(&names, num_entries, sid, &mapped_count); + make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); /* store the response in the SMB stream */ @@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { LSA_R_LOOKUP_RIDS r_l; ZERO_STRUCT(r_l); /* set up the LSA Lookup RIDs response */ - make_reply_lookup_rids(&r_l, num_entries, dom_rids, - num_ref_doms, dom_names, dom_sids); + make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types); + r_l.status = 0x0; /* store the response in the SMB stream */ @@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_QUERY_INFO q_i; - pstring dom_name; + fstring name; + DOM_SID *sid = NULL; + memset(name, 0, sizeof(name)); ZERO_STRUCT(q_i); /* grab the info class and policy handle */ lsa_io_q_query("", &q_i, data, 0); - pstrcpy(dom_name, lp_workgroup()); + switch (q_i.info_class) + { + case 0x03: + { + fstrcpy(name, global_myworkgroup); + sid = &global_member_sid; + break; + } + case 0x05: + { + fstrcpy(name, global_sam_name); + sid = &global_sam_sid; + break; + } + default: + { + DEBUG(5,("unknown info level in Lsa Query: %d\n", + q_i.info_class)); + break; + } + } /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); + lsa_reply_query_info(&q_i, rdata, name, sid); } /*************************************************************************** @@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_LOOKUP_SIDS q_l; - pstring dom_name; - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; - ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); /* grab the info class and policy handle */ lsa_io_q_lookup_sids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - /* construct reply. return status is always 0x0 */ - lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - 4, dom_names, sid_array); + lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries); } /*************************************************************************** @@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, { int i; LSA_Q_LOOKUP_RIDS q_l; - pstring dom_name; uint32 dom_rids[MAX_LOOKUP_SIDS]; - uint32 dummy_g_rid; - - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; + uint8 dom_types[MAX_LOOKUP_SIDS]; ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); ZERO_ARRAY(dom_rids); /* grab the info class and policy handle */ lsa_io_q_lookup_rids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - fstring user_name; - fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); - - /* - * Map to the UNIX username. - */ - map_username(user_name); - - /* - * Do any case conversions. - */ - (void)Get_Pwnam(user_name, True); + fstring name; + fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer)); - if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) + if (lookup_rid(name, &dom_rids[i], &dom_types[i])) { /* WHOOPS! we should really do something about this... */ dom_rids[i] = 0; @@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, - q_l.num_entries, dom_rids, /* text-converted SIDs */ - 4, dom_names, sid_array); + q_l.num_entries, + dom_rids, /* text-converted SIDs */ + dom_types); /* SID_NAME_USE types */ } /*************************************************************************** diff --git a/source3/mem_man/mem_man.c b/source3/mem_man/mem_man.c index 758fac4386..34ae6fd43c 100644 --- a/source3/mem_man/mem_man.c +++ b/source3/mem_man/mem_man.c @@ -501,8 +501,9 @@ int smb_mem_free(void *ptr,char *file,int line) static void mem_write_Index_info(int Index,FILE *outfile) { if (memory_blocks[Index].status != S_UNALLOCATED) - fprintf(outfile,"block %d file %s(%d) : size %d, alloc size %d, status %s\n", + fprintf(outfile,"block %d file %s(%d) : ptr: %p size %d, alloc size %d, status %s\n", Index,memory_blocks[Index].file,memory_blocks[Index].line, + memory_blocks[Index].pointer, memory_blocks[Index].present_size, memory_blocks[Index].allocated_size, status_to_str(memory_blocks[Index].status)); diff --git a/source3/mem_man/mem_man.h b/source3/mem_man/mem_man.h index 60e31e6d44..eef281b2f9 100644 --- a/source3/mem_man/mem_man.h +++ b/source3/mem_man/mem_man.h @@ -1,4 +1,4 @@ -#if (defined(NOMEMMAN) && !defined(MEM_MAN_MAIN)) +#if (defined(NOMEMMAN) && !defined(MEM_MAN_MAIN) && defined(HAVE_MALLOC_H)) #include <malloc.h> #else diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index d7ce42dae2..2c9dd13274 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -567,7 +567,7 @@ static void usage(char *pname) charset_initialise(); - if(!initialize_password_db()) + if(!initialise_password_db()) exit(1); #ifdef LMHOSTSFILE @@ -593,11 +593,11 @@ static void usage(char *pname) SIGUSR1 and SIGUSR2 to do debug level changes. */ #ifndef MEM_MAN #if defined(SIGUSR1) - CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); + CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); #endif /* SIGUSR1 */ #if defined(SIGUSR2) - CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); + CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); #endif /* SIGUSR2 */ #endif /* MEM_MAN */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8b35116858..7a28d3418f 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -116,20 +116,16 @@ typedef struct char *szLogFile; char *szConfigFile; char *szSMBPasswdFile; + char *szSMBPassGroupFile; + char *szSMBGroupFile; + char *szSMBAliasFile; char *szPasswordServer; char *szSocketOptions; char *szValidChars; char *szWorkGroup; - char *szDomainAdminGroup; - char *szDomainGuestGroup; - char *szDomainAdminUsers; - char *szDomainGuestUsers; - char *szDomainHostsallow; - char *szDomainHostsdeny; char *szUsernameMap; -#ifdef USING_GROUPNAME_MAP + char *szAliasnameMap; char *szGroupnameMap; -#endif /* USING_GROUPNAME_MAP */ char *szCharacterSet; char *szLogonScript; char *szLogonPath; @@ -146,7 +142,6 @@ typedef struct char *szAnnounceVersion; /* This is initialised in init_globals */ char *szNetbiosAliases; char *szDomainOtherSIDs; - char *szDomainGroups; char *szDriverFile; char *szNameResolveOrder; char *szLdapServer; @@ -501,6 +496,7 @@ static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, static struct parm_struct parm_table[] = { {"Base Options", P_SEP, P_SEPARATOR}, + {"comment", P_STRING, P_LOCAL, &sDefault.comment, NULL, NULL, FLAG_BASIC|FLAG_PRINT}, {"path", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_BASIC|FLAG_PRINT}, {"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, 0}, @@ -512,6 +508,7 @@ static struct parm_struct parm_table[] = {"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL, NULL, 0}, {"Security Options", P_SEP, P_SEPARATOR}, + {"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC}, {"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC}, {"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC}, @@ -520,6 +517,9 @@ static struct parm_struct parm_table[] = {"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0}, {"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0}, {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0}, + {"smb passgrp file", P_STRING, P_GLOBAL, &Globals.szSMBPassGroupFile, NULL, NULL, 0}, + {"smb group file", P_STRING, P_GLOBAL, &Globals.szSMBGroupFile, NULL, NULL, 0}, + {"smb alias file", P_STRING, P_GLOBAL, &Globals.szSMBAliasFile, NULL, NULL, 0}, {"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, @@ -567,6 +567,7 @@ static struct parm_struct parm_table[] = #ifdef WITH_SSL {"Secure Socket Layer Options", P_SEP, P_SEPARATOR}, + {"ssl", P_BOOL, P_GLOBAL, &Globals.sslEnabled, NULL, NULL, 0 }, {"ssl hosts", P_STRING, P_GLOBAL, &Globals.sslHostsRequire, NULL, NULL, 0 }, {"ssl hosts resign", P_STRING, P_GLOBAL, &Globals.sslHostsResign, NULL, NULL, 0} , @@ -584,6 +585,7 @@ static struct parm_struct parm_table[] = #endif /* WITH_SSL */ {"Logging Options", P_SEP, P_SEPARATOR}, + {"log level", P_INTEGER, P_GLOBAL, &DEBUGLEVEL, NULL, NULL, FLAG_BASIC}, {"debuglevel", P_INTEGER, P_GLOBAL, &DEBUGLEVEL, NULL, NULL, 0}, {"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, 0}, @@ -595,6 +597,7 @@ static struct parm_struct parm_table[] = {"status", P_BOOL, P_LOCAL, &sDefault.status, NULL, NULL, FLAG_GLOBAL}, {"Protocol Options", P_SEP, P_SEPARATOR}, + {"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0}, {"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0}, {"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, 0}, @@ -614,6 +617,7 @@ static struct parm_struct parm_table[] = {"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0}, {"Tuning Options", P_SEP, P_SEPARATOR}, + {"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, 0}, {"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, 0}, {"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, 0}, @@ -632,6 +636,7 @@ static struct parm_struct parm_table[] = {"sync always", P_BOOL, P_LOCAL, &sDefault.bSyncAlways, NULL, NULL, 0}, {"Printing Options", P_SEP, P_SEPARATOR}, + {"load printers", P_BOOL, P_GLOBAL, &Globals.bLoadPrinters, NULL, NULL, 0}, {"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0}, {"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0}, @@ -653,7 +658,6 @@ static struct parm_struct parm_table[] = {"printer driver", P_STRING, P_LOCAL, &sDefault.szPrinterDriver, NULL, NULL, 0}, {"printer driver location", P_STRING, P_LOCAL, &sDefault.szPrinterDriverLocation, NULL, NULL, FLAG_GLOBAL}, - {"Filename Handling", P_SEP, P_SEPARATOR}, {"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, 0}, {"character set", P_STRING, P_GLOBAL, &Globals.szCharacterSet, handle_character_set, NULL, 0}, @@ -680,17 +684,13 @@ static struct parm_struct parm_table[] = {"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, 0}, {"Domain Options", P_SEP, P_SEPARATOR}, - {"domain groups", P_STRING, P_GLOBAL, &Globals.szDomainGroups, NULL, NULL, 0}, - {"domain admin group",P_STRING, P_GLOBAL, &Globals.szDomainAdminGroup, NULL, NULL, 0}, - {"domain guest group",P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0}, - {"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL, NULL, 0}, - {"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL, NULL, 0}, -#ifdef USING_GROUPNAME_MAP - {"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0}, -#endif /* USING_GROUPNAME_MAP */ + + {"local group map", P_STRING, P_GLOBAL, &Globals.szAliasnameMap, NULL, NULL, 0}, + {"domain group map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0}, {"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0}, {"Logon Options", P_SEP, P_SEPARATOR}, + {"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, 0}, {"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, 0}, {"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0}, @@ -698,6 +698,7 @@ static struct parm_struct parm_table[] = {"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, 0}, {"Browse Options", P_SEP, P_SEPARATOR}, + {"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC}, {"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_lm_announce, 0}, {"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, 0}, @@ -710,12 +711,14 @@ static struct parm_struct parm_table[] = {"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, 0}, {"WINS Options", P_SEP, P_SEPARATOR}, + {"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0}, {"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, 0}, {"wins server", P_STRING, P_GLOBAL, &Globals.szWINSserver, NULL, NULL, FLAG_BASIC}, {"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC}, {"Locking Options", P_SEP, P_SEPARATOR}, + {"blocking locks", P_BOOL, P_LOCAL, &sDefault.bBlockingLocks, NULL, NULL, 0}, {"fake oplocks", P_BOOL, P_LOCAL, &sDefault.bFakeOplocks, NULL, NULL, 0}, {"kernel oplocks", P_BOOL, P_GLOBAL, &Globals.bKernelOplocks, NULL, NULL, FLAG_GLOBAL}, @@ -727,6 +730,7 @@ static struct parm_struct parm_table[] = #ifdef WITH_LDAP {"Ldap Options", P_SEP, P_SEPARATOR}, + {"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0}, {"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0}, {"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, 0}, @@ -737,6 +741,7 @@ static struct parm_struct parm_table[] = {"Miscellaneous Options", P_SEP, P_SEPARATOR}, + {"smbrun", P_STRING, P_GLOBAL, &Globals.szSmbrun, NULL, NULL, 0}, {"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE}, {"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0}, @@ -814,6 +819,9 @@ static void init_globals(void) DEBUG(3,("Initialising global parameters\n")); string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE); + string_set(&Globals.szSMBPassGroupFile, SMB_PASSGRP_FILE); + string_set(&Globals.szSMBGroupFile, SMB_GROUP_FILE); + string_set(&Globals.szSMBAliasFile, SMB_ALIAS_FILE); string_set(&Globals.szPasswdChat,"*old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed*"); string_set(&Globals.szWorkGroup, WORKGROUP); string_set(&Globals.szPasswdProgram, PASSWD_PROGRAM); @@ -1093,6 +1101,9 @@ FN_GLOBAL_STRING(lp_logfile,&Globals.szLogFile) FN_GLOBAL_STRING(lp_smbrun,&Globals.szSmbrun) FN_GLOBAL_STRING(lp_configfile,&Globals.szConfigFile) FN_GLOBAL_STRING(lp_smb_passwd_file,&Globals.szSMBPasswdFile) +FN_GLOBAL_STRING(lp_smb_passgrp_file,&Globals.szSMBPassGroupFile) +FN_GLOBAL_STRING(lp_smb_group_file,&Globals.szSMBGroupFile) +FN_GLOBAL_STRING(lp_smb_alias_file,&Globals.szSMBAliasFile) FN_GLOBAL_STRING(lp_serverstring,&Globals.szServerString) FN_GLOBAL_STRING(lp_printcapname,&Globals.szPrintcapname) FN_GLOBAL_STRING(lp_lockdir,&Globals.szLockDir) @@ -1107,9 +1118,8 @@ FN_GLOBAL_STRING(lp_passwordserver,&Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order,&Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup) FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap) -#ifdef USING_GROUPNAME_MAP +FN_GLOBAL_STRING(lp_aliasname_map,&Globals.szAliasnameMap) FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap) -#endif /* USING_GROUPNAME_MAP */ FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript) FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath) FN_GLOBAL_STRING(lp_logon_drive,&Globals.szLogonDrive) @@ -1125,12 +1135,6 @@ FN_GLOBAL_STRING(lp_netbios_aliases,&Globals.szNetbiosAliases) FN_GLOBAL_STRING(lp_driverfile,&Globals.szDriverFile) FN_GLOBAL_STRING(lp_panic_action,&Globals.szPanicAction) -FN_GLOBAL_STRING(lp_domain_groups,&Globals.szDomainGroups) -FN_GLOBAL_STRING(lp_domain_admin_group,&Globals.szDomainAdminGroup) -FN_GLOBAL_STRING(lp_domain_guest_group,&Globals.szDomainGuestGroup) -FN_GLOBAL_STRING(lp_domain_admin_users,&Globals.szDomainAdminUsers) -FN_GLOBAL_STRING(lp_domain_guest_users,&Globals.szDomainGuestUsers) - #ifdef WITH_LDAP FN_GLOBAL_STRING(lp_ldap_server,&Globals.szLdapServer); FN_GLOBAL_STRING(lp_ldap_suffix,&Globals.szLdapSuffix); diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index ed275c4a88..af48ebbdc0 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -223,7 +223,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, static unsigned char smblmpwd[16]; static unsigned char smbntpwd[16]; - pdb_init_smb(user); + pwdb_init_smb(user); bzero(smblmpwd, sizeof(smblmpwd)); bzero(smbntpwd, sizeof(smbntpwd)); @@ -237,16 +237,16 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #else get_single_attribute(ldap_struct, entry, "unicodePwd", temp); - pdb_gethexpwd(temp, smbntpwd); + pwdb_gethexpwd(temp, smbntpwd); bzero(temp, sizeof(temp)); /* destroy local copy of the password */ get_single_attribute(ldap_struct, entry, "dBCSPwd", temp); - pdb_gethexpwd(temp, smblmpwd); + pwdb_gethexpwd(temp, smblmpwd); bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #endif get_single_attribute(ldap_struct, entry, "userAccountControl", temp); - user->acct_ctrl = pdb_decode_acct_ctrl(temp); + user->acct_ctrl = pwdb_decode_acct_ctrl(temp); get_single_attribute(ldap_struct, entry, "pwdLastSet", temp); user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); @@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, get_single_attribute(ldap_struct, entry, "rid", temp); /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pdb_user_rid_to_uid (atoi(temp)); + user->smb_userid = pwdb_user_rid_to_uid (atoi(temp)); if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) ) { @@ -288,7 +288,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, static pstring temp; static struct smb_passwd pw_buf; - pdb_init_sam(user); + pwdb_init_sam(user); ldap_get_smb_passwd(ldap_struct, entry, &pw_buf); @@ -576,7 +576,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag) make_a_mod(&mods, ldap_state, "rid", rid); make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); switch(flag) { @@ -708,7 +708,7 @@ static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag) make_a_mod(&mods, ldap_state, "rid", rid); make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN)); + make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN)); ldap_modify_s(ldap_struct, dn, mods); @@ -922,52 +922,52 @@ static BOOL setldappwpos(void *vp, SMB_BIG_UINT tok) static struct smb_passwd *getldappwnam(char *name) { - return pdb_sam_to_smb(iterate_getsam21pwnam(name)); + return pwdb_sam_to_smb(iterate_getsam21pwnam(name)); } static struct smb_passwd *getldappwuid(uid_t smb_userid) { - return pdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); + return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); } static struct smb_passwd *getldappwrid(uint32 user_rid) { - return pdb_sam_to_smb(iterate_getsam21pwuid(pdb_user_rid_to_uid(user_rid))); + return pwdb_sam_to_smb(iterate_getsam21pwuid(pwdb_user_rid_to_uid(user_rid))); } static struct smb_passwd *getldappwent(void *vp) { - return pdb_sam_to_smb(getldap21pwent(vp)); + return pwdb_sam_to_smb(getldap21pwent(vp)); } static BOOL add_ldappwd_entry(struct smb_passwd *newpwd) { - return add_ldap21pwd_entry(pdb_smb_to_sam(newpwd)); + return add_ldap21pwd_entry(pwdb_smb_to_sam(newpwd)); } static BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override) { - return mod_ldap21pwd_entry(pdb_smb_to_sam(pwd), override); + return mod_ldap21pwd_entry(pwdb_smb_to_sam(pwd), override); } static struct sam_disp_info *getldapdispnam(char *name) { - return pdb_sam_to_dispinfo(getldap21pwnam(name)); + return pwdb_sam_to_dispinfo(getldap21pwnam(name)); } static struct sam_disp_info *getldapdisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getldap21pwrid(rid)); + return pwdb_sam_to_dispinfo(getldap21pwrid(rid)); } static struct sam_disp_info *getldapdispent(void *vp) { - return pdb_sam_to_dispinfo(getldap21pwent(vp)); + return pwdb_sam_to_dispinfo(getldap21pwent(vp)); } static struct sam_passwd *getldap21pwuid(uid_t uid) { - return pdb_smb_to_sam(iterate_getsam21pwuid(pdb_uid_to_user_rid(uid))); + return pwdb_smb_to_sam(iterate_getsam21pwuid(pwdb_uid_to_user_rid(uid))); } static struct passdb_ops ldap_ops = diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index e750fec1a1..489ccbf25f 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -361,22 +361,22 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol; new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col)); - pdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); - pdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); + pwdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); + pwdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); - pdb_set_logon_time (logon_t , sizeof(logon_t ), newpwd->logon_time ); - pdb_set_logoff_time (logoff_t , sizeof(logoff_t ), newpwd->logoff_time ); - pdb_set_kickoff_time (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time ); - pdb_set_last_set_time (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time ); - pdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); - pdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); + pwdb_set_logon_time (logon_t , sizeof(logon_t ), newpwd->logon_time ); + pwdb_set_logoff_time (logoff_t , sizeof(logoff_t ), newpwd->logoff_time ); + pwdb_set_kickoff_time (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time ); + pwdb_set_last_set_time (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time ); + pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); + pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid); slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid); slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid); slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid); - safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); + safe_strcpy(acb, pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); set_single_attribute(&new_obj, NPF_NAME , newpwd->smb_name , strlen(newpwd->smb_name) , 0); set_single_attribute(&new_obj, NPF_UID , uid , strlen(uid) , 0); @@ -456,7 +456,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) if (pw_buf == NULL || result == NULL) return False; - pdb_init_sam(pw_buf); + pwdb_init_sam(pw_buf); if (result->status != NIS_SUCCESS) { @@ -482,7 +482,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) /* Check the lanman password column. */ p = (uchar *)ENTRY_VAL(obj, NPF_LMPWD); - if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbpwd)) + if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed LM pwd entry.\n")); return False; @@ -490,7 +490,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) /* Check the NT password column. */ p = (uchar *)ENTRY_VAL(obj, NPF_NTPWD); - if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbntpwd)) + if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbntpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed NT pwd entry\n")); return False; @@ -603,52 +603,52 @@ static struct sam_passwd *getnisp21pwrid(uint32 rid) static struct smb_passwd *getnisppwent(void *vp) { - return pdb_sam_to_smb(getnisp21pwent(vp)); + return pwdb_sam_to_smb(getnisp21pwent(vp)); } static BOOL add_nisppwd_entry(struct smb_passwd *newpwd) { - return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd)); + return add_nisp21pwd_entry(pwdb_smb_to_sam(newpwd)); } static BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override) { - return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override); + return mod_nisp21pwd_entry(pwdb_smb_to_sam(pwd), override); } static struct smb_passwd *getnisppwnam(char *name) { - return pdb_sam_to_smb(getnisp21pwnam(name)); + return pwdb_sam_to_smb(getnisp21pwnam(name)); } static struct sam_passwd *getnisp21pwuid(uid_t smb_userid) { - return getnisp21pwrid(pdb_uid_to_user_rid(smb_userid)); + return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid)); } static struct smb_passwd *getnisppwrid(uid_t user_rid) { - return pdb_sam_to_smb(getnisp21pwuid(pdb_user_rid_to_uid(user_rid))); + return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid))); } static struct smb_passwd *getnisppwuid(uid_t smb_userid) { - return pdb_sam_to_smb(getnisp21pwuid(smb_userid)); + return pwdb_sam_to_smb(getnisp21pwuid(smb_userid)); } static struct sam_disp_info *getnispdispnam(char *name) { - return pdb_sam_to_dispinfo(getnisp21pwnam(name)); + return pwdb_sam_to_dispinfo(getnisp21pwnam(name)); } static struct sam_disp_info *getnispdisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getnisp21pwrid(rid)); + return pwdb_sam_to_dispinfo(getnisp21pwrid(rid)); } static struct sam_disp_info *getnispdispent(void *vp) { - return pdb_sam_to_dispinfo(getnisp21pwent(vp)); + return pwdb_sam_to_dispinfo(getnisp21pwent(vp)); } static struct passdb_ops nispasswd_ops = { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index f29a9ff570..a4c663e388 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -26,14 +26,6 @@ extern int DEBUGLEVEL; /* - * This is set on startup - it defines the SID for this - * machine, and therefore the SAM database for which it is - * responsible. - */ - -DOM_SID global_sam_sid; - -/* * NOTE. All these functions are abstracted into a structure * that points to the correct function for the selected database. JRA. * @@ -49,36 +41,39 @@ DOM_SID global_sam_sid; * functions in a first pass, as struct sam_passwd contains more * information, needed by the NT Domain support. * - * a full example set of derivative functions are listed below. an API - * writer is expected to cut/paste these into their module, replace - * either one set (struct smb_passwd) or the other (struct sam_passwd) - * OR both, and optionally also to write display info routines - * (struct sam_disp_info). lkcl + * an API writer is expected to create either one set (struct smb_passwd) or + * the other (struct sam_passwd) OR both, and optionally also to write display + * info routines * (struct sam_disp_info). functions which the API writer + * chooses NOT to write must be wrapped in conversion functions (pwdb_x_to_y) + * such that API users can call any function and still get valid results. + * + * the password API does NOT fill in the gaps if you set an API function + * to NULL: it will deliberately attempt to call the NULL function. * */ -static struct passdb_ops *pdb_ops; +static struct passdb_ops *pwdb_ops; /*************************************************************** - Initialize the password db operations. + Initialise the password db operations. ***************************************************************/ -BOOL initialize_password_db(void) +BOOL initialise_password_db(void) { - if (pdb_ops) + if (pwdb_ops) { return True; } #ifdef WITH_NISPLUS - pdb_ops = nisplus_initialize_password_db(); + pwdb_ops = nisplus_initialise_password_db(); #elif defined(WITH_LDAP) - pdb_ops = ldap_initialize_password_db(); + pwdb_ops = ldap_initialise_password_db(); #else - pdb_ops = file_initialize_password_db(); + pwdb_ops = file_initialise_password_db(); #endif - return (pdb_ops != NULL); + return (pwdb_ops != NULL); } /* @@ -91,7 +86,7 @@ BOOL initialize_password_db(void) struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid) { - return iterate_getsmbpwuid(pdb_user_rid_to_uid(user_rid)); + return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid)); } /************************************************************************ @@ -173,7 +168,7 @@ struct smb_passwd *iterate_getsmbpwnam(char *name) void *startsmbpwent(BOOL update) { - return pdb_ops->startsmbpwent(update); + return pwdb_ops->startsmbpwent(update); } /*************************************************************** @@ -188,7 +183,7 @@ void *startsmbpwent(BOOL update) void endsmbpwent(void *vp) { - pdb_ops->endsmbpwent(vp); + pwdb_ops->endsmbpwent(vp); } /************************************************************************* @@ -197,7 +192,7 @@ void endsmbpwent(void *vp) struct smb_passwd *getsmbpwent(void *vp) { - return pdb_ops->getsmbpwent(vp); + return pwdb_ops->getsmbpwent(vp); } /************************************************************************ @@ -206,7 +201,7 @@ struct smb_passwd *getsmbpwent(void *vp) BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { - return pdb_ops->add_smbpwd_entry(newpwd); + return pwdb_ops->add_smbpwd_entry(newpwd); } /************************************************************************ @@ -220,7 +215,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) { - return pdb_ops->mod_smbpwd_entry(pwd, override); + return pwdb_ops->mod_smbpwd_entry(pwd, override); } /************************************************************************ @@ -229,7 +224,7 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) struct smb_passwd *getsmbpwnam(char *name) { - return pdb_ops->getsmbpwnam(name); + return pwdb_ops->getsmbpwnam(name); } /************************************************************************ @@ -238,7 +233,7 @@ struct smb_passwd *getsmbpwnam(char *name) struct smb_passwd *getsmbpwrid(uint32 user_rid) { - return pdb_ops->getsmbpwrid(user_rid); + return pwdb_ops->getsmbpwrid(user_rid); } /************************************************************************ @@ -247,7 +242,7 @@ struct smb_passwd *getsmbpwrid(uint32 user_rid) struct smb_passwd *getsmbpwuid(uid_t smb_userid) { - return pdb_ops->getsmbpwuid(smb_userid); + return pwdb_ops->getsmbpwuid(smb_userid); } /* @@ -370,7 +365,7 @@ struct sam_passwd *iterate_getsam21pwuid(uid_t uid) *************************************************************************/ struct sam_disp_info *getsamdisprid(uint32 rid) { - return pdb_ops->getsamdisprid(rid); + return pwdb_ops->getsamdisprid(rid); } /************************************************************************* @@ -379,7 +374,7 @@ struct sam_disp_info *getsamdisprid(uint32 rid) struct sam_passwd *getsam21pwent(void *vp) { - return pdb_ops->getsam21pwent(vp); + return pwdb_ops->getsam21pwent(vp); } @@ -389,7 +384,7 @@ struct sam_passwd *getsam21pwent(void *vp) struct sam_passwd *getsam21pwnam(char *name) { - return pdb_ops->getsam21pwnam(name); + return pwdb_ops->getsam21pwnam(name); } /************************************************************************ @@ -398,7 +393,7 @@ struct sam_passwd *getsam21pwnam(char *name) struct sam_passwd *getsam21pwrid(uint32 rid) { - return pdb_ops->getsam21pwrid(rid); + return pwdb_ops->getsam21pwrid(rid); } @@ -415,7 +410,7 @@ struct sam_passwd *getsam21pwrid(uint32 rid) initialises a struct sam_disp_info. **************************************************************/ -static void pdb_init_dispinfo(struct sam_disp_info *user) +static void pwdb_init_dispinfo(struct sam_disp_info *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -425,7 +420,7 @@ static void pdb_init_dispinfo(struct sam_disp_info *user) initialises a struct smb_passwd. **************************************************************/ -void pdb_init_smb(struct smb_passwd *user) +void pwdb_init_smb(struct smb_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -435,7 +430,7 @@ void pdb_init_smb(struct smb_passwd *user) /************************************************************* initialises a struct sam_passwd. **************************************************************/ -void pdb_init_sam(struct sam_passwd *user) +void pwdb_init_sam(struct sam_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -451,13 +446,13 @@ void pdb_init_sam(struct sam_passwd *user) Routine to return the next entry in the sam passwd list. *************************************************************************/ -struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user) +struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user) { static struct sam_disp_info disp_info; if (user == NULL) return NULL; - pdb_init_dispinfo(&disp_info); + pwdb_init_dispinfo(&disp_info); disp_info.smb_name = user->smb_name; disp_info.full_name = user->full_name; @@ -470,13 +465,13 @@ struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user) converts a sam_passwd structure to a smb_passwd structure. **************************************************************/ -struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user) +struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user) { static struct smb_passwd pw_buf; if (user == NULL) return NULL; - pdb_init_smb(&pw_buf); + pwdb_init_smb(&pw_buf); pw_buf.smb_userid = user->smb_userid; pw_buf.smb_name = user->smb_name; @@ -493,13 +488,13 @@ struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user) converts a smb_passwd structure to a sam_passwd structure. **************************************************************/ -struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user) +struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user) { static struct sam_passwd pw_buf; if (user == NULL) return NULL; - pdb_init_sam(&pw_buf); + pwdb_init_sam(&pw_buf); pw_buf.smb_userid = user->smb_userid; pw_buf.smb_name = user->smb_name; @@ -517,7 +512,7 @@ struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user) null). length *MUST BE MORE THAN 2* ! **********************************************************/ -char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) { static fstring acct_str; size_t i = 0; @@ -553,7 +548,7 @@ char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) 15 lines, which is more important. **********************************************************/ -uint16 pdb_decode_acct_ctrl(char *p) +uint16 pwdb_decode_acct_ctrl(char *p) { uint16 acct_ctrl = 0; BOOL finished = False; @@ -603,7 +598,9 @@ static time_t get_time_from_string(char *p) for (i = 0; i < 8; i++) { if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - break; + { + break; + } } if (i == 8) { @@ -621,7 +618,7 @@ static time_t get_time_from_string(char *p) gets password last set time ********************************************************************/ -time_t pdb_get_last_set_time(char *p) +time_t pwdb_get_last_set_time(char *p) { if (*p && StrnCaseCmp((char *)p, "LCT-", 4)) { @@ -642,7 +639,7 @@ static void set_time_in_string(char *p, int max_len, char *type, time_t t) /******************************************************************* sets logon time ********************************************************************/ -void pdb_set_logon_time(char *p, int max_len, time_t t) +void pwdb_set_logon_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LNT", t); } @@ -650,7 +647,7 @@ void pdb_set_logon_time(char *p, int max_len, time_t t) /******************************************************************* sets logoff time ********************************************************************/ -void pdb_set_logoff_time(char *p, int max_len, time_t t) +void pwdb_set_logoff_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LOT", t); } @@ -658,7 +655,7 @@ void pdb_set_logoff_time(char *p, int max_len, time_t t) /******************************************************************* sets kickoff time ********************************************************************/ -void pdb_set_kickoff_time(char *p, int max_len, time_t t) +void pwdb_set_kickoff_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "KOT", t); } @@ -666,7 +663,7 @@ void pdb_set_kickoff_time(char *p, int max_len, time_t t) /******************************************************************* sets password can change time ********************************************************************/ -void pdb_set_can_change_time(char *p, int max_len, time_t t) +void pwdb_set_can_change_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "CCT", t); } @@ -674,7 +671,7 @@ void pdb_set_can_change_time(char *p, int max_len, time_t t) /******************************************************************* sets password last set time ********************************************************************/ -void pdb_set_must_change_time(char *p, int max_len, time_t t) +void pwdb_set_must_change_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "MCT", t); } @@ -682,7 +679,7 @@ void pdb_set_must_change_time(char *p, int max_len, time_t t) /******************************************************************* sets password last set time ********************************************************************/ -void pdb_set_last_set_time(char *p, int max_len, time_t t) +void pwdb_set_last_set_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LCT", t); } @@ -691,7 +688,7 @@ void pdb_set_last_set_time(char *p, int max_len, time_t t) /************************************************************* Routine to set 32 hex password characters from a 16 byte array. **************************************************************/ -void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) +void pwdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) { if (pwd != NULL) { @@ -713,327 +710,114 @@ void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) } } } + /************************************************************* Routine to get the 32 hex characters and turn them into a 16 byte array. **************************************************************/ -BOOL pdb_gethexpwd(char *p, char *pwd) +BOOL pwdb_gethexpwd(char *p, char *pwd) { - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - for (i = 0; i < 32; i += 2) - { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - { - return (False); - } - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); + return strhex_to_str(pwd, 32, p) == 16; } /******************************************************************* - Group and User RID username mapping function + converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) +uid_t pwdb_user_rid_to_uid(uint32 user_rid) { - struct passwd *pw = Get_Pwnam(user_name, False); - - if (u_rid == NULL || g_rid == NULL || user_name == NULL) - { - return False; - } - - if (!pw) - { - DEBUG(1,("Username %s is invalid on this system\n", user_name)); - return False; - } - - if (user_in_list(user_name, lp_domain_guest_users())) - { - *u_rid = DOMAIN_USER_RID_GUEST; - } - else if (user_in_list(user_name, lp_domain_admin_users())) - { - *u_rid = DOMAIN_USER_RID_ADMIN; - } - else - { - /* turn the unix UID into a Domain RID. this is what the posix - sub-system does (adds 1000 to the uid) */ - *u_rid = pdb_uid_to_user_rid(pw->pw_uid); - } - - /* absolutely no idea what to do about the unix GID to Domain RID mapping */ - *g_rid = pdb_gid_to_group_rid(pw->pw_gid); - - return True; + uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER); + return uid; } -/**************************************************************************** - Read the machine SID from a file. -****************************************************************************/ - -static BOOL read_sid_from_file(int fd, char *sid_file) -{ - fstring fline; - - memset(fline, '\0', sizeof(fline)); - - if(read(fd, fline, sizeof(fline) -1 ) < 0) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Convert to the machine SID. - */ - - fline[sizeof(fline)-1] = '\0'; - if(!string_to_sid( &global_sam_sid, fline)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - return True; +/******************************************************************* + converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +uint32 pwdb_uid_to_user_rid(uid_t uid) +{ + uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); + return user_rid; } -/**************************************************************************** - Generate the global machine sid. Look for the MACHINE.SID file first, if - not found then look in smb.conf and use it to create the MACHINE.SID file. -****************************************************************************/ -BOOL pdb_generate_sam_sid(void) +/******************************************************************* + converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +uint32 pwdb_gid_to_group_rid(gid_t gid) { - int fd; - char *p; - pstring sid_file; - fstring sid_string; - SMB_STRUCT_STAT st; - uchar raw_sid_data[12]; - - pstrcpy(sid_file, lp_smb_passwd_file()); - p = strrchr(sid_file, '/'); - if(p != NULL) { - *++p = '\0'; - } - - if (!directory_exist(sid_file, NULL)) { - if (dos_mkdir(sid_file, 0700) != 0) { - DEBUG(0,("can't create private directory %s : %s\n", - sid_file, strerror(errno))); - return False; - } - } - - pstrcat(sid_file, "MACHINE.SID"); - - if((fd = open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) { - DEBUG(0,("unable to open or create file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Check if the file contains data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * We have a valid SID - read it. - */ - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - close(fd); - return True; - } - - /* - * The file contains no data - we need to generate our - * own sid. - */ - - { - /* - * Generate the new sid data & turn it into a string. - */ - int i; - generate_random_buffer( raw_sid_data, 12, True); - - fstrcpy( sid_string, "S-1-5-21"); - for( i = 0; i < 3; i++) { - fstring tmp_string; - slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4)); - fstrcat( sid_string, tmp_string); - } - } - - fstrcat(sid_string, "\n"); - - /* - * Ensure our new SID is valid. - */ - - if(!string_to_sid( &global_sam_sid, sid_string)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - /* - * Do an exclusive blocking lock on the file. - */ - - if(!do_file_lock( fd, 60, F_WRLCK)) { - DEBUG(0,("unable to lock file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - /* - * At this point we have a blocking lock on the SID - * file - check if in the meantime someone else wrote - * SID data into the file. If so - they were here first, - * use their data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * Unlock as soon as possible to reduce - * contention on the exclusive lock. - */ - do_file_lock( fd, 60, F_UNLCK); - - /* - * We have a valid SID - read it. - */ - - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - close(fd); - return True; - } - - /* - * The file is still empty and we have an exlusive lock on it. - * Write out out SID data into the file. - */ - - if(fchmod(fd, 0644) < 0) { - DEBUG(0,("unable to set correct permissions on file %s. \ -Error was %s\n", sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) { - DEBUG(0,("unable to write file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - /* - * Unlock & exit. - */ - - do_file_lock( fd, 60, F_UNLCK); - close(fd); - return True; -} + uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); + return grp_rid; +} /******************************************************************* - converts UNIX uid to an NT User RID. + converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uid_t pdb_user_rid_to_uid(uint32 user_rid) +gid_t pwdb_group_rid_to_gid(uint32 group_rid) { - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); + gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER); + return gid; } /******************************************************************* - converts UNIX uid to an NT User RID. + converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uint32 pdb_uid_to_user_rid(uid_t uid) +uint32 pwdb_gid_to_alias_rid(gid_t gid) { - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); + uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); + return alias_rid; } /******************************************************************* - converts NT Group RID to a UNIX uid. + converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uint32 pdb_gid_to_group_rid(gid_t gid) +gid_t pwdb_alias_rid_to_gid(uint32 alias_rid) { - return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE); + gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER); + return gid; } /******************************************************************* Decides if a RID is a well known RID. ********************************************************************/ +static BOOL pwdb_rid_is_well_known(uint32 rid) +{ + return (rid < 1000); +} -static BOOL pdb_rid_is_well_known(uint32 rid) +/******************************************************************* + determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +static uint32 pwdb_rid_type(uint32 rid) { - return (rid < 1000); + /* lkcl i understand that NT attaches an enumeration to a RID + * such that it can be identified as either a user, group etc + * type: SID_ENUM_TYPE. + */ + if (pwdb_rid_is_well_known(rid)) + { + /* + * The only well known user RIDs are DOMAIN_USER_RID_ADMIN + * and DOMAIN_USER_RID_GUEST. + */ + if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) + { + return RID_TYPE_USER; + } + if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) + { + return RID_TYPE_GROUP; + } + if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) + { + return RID_TYPE_ALIAS; + } + } + return (rid & RID_TYPE_MASK); } /******************************************************************* - Decides if a RID is a user or group RID. + checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -BOOL pdb_rid_is_user(uint32 rid) +BOOL pwdb_rid_is_user(uint32 rid) { - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type. there are 5 such categories, and they are documented. - */ - if(pdb_rid_is_well_known(rid)) { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - return True; - } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) { - return True; - } - return False; + return pwdb_rid_type(rid) == RID_TYPE_USER; } + diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index c8d817dc40..bdf01ee6a8 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -21,7 +21,7 @@ #ifdef USE_SMBPASS_DB -extern int pw_file_lock_depth; +static int pw_file_lock_depth = 0; extern int DEBUGLEVEL; extern pstring samlogon_user; extern BOOL sam_logon_in_ssb; @@ -35,37 +35,8 @@ static char s_readbuf[1024]; static void *startsmbfilepwent(BOOL update) { - FILE *fp = NULL; - char *pfile = lp_smb_passwd_file(); - - if (!*pfile) { - DEBUG(0, ("startsmbfilepwent: No SMB password file set\n")); - return (NULL); - } - DEBUG(10, ("startsmbfilepwent: opening file %s\n", pfile)); - - fp = fopen(pfile, update ? "r+b" : "rb"); - - if (fp == NULL) { - DEBUG(0, ("startsmbfilepwent: unable to open file %s\n", pfile)); - return NULL; - } - - /* Set a buffer to do more efficient reads */ - setvbuf(fp, s_readbuf, _IOFBF, sizeof(s_readbuf)); - - if (!pw_file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, &pw_file_lock_depth)) - { - DEBUG(0, ("startsmbfilepwent: unable to lock file %s\n", pfile)); - fclose(fp); - return NULL; - } - - /* Make sure it is only rw by the owner */ - chmod(pfile, 0600); - - /* We have a lock on the file. */ - return (void *)fp; + return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf), + &pw_file_lock_depth, update); } /*************************************************************** @@ -74,11 +45,27 @@ static void *startsmbfilepwent(BOOL update) static void endsmbfilepwent(void *vp) { - FILE *fp = (FILE *)vp; + endfilepwent(vp, &pw_file_lock_depth); +} - pw_file_unlock(fileno(fp), &pw_file_lock_depth); - fclose(fp); - DEBUG(7, ("endsmbfilepwent: closed password file.\n")); +/************************************************************************* + Return the current position in the smbpasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static SMB_BIG_UINT getsmbfilepwpos(void *vp) +{ + return getfilepwpos(vp); +} + +/************************************************************************* + Set the current position in the smbpasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) +{ + return setfilepwpos(vp, tok); } /************************************************************************* @@ -86,219 +73,182 @@ static void endsmbfilepwent(void *vp) *************************************************************************/ static struct smb_passwd *getsmbfilepwent(void *vp) { - /* Static buffers we will return. */ - static struct smb_passwd pw_buf; - static pstring user_name; - static unsigned char smbpwd[16]; - static unsigned char smbntpwd[16]; - FILE *fp = (FILE *)vp; - char linebuf[256]; - unsigned char c; - unsigned char *p; - long uidval; - size_t linebuf_len; - - if(fp == NULL) { - DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n")); - return NULL; - } - - pdb_init_smb(&pw_buf); - - pw_buf.acct_ctrl = ACB_NORMAL; - - /* - * Scan the file, a line at a time and check if the name matches. - */ - while (!feof(fp)) { - linebuf[0] = '\0'; - - fgets(linebuf, 256, fp); - if (ferror(fp)) { - return NULL; - } - - /* - * Check if the string is terminated with a newline - if not - * then we must keep reading and discard until we get one. - */ - linebuf_len = strlen(linebuf); - if (linebuf[linebuf_len - 1] != '\n') { - c = '\0'; - while (!ferror(fp) && !feof(fp)) { - c = fgetc(fp); - if (c == '\n') - break; - } - } else - linebuf[linebuf_len - 1] = '\0'; - -#ifdef DEBUG_PASSWORD - DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf)); -#endif - if ((linebuf[0] == 0) && feof(fp)) { - DEBUG(4, ("getsmbfilepwent: end of file reached\n")); - break; - } - /* - * The line we have should be of the form :- - * - * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently - * ignored.... - * - * or, - * - * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored.... - * - * if Windows NT compatible passwords are also present. - * [Account type] is an ascii encoding of the type of account. - * LCT-(8 hex digits) is the time_t value of the last change time. - */ - - if (linebuf[0] == '#' || linebuf[0] == '\0') { - DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n")); - continue; - } - p = (unsigned char *) strchr(linebuf, ':'); - if (p == NULL) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n")); - continue; - } - /* - * As 256 is shorter than a pstring we don't need to check - * length here - if this ever changes.... - */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - - /* Get smb uid. */ - - p++; /* Go past ':' */ - if (!isdigit(*p)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n")); - continue; - } - - uidval = atoi((char *) p); - - while (*p && isdigit(*p)) - p++; - - if (*p != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n")); - continue; - } - - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - - /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. - */ - - /* Skip the ':' */ - p++; - - if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); - pw_buf.smb_nt_passwd = NULL; - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_DISABLED; - return &pw_buf; - } - - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); - continue; - } - - if (p[32] != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n")); - continue; - } + /* Static buffers we will return. */ + static struct smb_passwd pw_buf; + static pstring user_name; + static unsigned char smbpwd[16]; + static unsigned char smbntpwd[16]; + struct passwd *pwfile; + char linebuf[256]; + unsigned char *p; + int uidval; + size_t linebuf_len; - if (!strncasecmp((char *) p, "NO PASSWORD", 11)) { - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_PWNOTREQ; - } else { - if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) { - DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); - continue; - } - pw_buf.smb_passwd = smbpwd; - } + if (vp == NULL) + { + DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n")); + return NULL; + } - /* - * Now check if the NT compatible password is - * available. - */ - pw_buf.smb_nt_passwd = NULL; - - p += 33; /* Move to the first character of the line after - the lanman password. */ - if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) { - if (*p != '*' && *p != 'X') { - if(pdb_gethexpwd((char *)p,(char *)smbntpwd)) - pw_buf.smb_nt_passwd = smbntpwd; - } - p += 33; /* Move to the first character of the line after - the NT password. */ - } + pwdb_init_smb(&pw_buf); - DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n", - user_name, uidval)); + pw_buf.acct_ctrl = ACB_NORMAL; - if (*p == '[') + /* + * Scan the file, a line at a time. + */ + while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0) { - pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p); - - /* Must have some account type set. */ - if(pw_buf.acct_ctrl == 0) - pw_buf.acct_ctrl = ACB_NORMAL; - - /* Now try and get the last change time. */ - if(*p == ']') - p++; - if(*p == ':') { - p++; - if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) { - int i; - p += 4; - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) - break; - } - if(i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16); - } - } - } - } else { - /* 'Old' style file. Fake up based on user name. */ - /* - * Currently trust accounts are kept in the same - * password file as 'normal accounts'. If this changes - * we will have to fix this code. JRA. - */ - if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') { - pw_buf.acct_ctrl &= ~ACB_NORMAL; - pw_buf.acct_ctrl |= ACB_WSTRUST; - } - } - - return &pw_buf; - } + /* + * The line we have should be of the form :- + * + * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently + * ignored.... + * + * or, + * + * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored.... + * + * if Windows NT compatible passwords are also present. + * [Account type] is an ascii encoding of the type of account. + * LCT-(8 hex digits) is the time_t value of the last change time. + */ + + /* + * As 256 is shorter than a pstring we don't need to check + * length here - if this ever changes.... + */ + p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); + + /* Go past ':' */ + p++; + + /* Get smb uid. */ + + p = Atoic((char *) p, &uidval, ":"); + + pw_buf.smb_name = user_name; + pw_buf.smb_userid = uidval; + + /* + * Now get the password value - this should be 32 hex digits + * which are the ascii representations of a 16 byte string. + * Get two at a time and put them into the password. + */ + + /* Skip the ':' */ + p++; + + if (*p == '*' || *p == 'X') + { + /* Password deliberately invalid - end here. */ + DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); + pw_buf.smb_nt_passwd = NULL; + pw_buf.smb_passwd = NULL; + pw_buf.acct_ctrl |= ACB_DISABLED; + return &pw_buf; + } + + if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) + { + DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); + continue; + } + + if (p[32] != ':') + { + DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n")); + continue; + } + + if (!strncasecmp((char *) p, "NO PASSWORD", 11)) + { + pw_buf.smb_passwd = NULL; + pw_buf.acct_ctrl |= ACB_PWNOTREQ; + } + else + { + if (!pwdb_gethexpwd((char *)p, (char *)smbpwd)) + { + DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); + continue; + } + pw_buf.smb_passwd = smbpwd; + } + + /* + * Now check if the NT compatible password is + * available. + */ + pw_buf.smb_nt_passwd = NULL; + + /* Move to the first character of the line after the lanman password. */ + p += 33; + if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) + { + if (*p != '*' && *p != 'X') + { + if(pwdb_gethexpwd((char *)p,(char *)smbntpwd)) + { + pw_buf.smb_nt_passwd = smbntpwd; + } + } + /* Move to the first character of the line after the NT password. */ + p += 33; + } + + DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n", + user_name, uidval)); + + if (*p == '[') + { + pw_buf.acct_ctrl = pwdb_decode_acct_ctrl((char*)p); + + /* Must have some account type set. */ + if (pw_buf.acct_ctrl == 0) + { + pw_buf.acct_ctrl = ACB_NORMAL; + } + + /* Now try and get the last change time. */ + if (*p == ']') + { + p++; + } + if (*p == ':') + { + p++; + pw_buf.pass_last_set_time = pwdb_get_last_set_time(p); + } + } + else + { + /* 'Old' style file. Fake up based on user name. */ + /* + * Currently trust accounts are kept in the same + * password file as 'normal accounts'. If this changes + * we will have to fix this code. JRA. + */ + if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') + { + pw_buf.acct_ctrl &= ~ACB_NORMAL; + pw_buf.acct_ctrl |= ACB_WSTRUST; + } + } + + pwfile = Get_Pwnam(pw_buf.smb_name, False); + if (pwfile == NULL) + { + DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n")); + DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name)); + return NULL; + } + + return &pw_buf; + } - DEBUG(5,("getsmbfilepwent: end of file reached.\n")); - return NULL; + DEBUG(5,("getsmbfilepwent: end of file reached.\n")); + return NULL; } /************************************************************************* @@ -327,7 +277,9 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) if (pw_buf == NULL) return NULL; - pwfile = getpwnam(pw_buf->smb_name); + pwdb_init_sam(&user); + + pwfile = Get_Pwnam(pw_buf->smb_name, False); if (pwfile == NULL) { DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); @@ -335,8 +287,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) return NULL; } - pdb_init_sam(&user); - pstrcpy(samlogon_user, pw_buf->smb_name); if (samlogon_user[strlen(samlogon_user)-1] != '$') @@ -348,8 +298,8 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) user.smb_userid = pw_buf->smb_userid; user.smb_grpid = pwfile->pw_gid; - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pdb_gid_to_group_rid(user.smb_grpid ); + user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); + user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid ); pstrcpy(full_name , pwfile->pw_gecos ); pstrcpy(logon_script , lp_logon_script ()); @@ -366,7 +316,7 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) user.smb_userid = pw_buf->smb_userid; user.smb_grpid = pwfile->pw_gid; - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); + user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ pstrcpy(full_name , ""); @@ -405,26 +355,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) return &user; } -/************************************************************************* - Return the current position in the smbpasswd list as an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static SMB_BIG_UINT getsmbfilepwpos(void *vp) -{ - return (SMB_BIG_UINT)sys_ftell((FILE *)vp); -} - -/************************************************************************* - Set the current position in the smbpasswd list from an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) -{ - return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET); -} - /************************************************************************ Routine to add an entry to the smbpasswd file. *************************************************************************/ @@ -525,7 +455,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); /* Add the account encoding and the last change time. */ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", - pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL)); + pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL)); #ifdef DEBUG_PASSWORD DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|", @@ -603,7 +533,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) lockfd = fileno(fp); - if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) { + if (!file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) { DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile)); fclose(fp); return False; @@ -623,7 +553,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) fgets(linebuf, sizeof(linebuf), fp); if (ferror(fp)) { - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -692,7 +622,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) } if (!found_entry) { - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -704,7 +634,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!isdigit(*p)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -713,7 +643,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) p++; if (*p != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -731,27 +661,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!override && (*p == '*' || *p == 'X')) { /* Password deliberately invalid - end here. */ DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name)); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } if (p[32] != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (!override && (*p == '*' || *p == 'X')) { - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -762,14 +692,14 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) the lanman password. */ if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } if (p[32] != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -807,7 +737,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) * acct ctrl field. Encode the given acct ctrl * bits into it. */ - fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + fstrcpy(encode_bits, pwdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } else { /* * If using the old format and the ACB_DISABLED or @@ -897,7 +827,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if(wr_len > sizeof(linebuf)) { DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } @@ -915,7 +845,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) { DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -923,33 +853,33 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) /* Sanity check - ensure the areas we are writing are framed by ':' */ if (read(fd, linebuf, wr_len+1) != wr_len+1) { DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) { DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) { DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (write(fd, ascii_p16, wr_len) != wr_len) { DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return True; } @@ -960,27 +890,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) { - return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override); + return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override); } static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) { - return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd)); + return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd)); } static struct sam_disp_info *getsmbfiledispnam(char *name) { - return pdb_sam_to_dispinfo(getsam21pwnam(name)); + return pwdb_sam_to_dispinfo(getsam21pwnam(name)); } static struct sam_disp_info *getsmbfiledisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getsam21pwrid(rid)); + return pwdb_sam_to_dispinfo(getsam21pwrid(rid)); } static struct sam_disp_info *getsmbfiledispent(void *vp) { - return pdb_sam_to_dispinfo(getsam21pwent(vp)); + return pwdb_sam_to_dispinfo(getsam21pwent(vp)); } static struct passdb_ops file_ops = { @@ -1005,7 +935,7 @@ static struct passdb_ops file_ops = { getsmbfiledispent }; -struct passdb_ops *file_initialize_password_db(void) +struct passdb_ops *file_initialise_password_db(void) { return &file_ops; } diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c index 0d4f9d3203..a50bc93eac 100644 --- a/source3/passdb/smbpassfile.c +++ b/source3/passdb/smbpassfile.c @@ -21,52 +21,7 @@ extern int DEBUGLEVEL; -int pw_file_lock_depth = 0; - BOOL global_machine_password_needs_changing = False; - - -/*************************************************************** - Lock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) -{ - if (fd < 0) - return False; - - (*plock_depth)++; - - if(pw_file_lock_depth == 0) { - if (!do_file_lock(fd, secs, type)) { - DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n", - strerror(errno))); - return False; - } - } - - return True; -} - -/*************************************************************** - Unlock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -BOOL pw_file_unlock(int fd, int *plock_depth) -{ - BOOL ret=True; - - if(*plock_depth == 1) - ret = do_file_lock(fd, 5, F_UNLCK); - - (*plock_depth)--; - - if(!ret) - DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n", - strerror(errno))); - return ret; -} - static int mach_passwd_lock_depth; static FILE *mach_passwd_fp; @@ -125,7 +80,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update) chmod(mac_file, 0600); - if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), + if(!file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), 60, &mach_passwd_lock_depth)) { DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file)); @@ -144,7 +99,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update) BOOL trust_password_unlock(void) { - BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); + BOOL ret = file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); if(mach_passwd_lock_depth == 0) fclose(mach_passwd_fp); return ret; @@ -212,7 +167,7 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t * Get the hex password. */ - if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || + if (!pwdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || strncmp(&linebuf[33], "TLC-", 4)) { DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n")); #ifdef DEBUG_PASSWORD diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index e18062220b..3ce22fd854 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -24,8 +24,6 @@ #include "nterr.h" extern int DEBUGLEVEL; -extern fstring global_myworkgroup; -extern pstring global_myname; /**************************************************************************** Initialize domain session credentials. diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 5255732c5d..a43b65ad64 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -193,7 +193,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); - slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", + slprintf(full_name, sizeof(full_name), "\\%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index d75ad6947f..ed2f391256 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -32,7 +32,6 @@ extern int DEBUGLEVEL; extern pstring scope; extern pstring global_myname; -extern fstring global_myworkgroup; /**************************************************************************** Generate the next creds to use. diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 579eeebdac..712e608847 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -31,7 +31,6 @@ extern int DEBUGLEVEL; extern struct pipe_id_info pipe_names[]; -extern fstring global_myworkgroup; extern pstring global_myname; /******************************************************************** diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index a5c523fdb6..818e7a0baf 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -37,7 +37,7 @@ void make_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name, int len_name = strlen(name); trn->sid_name_use = sid_name_use; - make_uni_hdr(&(trn->hdr_name), len_name, len_name, len_name != 0); + make_uni_hdr(&(trn->hdr_name), len_name, len_name, 1); make_unistr2(uni_name, name, len_name); trn->domain_idx = idx; } @@ -692,7 +692,7 @@ void lsa_io_q_lookup_rids(char *desc, LSA_Q_LOOKUP_RIDS *q_r, prs_struct *ps, i for (i = 0; i < q_r->num_entries; i++) { - smb_io_unistr3("", &(q_r->lookup_name[i]), ps, depth); /* names to be looked up */ + smb_io_unistr3("dom_name", &(q_r->lookup_name[i]), ps, depth); /* names to be looked up */ } prs_uint8s (False, "undoc ", ps, depth, q_r->undoc, UNKNOWN_LEN); diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 57fc73e516..ce573c7bf2 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -665,8 +665,8 @@ void make_id_info2(NET_ID_INFO_2 *id, char *domain_name, int len_domain_name = strlen(domain_name); int len_user_name = strlen(user_name ); int len_wksta_name = strlen(wksta_name ); - int nt_chal_resp_len = ((nt_chal_resp != NULL) ? 24 : 0); - int lm_chal_resp_len = ((lm_chal_resp != NULL) ? 24 : 0); + int nt_chal_resp_len = ((nt_chal_resp != NULL) ? 24 : 0); + int lm_chal_resp_len = ((lm_chal_resp != NULL) ? 24 : 0); unsigned char lm_owf[24]; unsigned char nt_owf[24]; diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c index 3bf017d25e..5059ca222b 100644 --- a/source3/rpc_parse/parse_rpc.c +++ b/source3/rpc_parse/parse_rpc.c @@ -122,17 +122,6 @@ interface/version dce/rpc pipe identification }, 0x00 \ } \ -/* pipe string names */ -#define PIPE_SRVSVC "\\PIPE\\srvsvc" -#define PIPE_SAMR "\\PIPE\\samr" -#define PIPE_WINREG "\\PIPE\\winreg" -#define PIPE_WKSSVC "\\PIPE\\wkssvc" -#define PIPE_NETLOGON "\\PIPE\\NETLOGON" -#define PIPE_NTLSA "\\PIPE\\ntlsa" -#define PIPE_NTSVCS "\\PIPE\\ntsvcs" -#define PIPE_LSASS "\\PIPE\\lsass" -#define PIPE_LSARPC "\\PIPE\\lsarpc" - struct pipe_id_info pipe_names [] = { /* client pipe , abstract syntax , server pipe , transfer syntax */ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index ec4411b783..e7f4f0547c 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -993,7 +993,7 @@ void samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_s makes a SAMR_R_ENUM_DOM_ALIASES structure. ********************************************************************/ void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, - uint32 num_sam_entries, SAM_USER_INFO_21 grps[MAX_SAM_ENTRIES], + uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status) { int i; @@ -1022,11 +1022,13 @@ void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, for (i = 0; i < num_sam_entries; i++) { + int acct_name_len = strlen(alss[i].name); + make_sam_entry(&(r_u->sam[i]), - grps[i].uni_user_name.uni_str_len, - grps[i].user_rid); + acct_name_len, + alss[i].rid); - copy_unistr2(&(r_u->uni_grp_name[i]), &(grps[i].uni_user_name)); + make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name , acct_name_len); } r_u->num_entries4 = num_sam_entries; @@ -1415,7 +1417,7 @@ makes a SAMR_R_ENUM_DOM_GROUPS structure. ********************************************************************/ void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, uint32 start_idx, uint32 num_sam_entries, - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES], + DOMAIN_GRP *grp, uint32 status) { int i; @@ -1436,14 +1438,17 @@ void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, { for (i = start_idx, entries_added = 0; i < num_sam_entries; i++) { + int acct_name_len = strlen(grp[i].name); + int acct_desc_len = strlen(grp[i].comment); + make_sam_entry3(&(r_u->sam[entries_added]), start_idx + entries_added + 1, - pass[i].uni_user_name.uni_str_len, - pass[i].uni_acct_desc.uni_str_len, - pass[i].user_rid); + acct_name_len, + acct_desc_len, + grp[i].rid); - copy_unistr2(&(r_u->str[entries_added].uni_grp_name), &(pass[i].uni_user_name)); - copy_unistr2(&(r_u->str[entries_added].uni_grp_desc), &(pass[i].uni_acct_desc)); + make_unistr2(&(r_u->str[entries_added].uni_grp_name), grp[i].name , acct_name_len); + make_unistr2(&(r_u->str[entries_added].uni_grp_desc), grp[i].comment, acct_desc_len); entries_added++; } @@ -1793,7 +1798,7 @@ void samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *p makes a SAMR_R_LOOKUP_NAMES structure. ********************************************************************/ void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, - uint32 num_rids, uint32 *rid, uint32 status) + uint32 num_rids, uint32 *rid, uint8 *type, uint32 status) { int i; if (r_u == NULL) return; @@ -1810,7 +1815,7 @@ void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, for (i = 0; i < num_rids; i++) { - make_dom_rid3(&(r_u->dom_rid[i]), rid[i], 0x01); + make_dom_rid3(&(r_u->dom_rid[i]), rid[i], type[i]); } r_u->num_entries3 = num_rids; @@ -2100,7 +2105,7 @@ void make_samr_r_query_usergroups(SAMR_R_QUERY_USERGROUPS *r_u, { r_u->ptr_0 = 1; r_u->num_entries = num_gids; - r_u->ptr_1 = 1; + r_u->ptr_1 = (num_gids != 0) ? 1 : 0; r_u->num_entries2 = num_gids; r_u->gid = gid; diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 5e6e101883..51b6e8d25b 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -29,6 +29,12 @@ extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; +extern fstring global_sam_name; +extern DOM_SID global_member_sid; +extern fstring global_myworkgroup; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_3; +extern DOM_SID global_sid_S_1_5; /*************************************************************************** lsa_reply_open_policy2 @@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; - d_q->buffer_dom_name = 4; /* domain buffer pointer */ - d_q->buffer_dom_sid = 2; /* domain sid pointer */ + d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */ /* this string is supposed to be character short */ make_unistr2(&(d_q->uni_domain_name), dom_name, domlen); @@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, /*************************************************************************** -make_dom_ref +make_dom_ref - adds a domain if it's not already in, returns the index ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, int num_domains, - char **dom_names, DOM_SID **dom_sids) +static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) { - int i; + int num = 0; + int len; - if (num_domains > MAX_REF_DOMAINS) + if (dom_name != NULL) { - num_domains = MAX_REF_DOMAINS; + for (num = 0; num < ref->num_ref_doms_1; num++) + { + fstring domname; + fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name)); + if (strequal(domname, dom_name)) + { + return num; + } + } + + } + else + { + num = ref->num_ref_doms_1; + } + + if (num >= MAX_REF_DOMAINS) + { + /* index not found, already at maximum domain limit */ + return -1; } ref->undoc_buffer = 1; - ref->num_ref_doms_1 = num_domains; + ref->num_ref_doms_1 = num+1; ref->undoc_buffer2 = 1; ref->max_entries = MAX_REF_DOMAINS; - ref->num_ref_doms_2 = num_domains; + ref->num_ref_doms_2 = num+1; - for (i = 0; i < num_domains; i++) - { - int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0; + len = dom_name != NULL ? strlen(dom_name) : 0; - make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0); - ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0; + make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0); + ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0; - make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len); - make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]); - } + make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len); + make_dom_sid2(&(ref->ref_dom[num].ref_dom ), dom_sid ); + return num; } /*************************************************************************** make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { int i; - make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids); + r_l->num_entries = 0; + r_l->undoc_buffer = 0; + r_l->num_entries2 = 0; +#if 0 r_l->num_entries = num_entries; r_l->undoc_buffer = 1; r_l->num_entries2 = num_entries; @@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, for (i = 0; i < num_entries; i++) { - make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01); + make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid); + make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]); } r_l->num_entries3 = num_entries; +#endif } /*************************************************************************** make_lsa_trans_names ***************************************************************************/ -static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, +static void make_lsa_trans_names(DOM_R_REF *ref, + LSA_TRANS_NAME_ENUM *trn, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - uint32 *total) + uint32 *mapped_count) { - uint32 status = 0x0; int i; - (*total) = 0; + int total = 0; + (*mapped_count) = 0; SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); for (i = 0; i < num_entries; i++) { + uint32 status = 0x0; + DOM_SID find_sid = sid[i].sid; + DOM_SID tmp = sid[i].sid; uint32 rid = 0xffffffff; - uint8 num_auths = sid[i].sid.num_auths; + int dom_idx = -1; fstring name; - uint32 type; + fstring dom_name; + uint8 sid_name_use = 0; - SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths); + memset(dom_name, 0, sizeof(dom_name)); + memset(name , 0, sizeof(name )); - /* find the rid to look up */ - if (num_auths != 0) + if (map_domain_sid_to_name(&find_sid, dom_name)) + { + sid_name_use = SID_NAME_DOMAIN; + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + } + else if (sid_split_rid (&find_sid, &rid) && + map_domain_sid_to_name(&find_sid, dom_name)) + { + if (sid_equal(&find_sid, &global_sam_sid)) + { + status = lookup_name(&tmp, name, &sid_name_use); + } + else + { + status = 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + } + else { - rid = sid[i].sid.sub_auths[num_auths-1]; - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status; - status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status; - status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status; } + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + if (status == 0x0) { - make_lsa_trans_name(&(trn->name [(*total)]), - &(trn->uni_name[(*total)]), - type, name, (*total)); - (*total)++; + (*mapped_count)++; + } + else + { + snprintf(name, sizeof(name), "%08x", rid); + sid_name_use = SID_NAME_UNKNOWN; + } + make_lsa_trans_name(&(trn->name [total]), + &(trn->uni_name[total]), + sid_name_use, name, dom_idx); + total++; } - trn->num_entries = (*total); + trn->num_entries = total; trn->ptr_trans_names = 1; - trn->num_entries2 = (*total); + trn->num_entries2 = total; } /*************************************************************************** @@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, - int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + DOM_SID2 *sid, int num_entries) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, ZERO_STRUCT(names); /* set up the LSA Lookup SIDs response */ - make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids); - make_lsa_trans_names(&names, num_entries, sid, &mapped_count); + make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); /* store the response in the SMB stream */ @@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { LSA_R_LOOKUP_RIDS r_l; ZERO_STRUCT(r_l); /* set up the LSA Lookup RIDs response */ - make_reply_lookup_rids(&r_l, num_entries, dom_rids, - num_ref_doms, dom_names, dom_sids); + make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types); + r_l.status = 0x0; /* store the response in the SMB stream */ @@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_QUERY_INFO q_i; - pstring dom_name; + fstring name; + DOM_SID *sid = NULL; + memset(name, 0, sizeof(name)); ZERO_STRUCT(q_i); /* grab the info class and policy handle */ lsa_io_q_query("", &q_i, data, 0); - pstrcpy(dom_name, lp_workgroup()); + switch (q_i.info_class) + { + case 0x03: + { + fstrcpy(name, global_myworkgroup); + sid = &global_member_sid; + break; + } + case 0x05: + { + fstrcpy(name, global_sam_name); + sid = &global_sam_sid; + break; + } + default: + { + DEBUG(5,("unknown info level in Lsa Query: %d\n", + q_i.info_class)); + break; + } + } /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); + lsa_reply_query_info(&q_i, rdata, name, sid); } /*************************************************************************** @@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_LOOKUP_SIDS q_l; - pstring dom_name; - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; - ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); /* grab the info class and policy handle */ lsa_io_q_lookup_sids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - /* construct reply. return status is always 0x0 */ - lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - 4, dom_names, sid_array); + lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries); } /*************************************************************************** @@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, { int i; LSA_Q_LOOKUP_RIDS q_l; - pstring dom_name; uint32 dom_rids[MAX_LOOKUP_SIDS]; - uint32 dummy_g_rid; - - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; + uint8 dom_types[MAX_LOOKUP_SIDS]; ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); ZERO_ARRAY(dom_rids); /* grab the info class and policy handle */ lsa_io_q_lookup_rids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - fstring user_name; - fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); - - /* - * Map to the UNIX username. - */ - map_username(user_name); - - /* - * Do any case conversions. - */ - (void)Get_Pwnam(user_name, True); + fstring name; + fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer)); - if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) + if (lookup_rid(name, &dom_rids[i], &dom_types[i])) { /* WHOOPS! we should really do something about this... */ dom_rids[i] = 0; @@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, - q_l.num_entries, dom_rids, /* text-converted SIDs */ - 4, dom_names, sid_array); + q_l.num_entries, + dom_rids, /* text-converted SIDs */ + dom_types); /* SID_NAME_USE types */ } /*************************************************************************** diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index b807c40604..dabc5520ff 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) { struct policy *p = find_lsa_policy(hnd); - if (!p) { + if (!p) + { DEBUG(3,("Error closing policy\n")); return False; } @@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) bitmap_clear(bmap, p->pnum); ZERO_STRUCTP(p); + ZERO_STRUCTP(hnd); free(p); diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 04118800e2..77b17dca2f 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -1,4 +1,3 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -544,7 +543,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, net_login_network: *************************************************************************/ static uint32 net_login_network(NET_ID_INFO_2 *id2, - struct smb_passwd *smb_pass) + struct smb_passwd *smb_pass, + user_struct *vuser) { DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", id2->hdr_lm_chal_resp.str_str_len, @@ -593,221 +593,213 @@ static void api_net_sam_logon( uint16 vuid, prs_struct *data, prs_struct *rdata) { - NET_Q_SAM_LOGON q_l; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 usr_info; - uint32 status = 0x0; - DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; - UNISTR2 *uni_samlogon_user = NULL; - - user_struct *vuser = NULL; - - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return; - - q_l.sam_id.ctr = &ctr; - - net_io_q_sam_logon("", &q_l, data, 0); - - /* checks and updates credentials. creates reply credentials */ - if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), - &(q_l.sam_id.client.cred), &srv_cred)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - else - { - memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); - } - - /* find the username */ - - if (status == 0) - { - switch (q_l.sam_id.logon_level) - { - case INTERACTIVE_LOGON_TYPE: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); - - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); - break; - } - case NET_LOGON_TYPE: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); - - DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); - break; - } - default: - { - DEBUG(2,("SAM Logon: unsupported switch value\n")); - status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; - break; - } - } /* end switch */ - } /* end if status == 0 */ - - /* check username exists */ - - if (status == 0) - { - pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, - uni_samlogon_user->uni_str_len)); - - DEBUG(3,("User:[%s]\n", samlogon_user)); + NET_Q_SAM_LOGON q_l; + NET_ID_INFO_CTR ctr; + NET_USER_INFO_3 usr_info; + uint32 status = 0x0; + DOM_CRED srv_cred; + struct smb_passwd *smb_pass = NULL; + UNISTR2 *uni_samlogon_user = NULL; - /* - * Convert to a UNIX username. - */ - map_username(samlogon_user); + user_struct *vuser = NULL; - /* - * Do any case conversions. - */ - (void)Get_Pwnam(samlogon_user, True); - - become_root(True); - smb_pass = getsmbpwnam(samlogon_user); - unbecome_root(True); - - if (smb_pass == NULL) - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - else if (smb_pass->acct_ctrl & ACB_PWNOTREQ) - status = 0; - else if (smb_pass->acct_ctrl & ACB_DISABLED) - status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; - } - - /* Validate password - if required. */ - - if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) - { - switch (q_l.sam_id.logon_level) - { - case INTERACTIVE_LOGON_TYPE: - { - /* interactive login. */ - status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); - break; - } - case NET_LOGON_TYPE: - { - /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass); - break; - } - } - } - - /* lkclXXXX this is the point at which, if the login was - successful, that the SAM Local Security Authority should - record that the user is logged in to the domain. - */ - - /* return the profile plus other bits :-) */ - - if (status == 0) - { - DOM_GID *gids = NULL; - int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; - pstring my_name; - pstring my_workgroup; - pstring domain_groups; - uint32 r_uid; - uint32 r_gid; - - /* set up pointer indicating user/password failed to be found */ - usr_info.ptr_user_info = 0; - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - pstrcpy(logon_script, lp_logon_script()); - pstrcpy(profile_path, lp_logon_path()); - - pstrcpy(my_workgroup, lp_workgroup()); - - pstrcpy(home_drive, lp_logon_drive()); - pstrcpy(home_dir, lp_logon_home()); - - pstrcpy(my_name, global_myname); - strupper(my_name); + if ((vuser = get_valid_user_struct(vuid)) == NULL) + return; - /* - * This is the point at which we get the group - * database - we should be getting the gid_t list - * from /etc/group and then turning the uids into - * rids and then into machine sids for this user. - * JRA. - */ + q_l.sam_id.ctr = &ctr; - get_domain_user_groups(domain_groups, samlogon_user); + net_io_q_sam_logon("", &q_l, data, 0); - /* - * make_dom_gids allocates the gids array. JRA. - */ - gids = NULL; - num_gids = make_dom_gids(domain_groups, &gids); - - sam_logon_in_ssb = False; - - if (pdb_name_to_rid(samlogon_user, &r_uid, &r_gid)) - { - make_net_user_info3(&usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - samlogon_user , /* user_name */ - vuser->real_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - - 0, /* logon_count */ - 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ - num_gids, /* uint32 num_groups */ - gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ - - NULL, /* char sess_key[16] */ - - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - &global_sam_sid, /* DOM_SID *dom_sid */ - NULL); /* char *other_sids */ - } - else - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - } - - /* Free any allocated groups array. */ - if(gids) - free((char *)gids); - } - - net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); + /* checks and updates credentials. creates reply credentials */ + if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), + &(q_l.sam_id.client.cred), &srv_cred)) + { + status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + } + else + { + memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); + } + + /* find the username */ + + if (status == 0) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); + + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); + break; + } + case NET_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); + + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); + break; + } + default: + { + DEBUG(2,("SAM Logon: unsupported switch value\n")); + status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; + break; + } + } /* end switch */ + } /* end if status == 0 */ + + /* check username exists */ + + if (status == 0) + { + pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, + uni_samlogon_user->uni_str_len)); + + DEBUG(3,("User:[%s]\n", samlogon_user)); + + /* + * Convert to a UNIX username. + */ + map_username(samlogon_user); + + /* + * Do any case conversions. + */ + (void)Get_Pwnam(samlogon_user, True); + + become_root(True); + smb_pass = getsmbpwnam(samlogon_user); + unbecome_root(True); + + if (smb_pass == NULL) + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) && + IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)) + { + status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; + } + } + + /* validate password - if required */ + + if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + /* interactive login. */ + status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); + break; + } + case NET_LOGON_TYPE: + { + /* network login. lm challenge and 24 byte responses */ + status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser); + break; + } + } + } + + /* lkclXXXX this is the point at which, if the login was + successful, that the SAM Local Security Authority should + record that the user is logged in to the domain. + */ + + /* return the profile plus other bits :-) */ + + if (status == 0) + { + DOM_GID *gids = NULL; + int num_gids = 0; + NTTIME dummy_time; + pstring logon_script; + pstring profile_path; + pstring home_dir; + pstring home_drive; + pstring my_name; + pstring my_workgroup; + DOMAIN_GRP *grp_mem; + uint32 r_uid; + uint32 r_gid; + + /* set up pointer indicating user/password failed to be found */ + usr_info.ptr_user_info = 0; + + dummy_time.low = 0xffffffff; + dummy_time.high = 0x7fffffff; + + /* XXXX hack to get standard_sub_basic() to use sam logon username */ + /* possibly a better way would be to do a become_user() call */ + sam_logon_in_ssb = True; + + pstrcpy(logon_script, lp_logon_script()); + pstrcpy(profile_path, lp_logon_path()); + + pstrcpy(my_workgroup, lp_workgroup()); + + pstrcpy(home_drive, lp_logon_drive()); + pstrcpy(home_dir, lp_logon_home()); + pstrcpy(my_name, global_myname); + strupper(my_name); + + status = lookup_user_rids(samlogon_user, &r_uid, &r_gid); + status = status == 0 ? getusergroupsnam(samlogon_user, &grp_mem, &num_gids) : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP; + + if (status == 0x0) + { + gids = NULL; + num_gids = make_dom_gids(grp_mem, num_gids, &gids); + + make_net_user_info3(&usr_info, + &dummy_time, /* logon_time */ + &dummy_time, /* logoff_time */ + &dummy_time, /* kickoff_time */ + &dummy_time, /* pass_last_set_time */ + &dummy_time, /* pass_can_change_time */ + &dummy_time, /* pass_must_change_time */ + + samlogon_user , /* user_name */ + vuser->real_name, /* full_name */ + logon_script , /* logon_script */ + profile_path , /* profile_path */ + home_dir , /* home_dir */ + home_drive , /* dir_drive */ + + 0, /* logon_count */ + 0, /* bad_pw_count */ + + r_uid , /* RID user_id */ + r_gid , /* RID group_id */ + num_gids, /* uint32 num_groups */ + gids , /* DOM_GID *gids */ + 0x20 , /* uint32 user_flgs (?) */ + + NULL, /* char sess_key[16] */ + + my_name , /* char *logon_srv */ + my_workgroup, /* char *logon_dom */ + + &global_sam_sid, /* DOM_SID *dom_sid */ + NULL); /* char *other_sids */ + } + else + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + + /* Free any allocated groups array. */ + if (gids) + { + free((char *)gids); + } + } + + net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 323298ef7a..b70a71b5c0 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -30,9 +30,11 @@ extern int DEBUGLEVEL; extern BOOL sam_logon_in_ssb; extern pstring samlogon_user; -extern fstring global_myworkgroup; +extern fstring global_sam_name; extern pstring global_myname; extern DOM_SID global_sam_sid; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_5_20; extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; @@ -79,8 +81,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, user_name_len = strlen(pwd->smb_name); make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); - make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, - user_name_len, 1); + make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1, + user_name_len-1, 1); pw_buf[(*num_entries)].user_rid = pwd->user_rid; bzero( pw_buf[(*num_entries)].nt_pwd , 16); @@ -292,24 +294,21 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, if (status == 0x0) { - DOM_SID user_sid; - DOM_SID everyone_sid; + DOM_SID usr_sid; - user_sid = global_sam_sid; + usr_sid = global_sam_sid; - SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1); + SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1); /* * Add the user RID. */ - user_sid.sub_auths[user_sid.num_auths++] = rid; + sid_append_rid(&usr_sid, rid); - string_to_sid(&everyone_sid, "S-1-1"); - - /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */ - /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ - make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &everyone_sid); - make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid); + /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */ + /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ + make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1); + make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid); } make_samr_r_unknown_3(&r_u, @@ -400,37 +399,92 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, prs_struct *rdata) { SAMR_R_ENUM_DOM_GROUPS r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries; + DOMAIN_GRP *grps = NULL; + int num_entries = 0; BOOL got_grps; - char *dummy_group = "Domain Admins"; + DOM_SID sid; + fstring sid_str; r_e.status = 0x0; r_e.num_entries = 0; /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) + if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid)) { r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; } - DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); + sid_to_string(sid_str, &sid); + + DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str)); + + /* well-known groups */ + if (sid_equal(&sid, &global_sid_S_1_5_20)) + { + char *name; + got_grps = True; + + while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) + { + DOMAIN_GRP tmp_grp; + + fstrcpy(tmp_grp.name , name); + fstrcpy(tmp_grp.comment, ""); + tmp_grp.rid = domain_group_rids[num_entries].rid; + tmp_grp.attr = 0x7; + + if (!add_domain_group(&grps, &num_entries, &tmp_grp)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } + } + } + else if (sid_equal(&sid, &global_sam_sid)) + { + BOOL ret; + char *name; + got_grps = True; + + while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) + { + DOMAIN_GRP tmp_grp; + + fstrcpy(tmp_grp.name , name); + fstrcpy(tmp_grp.comment, ""); + tmp_grp.rid = domain_group_rids[num_entries].rid; + tmp_grp.attr = 0x7; - got_grps = True; - num_entries = 1; - make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)); - pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS; + if (!add_domain_group(&grps, &num_entries, &tmp_grp)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } + } + + become_root(True); + ret = enumdomgroups(&grps, &num_entries); + unbecome_root(True); + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + } + } if (r_e.status == 0 && got_grps) { - make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status); + make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status); } /* store the response in the SMB stream */ samr_io_r_enum_dom_groups("", &r_e, rdata, 0); - DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); + if (grps != NULL) + { + free(grps); + } + DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); } /******************************************************************* @@ -455,11 +509,10 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, prs_struct *rdata) { SAMR_R_ENUM_DOM_ALIASES r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; + LOCAL_GRP *alss = NULL; int num_entries = 0; DOM_SID sid; fstring sid_str; - fstring sam_sid_str; r_e.status = 0x0; r_e.num_entries = 0; @@ -471,34 +524,57 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, } sid_to_string(sid_str, &sid); - sid_to_string(sam_sid_str, &global_sam_sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); /* well-known aliases */ - if (strequal(sid_str, "S-1-5-32")) + if (sid_equal(&sid, &global_sid_S_1_5_20)) { char *name; - while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) + + while ((name = builtin_alias_rids[num_entries].name) != NULL) { - make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); - pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; - num_entries++; + LOCAL_GRP tmp_als; + + fstrcpy(tmp_als.name , name); + fstrcpy(tmp_als.comment, ""); + tmp_als.rid = builtin_alias_rids[num_entries].rid; + + if (!add_domain_alias(&alss, &num_entries, &tmp_als)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } } } - else if (strequal(sid_str, sam_sid_str)) + else if (sid_equal(&sid, &global_sam_sid)) { + BOOL ret; /* local aliases */ - /* oops! there's no code to deal with this */ - DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n")); num_entries = 0; + + become_root(True); + ret = enumdomaliases(&alss, &num_entries); + unbecome_root(True); + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + } } - make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); + if (r_e.status == 0x0) + { + make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status); + } /* store the response in the SMB stream */ samr_io_r_enum_dom_aliases("", &r_e, rdata, 0); + if (alss != NULL) + { + free(alss); + } + DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__)); } @@ -669,50 +745,92 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, { uint32 rid[MAX_SAM_ENTRIES]; uint32 status = 0; - int num_rids = q_u->num_sids1; + int num_rids = 0; + int i; + struct sam_passwd *sam_pass; + DOM_SID usr_sid; + DOM_SID dom_sid; + uint32 user_rid; + fstring sam_sid_str; + fstring dom_sid_str; + fstring usr_sid_str; SAMR_R_LOOKUP_IDS r_u; DEBUG(5,("samr_lookup_ids: %d\n", __LINE__)); + /* find the policy handle. open a policy on it. */ + if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid)) + { + status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + } + else + { + sid_to_string(dom_sid_str, &dom_sid ); + sid_to_string(sam_sid_str, &global_sam_sid); + } + if (num_rids > MAX_SAM_ENTRIES) { num_rids = MAX_SAM_ENTRIES; DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids)); } -#if 0 - int i; - SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids); - - for (i = 0; i < num_rids && status == 0; i++) + if (status == 0x0) { - struct sam_passwd *sam_pass; - fstring user_name; - + usr_sid = q_u->sid[0].sid; + sid_split_rid(&usr_sid, &user_rid); + sid_to_string(usr_sid_str, &usr_sid); - fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer, - q_u->uni_user_name[i].uni_str_len)); + } + if (status == 0x0) + { /* find the user account */ become_root(True); - sam_pass = get_smb21pwd_entry(user_name, 0); + sam_pass = getsam21pwrid(user_rid); unbecome_root(True); if (sam_pass == NULL) { status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - rid[i] = 0; + num_rids = 0; + } + } + + if (status == 0x0) + { + if (sid_equal(&dom_sid, &global_sid_S_1_5_20)) + { + DEBUG(5,("lookup on S-1-5-20\n")); + } + else if (sid_equal(&dom_sid, &usr_sid)) + { + DOMAIN_GRP *mem_grp = NULL; + BOOL ret; + + DEBUG(5,("lookup on Domain SID\n")); + + become_root(True); + ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids); + unbecome_root(True); + + num_rids = MIN(num_rids, MAX_SAM_ENTRIES); + + if (mem_grp != NULL) + { + for (i = 0; i < num_rids; i++) + { + rid[i] = mem_grp[i].rid; + } + free(mem_grp); + } } else { - rid[i] = sam_pass->user_rid; + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; } } -#endif - - num_rids = 1; - rid[0] = BUILTIN_ALIAS_RID_USERS; make_samr_r_lookup_ids(&r_u, num_rids, rid, status); @@ -743,7 +861,8 @@ static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdat static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *rdata) { - uint32 rid[MAX_SAM_ENTRIES]; + uint32 rid [MAX_SAM_ENTRIES]; + uint8 type[MAX_SAM_ENTRIES]; uint32 status = 0; int i; int num_rids = q_u->num_rids1; @@ -763,17 +882,12 @@ static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, for (i = 0; i < num_rids && status == 0; i++) { fstring name; - - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len)); - status = (status != 0x0) ? lookup_user_rid (name, &(rid[i])) : status; - status = (status != 0x0) ? lookup_group_rid(name, &(rid[i])) : status; - status = (status != 0x0) ? lookup_alias_rid(name, &(rid[i])) : status; + status = lookup_rid(name, &(rid[i]), &(type[i])); } - make_samr_r_lookup_names(&r_u, num_rids, rid, status); + make_samr_r_lookup_names(&r_u, num_rids, rid, type, status); /* store the response in the SMB stream */ samr_io_r_lookup_names("", &r_u, rdata, 0); @@ -1017,7 +1131,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { struct smb_passwd *smb_pass; - if (!pdb_rid_is_user(user_rid)) + if (!pwdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); return False; @@ -1050,7 +1164,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) LOGON_HRS hrs; int i; - if (!pdb_rid_is_user(user_rid)) + if (!pwdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); return False; @@ -1255,10 +1369,20 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, if (status == 0x0) { - pstring groups; - get_domain_user_groups(groups, sam_pass->smb_name); + DOMAIN_GRP *mem_grp = NULL; + BOOL ret; + + become_root(True); + ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups); + unbecome_root(True); + gids = NULL; - num_groups = make_dom_gids(groups, &gids); + num_groups = make_dom_gids(mem_grp, num_groups, &gids); + + if (mem_grp != NULL) + { + free(mem_grp); + } } /* construct the response. lkclXXXX: gids are not copied! */ @@ -1322,7 +1446,7 @@ static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, case 0x02: { switch_value = 0x2; - make_unk_info2(&ctr.info.inf2, global_myworkgroup, global_myname); + make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname); break; } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 097ab92d76..25dceb41a0 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -22,325 +22,4 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* this module apparently provides an implementation of DCE/RPC over a - * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC - * documentation are available (in on-line form) from the X-Open group. - * - * this module should provide a level of abstraction between SMB - * and DCE/RPC, while minimising the amount of mallocs, unnecessary - * data copies, and network traffic. - * - * in this version, which takes a "let's learn what's going on and - * get something running" approach, there is additional network - * traffic generated, but the code should be easier to understand... - * - * ... if you read the docs. or stare at packets for weeks on end. - * - */ - -#include "includes.h" -#include "nterr.h" - -extern int DEBUGLEVEL; - -/* - * A list of the rids of well known BUILTIN and Domain users - * and groups. - */ - -rid_name builtin_alias_rids[] = -{ - { BUILTIN_ALIAS_RID_ADMINS , "Administrators" }, - { BUILTIN_ALIAS_RID_USERS , "Users" }, - { BUILTIN_ALIAS_RID_GUESTS , "Guests" }, - { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" }, - - { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" }, - { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" }, - { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" }, - { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" }, - { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID users. */ -rid_name domain_user_rids[] = -{ - { DOMAIN_USER_RID_ADMIN , "Administrator" }, - { DOMAIN_USER_RID_GUEST , "Guest" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID groups. */ -rid_name domain_group_rids[] = -{ - { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" }, - { DOMAIN_GROUP_RID_USERS , "Domain Users" }, - { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" }, - { 0 , NULL } -}; - -int make_dom_gids(char *gids_str, DOM_GID **ppgids) -{ - char *ptr; - pstring s2; - int count; - DOM_GID *gids; - - *ppgids = NULL; - - DEBUG(4,("make_dom_gids: %s\n", gids_str)); - - if (gids_str == NULL || *gids_str == 0) - return 0; - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)); - count++) - ; - - gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count ); - if(!gids) - { - DEBUG(0,("make_dom_gids: malloc fail !\n")); - return 0; - } - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)) && - count < LSA_MAX_GROUPS; - count++) - { - /* the entries are of the form GID/ATTR, ATTR being optional.*/ - char *attr; - uint32 rid = 0; - int i; - - attr = strchr(s2,'/'); - if (attr) - *attr++ = 0; - - if (!attr || !*attr) - attr = "7"; /* default value for attribute is 7 */ - - /* look up the RID string and see if we can turn it into a rid number */ - for (i = 0; builtin_alias_rids[i].name != NULL; i++) - { - if (strequal(builtin_alias_rids[i].name, s2)) - { - rid = builtin_alias_rids[i].rid; - break; - } - } - - if (rid == 0) - rid = atoi(s2); - - if (rid == 0) - { - DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr)); - count--; - } - else - { - gids[count].g_rid = rid; - gids[count].attr = atoi(attr); - - DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr)); - } - } - - *ppgids = gids; - return count; -} - - -/******************************************************************* - gets a domain user's groups - ********************************************************************/ -void get_domain_user_groups(char *domain_groups, char *user) -{ - pstring tmp; - - if (domain_groups == NULL || user == NULL) return; - - /* any additional groups this user is in. e.g power users */ - pstrcpy(domain_groups, lp_domain_groups()); - - /* can only be a user or a guest. cannot be guest _and_ admin */ - if (user_in_list(user, lp_domain_guest_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain guest group access %s granted\n", tmp)); - } - else - { - slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain group access %s granted\n", tmp)); - - if (user_in_list(user, lp_domain_admin_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain admin group access %s granted\n", tmp)); - } - } -} - - -/******************************************************************* - lookup_group_name - ********************************************************************/ -uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type) -{ - int i = 0; - (*type) = SID_NAME_DOM_GRP; - - DEBUG(5,("lookup_group_name: rid: %d", rid)); - - while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0) - { - i++; - } - - if (domain_group_rids[i].rid != 0) - { - fstrcpy(group_name, domain_group_rids[i].name); - DEBUG(5,(" = %s\n", group_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_name - ********************************************************************/ -uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) -{ - int i = 0; - (*type) = SID_NAME_WKN_GRP; - - DEBUG(5,("lookup_alias_name: rid: %d", rid)); - - while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0) - { - i++; - } - - if (builtin_alias_rids[i].rid != 0) - { - fstrcpy(alias_name, builtin_alias_rids[i].name); - DEBUG(5,(" = %s\n", alias_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_user_name - ********************************************************************/ -uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) -{ - struct sam_disp_info *disp_info; - int i = 0; - (*type) = SID_NAME_USER; - - DEBUG(5,("lookup_user_name: rid: %d", rid)); - - /* look up the well-known domain user rids first */ - while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0) - { - i++; - } - - if (domain_user_rids[i].rid != 0) - { - fstrcpy(user_name, domain_user_rids[i].name); - DEBUG(5,(" = %s\n", user_name)); - return 0x0; - } - - /* ok, it's a user. find the user account */ - become_root(True); - disp_info = getsamdisprid(rid); - unbecome_root(True); - - if (disp_info != NULL) - { - fstrcpy(user_name, disp_info->smb_name); - DEBUG(5,(" = %s\n", user_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_group_rid - ********************************************************************/ -uint32 lookup_group_rid(char *group_name, uint32 *rid) -{ - char *grp_name; - int i = -1; /* start do loop at -1 */ - - do /* find, if it exists, a group rid for the group name*/ - { - i++; - (*rid) = domain_group_rids[i].rid; - grp_name = domain_group_rids[i].name; - - } while (grp_name != NULL && !strequal(grp_name, group_name)); - - return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_rid - ********************************************************************/ -uint32 lookup_alias_rid(char *alias_name, uint32 *rid) -{ - char *als_name; - int i = -1; /* start do loop at -1 */ - - do /* find, if it exists, a alias rid for the alias name*/ - { - i++; - (*rid) = builtin_alias_rids[i].rid; - als_name = builtin_alias_rids[i].name; - - } while (als_name != NULL && !strequal(als_name, alias_name)); - - return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_user_rid - ********************************************************************/ -uint32 lookup_user_rid(char *user_name, uint32 *rid) -{ - struct sam_passwd *sam_pass; - (*rid) = 0; - - /* find the user account */ - become_root(True); - sam_pass = getsam21pwnam(user_name); - unbecome_root(True); - - if (sam_pass != NULL) - { - (*rid) = sam_pass->user_rid; - return 0x0; - } - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} +/* retired module */ diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c index 4afa9ece88..2b87cad330 100644 --- a/source3/smbd/groupname.c +++ b/source3/smbd/groupname.c @@ -19,12 +19,43 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#ifdef USING_GROUPNAME_MAP +/* + * UNIX gid and Local or Domain SID resolution. This module resolves + * only those entries in the map files, it is *NOT* responsible for + * resolving UNIX groups not listed: that is an entirely different + * matter, altogether... + */ + +/* + * + * + + format of the file is: + + unixname NT Group name + unixname Domain Admins (well-known Domain Group) + unixname DOMAIN_NAME\NT Group name + unixname OTHER_DOMAIN_NAME\NT Group name + unixname DOMAIN_NAME\Domain Admins (well-known Domain Group) + .... + + if the DOMAIN_NAME\ component is left off, then your own domain is assumed. + + * + * + */ + #include "includes.h" extern int DEBUGLEVEL; -extern DOM_SID global_sam_sid; +/* we can map either local aliases or domain groups */ +typedef enum +{ + GROUP_LOCAL, + GROUP_DOMAIN + +} GROUP_TYPE; /************************************************************************** Groupname map functionality. The code loads a groupname map file and @@ -33,211 +64,543 @@ extern DOM_SID global_sam_sid; if the demands on it become excessive. ***************************************************************************/ -typedef struct groupname_map { - ubi_slNode next; - - char *windows_name; - DOM_SID windows_sid; +typedef struct group_name_info +{ + char *nt_name; + char *nt_domain; char *unix_name; - gid_t unix_gid; -} groupname_map_entry; + + DOM_SID sid; + gid_t unix_gid; + +} GROUP_NAME_INFO; + +typedef struct name_map +{ + ubi_slNode next; + GROUP_NAME_INFO grp; + +} name_map_entry; static ubi_slList groupname_map_list; +static ubi_slList aliasname_map_list; + +static void delete_name_entry(name_map_entry *gmep) +{ + if (gmep->grp.nt_name) + { + free(gmep->grp.nt_name); + } + if (gmep->grp.nt_domain) + { + free(gmep->grp.nt_domain); + } + if (gmep->grp.unix_name) + { + free(gmep->grp.unix_name); + } + free((char*)gmep); +} + +/************************************************************************** + Delete all the entries in the name map list. +***************************************************************************/ + +static void delete_map_list(ubi_slList *map_list) +{ + name_map_entry *gmep; + + while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL) + { + delete_name_entry(gmep); + } +} + /************************************************************************** - Delete all the entries in the groupname map list. + makes a group sid out of a domain sid and a _unix_ gid. ***************************************************************************/ +static BOOL make_mydomain_sid(GROUP_NAME_INFO *grp, GROUP_TYPE type) +{ + uint32 tmp_rid; + uint8 tmp_type; + + DEBUG(10,("make_mydomain_sid\n")); + + if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) + { + DEBUG(0,("make_mydomain_sid: unknown domain %s\n", + grp->nt_domain)); + return False; + } + else if (lookup_wk_group_rid(grp->nt_name, &tmp_rid, &tmp_type)) + { + return sid_append_rid(&grp->sid, tmp_rid); + } + else + { + if (type == GROUP_DOMAIN) + { + tmp_rid = pwdb_gid_to_group_rid(grp->unix_gid); + } + else + { + tmp_rid = pwdb_gid_to_alias_rid(grp->unix_gid); + } + return sid_append_rid(&(grp->sid), tmp_rid); + } +} -static void delete_groupname_map_list(void) +/************************************************************************** + makes a group sid out of an nt domain, nt group name or a unix group name. +***************************************************************************/ +static BOOL unix_name_to_group_info(GROUP_NAME_INFO *grp, GROUP_TYPE type) { - groupname_map_entry *gmep; + extern fstring global_sam_name; + struct group *gptr = NULL; + + /* + * Attempt to get the unix gid_t for this name. + */ + + DEBUG(5,("unix_name_to_group_info: unix_name:%s\n", grp->unix_name)); + + gptr = (struct group *)getgrnam(grp->unix_name); + if (gptr == NULL) + { + DEBUG(0,("unix_name_to_group_info: getgrnam for group %s\ +failed. Error was %s.\n", grp->unix_name, strerror(errno) )); + return False; + } + + grp->unix_gid = (gid_t)gptr->gr_gid; + + DEBUG(5,("unix_name_to_group_info: unix gid:%d\n", grp->unix_gid)); + + /* + * Now map the name to an NT SID+RID. + */ + + if (grp->nt_domain != NULL && !strequal(grp->nt_domain, global_sam_name)) + { + /* Must add client-call lookup code here, to + * resolve remote domain's sid and the group's rid, + * in that domain. + * + * NOTE: it is _incorrect_ to put code here that assumes + * that we can call pwdb_gid_to_group_rid() or _alias_rid(): + * it is a totally different domain for which we are *NOT* + * responsible. + * for foriegn domains for which we are *NOT* the PDC, all + * we can be responsible for is the unix * gid_t to which + * the foriegn SID+rid maps to, on this _local_ machine. + */ + + if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) + { + DEBUG(0,("unix_name_to_group_info: no known sid for %s\n", + grp->nt_domain)); + return False; + } + + DEBUG(0,("unix_name_to_group_info: cannot resolve domain %s\n", + grp->nt_domain)); + + return False; + } + else + { + return make_mydomain_sid(grp, type); + } +} - while((gmep = (groupname_map_entry *)ubi_slRemHead( &groupname_map_list )) != NULL) { - if(gmep->windows_name) - free(gmep->windows_name); - if(gmep->unix_name) - free(gmep->unix_name); - free((char *)gmep); - } +static BOOL make_name_entry(name_map_entry **new_ep, + char *nt_domain, char *nt_group, char *unix_group, + GROUP_TYPE type) +{ + /* + * Create the list entry and add it onto the list. + */ + + DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group)); + + (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry)); + if ((*new_ep) == NULL) + { + DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n")); + return False; + } + + ZERO_STRUCTP(*new_ep); + + (*new_ep)->grp.nt_name = strdup(nt_group ); + (*new_ep)->grp.nt_domain = strdup(nt_domain ); + (*new_ep)->grp.unix_name = strdup(unix_group); + + if ((*new_ep)->grp.nt_name == NULL || + (*new_ep)->grp.unix_name == NULL) + { + DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n")); + delete_name_entry((*new_ep)); + return False; + } + + /* + * look up the group names, make the Group-SID and unix gid + */ + + if (!unix_name_to_group_info(&(*new_ep)->grp, type)) + { + delete_name_entry((*new_ep)); + return False; + } + + return True; } /************************************************************************** - Load a groupname map file. Sets last accessed timestamp. + Load a name map file. Sets last accessed timestamp. ***************************************************************************/ +static void load_name_map(GROUP_TYPE type) +{ + static time_t groupmap_file_last_modified = (time_t)0; + static time_t aliasmap_file_last_modified = (time_t)0; + static BOOL initialised_group = False; + static BOOL initialised_alias = False; + char *groupname_map_file = lp_groupname_map(); + char *aliasname_map_file = lp_aliasname_map(); + + SMB_STRUCT_STAT st; + FILE *fp; + char *s; + pstring buf; + name_map_entry *new_ep; + + time_t *file_last_modified; + int *initialised; + char *map_file; + ubi_slList *map_list; + + if (type == GROUP_DOMAIN) + { + file_last_modified = &groupmap_file_last_modified; + initialised = &initialised_group; + map_file = groupname_map_file; + map_list = &groupname_map_list; + } + else + { + file_last_modified = &aliasmap_file_last_modified; + initialised = &initialised_alias; + map_file = aliasname_map_file; + map_list = &aliasname_map_list; + } + + DEBUG(10,("load_name_map : %s\n", map_file)); + + if (!(*initialised)) + { + ubi_slInitList(map_list); + (*initialised) = True; + } + + if (!*map_file) + { + return; + } + + if (sys_stat(map_file, &st) != 0) + { + DEBUG(0, ("load_name_map: Unable to stat file %s. Error was %s\n", + map_file, strerror(errno) )); + return; + } + + /* + * Check if file has changed. + */ + if (st.st_mtime <= (*file_last_modified)) + { + return; + } + + (*file_last_modified) = st.st_mtime; + + /* + * Load the file. + */ + + fp = fopen(map_file,"r"); + if (!fp) + { + DEBUG(0,("load_name_map: can't open name map %s. Error was %s\n", + map_file, strerror(errno))); + return; + } + + /* + * Throw away any previous list. + */ + delete_map_list(map_list); + + DEBUG(4,("load_name_map: Scanning name map %s\n",map_file)); + + while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL) + { + pstring unixname; + pstring nt_name; + fstring nt_domain; + fstring nt_group; + char *p; + + DEBUG(10,("Read line |%s|\n", s)); + + memset(nt_name, 0, sizeof(nt_name)); + + if (!*s || strchr("#;",*s)) + continue; + + if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) + continue; + + if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name))) + continue; + + trim_string(unixname, " ", " "); + trim_string(nt_name, " ", " "); + + if (!*nt_name) + continue; + + if (!*unixname) + continue; + + DEBUG(5,("unixname = %s, ntname = %s.\n", + unixname, nt_name)); + + p = strchr(nt_name, '\\'); + + if (p == NULL) + { + memset(nt_domain, 0, sizeof(nt_domain)); + fstrcpy(nt_group, nt_name); + } + else + { + *p = 0; + p++; + fstrcpy(nt_domain, nt_name); + fstrcpy(nt_group , p); + } + + if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type)) + { + ubi_slAddHead(map_list, (ubi_slNode *)new_ep); + } + } + + DEBUG(10,("load_name_map: Added %ld entries to name map.\n", + ubi_slCount(map_list))); + + fclose(fp); +} + +/*********************************************************** + Lookup a gid_t by SID +************************************************************/ +static BOOL map_sid_to_gid(GROUP_TYPE type, ubi_slList *map_list, + DOM_SID *psid, gid_t *gid) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (sid_equal(&gmep->grp.sid, psid)) + { + *gid = gmep->grp.unix_gid; + DEBUG(7,("map_sid_to_gid: Mapping unix group %s to nt group %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name )); + return True; + } + } + + return False; +} + +/*********************************************************** + Lookup a SID entry by nt name. +************************************************************/ +static BOOL map_sid_to_ntname(GROUP_TYPE type, ubi_slList *map_list, + DOM_SID *psid, char *ntname, char *ntdomain) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(&map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (sid_equal(&gmep->grp.sid, psid)) + { + if (ntname != NULL) + { + fstrcpy(ntname, gmep->grp.nt_name); + } + if (ntdomain != NULL) + { + fstrcpy(ntname, gmep->grp.nt_domain); + } + DEBUG(7,("map_sid_to_ntname: Mapping unix group %s to nt group \%s\%s\n", + gmep->grp.unix_name, + gmep->grp.nt_domain, gmep->grp.nt_name )); + return True; + } + } + + return False; +} -void load_groupname_map(void) -{ - static time_t groupmap_file_last_modified = (time_t)0; - static BOOL initialized = False; - char *groupname_map_file = lp_groupname_map(); - SMB_STRUCT_STAT st; - FILE *fp; - char *s; - pstring buf; - groupname_map_entry *new_ep; - - if(!initialized) { - ubi_slInitList( &groupname_map_list ); - initialized = True; - } - - if (!*groupname_map_file) - return; - - if(sys_stat(groupname_map_file, &st) != 0) { - DEBUG(0, ("load_groupname_map: Unable to stat file %s. Error was %s\n", - groupname_map_file, strerror(errno) )); - return; - } - - /* - * Check if file has changed. - */ - if( st.st_mtime <= groupmap_file_last_modified) - return; - - groupmap_file_last_modified = st.st_mtime; - - /* - * Load the file. - */ - - fp = fopen(groupname_map_file,"r"); - if (!fp) { - DEBUG(0,("load_groupname_map: can't open groupname map %s. Error was %s\n", - groupname_map_file, strerror(errno))); - return; - } - - /* - * Throw away any previous list. - */ - delete_groupname_map_list(); - - DEBUG(4,("load_groupname_map: Scanning groupname map %s\n",groupname_map_file)); - - while((s=fgets_slash(buf,sizeof(buf),fp))!=NULL) { - pstring unixname; - pstring windows_name; - struct group *gptr; - DOM_SID tmp_sid; - - DEBUG(10,("load_groupname_map: Read line |%s|\n", s)); - - if (!*s || strchr("#;",*s)) - continue; - - if(!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) - continue; - - if(!next_token(&s,windows_name, "\t\n\r=", sizeof(windows_name))) - continue; - - trim_string(unixname, " ", " "); - trim_string(windows_name, " ", " "); - - if (!*windows_name) - continue; - - if(!*unixname) - continue; - - DEBUG(5,("load_groupname_map: unixname = %s, windowsname = %s.\n", - unixname, windows_name)); - - /* - * Attempt to get the unix gid_t for this name. - */ - - if((gptr = (struct group *)getgrnam(unixname)) == NULL) { - DEBUG(0,("load_groupname_map: getgrnam for group %s failed.\ -Error was %s.\n", unixname, strerror(errno) )); - continue; - } - - /* - * Now map to an NT SID. - */ - - if(!lookup_wellknown_sid_from_name(windows_name, &tmp_sid)) { - /* - * It's not a well known name, convert the UNIX gid_t - * to a rid within this domain SID. - */ - tmp_sid = global_sam_sid; - tmp_sid.sub_auths[tmp_sid.num_auths++] = - pdb_gid_to_group_rid((gid_t)gptr->gr_gid); - } - - /* - * Create the list entry and add it onto the list. - */ - - if((new_ep = (groupname_map_entry *)malloc( sizeof(groupname_map_entry) ))== NULL) { - DEBUG(0,("load_groupname_map: malloc fail for groupname_map_entry.\n")); - fclose(fp); - return; - } - - new_ep->unix_gid = gptr->gr_gid; - new_ep->windows_sid = tmp_sid; - new_ep->windows_name = strdup( windows_name ); - new_ep->unix_name = strdup( unixname ); - - if(new_ep->windows_name == NULL || new_ep->unix_name == NULL) { - DEBUG(0,("load_groupname_map: malloc fail for names in groupname_map_entry.\n")); - fclose(fp); - if(new_ep->windows_name != NULL) - free(new_ep->windows_name); - if(new_ep->unix_name != NULL) - free(new_ep->unix_name); - free((char *)new_ep); - return; - } - memset((char *)&new_ep->next, '\0', sizeof(new_ep->next) ); - - ubi_slAddHead( &groupname_map_list, (ubi_slNode *)new_ep); - } - - DEBUG(10,("load_groupname_map: Added %ld entries to groupname map.\n", - ubi_slCount(&groupname_map_list))); - - fclose(fp); +/*********************************************************** + Lookup a SID entry by nt name. +************************************************************/ +static BOOL map_ntname_to_sid(GROUP_TYPE type, ubi_slList *map_list, + char * ntname, DOM_SID *psid) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(&map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (strequal(gmep->grp.nt_name, ntname)) + { + *psid = gmep->grp.sid; + DEBUG(7,("map_ntname_to_sid: Mapping unix group %s to nt group %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name )); + return True; + } + } + + return False; } /*********************************************************** Lookup a SID entry by gid_t. ************************************************************/ +static BOOL map_gid_to_sid(GROUP_TYPE type, ubi_slList *map_list, + gid_t gid, DOM_SID *psid) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(&map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (gmep->grp.unix_gid == gid) + { + *psid = gmep->grp.sid; + DEBUG(7,("map_gid_to_sid: Mapping unix group %s to nt group %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name )); + return True; + } + } + + return False; +} + +/* + * Call these four functions to resolve unix group ids and either + * local group SIDs or domain group SIDs listed in the local group + * or domain group map files. + * + * Note that it is *NOT* the responsibility of these functions to + * resolve entries that are not in the map files. + * + * Any SID can be in the map files (i.e from any Domain). + */ -void map_gid_to_sid( gid_t gid, DOM_SID *psid) +/*********************************************************** + Lookup a Group entry by sid. +************************************************************/ +BOOL map_group_sid_to_name(DOM_SID *psid, char *group_name, char *nt_domain) +{ + return map_sid_to_ntname(GROUP_DOMAIN, &groupname_map_list, psid, group_name, nt_domain); +} + +/*********************************************************** + Lookup an Alias SID entry by name. +************************************************************/ +BOOL map_alias_sid_to_name(DOM_SID *psid, char *alias_name, char *nt_domain) +{ + return map_sid_to_ntname(GROUP_LOCAL, &aliasname_map_list, psid, alias_name, nt_domain); +} + +/*********************************************************** + Lookup a Group SID entry by name. +************************************************************/ +BOOL map_group_name_to_sid(char *group_name, DOM_SID *psid) { - groupname_map_entry *gmep; + return map_ntname_to_sid(GROUP_DOMAIN, &groupname_map_list, group_name, psid); +} - /* - * Initialize and load if not already loaded. - */ - load_groupname_map(); +/*********************************************************** + Lookup an Alias SID entry by name. +************************************************************/ +BOOL map_alias_name_to_sid(char *alias_name, DOM_SID *psid) +{ + return map_ntname_to_sid(GROUP_LOCAL, &aliasname_map_list, alias_name, psid); +} - for( gmep = (groupname_map_entry *)ubi_slFirst( &groupname_map_list); - gmep; gmep = (groupname_map_entry *)ubi_slNext( gmep )) { +/*********************************************************** + Lookup an Alias SID entry by gid_t. +************************************************************/ +BOOL map_gid_to_alias_sid(gid_t gid, DOM_SID *psid) +{ + return map_gid_to_sid(GROUP_LOCAL, &aliasname_map_list, gid, psid); +} - if( gmep->unix_gid == gid) { - *psid = gmep->windows_sid; - DEBUG(7,("map_gid_to_sid: Mapping unix group %s to windows group %s.\n", - gmep->unix_name, gmep->windows_name )); - return; - } - } +/*********************************************************** + Lookup a Group SID entry by gid_t. +************************************************************/ +BOOL map_gid_to_group_sid( gid_t gid, DOM_SID *psid) +{ + return map_gid_to_sid(GROUP_DOMAIN, &groupname_map_list, gid, psid); +} - /* - * If there's no map, convert the UNIX gid_t - * to a rid within this domain SID. - */ - *psid = global_sam_sid; - psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid); +/*********************************************************** + Lookup a Group gid_t by SID +************************************************************/ +BOOL map_group_sid_to_gid( DOM_SID *psid, gid_t *gid) +{ + return map_sid_to_gid(GROUP_DOMAIN, &groupname_map_list, psid, gid); +} - return; +/*********************************************************** + Lookup an Alias gid_t by SID +************************************************************/ +BOOL map_alias_sid_to_gid( DOM_SID *psid, gid_t *gid) +{ + return map_sid_to_gid(GROUP_LOCAL, &aliasname_map_list, psid, gid); } -#else /* USING_GROUPNAME_MAP */ - void load_groupname_map(void) {;} -#endif /* USING_GROUPNAME_MAP */ + diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 8b4049cd96..e4f0d2e2ec 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -562,8 +562,8 @@ int reply_ntcreate_and_X(connection_struct *conn, /* If it's an IPC, use the pipe handler. */ - if (IS_IPC(conn) && lp_nt_pipe_support()) { - + if (IS_IPC(conn) && lp_nt_pipe_support() && lp_security() != SEC_SHARE) + { int ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum); if(ret != 0) return ret; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index fb5acf156f..0c8eb124ff 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -153,7 +153,7 @@ char *validated_username(uint16 vuid) /**************************************************************************** Setup the groups a user belongs to. ****************************************************************************/ -int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups) +int get_unixgroups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups) { int i,ngroups; gid_t grp = 0; @@ -180,7 +180,7 @@ int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_gro if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) { - DEBUG(0,("setup_groups malloc fail !\n")); + DEBUG(0,("get_unixgroups malloc fail !\n")); return -1; } @@ -263,7 +263,7 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(unix_name,uid,gid, + get_unixgroups(unix_name,uid,gid, &vuser->n_groups, &vuser->groups); @@ -1142,15 +1142,10 @@ BOOL domain_client_validate( char *user, char *domain, unsigned char local_lm_response[24]; unsigned char local_nt_reponse[24]; unsigned char trust_passwd[16]; - fstring remote_machine; - char *p; - struct in_addr dest_ip; NET_ID_INFO_CTR ctr; NET_USER_INFO_3 info3; struct cli_state cli; uint32 smb_uid_low; - BOOL connected_ok = False; - struct nmb_name calling, called; /* * Check that the requested domain is not our own machine name. @@ -1211,102 +1206,9 @@ BOOL domain_client_validate( char *user, char *domain, * see if they were valid. */ - ZERO_STRUCT(cli); - - if(cli_initialise(&cli) == False) { - DEBUG(0,("domain_client_validate: unable to initialize client connection.\n")); - return False; - } - - /* - * Treat each name in the 'password server =' line as a potential - * PDC/BDC. Contact each in turn and try and authenticate. - */ - - p = lp_passwordserver(); - while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) { - - standard_sub_basic(remote_machine); - strupper(remote_machine); - - if(!resolve_name( remote_machine, &dest_ip, 0x20)) { - DEBUG(1,("domain_client_validate: Can't resolve address for %s\n", remote_machine)); - continue; - } - - if (ismyip(dest_ip)) { - DEBUG(1,("domain_client_validate: Password server loop - not using password server %s\n",remote_machine)); - continue; - } - - if (!cli_connect(&cli, remote_machine, &dest_ip)) { - DEBUG(0,("domain_client_validate: unable to connect to SMB server on \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - continue; - } - - make_nmb_name(&calling, global_myname , 0x0 , scope); - make_nmb_name(&called , remote_machine, 0x20, scope); - - if (!cli_session_request(&cli, &calling, &called)) + if (!cli_connect_serverlist(&cli, lp_passwordserver())) { - DEBUG(0,("domain_client_validate: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - cli.protocol = PROTOCOL_NT1; - - if (!cli_negprot(&cli)) { - DEBUG(0,("domain_client_validate: machine %s rejected the negotiate protocol. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - if (cli.protocol != PROTOCOL_NT1) { - DEBUG(0,("domain_client_validate: machine %s didn't negotiate NT protocol.\n", - remote_machine)); - cli_shutdown(&cli); - continue; - } - - /* - * Do an anonymous session setup. - */ - - if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) { - DEBUG(0,("domain_client_validate: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - if (!(cli.sec_mode & 1)) { - DEBUG(1,("domain_client_validate: machine %s isn't in user level security mode\n", - remote_machine)); - cli_shutdown(&cli); - continue; - } - - if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { - DEBUG(0,("domain_client_validate: machine %s rejected the tconX on the IPC$ share. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - /* - * We have an anonymous connection to IPC$. - */ - connected_ok = True; - break; - } - - if (!connected_ok) { DEBUG(0,("domain_client_validate: Domain password server not available.\n")); - cli_shutdown(&cli); return False; } @@ -1317,7 +1219,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) { DEBUG(0,("domain_client_validate: unable to open the domain client session to \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); +machine %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -1326,7 +1228,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); if(cli_nt_setup_creds(&cli, trust_passwd) == False) { DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \ -%s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); +%s. Error was : %s.\n", cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -1341,7 +1243,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL), &ctr, &info3) == False) { DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \ -%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli))); +%s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -1361,7 +1263,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); if(cli_nt_logoff(&cli, &ctr) == False) { DEBUG(0,("domain_client_validate: unable to log off user %s in domain \ -%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli))); +%s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index ee0053aed0..78a09e46e7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1403,8 +1403,10 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt files_struct *fsp; /* If it's an IPC, pass off the pipe handler. */ - if (IS_IPC(conn) && lp_nt_pipe_support()) + if (IS_IPC(conn) && lp_nt_pipe_support() && lp_security() != SEC_SHARE) + { return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize); + } /* XXXX we need to handle passed times, sattr and flags */ diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 68f722ff51..49816e5d47 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -25,6 +25,7 @@ pstring servicesf = CONFIGFILE; extern pstring debugf; extern fstring global_myworkgroup; +extern fstring global_sam_name; extern pstring global_myname; int am_parent = 1; @@ -428,6 +429,13 @@ void exit_server(char *reason) locking_end(); DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); +#ifdef MEM_MAN + { + extern FILE *dbf; + smb_mem_write_verbose(dbf); + dbgflush(); + } +#endif exit(0); } @@ -644,12 +652,42 @@ static void usage(char *pname) codepage_initialise(lp_client_code_page()); fstrcpy(global_myworkgroup, lp_workgroup()); + memset(global_sam_name, 0, sizeof(global_sam_name)); + + if (lp_domain_logons()) + { + if (lp_security() == SEC_USER) + { + /* we are PDC (or BDC) for a Domain */ + fstrcpy(global_sam_name, lp_workgroup()); + } + else if (lp_security() == SEC_DOMAIN) + { + /* we are a "PDC", but FOR LOCAL SAM DATABASE ONLY */ + fstrcpy(global_sam_name, global_myname); + } + else if (lp_security() == SEC_SHARE) + { + DEBUG(0,("ERROR: no Domain functionality in security = share\n")); + exit(1); + } + } + + generate_wellknown_sids(); - if(!pdb_generate_sam_sid()) { + if (!generate_sam_sid()) + { DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); exit(1); } + if (lp_security() == SEC_DOMAIN && !get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(1); + } + CatchSignal(SIGHUP,SIGNAL_CAST sig_hup); /* Setup the signals that allow the debug log level @@ -696,7 +734,16 @@ static void usage(char *pname) if (!locking_init(0)) exit(1); - if(!initialize_password_db()) + if(!initialise_passgrp_db()) + exit(1); + + if(!initialise_password_db()) + exit(1); + + if(!initialise_group_db()) + exit(1); + + if(!initialise_alias_db()) exit(1); /* possibly reload the services file. */ diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ee195e12ec..cedac1c76f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -387,7 +387,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!IS_IPC(conn)) { /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(conn->user,conn->uid,conn->gid, + get_unixgroups(conn->user,conn->uid,conn->gid, &conn->ngroups,&conn->groups); /* check number of connections */ diff --git a/source3/utils/rpctorture.c b/source3/utils/rpctorture.c index 96d1181ca0..dac64a22e3 100644 --- a/source3/utils/rpctorture.c +++ b/source3/utils/rpctorture.c @@ -49,7 +49,36 @@ struct cli_state *smb_cli = &smbcli; FILE *out_hnd; +static pstring user_name; /* local copy only, if one is entered */ static pstring password; /* local copy only, if one is entered */ +static pstring domain; /* local copy only, if one is entered */ +BOOL got_pass = False; + +static struct nmb_name calling; +static struct nmb_name called; + +static void get_passwd(void) +{ + /* set the password cache info */ + if (got_pass) + { + if (password[0] == 0) + { + pwd_set_nullpwd(&(smb_cli->pwd)); + } + else + { + pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ + } + } + else + { + char *pwd = getpass("Enter Password:"); + safe_strcpy(password, pwd, sizeof(password)); + pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ + got_pass = True; + } +} /**************************************************************************** initialise smb client structure @@ -59,6 +88,23 @@ void rpcclient_init(void) bzero(smb_cli, sizeof(smb_cli)); cli_initialise(smb_cli); smb_cli->capabilities |= CAP_NT_SMBS; + smb_cli->capabilities |= CAP_STATUS32; + + pstrcpy(smb_cli->user_name, user_name); + smb_cli->nt_pipe_fnum = 0xffff; + + get_passwd(); + + if (*domain == 0) + { + pstrcpy(smb_cli->domain,lp_workgroup()); + } + else + { + pstrcpy(smb_cli->domain, domain); + } + + strupper(smb_cli->domain); } /**************************************************************************** @@ -66,11 +112,7 @@ make smb client connection ****************************************************************************/ static BOOL rpcclient_connect(struct client_info *info) { - struct nmb_name calling; - struct nmb_name called; - - make_nmb_name(&called , dns_to_netbios_name(info->dest_host ), info->name_type, scope); - make_nmb_name(&calling, dns_to_netbios_name(info->myhostname), 0x0 , scope); + rpcclient_init(); if (!cli_establish_connection(smb_cli, info->dest_host, &info->dest_ip, @@ -97,7 +139,7 @@ static void rpcclient_stop(void) /**************************************************************************** log in as an nt user, log out again. ****************************************************************************/ -void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state *cli) +void run_enums_test(int num_ops, struct client_info *cli_info) { pstring cmd; int i; @@ -105,8 +147,8 @@ void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state /* establish connections. nothing to stop these being re-established. */ rpcclient_connect(cli_info); - DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd)); - if (cli->fd <= 0) + DEBUG(5,("rpcclient_connect: smb_cli->fd:%d\n", smb_cli->fd)); + if (smb_cli->fd <= 0) { fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n", cli_info->dest_host, cli_info->name_type); @@ -141,7 +183,7 @@ void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state /**************************************************************************** log in as an nt user, log out again. ****************************************************************************/ -void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_state *cli) +void run_ntlogin_test(int num_ops, struct client_info *cli_info) { pstring cmd; int i; @@ -149,8 +191,8 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat /* establish connections. nothing to stop these being re-established. */ rpcclient_connect(cli_info); - DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd)); - if (cli->fd <= 0) + DEBUG(5,("rpcclient_connect: smb_cli->fd:%d\n", smb_cli->fd)); + if (smb_cli->fd <= 0) { fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n", cli_info->dest_host, cli_info->name_type); @@ -159,7 +201,7 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat for (i = 0; i < num_ops; i++) { - slprintf(cmd, sizeof(cmd)-1, "%s %s", cli->user_name, password); + slprintf(cmd, sizeof(cmd)-1, "%s %s", smb_cli->user_name, password); set_first_token(cmd); cmd_netlogon_login_test(cli_info); @@ -169,12 +211,387 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat } +/* generate a random buffer */ +static void rand_buf(char *buf, int len) +{ + while (len--) { + *buf = sys_random(); + buf++; + } +} + +/**************************************************************************** +do a random rpc command +****************************************************************************/ +BOOL do_random_rpc(struct cli_state *cli, int max_len) +{ + prs_struct rbuf; + prs_struct buf; + uint8 opcode; + int param_len; + BOOL response = False; + + if ((sys_random() % 20) == 0) + { + param_len = (sys_random() % 256) + 4; + } + else + { + param_len = (sys_random() % max_len) + 4; + } + + prs_init(&buf , param_len, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + opcode = sys_random() % 256; + + /* turn parameters into data stream */ + rand_buf(mem_data(&buf.data, 0), param_len); + buf.offset = param_len; + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, opcode, &buf, &rbuf)) + { + response = rbuf.offset != 0; + + if (response) + { + DEBUG(0,("response! opcode: 0x%x\n", opcode)); + DEBUG(0,("request: length %d\n", param_len)); + dump_data(0, mem_data(&buf.data , 0), MIN(param_len, 128)); + DEBUG(0,("response: length %d\n", rbuf.data->offset.end)); + dump_data(0, mem_data(&rbuf.data, 0), rbuf.data->offset.end); + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return response; +} + + +/* send random IPC commands */ +static void random_rpc_pipe_enc(char *pipe_name, struct client_info *cli_info, + int numops) +{ + int i; + + DEBUG(0,("starting random rpc test on %s (encryped)\n", pipe_name)); + + /* establish connections. nothing to stop these being re-established. */ + if (!rpcclient_connect(cli_info)) + { + DEBUG(0,("random rpc test: connection failed\n")); + return; + } + + cli_nt_set_ntlmssp_flgs(smb_cli, + NTLMSSP_NEGOTIATE_UNICODE | + NTLMSSP_NEGOTIATE_OEM | + NTLMSSP_NEGOTIATE_SIGN | + NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_LM_KEY | + NTLMSSP_NEGOTIATE_NTLM | + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | + NTLMSSP_NEGOTIATE_00001000 | + NTLMSSP_NEGOTIATE_00002000); + + for (i = 1; i <= numops * 100; i++) + { + /* open session. */ + cli_nt_session_open(smb_cli, pipe_name); + + do_random_rpc(smb_cli, 1024); + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + + /* close the session */ + cli_nt_session_close(smb_cli); + } + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished random rpc test on %s\n", pipe_name)); +} + +/* send random IPC commands */ +static void random_rpc_pipe(char *pipe_name, struct client_info *cli_info, + int numops) +{ + int i; + + DEBUG(0,("starting random rpc test on %s\n", pipe_name)); + + /* establish connections. nothing to stop these being re-established. */ + if (!rpcclient_connect(cli_info)) + { + DEBUG(0,("random rpc test: connection failed\n")); + return; + } + + /* open session. */ + if (!cli_nt_session_open(smb_cli, pipe_name)) + { + DEBUG(0,("random rpc test: session open failed\n")); + return; + } + + for (i = 1; i <= numops * 100; i++) + { + do_random_rpc(smb_cli, 8192); + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + } + + /* close the session */ + cli_nt_session_close(smb_cli); + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished random rpc test on %s\n", pipe_name)); +} + +static void run_randomrpc(int numops, struct client_info *cli_info) +{ + char *pipes[] = + { + PIPE_SAMR , + PIPE_WINREG , + PIPE_SRVSVC , + PIPE_WKSSVC , + PIPE_NETLOGON , + PIPE_NTSVCS , + PIPE_LSARPC , + NULL + }; + + int i = 0; + + while (pipes[i] != NULL) + { + random_rpc_pipe(pipes[i], cli_info, numops); +#if 0 + random_rpc_pipe_enc(pipes[i], cli_info, numops); +#endif + + i++; + } +} + + +static void run_samhandles(int numops, struct client_info *cli_info) +{ + int i; + int count = 0; + int failed = 0; + int retry = 500; + fstring srv_name; + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli_info->dest_host); + strupper(srv_name); + + DEBUG(0,("starting sam handle test\n")); + + /* establish connections. nothing to stop these being re-established. */ + while (retry > 0 && !rpcclient_connect(cli_info)) + { + retry--; + } + + if (retry == 0) + { + DEBUG(0,("samhandle test: connection failed\n")); + return; + } + + /* open session. */ + if (!cli_nt_session_open(smb_cli, PIPE_SAMR)) + { + DEBUG(0,("samhandle test: session open failed\n")); + return; + } + + for (i = 1; i <= numops * 100; i++) + { + POLICY_HND pol; + POLICY_HND dom; + if (!do_samr_connect(smb_cli, srv_name, 0x20, &pol)) + { + failed++; + } +/* + if (!do_samr_open_domain(smb_cli, srv_name, 0x00000020, &pol)) + { + DEBUG(0,("samhandle domain open test (%i): failed\n", i)); + } + */ + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + count++; + } + + /* close the session */ + cli_nt_session_close(smb_cli); + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished samhandle test. count: %d failed: %d\n", count, failed)); +} + + +static void run_lsahandles(int numops, struct client_info *cli_info) +{ + int i; + int count = 0; + int failed = 0; + int retry = 500; + fstring srv_name; + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli_info->myhostname); + strupper(srv_name); + + DEBUG(0,("starting lsa handle test\n")); + + /* establish connections. nothing to stop these being re-established. */ + while (retry > 0 && !rpcclient_connect(cli_info)) + { + retry--; + } + + if (retry == 0) + { + DEBUG(0,("lsahandle test: connection failed\n")); + return; + } + /* open session. */ + if (!cli_nt_session_open(smb_cli, PIPE_LSARPC)) + { + DEBUG(0,("lsahandle test: session open failed\n")); + return; + } + + for (i = 1; i <= numops * 100; i++) + { + POLICY_HND pol; + if (!do_lsa_open_policy(smb_cli, srv_name, &pol, False)) + { + failed++; + } + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + count++; + } + + /* close the session */ + cli_nt_session_close(smb_cli); + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished lsahandle test. count: %d failed: %d\n", count, failed)); +} + + +static void run_pipegobble(int numops, struct client_info *cli_info, char *pipe_name) +{ + int i; + int count = 0; + int failed = 0; + int retry = 500; + fstring srv_name; + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli_info->myhostname); + strupper(srv_name); + + DEBUG(0,("starting pipe gobble test (%s)\n", pipe_name)); + + /* establish connections. nothing to stop these being re-established. */ + while (retry > 0 && !rpcclient_connect(cli_info)) + { + retry--; + } + + if (retry == 0) + { + DEBUG(0,("pipe gobble test: connection failed\n")); + return; + } + for (i = 1; i <= numops * 100; i++) + { + /* open session. */ + if (!cli_nt_session_open(smb_cli, pipe_name)) + { + DEBUG(0,("pipe gobble test: session open failed\n")); + } + + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + count++; + } + + rpcclient_stop(); + + DEBUG(0,("finished pipe gobble test (%s). count: %d failed: %d\n", + pipe_name, count, failed)); +} + + +static void run_handles(int numops, struct client_info *cli_info) +{ + run_samhandles(numops, cli_info); + run_lsahandles(numops, cli_info); +} + +static void run_pipegobbler(int numops, struct client_info *cli_info) +{ +/* + run_pipegobble(numops, cli_info, PIPE_SAMR); +*/ + run_pipegobble(numops, cli_info, PIPE_LSARPC); +} + +/**************************************************************************** +make tcp connection +****************************************************************************/ +static void run_tcpconnect(int numops, struct client_info *info) +{ + int i; + int failed = 0; + + for (i = 0; i < numops; i++) + { + rpcclient_init(); + + if (!cli_connect(smb_cli, info->dest_host, &info->dest_ip)) + { + failed++; + } + cli_shutdown(smb_cli); + } + + DEBUG(0,("tcp connections: count: %d failed: %d\n", numops, failed)); +} + /**************************************************************************** runs n simultaneous functions. ****************************************************************************/ static void create_procs(int nprocs, int numops, - struct client_info *cli_info, struct cli_state *cli, - void (*fn)(int, struct client_info *, struct cli_state *)) + struct client_info *cli_info, + void (*fn)(int, struct client_info *)) { int i, status; @@ -184,8 +601,8 @@ static void create_procs(int nprocs, int numops, { int mypid = getpid(); sys_srandom(mypid ^ time(NULL)); - fn(numops, cli_info, cli); - fflush(out_hnd); + fn(numops, cli_info); + dbgflush(); _exit(0); } } @@ -195,6 +612,8 @@ static void create_procs(int nprocs, int numops, waitpid(0, &status, 0); } } + + /**************************************************************************** usage on the program - OUT OF DATE! ****************************************************************************/ @@ -235,7 +654,6 @@ enum client_action extern int optind; static pstring servicesf = CONFIGFILE; pstring term_code; - BOOL got_pass = False; char *cmd_str=""; mode_t myumask = 0755; enum client_action cli_action = CLIENT_NONE; @@ -246,8 +664,6 @@ enum client_action out_hnd = stdout; - rpcclient_init(); - #ifdef KANJI pstrcpy(term_code, KANJI); #else /* KANJI */ @@ -285,8 +701,6 @@ enum client_action pstrcpy(cli_info.cur_dir , "\\"); pstrcpy(cli_info.file_sel, ""); pstrcpy(cli_info.base_dir, ""); - pstrcpy(smb_cli->domain, ""); - pstrcpy(smb_cli->user_name, ""); pstrcpy(cli_info.myhostname, ""); pstrcpy(cli_info.dest_host, ""); @@ -299,7 +713,6 @@ enum client_action ZERO_STRUCT(cli_info.dom.level5_sid); pstrcpy(cli_info.dom.level5_dom, ""); - smb_cli->nt_pipe_fnum = 0xffff; setup_logging(pname, True); @@ -403,8 +816,8 @@ enum client_action case 'U': { char *lp; - pstrcpy(smb_cli->user_name,optarg); - if ((lp=strchr(smb_cli->user_name,'%'))) + pstrcpy(user_name,optarg); + if ((lp=strchr(user_name,'%'))) { *lp = 0; pstrcpy(password,lp+1); @@ -416,7 +829,7 @@ enum client_action case 'W': { - pstrcpy(smb_cli->domain,optarg); + pstrcpy(domain,optarg); break; } @@ -516,12 +929,6 @@ enum client_action DEBUG(3,("%s client started (version %s)\n",timestring(),VERSION)); - if (*smb_cli->domain == 0) - { - pstrcpy(smb_cli->domain,lp_workgroup()); - } - strupper(smb_cli->domain); - load_interfaces(); if (cli_action == CLIENT_IPC) @@ -534,31 +941,25 @@ enum client_action strupper(cli_info.mach_acct); fstrcat(cli_info.mach_acct, "$"); - /* set the password cache info */ - if (got_pass) - { - if (password[0] == 0) - { - pwd_set_nullpwd(&(smb_cli->pwd)); - } - else - { - pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ - } - } - else - { - char *pwd = getpass("Enter Password:"); - safe_strcpy(password, pwd, sizeof(password)); - pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ - } + make_nmb_name(&called , dns_to_netbios_name(cli_info.dest_host ), cli_info.name_type, scope); + make_nmb_name(&calling, dns_to_netbios_name(cli_info.myhostname), 0x0 , scope); - create_procs(nprocs, numops, &cli_info, smb_cli, run_enums_test); + get_passwd(); +/* + create_procs(nprocs, numops, &cli_info, run_enums_test); if (password[0] != 0) { - create_procs(nprocs, numops, &cli_info, smb_cli, run_ntlogin_test); + create_procs(nprocs, numops, &cli_info, run_ntlogin_test); } +*/ + + create_procs(nprocs, numops, &cli_info, run_tcpconnect); +/* + create_procs(nprocs, numops, &cli_info, run_pipegobbler); + create_procs(nprocs, numops, &cli_info, run_handles); + create_procs(nprocs, numops, &cli_info, run_randomrpc); +*/ fflush(out_hnd); diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 902f59b245..3249103a27 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -554,7 +554,7 @@ int main(int argc, char **argv) charset_initialise(); - if(!initialize_password_db()) { + if(!initialise_password_db()) { fprintf(stderr, "Can't setup password database vectors.\n"); exit(1); } diff --git a/source3/utils/torture.c b/source3/utils/torture.c index 81fa33fc75..fb09f515cf 100644 --- a/source3/utils/torture.c +++ b/source3/utils/torture.c @@ -23,6 +23,9 @@ #include "includes.h" +extern int DEBUGLEVEL; +extern pstring debugf; + static fstring host, workgroup, share, password, username, myname; static int max_protocol = PROTOCOL_NT1; static char *sockops=""; @@ -42,8 +45,27 @@ static double end_timer(void) (tp2.tv_usec - tp1.tv_usec)*1.0e-6); } +#define FAILED_NO_ERROR 0 +#define FAILED_TCP_CONNECT 1 +#define FAILED_SESSION_REQ 2 +#define FAILED_SMB_SESS_SETUP 3 +#define FAILED_SMB_TCON 4 +#define FAILED_SMB_NEGPROT 5 +#define FAILED_CLI_STATE_INIT 6 +#define NUM_ERR_STATES 7 -static BOOL open_connection(struct cli_state *c) +static char *smb_messages[] = +{ + "No errors in connection", + "TCP connection ", + "NetBIOS Session Request", + "SMB Session Setup ", + "SMB Tcon ", + "SMB Negprot ", + "Client initialisation " +}; + +static int open_connection(struct cli_state *c) { struct nmb_name called, calling; @@ -52,48 +74,53 @@ static BOOL open_connection(struct cli_state *c) make_nmb_name(&calling, myname, 0x0, ""); make_nmb_name(&called , host, 0x20, ""); - if (!cli_initialise(c) || !cli_connect(c, host, NULL)) { - printf("Failed to connect with %s\n", host); - return False; + if (!cli_initialise(c)) + { + DEBUG(0,("Failed to connect with %s\n", host)); + return FAILED_CLI_STATE_INIT; + } + + if (!cli_connect(c, host, NULL)) { + DEBUG(0,("Failed to connect with %s\n", host)); + return FAILED_TCP_CONNECT; } if (!cli_session_request(c, &calling, &called)) { cli_shutdown(c); - printf("%s rejected the session\n",host); - return False; + DEBUG(0,("%s rejected the session\n",host)); + return FAILED_SESSION_REQ; } if (!cli_negprot(c)) { - printf("%s rejected the negprot (%s)\n",host, cli_errstr(c)); + DEBUG(0,("%s rejected the negprot (%s)\n",host, cli_errstr(c))); cli_shutdown(c); - return False; + return FAILED_SMB_NEGPROT; } if (!cli_session_setup(c, username, password, strlen(password), password, strlen(password), workgroup)) { + DEBUG(0,("%s rejected the sessionsetup (%s)\n", host, cli_errstr(c))); cli_shutdown(c); - printf("%s rejected the sessionsetup (%s)\n", host, cli_errstr(c)); - return False; + return FAILED_SMB_SESS_SETUP; } if (!cli_send_tconX(c, share, "?????", password, strlen(password)+1)) { - printf("%s refused tree connect (%s)\n", host, cli_errstr(c)); + DEBUG(0,("%s refused tree connect (%s)\n", host, cli_errstr(c))); cli_shutdown(c); - return False; + return FAILED_SMB_TCON; } - return True; + return FAILED_NO_ERROR; } - static void close_connection(struct cli_state *c) { if (!cli_tdis(c)) { - printf("tdis failed (%s)\n", cli_errstr(c)); + DEBUG(0,("tdis failed (%s)\n", cli_errstr(c))); } cli_shutdown(c); @@ -110,10 +137,10 @@ static BOOL check_error(struct cli_state *c, eno = cli_error(c, &class, &num); if ((eclass != class || ecode != num) && num != (nterr&0xFFFFFF)) { - printf("unexpected error code class=%d code=%d\n", - (int)class, (int)num); - printf(" expected %d/%d %d\n", - (int)eclass, (int)ecode, (int)nterr); + DEBUG(0,("unexpected error code class=%d code=%d\n", + (int)class, (int)num)); + DEBUG(0,(" expected %d/%d %d\n", + (int)eclass, (int)ecode, (int)nterr)); return False; } return True; @@ -144,7 +171,7 @@ static BOOL rw_torture(struct cli_state *c, int numops) if (fnum2 == -1) fnum2 = cli_open(c, lockfname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open of %s failed (%s)\n", lockfname, cli_errstr(c)); + DEBUG(0,("open of %s failed (%s)\n", lockfname, cli_errstr(c))); return False; } @@ -152,7 +179,7 @@ static BOOL rw_torture(struct cli_state *c, int numops) for (i=0;i<numops;i++) { unsigned n = (unsigned)sys_random()%10; if (i % 10 == 0) { - printf("%d\r", i); fflush(stdout); + DEBUG(0,("%d\r", i)); } slprintf(fname, sizeof(fstring) - 1, "\\torture.%u", n); @@ -162,49 +189,49 @@ static BOOL rw_torture(struct cli_state *c, int numops) fnum = cli_open(c, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_ALL); if (fnum == -1) { - printf("open failed (%s)\n", cli_errstr(c)); + DEBUG(0,("open failed (%s)\n", cli_errstr(c))); break; } if (cli_write(c, fnum, 0, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) { - printf("write failed (%s)\n", cli_errstr(c)); + DEBUG(0,("write failed (%s)\n", cli_errstr(c))); } for (j=0;j<50;j++) { if (cli_write(c, fnum, 0, (char *)buf, sizeof(pid)+(j*sizeof(buf)), sizeof(buf)) != sizeof(buf)) { - printf("write failed (%s)\n", cli_errstr(c)); + DEBUG(0,("write failed (%s)\n", cli_errstr(c))); } } pid2 = 0; if (cli_read(c, fnum, (char *)&pid2, 0, sizeof(pid)) != sizeof(pid)) { - printf("read failed (%s)\n", cli_errstr(c)); + DEBUG(0,("read failed (%s)\n", cli_errstr(c))); } if (pid2 != pid) { - printf("data corruption!\n"); + DEBUG(0,("data corruption!\n")); } if (!cli_close(c, fnum)) { - printf("close failed (%s)\n", cli_errstr(c)); + DEBUG(0,("close failed (%s)\n", cli_errstr(c))); } if (!cli_unlink(c, fname)) { - printf("unlink failed (%s)\n", cli_errstr(c)); + DEBUG(0,("unlink failed (%s)\n", cli_errstr(c))); } if (!cli_unlock(c, fnum2, n*sizeof(int), sizeof(int), -1)) { - printf("unlock failed (%s)\n", cli_errstr(c)); + DEBUG(0,("unlock failed (%s)\n", cli_errstr(c))); } } cli_close(c, fnum2); cli_unlink(c, lockfname); - printf("%d\n", i); + DEBUG(0,("%d\n", i)); return True; } @@ -231,15 +258,21 @@ static void run_torture(int numops) { static struct cli_state cli; - if (open_connection(&cli)) { + if (open_connection(&cli) == 0) + { cli_sockopt(&cli, sockops); - printf("pid %d OK\n", getpid()); + DEBUG(0,("pid %d OK\n", getpid())); rw_torture(&cli, numops); close_connection(&cli); } + else + { + DEBUG(0,("pid %d failed\n", getpid())); + } + } /* @@ -256,50 +289,50 @@ static void run_locktest1(void) int fnum1, fnum2, fnum3; time_t t1, t2; - if (!open_connection(&cli1) || !open_connection(&cli2)) { + if (open_connection(&cli1) != 0 || open_connection(&cli2) != 0) { return; } cli_sockopt(&cli1, sockops); cli_sockopt(&cli2, sockops); - printf("starting locktest1\n"); + DEBUG(0,("starting locktest1\n")); cli_unlink(&cli1, fname); fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open2 of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } fnum3 = cli_open(&cli2, fname, O_RDWR, DENY_NONE); if (fnum3 == -1) { - printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli2)); + DEBUG(0,("open3 of %s failed (%s)\n", fname, cli_errstr(&cli2))); return; } if (!cli_lock(&cli1, fnum1, 0, 4, 0)) { - printf("lock1 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("lock1 failed (%s)\n", cli_errstr(&cli1))); return; } if (cli_lock(&cli2, fnum3, 0, 4, 0)) { - printf("lock2 succeeded! This is a locking bug\n"); + DEBUG(0,("lock2 succeeded! This is a locking bug\n")); return; } else { if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return; } - printf("Testing lock timeouts\n"); + DEBUG(0,("Testing lock timeouts\n")); t1 = time(NULL); if (cli_lock(&cli2, fnum3, 0, 4, 10*1000)) { - printf("lock3 succeeded! This is a locking bug\n"); + DEBUG(0,("lock3 succeeded! This is a locking bug\n")); return; } else { if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return; @@ -307,33 +340,33 @@ static void run_locktest1(void) t2 = time(NULL); if (t2 - t1 < 5) { - printf("error: This server appears not to support timed lock requests\n"); + DEBUG(0,("error: This server appears not to support timed lock requests\n")); } if (!cli_close(&cli1, fnum2)) { - printf("close1 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("close1 failed (%s)\n", cli_errstr(&cli1))); return; } if (cli_lock(&cli2, fnum3, 0, 4, 0)) { - printf("lock4 succeeded! This is a locking bug\n"); + DEBUG(0,("lock4 succeeded! This is a locking bug\n")); return; } else { if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return; } if (!cli_close(&cli1, fnum1)) { - printf("close2 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("close2 failed (%s)\n", cli_errstr(&cli1))); return; } if (!cli_close(&cli2, fnum3)) { - printf("close3 failed (%s)\n", cli_errstr(&cli2)); + DEBUG(0,("close3 failed (%s)\n", cli_errstr(&cli2))); return; } if (!cli_unlink(&cli1, fname)) { - printf("unlink failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("unlink failed (%s)\n", cli_errstr(&cli1))); return; } @@ -341,7 +374,7 @@ static void run_locktest1(void) close_connection(&cli1); close_connection(&cli2); - printf("Passed locktest1\n"); + DEBUG(0,("Passed locktest1\n")); } @@ -362,13 +395,13 @@ static void run_locktest2(void) char *fname = "\\lockt2.lck"; int fnum1, fnum2, fnum3; - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } cli_sockopt(&cli, sockops); - printf("starting locktest2\n"); + DEBUG(0,("starting locktest2\n")); cli_unlink(&cli, fname); @@ -376,13 +409,13 @@ static void run_locktest2(void) fnum1 = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } fnum2 = cli_open(&cli, fname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open2 of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } @@ -390,19 +423,19 @@ static void run_locktest2(void) fnum3 = cli_open(&cli, fname, O_RDWR, DENY_NONE); if (fnum3 == -1) { - printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open3 of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } cli_setpid(&cli, 1); if (!cli_lock(&cli, fnum1, 0, 4, 0)) { - printf("lock1 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("lock1 failed (%s)\n", cli_errstr(&cli))); return; } if (cli_lock(&cli, fnum2, 0, 4, 0)) { - printf("lock2 succeeded! This is a locking bug\n"); + DEBUG(0,("lock2 succeeded! This is a locking bug\n")); } else { if (!check_error(&cli, ERRDOS, ERRlock, 0)) return; } @@ -410,11 +443,11 @@ static void run_locktest2(void) cli_setpid(&cli, 2); if (cli_unlock(&cli, fnum1, 0, 4, 0)) { - printf("unlock1 succeeded! This is a locking bug\n"); + DEBUG(0,("unlock1 succeeded! This is a locking bug\n")); } if (cli_lock(&cli, fnum3, 0, 4, 0)) { - printf("lock3 succeeded! This is a locking bug\n"); + DEBUG(0,("lock3 succeeded! This is a locking bug\n")); } else { if (!check_error(&cli, ERRDOS, ERRlock, 0)) return; } @@ -422,23 +455,23 @@ static void run_locktest2(void) cli_setpid(&cli, 1); if (!cli_close(&cli, fnum1)) { - printf("close1 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("close1 failed (%s)\n", cli_errstr(&cli))); return; } if (!cli_close(&cli, fnum2)) { - printf("close2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("close2 failed (%s)\n", cli_errstr(&cli))); return; } if (!cli_close(&cli, fnum3)) { - printf("close3 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("close3 failed (%s)\n", cli_errstr(&cli))); return; } close_connection(&cli); - printf("locktest2 finished\n"); + DEBUG(0,("locktest2 finished\n")); } @@ -456,40 +489,40 @@ static void run_locktest3(int numops) #define NEXT_OFFSET offset += (~(uint32)0) / numops - if (!open_connection(&cli1) || !open_connection(&cli2)) { + if (open_connection(&cli1) != 0 || open_connection(&cli2) != 0) { return; } cli_sockopt(&cli1, sockops); cli_sockopt(&cli2, sockops); - printf("starting locktest3\n"); + DEBUG(0,("starting locktest3\n")); cli_unlink(&cli1, fname); fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli2)); + DEBUG(0,("open2 of %s failed (%s)\n", fname, cli_errstr(&cli2))); return; } for (offset=i=0;i<numops;i++) { NEXT_OFFSET; if (!cli_lock(&cli1, fnum1, offset-1, 1, 0)) { - printf("lock1 %d failed (%s)\n", + DEBUG(0,("lock1 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } if (!cli_lock(&cli2, fnum2, offset-2, 1, 0)) { - printf("lock2 %d failed (%s)\n", + DEBUG(0,("lock2 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } } @@ -498,22 +531,22 @@ static void run_locktest3(int numops) NEXT_OFFSET; if (cli_lock(&cli1, fnum1, offset-2, 1, 0)) { - printf("error: lock1 %d succeeded!\n", i); + DEBUG(0,("error: lock1 %d succeeded!\n", i)); return; } if (cli_lock(&cli2, fnum2, offset-1, 1, 0)) { - printf("error: lock2 %d succeeded!\n", i); + DEBUG(0,("error: lock2 %d succeeded!\n", i)); return; } if (cli_lock(&cli1, fnum1, offset-1, 1, 0)) { - printf("error: lock3 %d succeeded!\n", i); + DEBUG(0,("error: lock3 %d succeeded!\n", i)); return; } if (cli_lock(&cli2, fnum2, offset-2, 1, 0)) { - printf("error: lock4 %d succeeded!\n", i); + DEBUG(0,("error: lock4 %d succeeded!\n", i)); return; } } @@ -522,37 +555,37 @@ static void run_locktest3(int numops) NEXT_OFFSET; if (!cli_unlock(&cli1, fnum1, offset-1, 1, 0)) { - printf("unlock1 %d failed (%s)\n", + DEBUG(0,("unlock1 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } if (!cli_unlock(&cli2, fnum2, offset-2, 1, 0)) { - printf("unlock2 %d failed (%s)\n", + DEBUG(0,("unlock2 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } } if (!cli_close(&cli1, fnum1)) { - printf("close1 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("close1 failed (%s)\n", cli_errstr(&cli1))); } if (!cli_close(&cli2, fnum2)) { - printf("close2 failed (%s)\n", cli_errstr(&cli2)); + DEBUG(0,("close2 failed (%s)\n", cli_errstr(&cli2))); } if (!cli_unlink(&cli1, fname)) { - printf("unlink failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("unlink failed (%s)\n", cli_errstr(&cli1))); return; } close_connection(&cli1); close_connection(&cli2); - printf("finished locktest3\n"); + DEBUG(0,("finished locktest3\n")); } @@ -567,24 +600,24 @@ static void run_fdpasstest(void) int fnum1; pstring buf; - if (!open_connection(&cli1) || !open_connection(&cli2)) { + if (open_connection(&cli1) != 0 || open_connection(&cli2) != 0) { return; } cli_sockopt(&cli1, sockops); cli_sockopt(&cli2, sockops); - printf("starting fdpasstest\n"); + DEBUG(0,("starting fdpasstest\n")); cli_unlink(&cli1, fname); fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } if (cli_write(&cli1, fnum1, 0, "hello world\n", 0, 13) != 13) { - printf("write failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("write failed (%s)\n", cli_errstr(&cli1))); return; } @@ -594,8 +627,8 @@ static void run_fdpasstest(void) if (cli_read(&cli2, fnum1, buf, 0, 13) == 13) { - printf("read succeeded! nasty security hole [%s]\n", - buf); + DEBUG(0,("read succeeded! nasty security hole [%s]\n", + buf)); return; } @@ -605,7 +638,7 @@ static void run_fdpasstest(void) close_connection(&cli1); close_connection(&cli2); - printf("finished fdpasstest\n"); + DEBUG(0,("finished fdpasstest\n")); } @@ -620,13 +653,13 @@ static void run_unlinktest(void) char *fname = "\\unlink.tst"; int fnum; - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } cli_sockopt(&cli, sockops); - printf("starting unlink test\n"); + DEBUG(0,("starting unlink test\n")); cli_unlink(&cli, fname); @@ -634,12 +667,12 @@ static void run_unlinktest(void) fnum = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } if (cli_unlink(&cli, fname)) { - printf("error: server allowed unlink on an open file\n"); + DEBUG(0,("error: server allowed unlink on an open file\n")); } cli_close(&cli, fnum); @@ -647,7 +680,7 @@ static void run_unlinktest(void) close_connection(&cli); - printf("unlink test finished\n"); + DEBUG(0,("unlink test finished\n")); } @@ -664,16 +697,16 @@ static void run_maxfidtest(int n) srandom(getpid()); - while (!open_connection(&cli) && retries--) msleep(random() % 2000); + while (open_connection(&cli) != 0 && retries--) msleep(random() % 2000); if (retries <= 0) { - printf("failed to connect\n"); + DEBUG(0,("failed to connect\n")); return; } cli_sockopt(&cli, sockops); - printf("starting maxfid test\n"); + DEBUG(0,("starting maxfid test\n")); fnum = 0; while (1) { @@ -681,25 +714,25 @@ static void run_maxfidtest(int n) if (cli_open(&cli, fname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE) == -1) { - printf("open of %s failed (%s)\n", - fname, cli_errstr(&cli)); - printf("maximum fnum is %d\n", fnum); + DEBUG(0,("open of %s failed (%s)\n", + fname, cli_errstr(&cli))); + DEBUG(0,("maximum fnum is %d\n", fnum)); break; } fnum++; } - printf("cleaning up\n"); + DEBUG(0,("cleaning up\n")); while (fnum > n) { fnum--; slprintf(fname,sizeof(fname)-1,template, fnum,getpid()); if (cli_unlink(&cli, fname)) { - printf("unlink of %s failed (%s)\n", - fname, cli_errstr(&cli)); + DEBUG(0,("unlink of %s failed (%s)\n", + fname, cli_errstr(&cli))); } } - printf("maxfid test finished\n"); + DEBUG(0,("maxfid test finished\n")); close_connection(&cli); } @@ -713,24 +746,41 @@ static void rand_buf(char *buf, int len) } /* send random IPC commands */ -static void run_randomipc(void) +static void run_randomipc(int numops) { char *rparam = NULL; char *rdata = NULL; int rdrcnt,rprcnt; - pstring param; + char param[BUFFER_SIZE]; int api, param_len, i; + int reconnect_count = 50; static struct cli_state cli; - printf("starting random ipc test\n"); + DEBUG(0,("starting random ipc test\n")); + + while (reconnect_count > 0 && open_connection(&cli) != 0) + { + DEBUG(0,("connection failed: retrying %d\n", reconnect_count)); + msleep(sys_random() % 1000); + reconnect_count--; + } - if (!open_connection(&cli)) { + if (reconnect_count == 0) + { return; } - for (i=0;i<50000;i++) { + for (i=0;i<numops * 100;i++) + { api = sys_random() % 500; - param_len = (sys_random() % 64); + if ((sys_random() % 10) == 0) + { + param_len = (sys_random() % BUFFER_SIZE); + } + else + { + param_len = (sys_random() % 64); + } rand_buf(param, param_len); @@ -745,7 +795,7 @@ static void run_randomipc(void) close_connection(&cli); - printf("finished random ipc test\n"); + DEBUG(0,("finished random ipc test\n")); } @@ -753,7 +803,7 @@ static void run_randomipc(void) static void browse_callback(const char *sname, uint32 stype, const char *comment) { - printf("\t%20.20s %08x %s\n", sname, stype, comment); + DEBUG(0,("\t%20.20s %08x %s\n", sname, stype, comment)); } @@ -766,25 +816,25 @@ static void run_browsetest(void) { static struct cli_state cli; - printf("starting browse test\n"); + DEBUG(0,("starting browse test\n")); - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } - printf("domain list:\n"); + DEBUG(0,("domain list:\n")); cli_NetServerEnum(&cli, workgroup, SV_TYPE_DOMAIN_ENUM, browse_callback); - printf("machine list:\n"); + DEBUG(0,("machine list:\n")); cli_NetServerEnum(&cli, workgroup, SV_TYPE_ALL, browse_callback); close_connection(&cli); - printf("browse test finished\n"); + DEBUG(0,("browse test finished\n")); } @@ -798,9 +848,9 @@ static void run_attrtest(void) time_t t, t2; char *fname = "\\attrib.tst"; - printf("starting attrib test\n"); + DEBUG(0,("starting attrib test\n")); - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } @@ -809,36 +859,36 @@ static void run_attrtest(void) O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); cli_close(&cli, fnum); if (!cli_getatr(&cli, fname, NULL, NULL, &t)) { - printf("getatr failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("getatr failed (%s)\n", cli_errstr(&cli))); } if (abs(t - time(NULL)) > 2) { - printf("ERROR: SMBgetatr bug. time is %s", - ctime(&t)); + DEBUG(0,("ERROR: SMBgetatr bug. time is %s", + ctime(&t))); t = time(NULL); } t2 = t-60*60*24; /* 1 day ago */ if (!cli_setatr(&cli, fname, 0, t2)) { - printf("setatr failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("setatr failed (%s)\n", cli_errstr(&cli))); } if (!cli_getatr(&cli, fname, NULL, NULL, &t)) { - printf("getatr failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("getatr failed (%s)\n", cli_errstr(&cli))); } if (t != t2) { - printf("ERROR: getatr/setatr bug. times are\n%s", - ctime(&t)); - printf("%s", ctime(&t2)); + DEBUG(0,("ERROR: getatr/setatr bug. times are\n%s", + ctime(&t))); + DEBUG(0,("%s", ctime(&t2))); } cli_unlink(&cli, fname); close_connection(&cli); - printf("attrib test finished\n"); + DEBUG(0,("attrib test finished\n")); } @@ -855,9 +905,9 @@ static void run_trans2test(void) char *dname = "\\trans2"; char *fname2 = "\\trans2\\trans2.tst"; - printf("starting trans2 test\n"); + DEBUG(0,("starting trans2 test\n")); - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } @@ -866,7 +916,7 @@ static void run_trans2test(void) O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); if (!cli_qfileinfo(&cli, fnum, NULL, &size, &c_time, &a_time, &m_time, NULL, NULL)) { - printf("ERROR: qfileinfo failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qfileinfo failed (%s)\n", cli_errstr(&cli))); } cli_close(&cli, fnum); @@ -878,20 +928,20 @@ static void run_trans2test(void) cli_close(&cli, fnum); if (!cli_qpathinfo(&cli, fname, &c_time, &a_time, &m_time, &size, NULL)) { - printf("ERROR: qpathinfo failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo failed (%s)\n", cli_errstr(&cli))); } else { if (c_time != m_time) { - printf("create time=%s", ctime(&c_time)); - printf("modify time=%s", ctime(&m_time)); - printf("This system appears to have sticky create times\n"); + DEBUG(0,("create time=%s", ctime(&c_time))); + DEBUG(0,("modify time=%s", ctime(&m_time))); + DEBUG(0,("This system appears to have sticky create times\n")); } if (a_time % (60*60) == 0) { - printf("access time=%s", ctime(&a_time)); - printf("This system appears to set a midnight access time\n"); + DEBUG(0,("access time=%s", ctime(&a_time))); + DEBUG(0,("This system appears to set a midnight access time\n")); } if (abs(m_time - time(NULL)) > 60*60*24*7) { - printf("ERROR: totally incorrect times - maybe word reversed?\n"); + DEBUG(0,("ERROR: totally incorrect times - maybe word reversed?\n")); } } @@ -902,11 +952,11 @@ static void run_trans2test(void) cli_close(&cli, fnum); if (!cli_qpathinfo2(&cli, fname, &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL)) { - printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli))); } else { if (w_time < 60*60*24*2) { - printf("write time=%s", ctime(&w_time)); - printf("This system appears to set a initial 0 write time\n"); + DEBUG(0,("write time=%s", ctime(&w_time))); + DEBUG(0,("This system appears to set a initial 0 write time\n")); } } @@ -916,12 +966,12 @@ static void run_trans2test(void) /* check if the server updates the directory modification time when creating a new file */ if (!cli_mkdir(&cli, dname)) { - printf("ERROR: mkdir failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: mkdir failed (%s)\n", cli_errstr(&cli))); } sleep(3); if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL)) { - printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli))); } fnum = cli_open(&cli, fname2, @@ -930,10 +980,10 @@ static void run_trans2test(void) cli_close(&cli, fnum); if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2, &w_time, &size, NULL, NULL)) { - printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli))); } else { if (m_time2 == m_time) - printf("This system does not update directory modification times\n"); + DEBUG(0,("This system does not update directory modification times\n")); } cli_unlink(&cli, fname2); cli_rmdir(&cli, dname); @@ -941,29 +991,83 @@ static void run_trans2test(void) close_connection(&cli); - printf("trans2 test finished\n"); + DEBUG(0,("trans2 test finished\n")); } +static void run_connection(int numops) +{ + struct cli_state c; + int count = 0; + int failed[NUM_ERR_STATES]; + int i; + + DEBUG(0,("Connection test starts:\n")); + + for (i = 0; i < NUM_ERR_STATES; i++) + { + failed[i] = 0; + } + + for (i = 0; i < numops; i++) + { + int err; + DEBUG(0,("Connection test %d %d\n", i, numops)); + if ((err = open_connection(&c))) + { + failed[err]++; + } + count++; + } + + { + int failtotal = 0; + + for (i = 0, failtotal = 0; i < NUM_ERR_STATES; i++) + { + failtotal += failed[i]; + } + DEBUG(0,("Connection test results: count %d success %d\n", count, count-failtotal)); + } + for (i = 0; i < NUM_ERR_STATES; i++) + { + DEBUG(0,("%s: failed: %d\n", smb_messages[i], failed[i])); + } +} + static void create_procs(int nprocs, int numops, void (*fn)(int )) { int i, status; - for (i=0;i<nprocs;i++) { - if (fork() == 0) { + for (i=0;i<nprocs;i++) + { + if (fork() == 0) + { int mypid = getpid(); sys_srandom(mypid ^ time(NULL)); + + if (!dbg_interactive()) + { + slprintf(debugf, sizeof(debugf), "./log.torture.%d", mypid); + reopen_logs(); + } + fn(numops); + dbgflush(); _exit(0); } } for (i=0;i<nprocs;i++) + { waitpid(0, &status, 0); + } } +#define DEBUG_INTERACTIVE True + /**************************************************************************** main program ****************************************************************************/ @@ -975,9 +1079,14 @@ static void create_procs(int nprocs, int numops, void (*fn)(int )) int gotpass = 0; extern char *optarg; extern int optind; - extern FILE *dbf; + extern BOOL append_log; + extern BOOL timestamp_log; - dbf = stdout; + DEBUGLEVEL = 0; + pstrcpy(debugf,"./log.torture"); + setup_logging(argv[0], DEBUG_INTERACTIVE); + append_log = True; + timestamp_log = False; charset_initialise(); @@ -1055,8 +1164,12 @@ static void create_procs(int nprocs, int numops, void (*fn)(int )) } } - printf("host=%s share=%s user=%s myname=%s\n", - host, share, username, myname); + printf("host=%s share=%s user=%s myname=%s procs=%d ops=%d\n", + host, share, username, myname, nprocs, numops); + + create_procs(nprocs, numops, run_connection); +/* + create_procs(nprocs, numops, run_randomipc); run_fdpasstest(); run_locktest1(); @@ -1069,11 +1182,13 @@ static void create_procs(int nprocs, int numops, void (*fn)(int )) create_procs(nprocs, numops, run_maxfidtest); + + start_timer(); create_procs(nprocs, numops, run_torture); printf("rw_torture: %g secs\n", end_timer()); - - run_randomipc(); +*/ + dbgflush(); return(0); } diff --git a/source3/web/swat.c b/source3/web/swat.c index 8f47ced52d..cdbd1f8c8c 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -603,7 +603,7 @@ static BOOL change_password(const char *remote_machine, char *user_name, return ret; } - if(!initialize_password_db()) { + if(!initialise_password_db()) { printf("Can't setup password database vectors.\n<p>"); return False; } |