summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2011-05-31 15:32:29 +0200
committerSimo Sorce <idra@samba.org>2011-06-12 06:45:25 +0200
commitd5661467e17cc233fe8605e8138991b4a459e78f (patch)
treebe9c14207cf2d877c4c485a1f3332d493315c86f
parent97af3586567ff7ad4f22e083d32e5cfa2ebbb96e (diff)
downloadsamba-d5661467e17cc233fe8605e8138991b4a459e78f.tar.gz
samba-d5661467e17cc233fe8605e8138991b4a459e78f.tar.bz2
samba-d5661467e17cc233fe8605e8138991b4a459e78f.zip
s3-passdb: Implement new pdb trust calls for the default backend
Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Sun Jun 12 06:45:25 CEST 2011 on sn-devel-104
-rw-r--r--source3/Makefile.in15
-rw-r--r--source3/passdb/pdb_interface.c104
-rw-r--r--source3/torture/pdbtest.c83
3 files changed, 194 insertions, 8 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index a06c8c7c09..3ef754182b 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1037,6 +1037,7 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \
$(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \
$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
+ $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(POPT_LIB_OBJ) $(SMBLDAP_OBJ) ../lib/util/asn1.o
SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1)
@@ -1320,6 +1321,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o
PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
+ $(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(LIBTSOCKET_OBJ) $(PAM_ERRORS_OBJ)
IDMAP_RW_OBJ = winbindd/idmap_rw.o
@@ -1502,6 +1504,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \
$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
$(WBCOMMON_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
+ $(DRSUAPI_OBJ) \
$(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@
@@ -1871,11 +1874,11 @@ bin/smbpasswd@EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ $(LIBTALL
$(DYNEXP) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
-bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) $(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
$(POPT_LIBS) $(PASSDB_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) \
- $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
+ $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
bin/smbget@EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@@ -3115,17 +3118,17 @@ bin/wbinfo@EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(
$(LIBWBCLIENT_LIBS)
bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
- $(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+ $(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) $(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \
- $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \
+ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) $(ZLIB_LIBS) \
$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) @INIPARSERLIBS@
-bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB)
+bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB) $(ZLIB_LIBS)
@echo "Linking shared library $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) -lpam $(DYNEXP) \
- $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
+ $(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) $(LIBTALLOC) $(LIBTDB)
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index b3d62bc61c..94ed355e2c 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -25,6 +25,8 @@
#include "passdb.h"
#include "secrets.h"
#include "../librpc/gen_ndr/samr.h"
+#include "../librpc/gen_ndr/drsblobs.h"
+#include "../librpc/gen_ndr/ndr_drsblobs.h"
#include "memcache.h"
#include "nsswitch/winbind_client.h"
#include "../libcli/security/security.h"
@@ -2144,7 +2146,62 @@ static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods,
const char *domain,
struct pdb_trusted_domain **td)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct trustAuthInOutBlob taiob;
+ struct AuthenticationInformation aia;
+ struct pdb_trusted_domain *tdom;
+ enum ndr_err_code ndr_err;
+ time_t last_set_time;
+ char *pwd;
+ bool ok;
+
+ tdom = talloc(mem_ctx, struct pdb_trusted_domain);
+ if (!tdom) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ tdom->domain_name = talloc_strdup(tdom, domain);
+ tdom->netbios_name = talloc_strdup(tdom, domain);
+ if (!tdom->domain_name || !tdom->netbios_name) {
+ talloc_free(tdom);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ tdom->trust_auth_incoming = data_blob_null;
+
+ ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier,
+ &last_set_time);
+ if (!ok) {
+ talloc_free(tdom);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ ZERO_STRUCT(taiob);
+ ZERO_STRUCT(aia);
+ taiob.count = 1;
+ taiob.current.count = 1;
+ taiob.current.array = &aia;
+ unix_to_nt_time(&aia.LastUpdateTime, last_set_time);
+ aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
+ aia.AuthInfo.clear.password = (uint8_t *) pwd;
+ aia.AuthInfo.clear.size = strlen(pwd);
+ taiob.previous.count = 0;
+ taiob.previous.array = NULL;
+
+ ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing,
+ tdom, &taiob,
+ (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(tdom);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
+ tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
+ tdom->trust_attributes = 0;
+ tdom->trust_forest_trust_info = data_blob_null;
+
+ *td = tdom;
+ return NT_STATUS_OK;
}
static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods,
@@ -2155,11 +2212,54 @@ static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *method
return NT_STATUS_NOT_IMPLEMENTED;
}
+#define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0)
+
static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods,
const char* domain,
const struct pdb_trusted_domain *td)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct trustAuthInOutBlob taiob;
+ struct AuthenticationInformation *aia;
+ enum ndr_err_code ndr_err;
+ char *pwd;
+ bool ok;
+
+ if (td->trust_attributes != 0 ||
+ td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL ||
+ td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND ||
+ !IS_NULL_DATA_BLOB(td->trust_auth_incoming) ||
+ !IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ ZERO_STRUCT(taiob);
+ ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(),
+ &taiob,
+ (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ aia = (struct AuthenticationInformation *) taiob.current.array;
+
+ if (taiob.count != 1 || taiob.current.count != 1 ||
+ taiob.previous.count != 0 ||
+ aia->AuthType != TRUST_AUTH_TYPE_CLEAR) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password,
+ aia->AuthInfo.clear.size);
+ if (!pwd) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier);
+ if (!ok) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return NT_STATUS_OK;
}
static NTSTATUS pdb_default_del_trusted_domain(struct pdb_methods *methods,
diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
index 7ab20c7692..33419db275 100644
--- a/source3/torture/pdbtest.c
+++ b/source3/torture/pdbtest.c
@@ -24,6 +24,14 @@
#include "popt_common.h"
#include "passdb.h"
+#include "../librpc/gen_ndr/drsblobs.h"
+#include "../librpc/gen_ndr/ndr_drsblobs.h"
+#include "../libcli/security/dom_sid.h"
+
+#define TRUST_DOM "trustdom"
+#define TRUST_PWD "trustpwd1232"
+#define TRUST_SID "S-1-5-21-1111111111-2222222222-3333333333"
+
static bool samu_correct(struct samu *s1, struct samu *s2)
{
bool ret = True;
@@ -366,6 +374,81 @@ int main(int argc, char **argv)
get_friendly_nt_error_msg(rv));
}
+ /* test trustdom calls */
+ struct pdb_trusted_domain *td;
+ struct pdb_trusted_domain *new_td;
+ struct trustAuthInOutBlob taiob;
+ struct AuthenticationInformation aia;
+ enum ndr_err_code ndr_err;
+
+ td = talloc_zero(ctx ,struct pdb_trusted_domain);
+ if (!td) {
+ fprintf(stderr, "talloc failed\n");
+ exit(1);
+ }
+
+ td->domain_name = talloc_strdup(td, TRUST_DOM);
+ td->netbios_name = talloc_strdup(td, TRUST_DOM);
+ if (!td->domain_name || !td->netbios_name) {
+ fprintf(stderr, "talloc failed\n");
+ exit(1);
+ }
+
+ td->trust_auth_incoming = data_blob_null;
+
+ ZERO_STRUCT(taiob);
+ ZERO_STRUCT(aia);
+ taiob.count = 1;
+ taiob.current.count = 1;
+ taiob.current.array = &aia;
+ unix_to_nt_time(&aia.LastUpdateTime, time(NULL));
+ aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
+ aia.AuthInfo.clear.password = (uint8_t *) talloc_strdup(ctx, TRUST_PWD);
+ aia.AuthInfo.clear.size = strlen(TRUST_PWD);
+
+ taiob.previous.count = 0;
+ taiob.previous.array = NULL;
+
+ ndr_err = ndr_push_struct_blob(&td->trust_auth_outgoing,
+ td, &taiob,
+ (ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ fprintf(stderr, "ndr_push_struct_blob failed.\n");
+ exit(1);
+ }
+
+ td->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
+ td->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
+ td->trust_attributes = 0;
+ td->trust_forest_trust_info = data_blob_null;
+
+ rv = pdb->set_trusted_domain(pdb, TRUST_DOM, td);
+ if (!NT_STATUS_IS_OK(rv)) {
+ fprintf(stderr, "Error in set_trusted_domain %s\n",
+ get_friendly_nt_error_msg(rv));
+ error = True;
+ }
+
+ rv = pdb->get_trusted_domain(pdb, ctx, TRUST_DOM, &new_td);
+ if (!NT_STATUS_IS_OK(rv)) {
+ fprintf(stderr, "Error in set_trusted_domain %s\n",
+ get_friendly_nt_error_msg(rv));
+ error = True;
+ }
+
+ if (!strequal(td->domain_name, new_td->domain_name) ||
+ !strequal(td->netbios_name, new_td->netbios_name) ||
+ !sid_equal(&td->security_identifier, &new_td->security_identifier) ||
+ td->trust_direction != new_td->trust_direction ||
+ td->trust_type != new_td->trust_type ||
+ td->trust_attributes != new_td->trust_attributes ||
+ td->trust_auth_incoming.length != new_td->trust_auth_incoming.length ||
+ td->trust_forest_trust_info.length != new_td->trust_forest_trust_info.length ||
+ data_blob_cmp(&td->trust_auth_outgoing, &new_td->trust_auth_outgoing) != 0) {
+ fprintf(stderr, "Old and new trusdet domain data do not match\n");
+ error = True;
+ }
+
TALLOC_FREE(ctx);
if (error) {