diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-04-14 09:44:16 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-04-14 09:44:16 +0000 |
commit | 07e6ff5fcfe337bb65a7c3a4493a92a7761cf2ed (patch) | |
tree | 0623e2c8e4b760f294c31de6f01aec1ec1a71902 | |
parent | 06f15779303dc540ee7801fe843023970454166b (diff) | |
download | samba-07e6ff5fcfe337bb65a7c3a4493a92a7761cf2ed.tar.gz samba-07e6ff5fcfe337bb65a7c3a4493a92a7761cf2ed.tar.bz2 samba-07e6ff5fcfe337bb65a7c3a4493a92a7761cf2ed.zip |
Partly based on the work by mimir (Rafal Szczesniak
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
(This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
-rw-r--r-- | source3/auth/auth_domain.c | 2 | ||||
-rw-r--r-- | source3/include/includes.h | 1 | ||||
-rw-r--r-- | source3/include/rpc_lsa.h | 4 | ||||
-rw-r--r-- | source3/include/secrets.h | 22 | ||||
-rw-r--r-- | source3/lib/talloc.c | 9 | ||||
-rw-r--r-- | source3/lib/util_unistr.c | 41 | ||||
-rw-r--r-- | source3/libsmb/cli_samr.c | 2 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 136 | ||||
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 76 | ||||
-rw-r--r-- | source3/rpc_parse/parse_misc.c | 45 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 20 | ||||
-rw-r--r-- | source3/tdb/tdbutil.c | 72 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 40 |
15 files changed, 406 insertions, 68 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index af353ef812..a77bbeade3 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -527,7 +527,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte } /* - * Get the machine account password for the trusted domain + * Get the trusted account password for the trusted domain * No need to become_root() as secrets_init() is done at startup. */ diff --git a/source3/include/includes.h b/source3/include/includes.h index 5da1c1d997..1dfebcea78 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -696,6 +696,7 @@ extern int errno; #include "dlinklist.h" #include "../tdb/tdb.h" #include "../tdb/spinlock.h" +#include "../tdb/tdbutil.h" #include "talloc.h" #include "ads.h" #include "interfaces.h" diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index ccdce6f263..ceb0e17d5c 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -278,8 +278,8 @@ typedef struct lsa_r_query_info typedef struct lsa_enum_trust_dom_info { POLICY_HND pol; /* policy handle */ - uint32 enum_context; /* enumeration context handle */ - uint32 preferred_len; /* preferred maximum length */ + uint32 enum_context; /* enumeration context handle */ + uint32 preferred_len; /* preferred maximum length */ } LSA_Q_ENUM_TRUST_DOM; diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 69ab4f6c8d..3d7e2aa97e 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -48,12 +48,26 @@ struct machine_acct_pass { time_t mod_time; }; -/* structure for storing trusted domain password */ +/* + * storage structure for trusted domain + */ struct trusted_dom_pass { - int pass_len; - fstring pass; + size_t uni_name_len; + smb_ucs2_t uni_name[32]; /* unicode domain name */ + size_t pass_len; + fstring pass; /* trust relationship's password */ time_t mod_time; - DOM_SID domain_sid; /* remote domain's sid */ + DOM_SID domain_sid; /* remote domain's sid */ }; +/* + * trusted domain entry/entries returned by secrets_get_trusted_domains + * (used in _lsa_enum_trust_dom call) + */ +typedef struct trustdom { + smb_ucs2_t *name; + DOM_SID sid; +} TRUSTDOM; + + #endif /* _SECRETS_H */ diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c index 6ac784a929..b50e451b95 100644 --- a/source3/lib/talloc.c +++ b/source3/lib/talloc.c @@ -287,6 +287,15 @@ char *talloc_strdup(TALLOC_CTX *t, const char *p) return NULL; } +/** strdup_w with a talloc */ +smb_ucs2_t *talloc_strdup_w(TALLOC_CTX *t, const smb_ucs2_t *p) +{ + if (p) + return talloc_memdup(t, p, (strlen_w(p) + 1) * sizeof(smb_ucs2_t)); + else + return NULL; +} + /** * Perform string formatting, and return a pointer to newly allocated * memory holding the result, inside a memory pool. diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c index a1cff26169..ba02819bdc 100644 --- a/source3/lib/util_unistr.c +++ b/source3/lib/util_unistr.c @@ -775,3 +775,44 @@ int unistrcpy(uint16 *dst, uint16 *src) return num_wchars; } + +/** + * Samba ucs2 type to UNISTR2 conversion + * + * @param ctx Talloc context to create the dst strcture (if null) and the + * contents of the unicode string. + * @param dst UNISTR2 destination. If equals null, then it's allocated. + * @param src smb_ucs2_t source. + * @param max_len maximum number of unicode characters to copy. If equals + * null, then null-termination of src is taken + * + * @return copied UNISTR2 destination + **/ +UNISTR2* ucs2_to_unistr2(TALLOC_CTX *ctx, UNISTR2* dst, smb_ucs2_t* src) +{ + size_t len; + + if (!src) return NULL; + len = strlen_w(src); + + /* allocate UNISTR2 destination if not given */ + if (!dst) { + dst = (UNISTR2*) talloc(ctx, sizeof(UNISTR2)); + if (!dst) return NULL; + } + if (!dst->buffer) { + dst->buffer = (uint16*) talloc(ctx, sizeof(uint16) * (len + 1)); + if (!dst->buffer) return NULL; + } + + /* set UNISTR2 parameters */ + dst->uni_max_len = len + 1; + dst->undoc = 0; + dst->uni_str_len = len; + + /* copy the actual unicode string */ + strncpy_w(dst->buffer, src, dst->uni_max_len); + + return dst; +}; + diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c index 85a7375f99..f3560ede5d 100644 --- a/source3/libsmb/cli_samr.c +++ b/source3/libsmb/cli_samr.c @@ -971,7 +971,7 @@ NTSTATUS cli_samr_lookup_rids(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_samr_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *domain_pol, uint32 flags, - uint32 num_names, char **names, + uint32 num_names, const char **names, uint32 *num_rids, uint32 **rids, uint32 **rid_types) { diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index b3507a1392..073317824b 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -1,6 +1,7 @@ /* Unix SMB/CIFS implementation. Copyright (C) Andrew Tridgell 1992-2001 + Copyright (C) Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -124,9 +125,13 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid) } -/************************************************************************ -form a key for fetching the machine trust account password -************************************************************************/ +/** + * Form a key for fetching the machine trust account password + * + * @param domain domain name + * + * @return stored password's key + **/ char *trust_keystr(char *domain) { static fstring keystr; @@ -141,7 +146,7 @@ char *trust_keystr(char *domain) /** * Form a key for fetching a trusted domain password * - * @param domain domain name + * @param domain trusted domain name * * @return stored password's key **/ @@ -194,21 +199,23 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16], Routine to get account password to trusted domain ************************************************************************/ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, - DOM_SID *sid, time_t *pass_last_set_time) + DOM_SID *sid, time_t *pass_last_set_time) { struct trusted_dom_pass *pass; size_t size; + /* fetching trusted domain password structure */ if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) { DEBUG(5, ("secrets_fetch failed!\n")); return False; } - + if (size != sizeof(*pass)) { DEBUG(0, ("secrets were of incorrect size!\n")); return False; } - + + /* the trust's password */ if (pwd) { *pwd = strdup(pass->pass); if (!*pwd) { @@ -216,9 +223,12 @@ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd, } } + /* last change time */ if (pass_last_set_time) *pass_last_set_time = pass->mod_time; + /* domain sid */ memcpy(&sid, &(pass->domain_sid), sizeof(sid)); + SAFE_FREE(pass); return True; @@ -247,19 +257,30 @@ BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]) * @return true if succeeded **/ -BOOL secrets_store_trusted_domain_password(char* domain, char* pwd, +BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_name, + size_t uni_name_len, char* pwd, DOM_SID sid) { struct trusted_dom_pass pass; ZERO_STRUCT(pass); + /* unicode domain name and its length */ + if (!uni_dom_name) + return False; + + strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1); + pass.uni_name_len = uni_name_len; + + /* last change time */ pass.mod_time = time(NULL); + /* password of the trust */ pass.pass_len = strlen(pwd); fstrcpy(pass.pass, pwd); + /* domain sid */ memcpy(&(pass.domain_sid), &sid, sizeof(sid)); - + return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass)); } @@ -357,3 +378,100 @@ BOOL secrets_store_ldap_pw(char* dn, char* pw) return secrets_store(key, pw, strlen(pw)); } + +/** + * The linked list is allocated on the supplied talloc context, caller gets to destory + * when done. + * + * @param start_idx starting index, eg. we can start fetching + * at third or sixth trusted domain entry + * @param num_domains number of domain entries to fetch at one call + * + * @return list of trusted domains structs (unicode name, sid and password) + **/ + +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int start_idx, int max_num_domains, int *num_domains, TRUSTDOM ***domains) +{ + TDB_LIST_NODE *keys, *k; + TRUSTDOM *dom = NULL; + char *pattern; + uint32 idx = 0; + size_t size; + struct trusted_dom_pass *pass; + + secrets_init(); + + *num_domains = 0; + + /* generate searching pattern */ + if (!(pattern = talloc_asprintf(ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS))) { + DEBUG(0, ("secrets_get_trusted_domains: talloc_asprintf() failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", + max_num_domains, start_idx)); + + *domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains); + + /* fetching trusted domains' data and collecting them in a list */ + keys = tdb_search_keys(tdb, pattern); + + /* searching for keys in sectrets db -- way to go ... */ + for (k = keys; k; k = k->next) { + char *secrets_key; + + /* important: ensure null-termination of the key string */ + secrets_key = strndup(k->node_key.dptr, k->node_key.dsize); + if (!secrets_key) { + DEBUG(0, ("strndup failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + pass = secrets_fetch(secrets_key, &size); + + if (size != sizeof(*pass)) { + DEBUG(2, ("Secrets record %s is invalid!\n", secrets_key)); + SAFE_FREE(pass); + continue; + } + + SAFE_FREE(secrets_key); + + if (idx >= start_idx && idx < start_idx + max_num_domains) { + dom = talloc_zero(ctx, sizeof(*dom)); + if (!dom) { + /* free returned tdb record */ + SAFE_FREE(pass); + + return NT_STATUS_NO_MEMORY; + } + + /* copy domain sid */ + SMB_ASSERT(sizeof(dom->sid) == sizeof(pass->domain_sid)); + memcpy(&(dom->sid), &(pass->domain_sid), sizeof(dom->sid)); + + /* copy unicode domain name */ + dom->name = talloc_strdup_w(ctx, pass->uni_name); + + (*domains)[*num_domains] = dom; + + (*num_domains)++; + + } + + idx++; + + /* free returned tdb record */ + SAFE_FREE(pass); + } + + DEBUG(5, ("secrets_get_trusted_domains: got %d of %d domains\n", + *num_domains, max_num_domains)); + + /* free the results of searching the keys */ + tdb_search_list_free(keys); + + return NT_STATUS_OK; +} + diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 91b54b9c83..415737ebfb 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -4,6 +4,7 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. + * Copyright (C) Andrew Bartlett 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -523,40 +524,63 @@ BOOL lsa_io_q_enum_trust_dom(char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, Inits an LSA_R_ENUM_TRUST_DOM structure. ********************************************************************/ -void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *r_e, uint32 enum_context, - char *domain_name, DOM_SID *domain_sid, - NTSTATUS status) +void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *r_e, uint32 enum_context, + uint32 requested_num_domains, uint32 num_domains, TRUSTDOM **td) { + int i; + DEBUG(5, ("init_r_enum_trust_dom\n")); r_e->enum_context = enum_context; - - if (NT_STATUS_IS_OK(status)) { - int len_domain_name = strlen(domain_name) + 1; - - r_e->num_domains = 1; - r_e->ptr_enum_domains = 1; - r_e->num_domains2 = 1; - - if (!(r_e->hdr_domain_name = (UNIHDR2 *)talloc(ctx,sizeof(UNIHDR2)))) - return; + r_e->num_domains = 0; + r_e->ptr_enum_domains = 0; + r_e->num_domains2 = 0; + + if (num_domains == 0) { + r_e->status = NT_STATUS_NO_MORE_ENTRIES; - if (!(r_e->uni_domain_name = (UNISTR2 *)talloc(ctx,sizeof(UNISTR2)))) + } else { + /* + * allocating empty arrays of unicode headers, strings + * and sids of enumerated trusted domains + */ + if (!(r_e->hdr_domain_name = (UNIHDR2 *)talloc(ctx,sizeof(UNIHDR2) * num_domains))) { + r_e->status = NT_STATUS_NO_MEMORY; return; + } + + if (!(r_e->uni_domain_name = (UNISTR2 *)talloc(ctx,sizeof(UNISTR2) * num_domains))) { + r_e->status = NT_STATUS_NO_MEMORY; + return; + } - if (!(r_e->domain_sid = (DOM_SID2 *)talloc(ctx,sizeof(DOM_SID2)))) + if (!(r_e->domain_sid = (DOM_SID2 *)talloc(ctx,sizeof(DOM_SID2) * num_domains))) { + r_e->status = NT_STATUS_NO_MEMORY; return; + } + + r_e->num_domains = num_domains; + r_e->num_domains2 = num_domains; + + for (i = 0; i < num_domains; i++) { + + /* don't know what actually is this for */ + r_e->ptr_enum_domains = 1; + + init_uni_hdr2(&r_e->hdr_domain_name[i], strlen_w((td[i])->name)); + init_dom_sid2(&r_e->domain_sid[i], &(td[i])->sid); + + init_unistr2_w(ctx, &r_e->uni_domain_name[i], (td[i])->name); + + }; + + if (num_domains < requested_num_domains) { + r_e->status = NT_STATUS_NO_MORE_ENTRIES; + } else { + r_e->status = NT_STATUS_OK; + } + } - init_uni_hdr2(&r_e->hdr_domain_name[0], len_domain_name); - init_unistr2 (&r_e->uni_domain_name[0], domain_name, - len_domain_name); - init_dom_sid2(&r_e->domain_sid[0], domain_sid); - } else { - r_e->num_domains = 0; - r_e->ptr_enum_domains = 0; - } - - r_e->status = status; } /******************************************************************* @@ -603,7 +627,7 @@ BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, for (i = 0; i < num_domains; i++) { if(!smb_io_unistr2 ("", &r_e->uni_domain_name[i], - r_e->hdr_domain_name[i].buffer, + r_e->hdr_domain_name[i].buffer, ps, depth)) return False; if(!smb_io_dom_sid2("", &r_e->domain_sid[i], ps, diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 73f285e320..f326681c64 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -916,6 +916,51 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len) rpcstr_push((char *)str->buffer, buf, len, STR_TERMINATE); } +/** + * Inits a UNISTR2 structure. + * @param ctx talloc context to allocate string on + * @param str pointer to string to create + * @param buf UCS2 null-terminated buffer to init from +*/ + +void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf) +{ + uint32 len = strlen_w(buf); + uint32 max_len = len; + uint32 alloc_len; + + ZERO_STRUCTP(str); + + /* set up string lengths. */ + str->uni_max_len = len; + str->undoc = 0; + str->uni_str_len = len; + + if (max_len < MAX_UNISTRLEN) + max_len = MAX_UNISTRLEN; + + alloc_len = (max_len + 1) * sizeof(uint16); + + str->buffer = (uint16 *)talloc_zero(ctx, alloc_len); + if ((str->buffer == NULL) && (alloc_len > 0)) + { + smb_panic("init_unistr2_w: malloc fail\n"); + return; + } + + /* + * don't move this test above ! The UNISTR2 must be initialized !!! + * jfm, 7/7/2001. + */ + if (buf==NULL) + return; + + /* Yes, this is a strncpy( foo, bar, strlen(bar)) - but as + long as the buffer above is talloc()ed correctly then this + is the correct thing to do */ + strncpy_w(str->buffer, buf, len + 1); +} + /******************************************************************* Inits a UNISTR2 structure from a UNISTR ********************************************************************/ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 4edc0678af..b8a558665f 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -4535,7 +4535,7 @@ inits a SAMR_Q_LOOKUP_NAMES structure. NTSTATUS init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u, POLICY_HND *pol, uint32 flags, - uint32 num_names, char **name) + uint32 num_names, const char **name) { uint32 i; diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index fcd4be0212..3914556e88 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -105,8 +105,10 @@ static BOOL api_lsa_enum_trust_dom(pipes_struct *p) if(!lsa_io_q_enum_trust_dom("", &q_u, data, 0)) return False; + /* get required trusted domains information */ r_u.status = _lsa_enum_trust_dom(p, &q_u, &r_u); + /* prepare the response */ if(!lsa_io_r_enum_trust_dom("", &r_u, rdata, 0)) return False; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 84ab44bc30..c564323803 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -416,14 +416,18 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL * /*************************************************************************** _lsa_enum_trust_dom - this needs fixing to do more than return NULL ! JRA. + ufff, done :) mimir ***************************************************************************/ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENUM_TRUST_DOM *r_u) { struct lsa_info *info; - uint32 enum_context = 0; - char *dom_name = NULL; - DOM_SID *dom_sid = NULL; + uint32 enum_context = q_u->enum_context; + /* it's set to 10 as a "our" preferred length */ + uint32 max_num_domains = q_u->preferred_len < 10 ? q_u->preferred_len : 10; + TRUSTDOM **trust_doms; + uint32 num_domains; + NTSTATUS nt_status; if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; @@ -432,9 +436,13 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_E if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION)) return NT_STATUS_ACCESS_DENIED; - /* set up the LSA QUERY INFO response */ - init_r_enum_trust_dom(p->mem_ctx, r_u, enum_context, dom_name, dom_sid, - dom_name != NULL ? NT_STATUS_OK : NT_STATUS_NO_MORE_ENTRIES); + nt_status = secrets_get_trusted_domains(p->mem_ctx, enum_context, max_num_domains, &num_domains, &trust_doms); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + /* set up the lsa_enum_trust_dom response */ + init_r_enum_trust_dom(p->mem_ctx, r_u, enum_context, max_num_domains, num_domains, trust_doms); return r_u->status; } diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c index bc39082f63..92a5a9d37f 100644 --- a/source3/tdb/tdbutil.c +++ b/source3/tdb/tdbutil.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include <fnmatch.h> /* these are little tdb utility functions that are meant to make dealing with a tdb database a little less cumbersome in Samba */ @@ -524,3 +525,74 @@ int tdb_traverse_delete_fn(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf, { return tdb_delete(the_tdb, key); } + + + +/** + * Search across the whole tdb for keys that match the given pattern + * return the result as a list of keys + * + * @param tdb pointer to opened tdb file context + * @param pattern searching pattern used by fnmatch(3) functions + * + * @return list of keys found by looking up with given pattern + **/ +TDB_LIST_NODE *tdb_search_keys(TDB_CONTEXT *tdb, const char* pattern) +{ + TDB_DATA key, next; + TDB_LIST_NODE *list = NULL; + TDB_LIST_NODE *rec = NULL; + TDB_LIST_NODE *tmp = NULL; + + for (key = tdb_firstkey(tdb); key.dptr; key = next) { + /* duplicate key string to ensure null-termination */ + char *key_str = (char*) strndup(key.dptr, key.dsize); + if (!key_str) { + DEBUG(0, ("tdb_search_keys: strndup() failed!\n")); + smb_panic("strndup failed!\n"); + } + + DEBUG(18, ("checking %s for match to pattern %s\n", key_str, pattern)); + + next = tdb_nextkey(tdb, key); + + /* do the pattern checking */ + if (fnmatch(pattern, key_str, 0) == 0) { + rec = (TDB_LIST_NODE*) malloc(sizeof(*rec)); + ZERO_STRUCTP(rec); + + rec->node_key = key; + + DLIST_ADD_END(list, rec, tmp); + + DEBUG(18, ("checking %s matched pattern %s\n", key_str, pattern)); + } else { + free(key.dptr); + } + + /* free duplicated key string */ + free(key_str); + } + + return list; + +}; + + +/** + * Free the list returned by tdb_search_keys + * + * @param node list of results found by tdb_search_keys + **/ +void tdb_search_list_free(TDB_LIST_NODE* node) +{ + TDB_LIST_NODE *next_node; + + while (node) { + next_node = node->next; + SAFE_FREE(node); + node = next_node; + }; +}; + + diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 2aca3f0485..315c2de030 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -451,7 +451,7 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, uint32 flags = 0x000003e8; /* Unknown */ result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol, - flags, 1, (char **) &argv[0], + flags, 1, &argv[0], &num_rids, &user_rids, &name_types); @@ -548,7 +548,7 @@ rpc_user_info_internals(const DOM_SID *domain_sid, struct cli_state *cli, /* Get handle on user */ result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol, - flags, 1, (char **) &argv[0], + flags, 1, &argv[0], &num_rids, &rids, &name_types); if (!NT_STATUS_IS_OK(result)) goto done; @@ -874,7 +874,7 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, struct cli if (argc != 1) { d_printf("Usage: net rpc trustdom add <domain_name>\n"); - return NT_STATUS_OK; + return NT_STATUS_INVALID_PARAMETER; } /* @@ -985,6 +985,12 @@ static int rpc_trustdom_establish(int argc, const char **argv) { * Connect to \\server\ipc$ as 'our domain' account with password */ + if (argc != 1) { + d_printf("Usage: net rpc trustdom add <domain_name>\n"); + return -1; + } + + domain_name = smb_xstrdup(argv[0]); strupper(domain_name); @@ -1061,10 +1067,8 @@ static int rpc_trustdom_establish(int argc, const char **argv) { return -1; } - if (cli->nt_pipe_fnum) { + if (cli->nt_pipe_fnum) cli_nt_session_close(cli); - talloc_destroy(mem_ctx); - } /* @@ -1104,6 +1108,17 @@ static int rpc_trustdom_establish(int argc, const char **argv) { but I still don't know if it's _really_ necessary */ /* + * Store the password in secrets db + */ + + if (!secrets_store_trusted_domain_password(domain_name, wks_info.uni_lan_grp.buffer, + wks_info.uni_lan_grp.uni_str_len, opt_password, + domain_sid)) { + DEBUG(0, ("Storing password for trusted domain failed.\n")); + return -1; + } + + /* * Close the pipes and clean up */ @@ -1116,20 +1131,9 @@ static int rpc_trustdom_establish(int argc, const char **argv) { if (cli->nt_pipe_fnum) cli_nt_session_close(cli); - - talloc_destroy(mem_ctx); + talloc_destroy(mem_ctx); - /* - * Store the password in secrets db - */ - - if (!secrets_store_trusted_domain_password(domain_name, opt_password, - domain_sid)) { - DEBUG(0, ("Storing password for trusted domain failed.\n")); - return -1; - } - DEBUG(0, ("Success!\n")); return 0; } |