diff options
author | Simo Sorce <idra@samba.org> | 2003-03-07 18:26:24 +0000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2003-03-07 18:26:24 +0000 |
commit | 8a751c019c21b1925fd352639f8237cf0a6ebac9 (patch) | |
tree | c2a906c5500c2386e17e058f6899e64ef8eda54e /source3/sam | |
parent | 04858cd7025bb4c3fdb34a2795568a6b52004c3b (diff) | |
download | samba-8a751c019c21b1925fd352639f8237cf0a6ebac9.tar.gz samba-8a751c019c21b1925fd352639f8237cf0a6ebac9.tar.bz2 samba-8a751c019c21b1925fd352639f8237cf0a6ebac9.zip |
Some progress towards gums and tdbsam2
genparser works fine, and it is a marvelous tool to store objects in tdb :)
(This used to be commit 4c6d461a8572f03cd33cba95500cc837638b732c)
Diffstat (limited to 'source3/sam')
-rw-r--r-- | source3/sam/gumm_tdb.c | 891 | ||||
-rw-r--r-- | source3/sam/gums.c | 38 | ||||
-rw-r--r-- | source3/sam/gums_api.c | 310 | ||||
-rw-r--r-- | source3/sam/gums_helper.c | 47 |
4 files changed, 1076 insertions, 210 deletions
diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c index 52eaab9e17..53ea872a11 100644 --- a/source3/sam/gumm_tdb.c +++ b/source3/sam/gumm_tdb.c @@ -23,7 +23,6 @@ */ #include "includes.h" -#include "gums.h" #include "tdbsam2.h" #include "tdbsam2_parse_info.h" @@ -31,15 +30,25 @@ static int tdbgumm_debug_level = DBGC_ALL; #undef DBGC_CLASS #define DBGC_CLASS tdbgumm_debug_level -#define TDBSAM_VERSION "20021215" +#define TDBSAM_VERSION 20021215 #define TDB_FILE_NAME "tdbsam2.tdb" -#define DOMAINPREFIX "DOMAIN_" -#define OBJECTPREFIX "OBJECT_" +#define NAMEPREFIX "NAME_" #define SIDPREFIX "SID_" #define PRIVILEGEPREFIX "PRIV_" #define TDB_FORMAT_STRING "ddB" +#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", __FUNCTION__)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) +#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", __FUNCTION__)); goto label; } } while(0) + +struct tdbsam2_enum_objs { + uint32 type; + fstring dom_sid; + TDB_CONTEXT *db; + TDB_DATA key; + struct tdbsam2_enum_objs *next; +}; + union tdbsam2_data { struct tdbsam2_domain_data *domain; struct tdbsam2_user_data *user; @@ -48,86 +57,363 @@ union tdbsam2_data { struct tdbsam2_object { uint32 type; + uint32 version; union tdbsam2_data data; }; static TDB_CONTEXT *tdbsam2_db; -#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", __FUNCTION__)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", __FUNCTION__)); goto label; } } while(0) +struct tdbsam2_enum_objs **teo_handlers; + +static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size) +{ + + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + int iret; + char *obj_data; + int data_size = 0; + int len; + + len = tdb_unpack (buffer, size, TDB_FORMAT_STRING, + &(object->version), + &(object->type), + &data_size, &obj_data); + + if (len == -1) + goto done; + + /* version is checked inside this function so that backward compatibility code can be + called eventually. + this way we can easily handle database format upgrades */ + if (object->version != TDBSAM_VERSION) { + DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n")); + goto done; + } + + /* be sure the string is terminated before trying to parse it */ + if (obj_data[data_size - 1] != '\0') + obj_data[data_size - 1] = '\0'; + + switch (object->type) { + case GUMS_OBJ_DOMAIN: + object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data)); + TALLOC_CHECK(object->data.domain, ret, done); + memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data)); + + iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data); + break; + case GUMS_OBJ_GROUP: + case GUMS_OBJ_ALIAS: + object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data)); + TALLOC_CHECK(object->data.group, ret, done); + memset(object->data.group, 0, sizeof(struct tdbsam2_group_data)); + + iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data); + break; + case GUMS_OBJ_NORMAL_USER: + object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data)); + TALLOC_CHECK(object->data.user, ret, done); + memset(object->data.user, 0, sizeof(struct tdbsam2_user_data)); -static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size) { + iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data); + break; + default: + DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n")); + goto done; + } + + if (iret != 0) { + DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n")); + DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?")); + goto done; + } + + ret = NT_STATUS_OK; +done: + SAFE_FREE(obj_data); + return ret; +} + +static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object) +{ + + NTSTATUS ret; + char *buf1 = NULL; + size_t buflen; + + if (!buffer) + return NT_STATUS_INVALID_PARAMETER; + + switch (object->type) { + case GUMS_OBJ_DOMAIN: + buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0); + break; + case GUMS_OBJ_GROUP: + case GUMS_OBJ_ALIAS: + buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0); + break; + case GUMS_OBJ_NORMAL_USER: + buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0); + break; + default: + DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (buf1 == NULL) { + DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING, + TDBSAM_VERSION, + object->type, + strlen(buf1) + 1, buf1); + + *buffer = talloc(mem_ctx, buflen); + TALLOC_CHECK(*buffer, ret, done); + + *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING, + TDBSAM_VERSION, + object->type, + strlen(buf1) + 1, buf1); + + if (*len != buflen) { + DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", + buflen, *len)); + *buffer = NULL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + ret = NT_STATUS_OK; +done: + return ret; +} + +static NTSTATUS opentdb(void) +{ + if (!tdbsam2_db) { + pstring tdbfile; + get_private_directory(tdbfile); + pstrcat(tdbfile, "/"); + pstrcat(tdbfile, TDB_FILE_NAME); + + tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600); + if (!tdbsam2_db) + { + DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile)); + return NT_STATUS_UNSUCCESSFUL; + } + } return NT_STATUS_OK; } -static NTSTATUS tdbsam2_opentdb(void) { +static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid) +{ + NTSTATUS ret; + TDB_DATA data, key; + fstring keystr; + + if (!obj || !mem_ctx || !sid) + return NT_STATUS_INVALID_PARAMETER; + + if (NT_STATUS_IS_ERR(ret = opentdb())) { + return ret; + } + + slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + data = tdb_fetch(tdbsam2_db, key); + if (!data.dptr) { + DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n")); + DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); + DEBUGADD(5, (" Key: %s\n", keystr)); + return NT_STATUS_UNSUCCESSFUL; + } + + if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) { + SAFE_FREE(data.dptr); + DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + SAFE_FREE(data.dptr); return NT_STATUS_OK; + } -static NTSTATUS tdbsam2_get_object_by_name(struct tdbsam2_object *obj, TALLOC_CTX *mem_ctx, const char* name) { +static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name) +{ NTSTATUS ret; TDB_DATA data, key; fstring keystr; fstring objname; + DOM_SID sid; + char *obj_sidstr; + int obj_version, obj_type, obj_sidstr_len, len; if (!obj || !mem_ctx || !name) return NT_STATUS_INVALID_PARAMETER; - if (tdbsam2_db == NULL) { - if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) { - goto done; - } + if (NT_STATUS_IS_ERR(ret = opentdb())) { + return ret; } unix_strlower(name, -1, objname, sizeof(objname)); - slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, objname); + slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname); key.dptr = keystr; key.dsize = strlen(keystr) + 1; data = tdb_fetch(tdbsam2_db, key); if (!data.dptr) { - DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n")); + DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n")); DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; + return NT_STATUS_UNSUCCESSFUL; } - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } + len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING, + &obj_version, + &obj_type, + &obj_sidstr_len, &obj_sidstr); + SAFE_FREE(data.dptr); - ret = NT_STATUS_OK; + if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) { + DEBUG(5, ("get_object_by_name: Error unpacking database object!\n")); + return NT_STATUS_UNSUCCESSFUL; + } -done: - return ret; + if (!string_to_sid(&sid, obj_sidstr)) { + DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n")); + SAFE_FREE(obj_sidstr); + return NT_STATUS_UNSUCCESSFUL; + } + SAFE_FREE(obj_sidstr); + + return get_object_by_sid(mem_ctx, obj, &sid); } - -static NTSTATUS tdbsam2_store(struct tdbsam2_object *object) { +static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj) +{ NTSTATUS ret; + TDB_DATA data, key, key2; + fstring keystr; + fstring namestr; + int flag, r; + + if (NT_STATUS_IS_ERR(ret = opentdb())) { + return ret; + } + + if (new_obj) { + flag = TDB_INSERT; + } else { + flag = TDB_MODIFY; + } + + ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object); + if (NT_STATUS_IS_ERR(ret)) + return ret; + + switch (object->type) { + case GUMS_OBJ_DOMAIN: + slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid)); + slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name); + break; + case GUMS_OBJ_GROUP: + case GUMS_OBJ_ALIAS: + slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid)); + slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name); + break; + case GUMS_OBJ_NORMAL_USER: + slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid)); + slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name); + break; + default: + return NT_STATUS_UNSUCCESSFUL; + } + + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) { + DEBUG(0, ("store_object: Unable to modify SAM!\n")); + DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db))); + DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); + if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_INTERNAL_DB_ERROR; + } + + key2.dptr = namestr; + key2.dsize = strlen(namestr) + 1; + + if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) { + DEBUG(0, ("store_object: Unable to modify SAM!\n")); + DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db))); + DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); + if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_INTERNAL_DB_ERROR; + } +/* TODO: update the general database counter */ +/* TODO: update this entry counter too */ return NT_STATUS_OK; } -static NTSTATUS tdbsam2_get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID *sid) { - +static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid) +{ NTSTATUS ret; + struct tdbsam2_object obj; + DOM_SID *dom_sid = get_global_sam_sid(); + uint32 new_rid; + +/* TODO: LOCK DOMAIN OBJECT */ + ret = get_object_by_sid(mem_ctx, &obj, dom_sid); + if (NT_STATUS_IS_ERR(ret)) { + DEBUG(0, ("get_next_sid: unable to get root Domain object!\n")); + ret = NT_STATUS_INTERNAL_DB_ERROR; + goto error; + } + + new_rid = obj.data.domain->next_rid; + + /* Increment the RID Counter */ + obj.data.domain->next_rid++; + + /* Store back Domain object */ + ret = store_object(mem_ctx, &obj, False); + if (NT_STATUS_IS_ERR(ret)) { + DEBUG(0, ("get_next_sid: unable to update root Domain object!\n")); + ret = NT_STATUS_INTERNAL_DB_ERROR; + goto error; + } +/* TODO: UNLOCK DOMAIN OBJECT */ + + *sid = sid_dup_talloc(mem_ctx, dom_sid); + TALLOC_CHECK(*sid, ret, error); + + if (!sid_append_rid(*sid, new_rid)) { + DEBUG(0, ("get_next_sid: unable to build new SID !?!\n")); + ret = NT_STATUS_UNSUCCESSFUL; + goto error; + } return NT_STATUS_OK; -} -static NTSTATUS tdbsam2_user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata, uint32 type) { +error: + return ret; +} +static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata) +{ NTSTATUS ret; if (!object || !userdata) { @@ -180,12 +466,12 @@ static NTSTATUS tdbsam2_user_data_to_gums_object(GUMS_OBJECT **object, struct td SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error); SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error); - SET_OR_FAIL(gums_set_user_logon_time(*object, userdata->logon_time), error); - SET_OR_FAIL(gums_set_user_logoff_time(*object, userdata->logoff_time), error); - SET_OR_FAIL(gums_set_user_kickoff_time(*object, userdata->kickoff_time), error); - SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, userdata->pass_last_set_time), error); - SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, userdata->pass_can_change_time), error); - SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, userdata->pass_must_change_time), error); + SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error); + SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error); + SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error); + SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error); + SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error); + SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error); ret = NT_STATUS_OK; return ret; @@ -196,8 +482,8 @@ error: return ret; } -static NTSTATUS tdbsam2_group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata, uint32 type) { - +static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata) +{ NTSTATUS ret; if (!object || !groupdata) { @@ -226,11 +512,12 @@ error: return ret; } -static NTSTATUS tdbsam2_domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata, uint32 type) { +static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata) +{ NTSTATUS ret; - if (!object || !domdata) { + if (!object || !*object || !domdata) { DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n")); return NT_STATUS_UNSUCCESSFUL; } @@ -253,7 +540,8 @@ error: return ret; } -static NTSTATUS tdbsam2_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data) { +static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data) +{ NTSTATUS ret; @@ -271,16 +559,16 @@ static NTSTATUS tdbsam2_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2 switch (data->type) { case GUMS_OBJ_DOMAIN: - ret = tdbsam2_domain_data_to_gums_object(object, data->data.domain, data->type); + ret = domain_data_to_gums_object(object, data->data.domain); break; case GUMS_OBJ_NORMAL_USER: - ret = tdbsam2_user_data_to_gums_object(object, data->data.user, data->type); + ret = user_data_to_gums_object(object, data->data.user); break; case GUMS_OBJ_GROUP: case GUMS_OBJ_ALIAS: - ret = tdbsam2_group_data_to_gums_object(object, data->data.group, data->type); + ret = group_data_to_gums_object(object, data->data.group); break; default: @@ -292,83 +580,118 @@ done: } +/* GUMM object functions */ +static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name) +{ + NTSTATUS ret; + struct tdbsam2_object obj; + TALLOC_CTX *mem_ctx; + fstring domname; -/* GUMM object functions */ + if (!sid || !name) + return NT_STATUS_INVALID_PARAMETER; -static NTSTATUS get_domain_sid(DOM_SID *sid, const char* name) { + mem_ctx = talloc_init("tdbsam2_get_domain_sid"); + if (!mem_ctx) { + DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + if (NT_STATUS_IS_ERR(ret = opentdb())) { + goto done; + } + + unix_strlower(name, -1, domname, sizeof(domname)); + + ret = get_object_by_name(mem_ctx, &obj, domname); + + if (NT_STATUS_IS_ERR(ret)) { + DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); + goto done; + } + + if (obj.type != GUMS_OBJ_DOMAIN) { + DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + sid_copy(sid, obj.data.domain->dom_sid); + + ret = NT_STATUS_OK; + +done: + talloc_destroy(mem_ctx); + return ret; +} + +static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name) +{ NTSTATUS ret; struct tdbsam2_object obj; TALLOC_CTX *mem_ctx; - TDB_DATA data, key; - fstring keystr; fstring domname; if (!sid || !name) return NT_STATUS_INVALID_PARAMETER; - mem_ctx = talloc_init("get_domain_sid"); + mem_ctx = talloc_init("tdbsam2_set_domain_sid"); if (!mem_ctx) { DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); return NT_STATUS_NO_MEMORY; } if (tdbsam2_db == NULL) { - if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) { + if (NT_STATUS_IS_ERR(ret = opentdb())) { goto done; } } unix_strlower(name, -1, domname, sizeof(domname)); - slprintf(keystr, sizeof(keystr)-1, "%s%s", DOMAINPREFIX, domname); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; +/* TODO: we need to lock this entry until updated! */ - data = tdb_fetch(tdbsam2_db, key); - if (!data.dptr) { - DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } + ret = get_object_by_name(mem_ctx, &obj, domname); - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; + if (NT_STATUS_IS_ERR(ret)) { + DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); goto done; } - SAFE_FREE(data.dptr); if (obj.type != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("get_domain_sid: Requested object is not a domain!\n")); + DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - sid_copy(sid, obj.data.domain->dom_sid); + sid_copy(obj.data.domain->dom_sid, sid); - ret = NT_STATUS_OK; + ret = store_object(mem_ctx, &obj, False); done: +/* TODO: unlock here */ if (mem_ctx) talloc_destroy(mem_ctx); return ret; } - NTSTATUS (*set_domain_sid) (const DOM_SID *sid, const char *name); - +/* TODO */ NTSTATUS (*get_sequence_number) (void); -static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int obj_type) { +extern DOM_SID global_sid_NULL; + +static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type) +{ NTSTATUS ret; struct tdbsam2_object obj; TALLOC_CTX *mem_ctx; + NTTIME zero_time = {0,0}; + const char *defpw = "NOPASSWORDXXXXXX"; + uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}; if (!sid || !name) { DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n")); @@ -381,19 +704,51 @@ static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int ob return NT_STATUS_NO_MEMORY; } + obj.type = obj_type; + obj.version = TDBSAM_VERSION; + switch (obj_type) { case GUMS_OBJ_NORMAL_USER: obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data)); TALLOC_CHECK(obj.data.user, ret, done); - /*obj.data.user->sec_desc*/ - - tdbsam2_get_next_sid(mem_ctx, obj.data.user->user_sid); + get_next_sid(mem_ctx, &(obj.data.user->user_sid)); TALLOC_CHECK(obj.data.user->user_sid, ret, done); + sid_copy(sid, obj.data.user->user_sid); obj.data.user->name = talloc_strdup(mem_ctx, name); TALLOC_CHECK(obj.data.user, ret, done); + obj.data.user->xcounter = 1; + /*obj.data.user->sec_desc*/ + obj.data.user->description = ""; + obj.data.user->group_sid = &global_sid_NULL; + obj.data.user->logon_time = &zero_time; + obj.data.user->logoff_time = &zero_time; + obj.data.user->kickoff_time = &zero_time; + obj.data.user->pass_last_set_time = &zero_time; + obj.data.user->pass_can_change_time = &zero_time; + obj.data.user->pass_must_change_time = &zero_time; + + obj.data.user->full_name = ""; + obj.data.user->home_dir = ""; + obj.data.user->dir_drive = ""; + obj.data.user->logon_script = ""; + obj.data.user->profile_path = ""; + obj.data.user->workstations = ""; + obj.data.user->unknown_str = ""; + obj.data.user->munged_dial = ""; + + obj.data.user->lm_pw_ptr = defpw; + obj.data.user->nt_pw_ptr = defpw; + + obj.data.user->logon_divs = 168; + obj.data.user->hours_len = 21; + obj.data.user->hours = &defhours; + + obj.data.user->unknown_3 = 0x00ffffff; + obj.data.user->unknown_5 = 0x00020000; + obj.data.user->unknown_6 = 0x000004ec; break; case GUMS_OBJ_GROUP: @@ -401,133 +756,373 @@ static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int ob obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data)); TALLOC_CHECK(obj.data.group, ret, done); - /*obj.data.user->sec_desc*/ - - tdbsam2_get_next_sid(mem_ctx, obj.data.group->group_sid); + get_next_sid(mem_ctx, &(obj.data.group->group_sid)); TALLOC_CHECK(obj.data.group->group_sid, ret, done); + sid_copy(sid, obj.data.group->group_sid); obj.data.group->name = talloc_strdup(mem_ctx, name); TALLOC_CHECK(obj.data.group, ret, done); + obj.data.group->xcounter = 1; + /*obj.data.group->sec_desc*/ + obj.data.group->description = ""; + break; case GUMS_OBJ_DOMAIN: - /* TODO: SHOULD WE ALLOW TO CREATE NEW DOMAINS ? */ + + /* FIXME: should we check against global_sam_sid to make it impossible + to store more than one domain ? */ + + obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data)); + TALLOC_CHECK(obj.data.domain, ret, done); + + obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid()); + TALLOC_CHECK(obj.data.domain->dom_sid, ret, done); + sid_copy(sid, obj.data.domain->dom_sid); + + obj.data.domain->name = talloc_strdup(mem_ctx, name); + TALLOC_CHECK(obj.data.domain, ret, done); + + obj.data.domain->xcounter = 1; + /*obj.data.domain->sec_desc*/ + obj.data.domain->next_rid = 0x3e9; + obj.data.domain->description = ""; + + ret = NT_STATUS_OK; + break; default: ret = NT_STATUS_UNSUCCESSFUL; goto done; } - ret = tdbsam2_store(&obj); + ret = store_object(mem_ctx, &obj, True); done: talloc_destroy(mem_ctx); return ret; } -static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) { - +static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) +{ NTSTATUS ret; struct tdbsam2_object obj; TALLOC_CTX *mem_ctx; TDB_DATA data, key; fstring keystr; - fstring sidstr; - char *obj_name = NULL; - int obj_type, obj_version, len; if (!sid) { - DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n")); + DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n")); return NT_STATUS_INVALID_PARAMETER; } mem_ctx = talloc_init("tdbsam2_delete_object"); if (!mem_ctx) { - DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); + DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n")); return NT_STATUS_NO_MEMORY; } if (tdbsam2_db == NULL) { - if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) { + if (NT_STATUS_IS_ERR(ret = opentdb())) { goto done; } } - sid_to_string(sidstr, sid); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr); + slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); key.dptr = keystr; key.dsize = strlen(keystr) + 1; data = tdb_fetch(tdbsam2_db, key); if (!data.dptr) { - DEBUG(5, ("get_domain_sid: Error fetching database, SID entry not found!\n")); + DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n")); DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); DEBUGADD(5, (" Key: %s\n", keystr)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING, - &obj_version, - &obj_type, - &obj_name); + if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) { + DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); + DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); + DEBUGADD(5, (" Key: %s\n", keystr)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } - if (len == -1) { + if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) { + SAFE_FREE(data.dptr); + DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } + switch (obj.type) { + case GUMS_OBJ_DOMAIN: + /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */ + slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name); + break; + case GUMS_OBJ_GROUP: + case GUMS_OBJ_ALIAS: + slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name); + break; + case GUMS_OBJ_NORMAL_USER: + slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name); + break; + default: + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n")); + DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); DEBUGADD(5, (" Key: %s\n", keystr)); ret = NT_STATUS_UNSUCCESSFUL; goto done; - } + } - switch (obj_type) { - case GUMS_OBJ_NORMAL_USER: - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - - slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, obj_name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; +/* TODO: update the general database counter */ + +done: + SAFE_FREE(data.dptr); + talloc_destroy(mem_ctx); + return ret; +} + +static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type) +{ + NTSTATUS ret; + struct tdbsam2_object obj; + TALLOC_CTX *mem_ctx; + + if (!object || !sid) { + DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + mem_ctx = talloc_init("tdbsam2_get_object_from_sid"); + if (!mem_ctx) { + DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + ret = get_object_by_sid(mem_ctx, &obj, sid); + if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) { + DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n")); + goto done; + } + + ret = data_to_gums_object(object, &obj); + if (NT_STATUS_IS_ERR(ret)) { + DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n")); + goto done; + } + +done: + talloc_destroy(mem_ctx); + return ret; +} + +static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type) +{ + NTSTATUS ret; + struct tdbsam2_object obj; + TALLOC_CTX *mem_ctx; + + if (!object || !name) { + DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + mem_ctx = talloc_init("tdbsam2_get_object_from_sid"); + if (!mem_ctx) { + DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + ret = get_object_by_name(mem_ctx, &obj, name); + if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) { + DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n")); + goto done; + } + + ret = data_to_gums_object(object, &obj); + if (NT_STATUS_IS_ERR(ret)) { + DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n")); + goto done; + } + +done: + talloc_destroy(mem_ctx); + return ret; +} + + /* This function is used to get the list of all objects changed since base_time, it is + used to support PDC<->BDC synchronization */ + NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); + +static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type) +{ + struct tdbsam2_enum_objs *teo, *t; + pstring tdbfile; + + teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs)); + if (!teo) { + DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + teo->type = obj_type; + if (sid) { + sid_to_string(teo->dom_sid, sid); + } + + get_private_directory(tdbfile); + pstrcat(tdbfile, "/"); + pstrcat(tdbfile, TDB_FILE_NAME); + + teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600); + if (!teo->db) + { + DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile)); + SAFE_FREE(teo); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!teo_handlers) { + *teo_handlers = teo; + } else { + t = *teo_handlers; + while (t->next) { + t = t->next; + } + t->next = teo; + } + + handle = teo; + + teo->key = tdb_firstkey(teo->db); + + return NT_STATUS_OK; +} + +static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle) +{ + NTSTATUS ret; + TALLOC_CTX *mem_ctx; + TDB_DATA data; + struct tdbsam2_enum_objs *teo; + struct tdbsam2_object obj; + const char *prefix = SIDPREFIX; + const int preflen = strlen(prefix); + + if (!object || !handle) { + DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + teo = (struct tdbsam2_enum_objs *)handle; + + mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next"); + if (!mem_ctx) { + DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + while ((teo->key.dsize != 0)) { + int len, version, type, size; + char *ptr; + + if (strncmp(teo->key.dptr, prefix, preflen)) { + teo->key = tdb_nextkey(teo->db, teo->key); + continue; + } + + if (teo->dom_sid) { + if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) { + teo->key = tdb_nextkey(teo->db, teo->key); + continue; } - break; + } - case GUMS_OBJ_DOMAIN: - /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */ + data = tdb_fetch(teo->db, teo->key); + if (!data.dptr) { + DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n")); + DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db))); + DEBUGADD(5, (" Key: %s\n", teo->key.dptr)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } - default: + len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING, + &version, + &type, + &size, &ptr); + + if (len == -1) { + DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; + } + SAFE_FREE(ptr); + + if (teo->type && type != teo->type) { + SAFE_FREE(data.dptr); + data.dsize = 0; + teo->key = tdb_nextkey(teo->db, teo->key); + continue; + } + + break; } + if (data.dsize != 0) { + if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) { + SAFE_FREE(data.dptr); + DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n")); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + SAFE_FREE(data.dptr); + } + + ret = data_to_gums_object(object, &obj); + done: - SAFE_FREE(obj_name); talloc_destroy(mem_ctx); return ret; } - NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type); - NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name); - /* This function is used to get the list of all objects changed since b_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); +static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle) +{ + struct tdbsam2_enum_objs *teo, *t, *p; + + teo = (struct tdbsam2_enum_objs *)handle; + + if (*teo_handlers == teo) { + *teo_handlers = teo->next; + } else { + t = *teo_handlers; + while (t != teo) { + p = t; + t = t->next; + if (t == NULL) { + DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + } + p = t->next; + } + + tdb_close(teo->db); + SAFE_FREE(teo); - NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type); - NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle); - NTSTATUS (*enumerate_objects_stop) (void *handle); + return NT_STATUS_OK; +} /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. Never use this function to update an object in the database, use set_object_values() */ @@ -556,7 +1151,43 @@ done: NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); -int gumm_init(GUMS_FUNCTIONS **storage) { +int gumm_init(GUMS_FUNCTIONS **storage) +{ + tdbsam2_db = NULL; + teo_handlers = 0; return 0; } + +#if 0 +int main(int argc, char *argv[]) +{ + NTSTATUS ret; + DOM_SID dsid; + + if (argc < 2) { + printf ("not enough arguments!\n"); + exit(0); + } + + if (!lp_load(dyn_CONFIGFILE,True,False,False)) { + fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE); + exit(1); + } + + ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN); + if (NT_STATUS_IS_OK(ret)) { + printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid)); + } else { + printf ("_domain_ creation error n. 0x%08x\n", ret.v); + } + ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER); + if (NT_STATUS_IS_OK(ret)) { + printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid)); + } else { + printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v); + } + + exit(0); +} +#endif diff --git a/source3/sam/gums.c b/source3/sam/gums.c index 3a20ef6fc9..a118740637 100644 --- a/source3/sam/gums.c +++ b/source3/sam/gums.c @@ -26,10 +26,40 @@ #define GMV_MAJOR 0 #define GMV_MINOR 1 +#define PRIV_NONE 0 +#define PRIV_CREATE_TOKEN 1 +#define PRIV_ASSIGNPRIMARYTOKEN 2 +#define PRIV_LOCK_MEMORY 3 +#define PRIV_INCREASE_QUOTA 4 +#define PRIV_MACHINE_ACCOUNT 5 +#define PRIV_TCB 6 +#define PRIV_SECURITY 7 +#define PRIV_TAKE_OWNERSHIP 8 +#define PRIV_LOAD_DRIVER 9 +#define PRIV_SYSTEM_PROFILE 10 +#define PRIV_SYSTEMTIME 11 +#define PRIV_PROF_SINGLE_PROCESS 12 +#define PRIV_INC_BASE_PRIORITY 13 +#define PRIV_CREATE_PAGEFILE 14 +#define PRIV_CREATE_PERMANENT 15 +#define PRIV_BACKUP 16 +#define PRIV_RESTORE 17 +#define PRIV_SHUTDOWN 18 +#define PRIV_DEBUG 19 +#define PRIV_AUDIT 20 +#define PRIV_SYSTEM_ENVIRONMENT 21 +#define PRIV_CHANGE_NOTIFY 22 +#define PRIV_REMOTE_SHUTDOWN 23 +#define PRIV_UNDOCK 24 +#define PRIV_SYNC_AGENT 25 +#define PRIV_ENABLE_DELEGATION 26 +#define PRIV_ALL 255 + + GUMS_FUNCTIONS *gums_storage; static void *dl_handle; -PRIVS privs[] = { +static PRIVS gums_privs[] = { {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"}, {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"}, @@ -110,19 +140,19 @@ done: NTSTATUS gums_unload(void) { - NSTATUS ret; + NTSTATUS ret; NTSTATUS (*module_finalize)(); if (!dl_handle) return NT_STATUS_UNSUCCESSFUL; - module_close = sys_dlsym(dl_handle, "gumm_finalize"); + module_finalize = sys_dlsym(dl_handle, "gumm_finalize"); if (!module_finalize) { DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); return NT_STATUS_UNSUCCESSFUL; } - DEBUG(5, ("Finalizing module %s\n", module_name)); + DEBUG(5, ("Finalizing module")); ret = module_finalize(); sys_dlclose(dl_handle); diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c index 75e32fa861..2e5dcd143a 100644 --- a/source3/sam/gums_api.c +++ b/source3/sam/gums_api.c @@ -20,6 +20,182 @@ #include "includes.h" + +/******************************************************************* + Create a SEC_ACL structure. +********************************************************************/ + +static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list) +{ + SEC_ACL *dst; + int i; + + if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL) + return NULL; + + dst->revision = revision; + dst->num_aces = num_aces; + dst->size = SEC_ACL_HEADER_SIZE; + + /* Now we need to return a non-NULL address for the ace list even + if the number of aces required is zero. This is because there + is a distinct difference between a NULL ace and an ace with zero + entries in it. This is achieved by checking that num_aces is a + positive number. */ + + if ((num_aces) && + ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) + == NULL)) { + return NULL; + } + + for (i = 0; i < num_aces; i++) { + dst->ace[i] = ace_list[i]; /* Structure copy. */ + dst->size += ace_list[i].size; + } + + return dst; +} + + + +/******************************************************************* + Duplicate a SEC_ACL structure. +********************************************************************/ + +static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) +{ + if(src == NULL) + return NULL; + + return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); +} + + + +/******************************************************************* + Creates a SEC_DESC structure +********************************************************************/ + +static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, + DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) +{ + SEC_DESC *dst; + uint32 offset = 0; + uint32 offset_sid = SEC_DESC_HEADER_SIZE; + uint32 offset_acl = 0; + + *sd_size = 0; + + if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL) + return NULL; + + dst->revision = revision; + dst->type = SEC_DESC_SELF_RELATIVE; + + if (sacl) dst->type |= SEC_DESC_SACL_PRESENT; + if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; + + dst->off_owner_sid = 0; + dst->off_grp_sid = 0; + dst->off_sacl = 0; + dst->off_dacl = 0; + + if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) + goto error_exit; + + if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) + goto error_exit; + + if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) + goto error_exit; + + if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) + goto error_exit; + + offset = 0; + + /* + * Work out the linearization sizes. + */ + if (dst->owner_sid != NULL) { + + if (offset == 0) + offset = SEC_DESC_HEADER_SIZE; + + offset += sid_size(dst->owner_sid); + } + + if (dst->grp_sid != NULL) { + + if (offset == 0) + offset = SEC_DESC_HEADER_SIZE; + + offset += sid_size(dst->grp_sid); + } + + if (dst->sacl != NULL) { + + offset_acl = SEC_DESC_HEADER_SIZE; + + dst->off_sacl = offset_acl; + offset_acl += dst->sacl->size; + offset += dst->sacl->size; + offset_sid += dst->sacl->size; + } + + if (dst->dacl != NULL) { + + if (offset_acl == 0) + offset_acl = SEC_DESC_HEADER_SIZE; + + dst->off_dacl = offset_acl; + offset_acl += dst->dacl->size; + offset += dst->dacl->size; + offset_sid += dst->dacl->size; + } + + *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); + + if (dst->owner_sid != NULL) + dst->off_owner_sid = offset_sid; + + /* sid_size() returns 0 if the sid is NULL so this is ok */ + + if (dst->grp_sid != NULL) + dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); + + return dst; + +error_exit: + + *sd_size = 0; + return NULL; +} + +/******************************************************************* + Duplicate a SEC_DESC structure. +********************************************************************/ + +static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) +{ + size_t dummy; + + if(src == NULL) + return NULL; + + return make_sec_desc( ctx, src->revision, + src->owner_sid, src->grp_sid, src->sacl, + src->dacl, &dummy); +} + + + + + + + extern GUMS_FUNCTIONS *gums_storage; /* Functions to get/set info from a GUMS object */ @@ -37,7 +213,7 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) { TALLOC_CTX *mem_ctx = talloc_init("gums_create_object"); GUMS_OBJECT *go; - NT_STATUS ret; + NTSTATUS ret; go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); go->mem_ctx = mem_ctx; @@ -54,12 +230,12 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) case GUMS_OBJ_DOMAIN_TRUST: */ case GUMS_OBJ_NORMAL_USER: - go->data = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER)); + go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER)); break; case GUMS_OBJ_GROUP: case GUMS_OBJ_ALIAS: - go->data = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); + go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); break; default: @@ -68,7 +244,7 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) goto error; } - if (!(go->data)) { + if (!(go->data.user)) { ret = NT_STATUS_NO_MEMORY; DEBUG(0, ("gums_create_object: Out of memory!\n")); goto error; @@ -190,6 +366,30 @@ NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT } */ +NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj) +{ + if (!obj) + return NT_STATUS_INVALID_PARAMETER; + + if (obj->type != GUMS_OBJ_DOMAIN) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + *rid = obj->data.domain->next_rid; + return NT_STATUS_OK; +} + +NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) +{ + if (!obj) + return NT_STATUS_INVALID_PARAMETER; + + if (obj->type != GUMS_OBJ_DOMAIN) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + obj->data.domain->next_rid = rid; + return NT_STATUS_OK; +} + NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj) { if (!sid || !obj) @@ -223,19 +423,19 @@ NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj) if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *nt_pwd = obj->data.user->nt_pw; + *nt_pwd = &(obj->data.user->nt_pw); return NT_STATUS_OK; } NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) { - if (!obj || !nt_pwd || nt_pwd != NT_HASH_LEN) + if (!obj || nt_pwd.length != NT_HASH_LEN) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->nt_pwd = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.lenght); + obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); return NT_STATUS_OK; } @@ -247,19 +447,19 @@ NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj) if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *lm_pwd = obj->data.user->lm_pw; + *lm_pwd = &(obj->data.user->lm_pw); return NT_STATUS_OK; } NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) { - if (!obj || !lm_pwd || lm_pwd != LM_HASH_LEN) + if (!obj || lm_pwd.length != LM_HASH_LEN) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->lm_pwd = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.lenght); + obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); return NT_STATUS_OK; } @@ -591,7 +791,7 @@ NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, cons if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *pass_must_change_time = obj->data-user->pass_must_change_time; + *pass_must_change_time = obj->data.user->pass_must_change_time; return NT_STATUS_OK; } @@ -768,7 +968,7 @@ NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJ return NT_STATUS_OBJECT_TYPE_MISMATCH; *count = obj->data.group->count; - *members = obj->data.group->members; + *members = *(obj->data.group->members); return NT_STATUS_OK; } @@ -786,7 +986,7 @@ NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **member obj->data.group->count = count; n = 0; do { - obj->data.group->members[n] = dup_sec_desc(obj->mem_ctx, members[n]); + obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]); if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY; n++; } while (n < count); @@ -836,8 +1036,8 @@ NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_SET_SEC_DESC; new_sec_desc = dup_sec_desc(mem_ctx, sec_desc); @@ -849,6 +1049,7 @@ NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC return NT_STATUS_OK; } +/* NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) { GUMS_DATA_SET *data_set; @@ -858,7 +1059,7 @@ NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU return NT_STATUS_INVALID_PARAMETER; com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ + if (com_set->count == 1) { data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); } else { data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); @@ -866,8 +1067,8 @@ NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_ADD_PRIVILEGE; if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) @@ -887,7 +1088,7 @@ NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU return NT_STATUS_INVALID_PARAMETER; com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ + if (com_set->count == 1) { data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); } else { data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); @@ -895,8 +1096,8 @@ NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LU if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_DEL_PRIVILEGE; if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) @@ -916,7 +1117,7 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set return NT_STATUS_INVALID_PARAMETER; com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ + if (com_set->count == 1) { data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); } else { data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); @@ -924,10 +1125,10 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); - data_set->type = GUMS_SET_SEC_DESC; + data_set->type = GUMS_SET_PRIVILEGE; if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set))) return NT_STATUS_NO_MEMORY; @@ -935,6 +1136,7 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set return NT_STATUS_OK; } +*/ NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str) { @@ -953,8 +1155,8 @@ NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3 if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = type; new_str = talloc_strdup(mem_ctx, str); @@ -968,12 +1170,12 @@ NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3 NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name) { - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, name); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name); } NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc) { - return gums_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc); } NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name) @@ -981,7 +1183,7 @@ NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, ch if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name); } NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir) @@ -989,7 +1191,7 @@ NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_se if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir); } NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive) @@ -997,7 +1199,7 @@ NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char * if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive); } NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script) @@ -1005,7 +1207,7 @@ NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script); } NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path) @@ -1013,7 +1215,7 @@ NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path); } NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks) @@ -1021,7 +1223,7 @@ NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks); } NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str) @@ -1029,7 +1231,7 @@ NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_se if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str); } NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial) @@ -1037,7 +1239,7 @@ NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial); + return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial); } NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) @@ -1057,8 +1259,8 @@ NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3 if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = type; new_time = talloc(mem_ctx, sizeof(NTTIME)); @@ -1077,7 +1279,7 @@ NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, N if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time); + return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time); } NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) @@ -1085,7 +1287,7 @@ NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time); + return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time); } NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) @@ -1093,7 +1295,7 @@ NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); + return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); } NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time) @@ -1101,7 +1303,7 @@ NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *co if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time); + return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time); } NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) @@ -1109,7 +1311,7 @@ NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET * if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time); + return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time); } NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) @@ -1117,7 +1319,7 @@ NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time); + return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time); } NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) @@ -1138,8 +1340,8 @@ NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_ADD_SID_LIST; new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); @@ -1163,7 +1365,7 @@ NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_se if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) return NT_STATUS_INVALID_PARAMETER; - return gums_add_sids_to_group(mem_ctx, com_set, sids, count); + return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); } NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) @@ -1173,7 +1375,7 @@ NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_s if (com_set->type != GUMS_OBJ_ALIAS) return NT_STATUS_INVALID_PARAMETER; - return gums_add_sids_to_group(mem_ctx, com_set, sids, count); + return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); } NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) @@ -1196,8 +1398,8 @@ NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_s if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_DEL_SID_LIST; new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); @@ -1234,8 +1436,8 @@ NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data = data_set; - data_set = &((com_set->data)[com_set->count - 1]); + com_set->data[0] = data_set; + data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_SET_SID_LIST; new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); @@ -1255,7 +1457,7 @@ NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) { - return gums_storage->set_object_values(set->sid, set->count, set->data); + return gums_storage->set_object_values(&(set->sid), set->count, set->data); } NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set) diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c index 8526a2f1cc..c22e6cf7ff 100644 --- a/source3/sam/gums_helper.c +++ b/source3/sam/gums_helper.c @@ -57,13 +57,13 @@ extern DOM_SID global_sid_Builtin_Guests; loops with winbind may happen. ****************************************************************************/ -/* +#if 0 NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) { NTSTATUS result; gid_t id; - /* look if mapping exist, do not make idmap alloc an uid if SID is not found * / + /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ result = idmap_get_gid_from_sid(&id, sid, False); if (NT_STATUS_IS_OK(result)) { *mapped = gid_is_in_winbind_range(id); @@ -73,7 +73,7 @@ NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) return result; } -*/ +#endif /**************************************************************************** duplicate alloc luid_attr @@ -96,7 +96,7 @@ NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_l /**************************************************************************** initialise a privilege list ****************************************************************************/ -void init_privilege(PRIVILEGE_SET *priv_set) +void gums_init_privilege(PRIVILEGE_SET *priv_set) { priv_set->count=0; priv_set->control=0; @@ -106,12 +106,12 @@ void init_privilege(PRIVILEGE_SET *priv_set) /**************************************************************************** add a privilege to a privilege array ****************************************************************************/ -NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) +NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) { LUID_ATTR *new_set; /* check if the privilege is not already in the list */ - if (check_priv_in_privilege(priv_set, set)) + if (gums_check_priv_in_privilege(priv_set, set)) return NT_STATUS_UNSUCCESSFUL; /* we can allocate memory to add the new privilege */ @@ -135,7 +135,7 @@ NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) /**************************************************************************** add all the privileges to a privilege array ****************************************************************************/ -NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx) +NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx) { NTSTATUS result = NT_STATUS_OK; LUID_ATTR set; @@ -144,15 +144,15 @@ NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx) set.luid.high=0; set.luid.low=SE_PRIV_ADD_USERS; - result = add_privilege(priv_set, ctx, set); + result = gums_add_privilege(priv_set, ctx, set); NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); set.luid.low=SE_PRIV_ADD_MACHINES; - result = add_privilege(priv_set, ctx, set); + result = gums_add_privilege(priv_set, ctx, set); NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); set.luid.low=SE_PRIV_PRINT_OPERATOR; - result = add_privilege(priv_set, ctx, set); + result = gums_add_privilege(priv_set, ctx, set); NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); done: @@ -162,7 +162,7 @@ done: /**************************************************************************** check if the privilege list is empty ****************************************************************************/ -BOOL check_empty_privilege(PRIVILEGE_SET *priv_set) +BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set) { return (priv_set->count == 0); } @@ -170,12 +170,12 @@ BOOL check_empty_privilege(PRIVILEGE_SET *priv_set) /**************************************************************************** check if the privilege is in the privilege list ****************************************************************************/ -BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) { int i; /* if the list is empty, obviously we can't have it */ - if (check_empty_privilege(priv_set)) + if (gums_check_empty_privilege(priv_set)) return False; for (i=0; i<priv_set->count; i++) { @@ -193,19 +193,19 @@ BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) /**************************************************************************** remove a privilege from a privilege array ****************************************************************************/ -NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) +NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) { LUID_ATTR *new_set; LUID_ATTR *old_set; int i,j; /* check if the privilege is in the list */ - if (!check_priv_in_privilege(priv_set, set)) + if (!gums_check_priv_in_privilege(priv_set, set)) return NT_STATUS_UNSUCCESSFUL; /* special case if it's the only privilege in the list */ if (priv_set->count==1) { - init_privilege(priv_set); + gums_init_privilege(priv_set); return NT_STATUS_OK; } @@ -252,14 +252,14 @@ NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR se /**************************************************************************** duplicates a privilege array ****************************************************************************/ -NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set) +NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set) { LUID_ATTR *new_set; LUID_ATTR *old_set; int i; *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET)); - init_privilege(*new_priv_set); + gums_init_privilege(*new_priv_set); /* special case if there are no privileges in the list */ if (priv_set->count == 0) { @@ -301,6 +301,8 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILE #define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ + +#if 0 NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) { DOM_SID *world = &global_sid_World; @@ -378,14 +380,14 @@ NTSTATUS gums_init_builtin_groups(void) return NT_STATUS_NO_MEMORY; } - /* Administrators */ + /* Administrators * / /* alloc group structure */ - g_obj.data = (void *)talloc(g_obj.mem_ctx, sizeof(GUMS_OBJ_GROUP)); - ALLOC_CHECK("gums_init_backend", g_obj.data, result, done); + g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP)); + ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done); /* make admins sid */ - g_grp = (GUMS_GROUP *)g_obj.data; + g_grp = (GUMS_GROUP *)g_obj.data.group; sid_copy(g_obj.sid, &global_sid_Builtin_Administrators); /* make security descriptor */ @@ -604,4 +606,5 @@ done: talloc_destroy(g_priv.mem_ctx); return result; } +#endif |