diff options
author | Simo Sorce <idra@samba.org> | 2002-10-22 16:10:45 +0000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2002-10-22 16:10:45 +0000 |
commit | c166b812a9d1733a8aec896884c37c6bdc73f070 (patch) | |
tree | 1a3c67d8a2b2e0bae78bfb7d92a02c5766f70103 /source3 | |
parent | 5324adb825c406360ee1482c6413cee9d63bfb40 (diff) | |
download | samba-c166b812a9d1733a8aec896884c37c6bdc73f070.tar.gz samba-c166b812a9d1733a8aec896884c37c6bdc73f070.tar.bz2 samba-c166b812a9d1733a8aec896884c37c6bdc73f070.zip |
Some was asking to look at this code, so better it stay there until we decide what to do with it.
Last updates are support for the right way to support privileges.
Simo.
(This used to be commit cae9074405dec5baf6bd34d48f36e2c81b24d2ea)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/gums.h | 224 | ||||
-rw-r--r-- | source3/sam/gumm_tdb.c | 70 | ||||
-rw-r--r-- | source3/sam/gums.c | 131 | ||||
-rw-r--r-- | source3/sam/gums_api.c | 814 | ||||
-rw-r--r-- | source3/sam/gums_helper.c | 607 |
5 files changed, 1846 insertions, 0 deletions
diff --git a/source3/include/gums.h b/source3/include/gums.h new file mode 100644 index 0000000000..d1799f377d --- /dev/null +++ b/source3/include/gums.h @@ -0,0 +1,224 @@ +/* + Unix SMB/CIFS implementation. + GUMS structures + Copyright (C) Simo Sorce 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _GUMS_H +#define _GUMS_H + +#define GUMS_VERSION_MAJOR 0 +#define GUMS_VERSION_MINOR 1 + +#define GUMS_OBJ_NORMAL_USER 1 +#define GUMS_OBJ_GROUP 2 +#define GUMS_OBJ_DOMAIN 3 +#define GUMS_OBJ_ALIAS 4 +#define GUMS_OBJ_WORKSTATION_TRUST 5 +#define GUMS_OBJ_SERVER_TRUST 6 +#define GUMS_OBJ_DOMAIN_TRUST 7 + +typedef struct gums_object +{ + TALLOC_CTX *mem_ctx; + + uint32 type; /* Object Type */ + uint32 version; /* Object Version */ + uint32 seq_num; /* Object Sequence Number */ + + SEC_DESC *sec_desc; /* Security Descriptor */ + + DOM_SID *sid; /* Object Sid */ + char *name; /* Object Name */ + char *description; /* Object Description */ + + void *data; /* Object Specific data */ + +} GUMS_OBJECT; + +typedef struct gums_user +{ + DOM_SID *group_sid; /* Primary Group SID */ + + NTTIME *logon_time; /* logon time */ + NTTIME *logoff_time; /* logoff time */ + NTTIME *kickoff_time; /* kickoff time */ + NTTIME *pass_last_set_time; /* password last set time */ + NTTIME *pass_can_change_time; /* password can change time */ + NTTIME *pass_must_change_time; /* password must change time */ + + char *full_name; /* user's full name string */ + char *home_dir; /* home directory string */ + char *dir_drive; /* home directory drive string */ + char *logon_script; /* logon script string */ + char *profile_path; /* profile path string */ + char *workstations; /* login from workstations string */ + char *unknown_str; /* don't know what this is, yet. */ + char *munged_dial; /* munged path name and dial-back tel number */ + + DATA_BLOB *lm_pw; /* .data is Null if no password */ + DATA_BLOB *nt_pw; /* .data is Null if no password */ + + uint32 unknown_3; /* 0x00ff ffff */ + + uint16 logon_divs; /* 168 - number of hours in a week */ + uint32 hours_len; /* normally 21 bytes */ + uint8 hours[MAX_HOURS_LEN]; + + uint32 unknown_5; /* 0x0002 0000 */ + uint32 unknown_6; /* 0x0000 04ec */ + +} GUMS_USER; + +typedef struct gums_group +{ + uint32 count; /* Number of SIDs */ + DOM_SID *members; /* SID array */ + +} GUMS_GROUP; + +typedef struct gums_data_set +{ + int type; /* GUMS_SET_xxx */ + void *data; + +} GUMS_DATA_SET; + +typedef struct gums_commit_set +{ + TALLOC_CTX *mem_ctx; + + uint32 type; /* Object type */ + DOM_SID sid; /* Object Sid */ + uint32 count; /* number of changes */ + GUMS_DATA_SET *data; +} GUMS_COMMIT_SET; + +typedef struct gums_privilege +{ + TALLOC_CTX *mem_ctx; + + uint32 type; /* Object Type */ + uint32 version; /* Object Version */ + uint32 seq_num; /* Object Sequence Number */ + + LUID_ATTR *privilege; /* Privilege Type */ + char *name; /* Object Name */ + char *description; /* Object Description */ + + uint32 count; + DOM_SID *members; + +} GUMS_PRIVILEGE; + + +typedef struct gums_functions +{ + /* Generic object functions */ + + NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name); + NTSTATUS (*set_domain_sid) (const DOM_SID *sid); + + NTSTATUS (*get_sequence_number) (void); + + NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type); + NTSTATUS (*delete_object) (const DOM_SID *sid); + + NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type); + NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name); + /* This function is used to get the list of all objects changed since b_time, it is + used to support PDC<->BDC synchronization */ + NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); + + NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type); + NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle); + NTSTATUS (*enumerate_objects_stop) (void *handle); + + /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. + Never use this function to update an object in the database, use set_object_values() */ + NTSTATUS (*set_object) (const GUMS_OBJECT *object); + + /* set object values function */ + NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); + + /* Group related functions */ + NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members); + NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); + NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); + + NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); + + NTSTATUS (*lock_sid) (const DOM_SID *sid); + NTSTATUS (*unlock_sid) (const DOM_SID *sid); + + /* privileges related functions */ + + NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members); + NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members); + NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv); + NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid); + /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ + NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); + +} GUMS_FUNCTIONS; + +/* define value types */ + +#define GUMS_SET_PRIMARY_GROUP 1 +#define GUMS_SET_SEC_DESC 2 + +/* user specific type values */ +#define GUMS_SET_LOGON_TIME 10 /* keep NTTIME consecutive */ +#define GUMS_SET_LOGOFF_TIME 11 /* too ease checking */ +#define GUMS_SET_KICKOFF_TIME 13 +#define GUMS_SET_PASS_LAST_SET_TIME 14 +#define GUMS_SET_PASS_CAN_CHANGE_TIME 15 +#define GUMS_SET_PASS_MUST_CHANGE_TIME 16 /* NTTIME end */ + +#define GUMS_SET_NAME 20 /* keep strings consecutive */ +#define GUMS_SET_DESCRIPTION 21 /* too ease checking */ +#define GUMS_SET_FULL_NAME 22 +#define GUMS_SET_HOME_DIRECTORY 23 +#define GUMS_SET_DRIVE 24 +#define GUMS_SET_LOGON_SCRIPT 25 +#define GUMS_SET_PROFILE_PATH 26 +#define GUMS_SET_WORKSTATIONS 27 +#define GUMS_SET_UNKNOWN_STRING 28 +#define GUMS_SET_MUNGED_DIAL 29 /* strings end */ + +#define GUMS_SET_LM_PASSWORD 40 +#define GUMS_SET_NT_PASSWORD 41 +#define GUMS_SET_PLAINTEXT_PASSWORD 42 +#define GUMS_SET_UNKNOWN_3 43 +#define GUMS_SET_LOGON_DIVS 44 +#define GUMS_SET_HOURS_LEN 45 +#define GUMS_SET_HOURS 46 +#define GUMS_SET_UNKNOWN_5 47 +#define GUMS_SET_UNKNOWN_6 48 + +#define GUMS_SET_MUST_CHANGE_PASS 50 +#define GUMS_SET_CANNOT_CHANGE_PASS 51 +#define GUMS_SET_PASS_NEVER_EXPIRE 52 +#define GUMS_SET_ACCOUNT_DISABLED 53 +#define GUMS_SET_ACCOUNT_LOCKOUT 54 + +/*group specific type values */ +#define GUMS_ADD_SID_LIST 60 +#define GUMS_DEL_SID_LIST 61 +#define GUMS_SET_SID_LIST 62 + +#endif /* _GUMS_H */ diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c new file mode 100644 index 0000000000..967890e99c --- /dev/null +++ b/source3/sam/gumm_tdb.c @@ -0,0 +1,70 @@ +/* + * Unix SMB/CIFS implementation. + * SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 + * Copyright (C) Simo Sorce 2000-2002 + * Copyright (C) Gerald Carter 2000 + * Copyright (C) Jeremy Allison 2001 + * Copyright (C) Andrew Bartlett 2002 + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +static int tdbgumm_debug_level = DBGC_ALL; +#undef DBGC_CLASS +#define DBGC_CLASS tdbgumm_debug_level + +#define GUMM_VERSION "20021012" +#define TDB_FILE_NAME "gums_storage.tdb" +#define TDB_FORMAT_STRING "B" +#define DOMAIN_PREFIX "DOMAIN_" +#define USER_PREFIX "USER_" +#define GROUP_PREFIX "GROUP_" +#define SID_PREFIX "SID_" + +static TDB_CONTEXT *gumm_tdb = NULL; + +/*************************************************************** + objects enumeration. +****************************************************************/ + +static NTSTATUS enumerate_objects(DOM_SID **sids, const DOM_SID *sid, const int obj_type); +{ + TDB_CONTEXT *enum_tdb = NULL; + TDB_DATA key; + + /* Open tdb gums module */ + if (!(enum_tdb = tdb_open_log(TDB_FILE_NAME, 0, TDB_DEFAULT, update?(O_RDWR|O_CREAT):O_RDONLY, 0600))) + { + DEBUG(0, ("Unable to open/create gumm tdb database\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + enum_key = tdb_firstkey(enum_tdb); + + + + tdb_close(enum_tdb); + + return NT_STATUS_OK; +} + + +static NTSTATUS module_init() +{ +} + diff --git a/source3/sam/gums.c b/source3/sam/gums.c new file mode 100644 index 0000000000..41218cee36 --- /dev/null +++ b/source3/sam/gums.c @@ -0,0 +1,131 @@ +/* + Unix SMB/CIFS implementation. + Grops and Users Management System initializations. + Copyright (C) Simo Sorce 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/*#undef DBGC_CLASS +#define DBGC_CLASS DBGC_GUMS*/ + +#define GMV_MAJOR 0 +#define GMV_MINOR 1 + +GUMS_FUNCTIONS *gums_storage; +static void *dl_handle; + +PRIVS privs[] = { + {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ + {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"}, + {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"}, + {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"}, + {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"}, + {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"}, + {PRIV_TCB, "SeTCB", "TCB"}, + {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, + {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, + {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, + {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, + {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"}, + {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, + {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, + {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, + {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"}, + {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, + {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, + {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, + {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, + {PRIV_AUDIT, "SeAudit", "Audit"}, + {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, + {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"}, + {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, + {PRIV_UNDOCK, "SeUndock", "Undock"}, + {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"}, + {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"}, + {PRIV_ALL, "SaAllPrivs", "All Privileges"} +}; + +NTSTATUS gums_init(const char *module_name) +{ + int (*module_version)(int); + NTSTATUS (*module_init)(); +/* gums_module_init module_init;*/ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + DEBUG(5, ("Opening gums module %s\n", module_name)); + dl_handle = sys_dlopen(module_name, RTLD_NOW); + if (!dl_handle) { + DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + module_version = sys_dlsym(dl_handle, "gumm_version"); + if (!module_version) { + DEBUG(0, ("ERROR: Failed to find gums module version!\n")); + goto error; + } + + if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) { + DEBUG(0, ("ERROR: Module's major version does not match gums version!\n")); + goto error; + } + + if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) { + DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n")); + } + + module_open = sys_dlsym(dl_handle, "gumm_init"); + if (!module_open) { + DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); + goto error; + } + + DEBUG(5, ("Initializing module %s\n", module_name)); + + ret = module_init(&gums_storage); + goto done; + +error: + ret = NT_STATUS_UNSUCCESSFUL; + sys_dlclose(dl_handle); + +done: + return ret; +} + +NTSTATUS gums_unload(void) +{ + NSTATUS ret; + NTSTATUS (*module_finalize)(); + + if (!dl_handle) + return NT_STATUS_UNSUCCESSFUL; + + module_close = sys_dlsym(dl_handle, "gumm_finalize"); + if (!module_finalize) { + DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("Finalizing module %s\n", module_name)); + + ret = module_finalize(); + sys_dlclose(dl_handle); +3 + return ret; +} diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c new file mode 100644 index 0000000000..c6c8402c93 --- /dev/null +++ b/source3/sam/gums_api.c @@ -0,0 +1,814 @@ +/* + Unix SMB/CIFS implementation. + GUMS structures + Copyright (C) Simo Sorce 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern GUMS_FUNCTIONS *gums_storage; + +/* Functions to get info from a GUMS object */ + +NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj) +{ + *type = obj->type; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj) +{ + *version = obj->version; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj) +{ + *sec_desc = obj->sec_desc; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj) +{ + *sid = obj->sid; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj) +{ + *name = obj->name; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj) +{ + *description = obj->description; + return NT_STATUS_OK; +} + +/* User specific functions */ + +NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj) +{ + if (!priv_set) + return NT_STATUS_INVALID_PARAMETER; + + *priv_set = obj->priv_set; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!sid) + return NT_STATUS_INVALID_PARAMETER; + + *sid = ((GUMS_USER *)(obj->data))->group_sid; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!nt_pwd) + return NT_STATUS_INVALID_PARAMETER; + + *nt_pwd = ((GUMS_USER *)(obj->data))->nt_pw; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!lm_pwd) + return NT_STATUS_INVALID_PARAMETER; + + *lm_pwd = ((GUMS_USER *)(obj->data))->lm_pw; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!fullname) + return NT_STATUS_INVALID_PARAMETER; + + *fullname = ((GUMS_USER *)(obj->data))->full_name; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!homedir) + return NT_STATUS_INVALID_PARAMETER; + + *homedir = ((GUMS_USER *)(obj->data))->home_dir; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!dirdrive) + return NT_STATUS_INVALID_PARAMETER; + + *dirdrive = ((GUMS_USER *)(obj->data))->dir_drive; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!logon_script) + return NT_STATUS_INVALID_PARAMETER; + + *logon_script = ((GUMS_USER *)(obj->data))->logon_script; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!profile_path) + return NT_STATUS_INVALID_PARAMETER; + + *profile_path = ((GUMS_USER *)(obj->data))->profile_path; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!workstations) + return NT_STATUS_INVALID_PARAMETER; + + *workstations = ((GUMS_USER *)(obj->data))->workstations; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!unknown_str) + return NT_STATUS_INVALID_PARAMETER; + + *unknown_str = ((GUMS_USER *)(obj->data))->unknown_str; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!munged_dial) + return NT_STATUS_INVALID_PARAMETER; + + *munged_dial = ((GUMS_USER *)(obj->data))->munged_dial; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_logon_time(NTTIME **logon_time, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!logon_time) + return NT_STATUS_INVALID_PARAMETER; + + *logon_time = ((GUMS_USER *)(obj->data))->logon_time; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_logoff_time(NTTIME **logoff_time, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!logoff_time) + return NT_STATUS_INVALID_PARAMETER; + + *logoff_time = ((GUMS_USER *)(obj->data))->logoff_time; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_kickoff_time(NTTIME **kickoff_time, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!kickoff_time) + return NT_STATUS_INVALID_PARAMETER; + + *kickoff_time = ((GUMS_USER *)(obj->data))->kickoff_time; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_pass_last_set_time(NTTIME **pass_last_set_time, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!pass_last_set_time) + return NT_STATUS_INVALID_PARAMETER; + + *pass_last_set_time = ((GUMS_USER *)(obj->data))->pass_last_set_time; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_pass_can_change_time(NTTIME **pass_can_change_time, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!pass_can_change_time) + return NT_STATUS_INVALID_PARAMETER; + + *pass_can_change_time = ((GUMS_USER *)(obj->data))->pass_can_change_time; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_pass_must_change_time(NTTIME **pass_must_change_time, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!pass_must_change_time) + return NT_STATUS_INVALID_PARAMETER; + + *pass_must_change_time = ((GUMS_USER *)(obj->data))->pass_must_change_time; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!logon_divs) + return NT_STATUS_INVALID_PARAMETER; + + *logon_divs = ((GUMS_USER *)(obj->data))->logon_divs; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!hours_len) + return NT_STATUS_INVALID_PARAMETER; + + *hours_len = ((GUMS_USER *)(obj->data))->hours_len; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!hours) + return NT_STATUS_INVALID_PARAMETER; + + *hours = ((GUMS_USER *)(obj->data))->hours; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_unknown_3(uint32 *unknown3, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!unknown3) + return NT_STATUS_INVALID_PARAMETER; + + *unknown3 = ((GUMS_USER *)(obj->data))->unknown_3; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_unknown_5(uint32 *unknown5, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!unknown5) + return NT_STATUS_INVALID_PARAMETER; + + *unknown5 = ((GUMS_USER *)(obj->data))->unknown_5; + return NT_STATUS_OK; +} + +NTSTATUS gums_get_user_unknown_6(uint32 *unknown6, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!unknown6) + return NT_STATUS_INVALID_PARAMETER; + + *unknown6 = ((GUMS_USER *)(obj->data))->unknown_6; + return NT_STATUS_OK; +} + +/* Group specific functions */ + +NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj) +{ + if (obj->type != GUMS_OBJ_GROUP && + obj->type != GUMS_OBJ_ALIAS) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!members) + return NT_STATUS_INVALID_PARAMETER; + + *count = ((GUMS_GROUP *)(obj->data))->count; + *members = ((GUMS_GROUP *)(obj->data))->members; + return NT_STATUS_OK; +} + +/* set functions */ + +NTSTATUS gums_create_data_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type) +{ + TALLOC_CTX *mem_ctx; + GUMS_COMMIT_SET *set; + + mem_ctx = talloc_init_named("commit_set"); + if (mem_ctx == NULL) + return NT_STATUS_NO_MEMORY; + set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET)); + if (set == NULL) { + talloc_destroy(mem_ctx); + return NT_STATUS_NO_MEMORY; + } + + set->mem_ctx = mem_ctx; + set->type = type; + sid_copy(&(set->sid), sid); + set->count = 0; + set->data = NULL; + *com_set = set; + + return NT_STATUS_OK; +} + +NTSTATUS gums_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) +{ + GUMS_DATA_SET *data_set; + SEC_DESC *new_sec_desc; + + if (!mem_ctx || !com_set || !sec_desc) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = GUMS_SET_SEC_DESC; + new_sec_desc = dup_sec_desc(mem_ctx, sec_desc); + if (new_sec_desc == NULL) + return NT_STATUS_NO_MEMORY; + + (SEC_DESC *)(data_set->data) = new_sec_desc; + + return NT_STATUS_OK; +} + +NTSTATUS gums_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) +{ + GUMS_DATA_SET *data_set; + LUID_ATTR *new_priv; + + if (!mem_ctx || !com_set) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = GUMS_ADD_PRIVILEGE; + if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) + return NT_STATUS_NO_MEMORY; + + (SEC_DESC *)(data_set->data) = new_priv; + + return NT_STATUS_OK; +} + +NTSTATUS gums_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) +{ + GUMS_DATA_SET *data_set; + LUID_ATTR *new_priv; + + if (!mem_ctx || !com_set) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = GUMS_DEL_PRIVILEGE; + if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) + return NT_STATUS_NO_MEMORY; + + (SEC_DESC *)(data_set->data) = new_priv; + + return NT_STATUS_OK; +} + +NTSTATUS gums_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) +{ + GUMS_DATA_SET *data_set; + PRIVILEGE_SET *new_priv_set; + + if (!mem_ctx || !com_set || !priv_set) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = GUMS_SET_SEC_DESC; + if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set))) + return NT_STATUS_NO_MEMORY; + + (SEC_DESC *)(data_set->data) = new_priv_set; + + return NT_STATUS_OK; +} + +NTSTATUS gums_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str) +{ + GUMS_DATA_SET *data_set; + char *new_str; + + if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = type; + new_str = talloc_strdup(mem_ctx, str); + if (new_str == NULL) + return NT_STATUS_NO_MEMORY; + + (char *)(data_set->data) = new_str; + + return NT_STATUS_OK; +} + +NTSTATUS gums_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name) +{ + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, name); +} + +NTSTATUS gums_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc) +{ + return gums_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc); +} + +NTSTATUS gums_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name); +} + +NTSTATUS gums_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir); +} + +NTSTATUS gums_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive); +} + +NTSTATUS gums_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script); +} + +NTSTATUS gums_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path); +} + +NTSTATUS gums_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks); +} + +NTSTATUS gums_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str); +} + +NTSTATUS gums_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial); +} + +NTSTATUS gums_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *time) +{ + GUMS_DATA_SET *data_set; + NTTIME *new_time; + + if (!mem_ctx || !com_set || !time || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = type; + new_time = talloc(mem_ctx, sizeof(NTTIME)); + if (new_time == NULL) + return NT_STATUS_NO_MEMORY; + + new_time->low = time->low; + new_time->high = time->high; + (char *)(data_set->data) = new_time; + + return NT_STATUS_OK; +} + +NTSTATUS gums_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time); +} + +NTSTATUS gums_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time); +} + +NTSTATUS gums_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); +} + +NTSTATUS gums_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time); +} + +NTSTATUS gums_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time); +} + +NTSTATUS gums_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) +{ + if (com_set->type != GUMS_OBJ_NORMAL_USER) + return NT_STATUS_INVALID_PARAMETER; + + return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time); +} + +NTSTATUS gums_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +{ + GUMS_DATA_SET *data_set; + DOM_SID **new_sids; + int i; + + if (!mem_ctx || !com_set || !sids) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = GUMS_ADD_SID_LIST; + new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); + if (new_sids == NULL) + return NT_STATUS_NO_MEMORY; + for (i = 0; i < count; i++) { + new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); + if (new_sids[i] == NULL) + return NT_STATUS_NO_MEMORY; + } + + (SEC_DESC *)(data_set->data) = new_sids; + + return NT_STATUS_OK; +} + +NTSTATUS gums_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +{ + if (!mem_ctx || !com_set || !sids) + return NT_STATUS_INVALID_PARAMETER; + if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) + return NT_STATUS_INVALID_PARAMETER; + + return gums_add_sids_to_group(mem_ctx, com_set, sids, count); +} + +NTSTATUS gums_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +{ + if (!mem_ctx || !com_set || !sids) + return NT_STATUS_INVALID_PARAMETER; + if (com_set->type != GUMS_OBJ_ALIAS) + return NT_STATUS_INVALID_PARAMETER; + + return gums_add_sids_to_group(mem_ctx, com_set, sids, count); +} + +NTSTATUS gums_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +{ + GUMS_DATA_SET *data_set; + DOM_SID **new_sids; + int i; + + if (!mem_ctx || !com_set || !sids) + return NT_STATUS_INVALID_PARAMETER; + if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = GUMS_DEL_SID_LIST; + new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); + if (new_sids == NULL) + return NT_STATUS_NO_MEMORY; + for (i = 0; i < count; i++) { + new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); + if (new_sids[i] == NULL) + return NT_STATUS_NO_MEMORY; + } + + (SEC_DESC *)(data_set->data) = new_sids; + + return NT_STATUS_OK; +} + +NTSTATUS gums_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +{ + GUMS_DATA_SET *data_set; + DOM_SID **new_sids; + int i; + + if (!mem_ctx || !com_set || !sids) + return NT_STATUS_INVALID_PARAMETER; + if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) + return NT_STATUS_INVALID_PARAMETER; + + com_set->count = com_set->count + 1; + if (com_set->count == 1) { /* first data set */ + data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + } else { + data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + } + if (data_set == NULL) + return NT_STATUS_NO_MEMORY; + + com_set->data = data_set; + data_set = &((com_set->data)[com_set->count - 1]); + + data_set->type = GUMS_SET_SID_LIST; + new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); + if (new_sids == NULL) + return NT_STATUS_NO_MEMORY; + for (i = 0; i < count; i++) { + new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); + if (new_sids[i] == NULL) + return NT_STATUS_NO_MEMORY; + } + + (SEC_DESC *)(data_set->data) = new_sids; + + return NT_STATUS_OK; +} + + +NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) +{ + return gums_storage->set_object_values(set->sid, set->count, set->data); +} + +NTSTATUS gums_destroy_data_set(GUMS_COMMIT_SET **com_set) +{ + talloc_destroy((*com_set)->mem_ctx); + *com_set = NULL; + + return NT_STATUS_OK; +} + diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c new file mode 100644 index 0000000000..d581d6574e --- /dev/null +++ b/source3/sam/gums_helper.c @@ -0,0 +1,607 @@ +/* + Unix SMB/CIFS implementation. + GUMS backends helper functions + Copyright (C) Simo Sorce 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern GUMS_FUNCTIONS *gums_storage; + +extern DOM_SID global_sid_World; +extern DOM_SID global_sid_Builtin_Administrators; +extern DOM_SID global_sid_Builtin_Power_Users; +extern DOM_SID global_sid_Builtin_Account_Operators; +extern DOM_SID global_sid_Builtin_Server_Operators; +extern DOM_SID global_sid_Builtin_Print_Operators; +extern DOM_SID global_sid_Builtin_Backup_Operators; +extern DOM_SID global_sid_Builtin_Replicator; +extern DOM_SID global_sid_Builtin_Users; +extern DOM_SID global_sid_Builtin_Guests; + + +/* defines */ + +#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) +#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) + +/**************************************************************************** + Check if a user is a mapped group. + + This function will check if the group SID is mapped onto a + system managed gid or onto a winbind manged sid. + In the first case it will be threated like a mapped group + and the backend should take the member list with a getgrgid + and ignore any user that have been possibly set into the group + object. + + In the second case, the group is a fully SAM managed group + served back to the system through winbind. In this case the + members of a Local group are "unrolled" to cope with the fact + that unix cannot contain groups inside groups. + The backend MUST never call any getgr* / getpw* function or + loops with winbind may happen. + ****************************************************************************/ + +/* +NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) +{ + NTSTATUS result; + gid_t id; + + /* look if mapping exist, do not make idmap alloc an uid if SID is not found * / + result = idmap_get_gid_from_sid(&id, sid, False); + if (NT_STATUS_IS_OK(result)) { + *mapped = gid_is_in_winbind_range(id); + } else { + *mapped = False; + } + + return result; +} +*/ + +/**************************************************************************** + duplicate alloc luid_attr + ****************************************************************************/ +NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la) +{ + *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR)); + if (*new_la == NULL) { + DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n")); + return NT_STATUS_NO_MEMORY; + } + + (*new_la)->luid.high = old_la.luid.high; + (*new_la)->luid.low = old_la.luid.low; + (*new_la)->attr = old_la.attr; + + return NT_STATUS_OK; +} + +/**************************************************************************** + initialise a privilege list + ****************************************************************************/ +void init_privilege(PRIVILEGE_SET *priv_set) +{ + priv_set->count=0; + priv_set->control=0; + priv_set->set=NULL; +} + +/**************************************************************************** + add a privilege to a privilege array + ****************************************************************************/ +NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) +{ + LUID_ATTR *new_set; + + /* check if the privilege is not already in the list */ + if (check_priv_in_privilege(priv_set, set)) + return NT_STATUS_UNSUCCESSFUL; + + /* we can allocate memory to add the new privilege */ + + new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR))); + if (new_set==NULL) { + DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n")); + return NT_STATUS_NO_MEMORY; + } + + new_set[priv_set->count].luid.high=set.luid.high; + new_set[priv_set->count].luid.low=set.luid.low; + new_set[priv_set->count].attr=set.attr; + + priv_set->count++; + priv_set->set=new_set; + + return NT_STATUS_OK; +} + +/**************************************************************************** + add all the privileges to a privilege array + ****************************************************************************/ +NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx) +{ + NTSTATUS result = NT_STATUS_OK; + LUID_ATTR set; + + set.attr=0; + set.luid.high=0; + + set.luid.low=SE_PRIV_ADD_USERS; + result = add_privilege(priv_set, ctx, set); + NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); + + set.luid.low=SE_PRIV_ADD_MACHINES; + result = add_privilege(priv_set, ctx, set); + NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); + + set.luid.low=SE_PRIV_PRINT_OPERATOR; + result = add_privilege(priv_set, ctx, set); + NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); + +done: + return result; +} + +/**************************************************************************** + check if the privilege list is empty + ****************************************************************************/ +BOOL check_empty_privilege(PRIVILEGE_SET *priv_set) +{ + return (priv_set->count == 0); +} + +/**************************************************************************** + check if the privilege is in the privilege list + ****************************************************************************/ +BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + int i; + + /* if the list is empty, obviously we can't have it */ + if (check_empty_privilege(priv_set)) + return False; + + for (i=0; i<priv_set->count; i++) { + LUID_ATTR *cur_set; + + cur_set=&priv_set->set[i]; + /* check only the low and high part. Checking the attr field has no meaning */ + if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) ) + return True; + } + + return False; +} + +/**************************************************************************** + remove a privilege from a privilege array + ****************************************************************************/ +NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) +{ + LUID_ATTR *new_set; + LUID_ATTR *old_set; + int i,j; + + /* check if the privilege is in the list */ + if (!check_priv_in_privilege(priv_set, set)) + return NT_STATUS_UNSUCCESSFUL; + + /* special case if it's the only privilege in the list */ + if (priv_set->count==1) { + init_privilege(priv_set); + return NT_STATUS_OK; + } + + /* + * the privilege is there, create a new list, + * and copy the other privileges + */ + + old_set = priv_set->set; + + new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); + if (new_set==NULL) { + DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); + return NT_STATUS_NO_MEMORY; + } + + for (i=0, j=0; i<priv_set->count; i++) { + if ((old_set[i].luid.low == set.luid.low) && + (old_set[i].luid.high == set.luid.high)) { + continue; + } + + new_set[j].luid.low = old_set[i].luid.low; + new_set[j].luid.high = old_set[i].luid.high; + new_set[j].attr = old_set[i].attr; + + j++; + } + + if (j != priv_set->count - 1) { + DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); + DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); + return NT_STATUS_INTERNAL_ERROR; + } + + /* ok everything is fine */ + + priv_set->count--; + priv_set->set=new_set; + + return NT_STATUS_OK; +} + +/**************************************************************************** + duplicates a privilege array + ****************************************************************************/ +NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set) +{ + LUID_ATTR *new_set; + LUID_ATTR *old_set; + int i; + + *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET)); + init_privilege(*new_priv_set); + + /* special case if there are no privileges in the list */ + if (priv_set->count == 0) { + return NT_STATUS_OK; + } + + /* + * create a new list, + * and copy the other privileges + */ + + old_set = priv_set->set; + + new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); + if (new_set==NULL) { + DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i < priv_set->count; i++) { + + new_set[i].luid.low = old_set[i].luid.low; + new_set[i].luid.high = old_set[i].luid.high; + new_set[i].attr = old_set[i].attr; + } + + (*new_priv_set)->count = priv_set->count; + (*new_priv_set)->control = priv_set->control; + (*new_priv_set)->set = new_set; + + return NT_STATUS_OK; +} + +#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013 +#define ALIAS_DEFAULT_DACL_SA_RIGHTS \ + (READ_CONTROL_ACCESS | \ + SA_RIGHT_ALIAS_LOOKUP_INFO | \ + SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */ + +#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ + +NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) +{ + DOM_SID *world = &global_sid_World; + DOM_SID *admins = &global_sid_Builtin_Administrators; + SEC_ACCESS sa; + SEC_ACE sacl_ace; + SEC_ACE dacl_aces[2]; + SEC_ACL *sacl = NULL; + SEC_ACL *dacl = NULL; + size_t psize; + + init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS); + init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG); + + sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace); + if (!sacl) { + DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); + return NT_STATUS_NO_MEMORY; + } + + init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS); + init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); + init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS); + init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); + + dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces); + if (!sacl) { + DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); + return NT_STATUS_NO_MEMORY; + } + + *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize); + if (!(*sec_desc)) { + DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask) +{ + NTSTATUS result; + SEC_ACE *new_aces; + unsigned num_aces; + int i; + + num_aces = sec_desc->dacl->num_aces + 1; + result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask); + if (NT_STATUS_IS_OK(result)) { + sec_desc->dacl->ace = new_aces; + sec_desc->dacl->num_aces = num_aces; + sec_desc->dacl->size = SEC_ACL_HEADER_SIZE; + for (i = 0; i < num_aces; i++) { + sec_desc->dacl->size += sec_desc->dacl->ace[i].size; + } + } + return result; +} + +NTSTATUS gums_init_builtin_groups(void) +{ + NTSTATUS result; + GUMS_OBJECT g_obj; + GUMS_GROUP *g_grp; + GUMS_PRIVILEGE g_priv; + + /* Build the well known Builtin Local Groups */ + g_obj.type = GUMS_OBJ_GROUP; + g_obj.version = 1; + g_obj.seq_num = 0; + g_obj.mem_ctx = talloc_init_named("gums_init_backend_acct"); + if (g_obj.mem_ctx == NULL) { + DEBUG(0, ("gums_init_backend: Out of Memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + /* Administrators */ + + /* alloc group structure */ + g_obj.data = (void *)talloc(g_obj.mem_ctx, sizeof(GUMS_OBJ_GROUP)); + ALLOC_CHECK("gums_init_backend", g_obj.data, result, done); + + /* make admins sid */ + g_grp = (GUMS_GROUP *)g_obj.data; + sid_copy(g_obj.sid, &global_sid_Builtin_Administrators); + + /* make security descriptor */ + result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx); + NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done); + + /* make privilege set */ + /* From BDC join trace: + SeSecurityPrivilege + SeBackupPrivilege + SeRestorePrivilege + SeSystemtimePrivilege + SeShutdownPrivilege + SeRemoteShutdownPrivilege + SeTakeOwnershipPrivilege + SeDebugPrivilege + SeSystemEnvironmentPrivilege + SeSystemProfilePrivilege + SeProfileSingleProcessPrivilege + SeIncreaseBasePriorityPrivilege + SeLocalDriverPrivilege + SeCreatePagefilePrivilege + SeIncreaseQuotaPrivilege + */ + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* numebr of group members */ + g_grp->count = 0; + g_grp->members = NULL; + + /* store Administrators group */ + result = gums_storage->set_object(&g_obj); + + /* Power Users */ + /* Domain Controllers Does NOT have power Users */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users); + + /* make privilege set */ + /* SE_PRIV_??? */ + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ +/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Power Users group */ + result = gums_storage->set_object(&g_obj); + + /* Account Operators */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators); + + /* make privilege set */ + /* From BDC join trace: + SeShutdownPrivilege + */ + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Account Operators group */ + result = gums_storage->set_object(&g_obj); + + /* Server Operators */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators); + + /* make privilege set */ + /* From BDC join trace: + SeBackupPrivilege + SeRestorePrivilege + SeSystemtimePrivilege + SeShutdownPrivilege + SeRemoteShutdownPrivilege + */ + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Server Operators group */ + result = gums_storage->set_object(&g_obj); + + /* Print Operators */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators); + + /* make privilege set */ + /* From BDC join trace: + SeShutdownPrivilege + */ + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Print Operators group */ + result = gums_storage->set_object(&g_obj); + + /* Backup Operators */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators); + + /* make privilege set */ + /* From BDC join trace: + SeBackupPrivilege + SeRestorePrivilege + SeShutdownPrivilege + */ + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Backup Operators group */ + result = gums_storage->set_object(&g_obj); + + /* Replicator */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Replicator); + + /* make privilege set */ + /* From BDC join trace: + SeBackupPrivilege + SeRestorePrivilege + SeShutdownPrivilege + */ + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Replicator group */ + result = gums_storage->set_object(&g_obj); + + /* Users */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Users); + + /* add ACE to sec dsec dacl */ + sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); + sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Users group */ + result = gums_storage->set_object(&g_obj); + + /* Guests */ + + sid_copy(g_obj.sid, &global_sid_Builtin_Guests); + + /* set name */ + g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests"); + ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + + /* set description */ + g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain"); + ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + + /* store Guests group */ + result = gums_storage->set_object(&g_obj); + + /* set default privileges */ + g_priv.type = GUMS_OBJ_GROUP; + g_priv.version = 1; + g_priv.seq_num = 0; + g_priv.mem_ctx = talloc_init_named("gums_init_backend_priv"); + if (g_priv.mem_ctx == NULL) { + DEBUG(0, ("gums_init_backend: Out of Memory!\n")); + return NT_STATUS_NO_MEMORY; + } + + + +done: + talloc_destroy(g_obj.mem_ctx); + talloc_destroy(g_priv.mem_ctx); + return result; +} + |