diff options
| -rw-r--r-- | source3/Makefile.in | 75 | ||||
| -rw-r--r-- | source3/include/rpc_netlogon.h | 415 | ||||
| -rw-r--r-- | source3/libnet/libnet_conf.c | 2 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/cli_netlogon.c | 12 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/cli_netlogon.h | 12 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/ndr_netlogon.c | 92 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/netlogon.h | 8 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/srv_netlogon.c | 4 | ||||
| -rw-r--r-- | source3/librpc/idl/netlogon.idl | 12 | ||||
| -rw-r--r-- | source3/libsmb/credentials.c | 31 | ||||
| -rw-r--r-- | source3/nsswitch/libwbclient/wbc_pam.c | 128 | ||||
| -rw-r--r-- | source3/nsswitch/wbinfo.c | 5 | ||||
| -rw-r--r-- | source3/param/loadparm.c | 2 | ||||
| -rw-r--r-- | source3/registry/reg_api.c | 331 | ||||
| -rw-r--r-- | source3/registry/reg_init_smbconf.c | 4 | ||||
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 105 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_net.c | 1300 | ||||
| -rw-r--r-- | source3/rpc_server/srv_winreg_nt.c | 293 | ||||
| -rw-r--r-- | source3/rpcclient/cmd_netlogon.c | 303 | ||||
| -rw-r--r-- | source3/torture/samtest.h | 37 | ||||
| -rw-r--r-- | source3/torture/smbiconv.c | 9 | ||||
| -rw-r--r-- | source3/utils/net_rpc_samsync.c | 944 |
22 files changed, 1362 insertions, 2762 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 79863b7316..c3840d788d 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -214,7 +214,7 @@ BIN_PROGS = @EXTRA_BIN_PROGS@ @SMBMOUNT_PROGS@ \ EVERYTHING_PROGS = bin/debug2html@EXEEXT@ bin/smbfilter@EXEEXT@ \ bin/talloctort@EXEEXT@ bin/replacetort@EXEEXT@ \ bin/log2pcap@EXEEXT@ bin/sharesec@EXEEXT@ bin/ndrdump@EXEEXT@ \ - bin/vlp@EXEEXT@ + bin/vlp@EXEEXT@ bin/smbiconv@EXEEXT@ SHLIBS = libtalloc libtdb @LIBWBCLIENT@ @LIBSMBCLIENT@ @LIBSMBSHAREMODES@ @LIBADDNS@ libnetapi @@ -459,7 +459,8 @@ REGISTRY_OBJ = registry/reg_init_full.o registry/reg_cachehook.o \ registry/reg_dispatcher.o \ $(REGISTRY_BACKENDS) \ $(UTIL_REG_API_OBJ) \ - $(REG_INIT_SMBCONF_OBJ) + $(REG_INIT_SMBCONF_OBJ) \ + $(REGFIO_OBJ) # objects to be used when not all of the registry code should be # loaded but only the portion needed by reg_api, typically for @@ -474,7 +475,8 @@ REG_API_OBJ = registry/reg_api.o \ \ lib/util_nttoken.o \ $(UTIL_REG_API_OBJ) \ - $(REG_INIT_SMBCONF_OBJ) + $(REG_INIT_SMBCONF_OBJ) \ + $(REGFIO_OBJ) RPC_LSA_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o librpc/gen_ndr/srv_lsa.o @@ -489,8 +491,7 @@ RPC_SAMR_OBJ = rpc_server/srv_samr_nt.o \ RPC_INITSHUTDOWN_OBJ = librpc/gen_ndr/srv_initshutdown.o rpc_server/srv_initshutdown_nt.o RPC_REG_OBJ = rpc_server/srv_winreg_nt.o \ - librpc/gen_ndr/srv_winreg.o \ - $(REGFIO_OBJ) + librpc/gen_ndr/srv_winreg.o RPC_DSSETUP_OBJ = rpc_server/srv_dssetup_nt.o librpc/gen_ndr/srv_dssetup.o @@ -721,7 +722,7 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) @LIB $(SECRETS_OBJ) $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o \ $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) $(LDB_OBJ) $(ERRORMAP_OBJ) -SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) +SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ0) DISPLAY_SEC_OBJ= lib/display_sec.o DISPLAY_DSDCINFO_OBJ= lib/display_dsdcinfo.o @@ -745,12 +746,14 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ PAM_WINBIND_OBJ = nsswitch/pam_winbind.o $(WBCOMMON_OBJ) \ $(LIBREPLACE_OBJ) @BUILD_INIPARSER@ -LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o libsmb/libsmb_compat.o \ - libsmb/libsmb_cache.o \ - $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(RPC_PARSE_OBJ) \ - $(SECRETS_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(LDB_OBJ) +LIBSMBCLIENT_OBJ0 = libsmb/libsmbclient.o libsmb/libsmb_compat.o \ + libsmb/libsmb_cache.o \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(RPC_PARSE_OBJ) \ + $(SECRETS_OBJ) $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(LDB_OBJ) + +LIBSMBCLIENT_OBJ = $(LIBSMBCLIENT_OBJ0) @LIBWBCLIENT_STATIC@ LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o @LIBTDB_STATIC@ @@ -808,7 +811,7 @@ NET_OBJ = $(NET_OBJ1) $(PARAM_WITHOUT_REG_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \ $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(SERVER_MUTEX_OBJ) \ - $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(REGFIO_OBJ) $(READLINE_OBJ) \ + $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(READLINE_OBJ) \ $(LDB_OBJ) $(LIBGPO_OBJ) @BUILD_INIPARSER@ $(DISPLAY_SEC_OBJ) \ $(REG_API_OBJ) $(DISPLAY_DSDCINFO_OBJ) @LIBNETAPI_STATIC@ $(LIBNET_OBJ) \ $(WBCOMMON_OBJ) @LIBWBCLIENT_STATIC@ @@ -858,7 +861,7 @@ PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ) -SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) +SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) $(DOSERR_OBJ) LOG2PCAP_OBJ = utils/log2pcaphex.o @@ -1272,17 +1275,17 @@ bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@ -bin/smbmount@EXEEXT@: $(BINARY_PREREQS) $(MOUNT_OBJ) @BUILD_POPT@ +bin/smbmount@EXEEXT@: $(BINARY_PREREQS) $(MOUNT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ + @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@ bin/smbmnt@EXEEXT@: $(BINARY_PREREQS) $(MNT_OBJ) @BUILD_POPT@ @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(MNT_OBJ) $(DYNEXP) $(LDFLAGS) @POPTLIBS@ -bin/smbumount@EXEEXT@: $(BINARY_PREREQS) $(UMOUNT_OBJ) @BUILD_POPT@ +bin/smbumount@EXEEXT@: $(BINARY_PREREQS) $(UMOUNT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ + @$(CC) $(FLAGS) -o $@ $(UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@ bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @BUILD_POPT@ @echo Linking $@ @@ -1292,10 +1295,10 @@ bin/umount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @BUILD_POPT@ @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) @POPTLIBS@ -bin/cifs.spnego@EXEEXT@: $(BINARY_PREREQS) $(CIFS_SPNEGO_OBJ) $(LIBSMBCLIENT_OBJ) @BUILD_POPT@ +bin/cifs.spnego@EXEEXT@: $(BINARY_PREREQS) $(CIFS_SPNEGO_OBJ) $(LIBSMBCLIENT_OBJ0) @BUILD_POPT@ @LIBTDB_SHARED@ @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(CIFS_SPNEGO_OBJ) $(DYNEXP) $(LDFLAGS) -lkeyutils $(LIBS) \ - $(LIBSMBCLIENT_OBJ) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBWBCLIENT_SHARED@ + $(LIBSMBCLIENT_OBJ0) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBWBCLIENT_SHARED@ @LIBTDB_LIBS@ bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @echo Linking $@ @@ -1335,10 +1338,6 @@ bin/smbget@EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \ @LIBTDB_LIBS@ @WINBIND_LIBS@ -bin/samtest@EXEEXT@: $(SAMTEST_OBJ) @BUILD_POPT@ - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(KRB5LIBS) $(LDAP_LIBS) - bin/nmblookup@EXEEXT@: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \ @@ -1400,9 +1399,9 @@ bin/vfstest@EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ @LIBTDB_SHARE @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) $(ACL_LIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) @SMBD_LIBS@ $(NSCD_LIBS) @LIBTDB_LIBS@ @LIBWBCLIENT_SHARED@ -bin/smbiconv@EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@ +bin/smbiconv@EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBICONV_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @POPTLIBS@ + @$(CC) $(FLAGS) -o $@ $(SMBICONV_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@ bin/log2pcap@EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ @echo Linking $@ @@ -1500,9 +1499,9 @@ bin/libaddns.a: $(BINARY_PREREQS) $(LIBADDNS_OBJ) @echo Linking non-shared library $@ @-$(AR) -rc $@ $(LIBADDNS_OBJ) -$(LIBNETAPI_SHARED_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ) @LIBWBCLIENT_SHARED@ +$(LIBNETAPI_SHARED_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking shared library $@ - @$(SHLD_DSO) $(LIBNETAPI_OBJ) @LIBWBCLIENT_SHARED@ $(LIBS) \ + @$(SHLD_DSO) $(LIBNETAPI_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ $(LIBS) \ $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \ @SONAMEFLAG@`basename $@`.$(SONAME_VER) @@ -1510,19 +1509,19 @@ $(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ1) @echo Linking non-shared library $@ @-$(AR) -rc $@ $(LIBNETAPI_OBJ1) -bin/libsmbclient.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) @LIBWBCLIENT_SHARED@ +bin/libsmbclient.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @echo Linking shared library $@ - @$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) @LIBWBCLIENT_SHARED@ $(LIBS) \ + @$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) @LIBTDB_LIBS@ @LIBWBCLIENT_SHARED@ $(LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \ @SONAMEFLAG@`basename $@`.$(SONAME_VER) -bin/libsmbclient.a: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) +bin/libsmbclient.a: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ0) @echo Linking non-shared library $@ - @-$(AR) -rc $@ $(LIBSMBCLIENT_OBJ) + @-$(AR) -rc $@ $(LIBSMBCLIENT_OBJ0) -bin/libsmbsharemodes.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ) +bin/libsmbsharemodes.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ) @LIBTDB_SHARED@ @echo Linking shared library $@ - @$(SHLD_DSO) $(LIBSMBSHAREMODES_OBJ) $(LIBS) \ + @$(SHLD_DSO) $(LIBSMBSHAREMODES_OBJ) $(LIBS) @LIBTDB_LIBS@ \ $(KRB5LIBS) $(LDAP_LIBS) \ @SONAMEFLAG@`basename $@`.$(SONAME_VER) @@ -1883,19 +1882,19 @@ bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTDB_SHARED@ @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@ $(TDBBACKUP_OBJ) + @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBBACKUP_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@ bin/tdbtool@EXEEXT@: $(BINARY_PREREQS) $(TDBTOOL_OBJ) @LIBTDB_SHARED@ @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) @LIBTDB_SHARED@ $(TDBTOOL_OBJ) + @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTOOL_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@ bin/tdbdump@EXEEXT@: $(BINARY_PREREQS) $(TDBDUMP_OBJ) @LIBTDB_SHARED@ @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@ $(TDBDUMP_OBJ) + @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBDUMP_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@ bin/tdbtorture@EXEEXT@: $(BINARY_PREREQS) $(TDBTORTURE_OBJ) @LIBTDB_SHARED@ @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@ $(TDBTORTURE_OBJ) + @$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTORTURE_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@ bin/t_strcmp@EXEEXT@: $(BINARY_PREREQS) bin/libbigballofmud.@SHLIBEXT@ torture/t_strcmp.o $(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) torture/t_strcmp.o -L ./bin -lbigballofmud diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index f8c9fc5c7f..4105b34e10 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -63,11 +63,6 @@ #define SAM_DELTA_DELETE_USER 0x15 #define SAM_DELTA_MODIFIED_COUNT 0x16 -/* SAM database types */ -#define SAM_DATABASE_DOMAIN 0x00 /* Domain users and groups */ -#define SAM_DATABASE_BUILTIN 0x01 /* BUILTIN users and groups */ -#define SAM_DATABASE_PRIVS 0x02 /* Privileges */ - /* flags use when sending a NETLOGON_CONTROL request */ #define NETLOGON_CONTROL_SYNC 0x2 @@ -281,42 +276,6 @@ typedef struct net_user_info_3 { uint32 *other_sids_attrib; } NET_USER_INFO_3; - -/* NETLOGON_INFO_1 - pdc status info, i presume */ -typedef struct netlogon_1_info { - uint32 flags; /* 0x0 - undocumented */ - uint32 pdc_status; /* 0x0 - undocumented */ -} NETLOGON_INFO_1; - -/* NETLOGON_INFO_2 - pdc status info, plus trusted domain info */ -typedef struct netlogon_2_info { - uint32 flags; /* 0x0 - undocumented */ - uint32 pdc_status; /* 0x0 - undocumented */ - uint32 ptr_trusted_dc_name; /* pointer to trusted domain controller name */ - uint32 tc_status; - UNISTR2 uni_trusted_dc_name; /* unicode string - trusted dc name */ -} NETLOGON_INFO_2; - -/* NETLOGON_INFO_3 - logon status info, i presume */ -typedef struct netlogon_3_info { - uint32 flags; /* 0x0 - undocumented */ - uint32 logon_attempts; /* number of logon attempts */ - uint32 reserved_1; /* 0x0 - undocumented */ - uint32 reserved_2; /* 0x0 - undocumented */ - uint32 reserved_3; /* 0x0 - undocumented */ - uint32 reserved_4; /* 0x0 - undocumented */ - uint32 reserved_5; /* 0x0 - undocumented */ -} NETLOGON_INFO_3; - -/******************************************************** - Logon Control Query - - This is generated by a nltest /bdc_query:DOMAIN - - query_level 0x1, function_code 0x1 - - ********************************************************/ - /* NEG_FLAGS */ typedef struct neg_flags_info { uint32 neg_flags; /* negotiated flags */ @@ -508,30 +467,6 @@ typedef struct net_r_sam_logoff_info { NTSTATUS status; /* return code */ } NET_R_SAM_LOGOFF; -/* NET_Q_SAM_SYNC */ -typedef struct net_q_sam_sync_info { - UNISTR2 uni_srv_name; /* \\PDC */ - UNISTR2 uni_cli_name; /* BDC */ - DOM_CRED cli_creds; - DOM_CRED ret_creds; - - uint32 database_id; - uint32 restart_state; - uint32 sync_context; - - uint32 max_size; /* preferred maximum length */ -} NET_Q_SAM_SYNC; - -/* SAM_DELTA_HDR */ -typedef struct sam_delta_hdr_info { - uint16 type; /* type of structure attached */ - uint16 type2; - uint32 target_rid; - - uint32 type3; - uint32 ptr_delta; -} SAM_DELTA_HDR; - /* LOCKOUT_STRING */ typedef struct account_lockout_string { uint32 array_size; @@ -551,356 +486,6 @@ typedef struct hdr_account_lockout_string { uint32 buffer; } HDR_LOCKOUT_STRING; -/* SAM_DOMAIN_INFO (0x1) */ -typedef struct sam_domain_info_info { - UNIHDR hdr_dom_name; - UNIHDR hdr_oem_info; - - uint64 force_logoff; - uint16 min_pwd_len; - uint16 pwd_history_len; - uint64 max_pwd_age; - uint64 min_pwd_age; - uint64 dom_mod_count; - NTTIME creation_time; - uint32 security_information; - - BUFHDR4 hdr_sec_desc; /* security descriptor */ - - HDR_LOCKOUT_STRING hdr_account_lockout; - - UNIHDR hdr_unknown2; - UNIHDR hdr_unknown3; - UNIHDR hdr_unknown4; - - UNISTR2 uni_dom_name; - UNISTR2 buf_oem_info; - - RPC_DATA_BLOB buf_sec_desc; - - LOCKOUT_STRING account_lockout; - - UNISTR2 buf_unknown2; - UNISTR2 buf_unknown3; - UNISTR2 buf_unknown4; - - uint32 logon_chgpass; - uint32 unknown6; - uint32 unknown7; - uint32 unknown8; -} SAM_DOMAIN_INFO; - -/* SAM_GROUP_INFO (0x2) */ -typedef struct sam_group_info_info { - UNIHDR hdr_grp_name; - DOM_GID gid; - UNIHDR hdr_grp_desc; - BUFHDR2 hdr_sec_desc; /* security descriptor */ - uint8 reserved[48]; - - UNISTR2 uni_grp_name; - UNISTR2 uni_grp_desc; - RPC_DATA_BLOB buf_sec_desc; -} SAM_GROUP_INFO; - -/* SAM_PWD */ -typedef struct sam_passwd_info { - /* this structure probably contains password history */ - /* this is probably a count of lm/nt pairs */ - uint32 unk_0; /* 0x0000 0002 */ - - UNIHDR hdr_lm_pwd; - uint8 buf_lm_pwd[16]; - - UNIHDR hdr_nt_pwd; - uint8 buf_nt_pwd[16]; - - UNIHDR hdr_empty_lm; - UNIHDR hdr_empty_nt; -} SAM_PWD; - -/* SAM_ACCOUNT_INFO (0x5) */ -typedef struct sam_account_info_info { - UNIHDR hdr_acct_name; - UNIHDR hdr_full_name; - - uint32 user_rid; - uint32 group_rid; - - UNIHDR hdr_home_dir; - UNIHDR hdr_dir_drive; - UNIHDR hdr_logon_script; - UNIHDR hdr_acct_desc; - UNIHDR hdr_workstations; - - NTTIME logon_time; - NTTIME logoff_time; - - uint32 logon_divs; /* 0xA8 */ - uint32 ptr_logon_hrs; - - uint16 bad_pwd_count; - uint16 logon_count; - NTTIME pwd_last_set_time; - NTTIME acct_expiry_time; - - uint32 acb_info; - uint8 nt_pwd[16]; - uint8 lm_pwd[16]; - uint8 nt_pwd_present; - uint8 lm_pwd_present; - uint8 pwd_expired; - - UNIHDR hdr_comment; - UNIHDR hdr_parameters; - uint16 country; - uint16 codepage; - - BUFHDR2 hdr_sec_desc; /* security descriptor */ - - UNIHDR hdr_profile; - UNIHDR hdr_reserved[3]; /* space for more strings */ - uint32 dw_reserved[4]; /* space for more data - first two seem to - be an NTTIME */ - - UNISTR2 uni_acct_name; - UNISTR2 uni_full_name; - UNISTR2 uni_home_dir; - UNISTR2 uni_dir_drive; - UNISTR2 uni_logon_script; - UNISTR2 uni_acct_desc; - UNISTR2 uni_workstations; - - uint32 unknown1; /* 0x4EC */ - uint32 unknown2; /* 0 */ - - RPC_DATA_BLOB buf_logon_hrs; - UNISTR2 uni_comment; - UNISTR2 uni_parameters; - SAM_PWD pass; - RPC_DATA_BLOB buf_sec_desc; - UNISTR2 uni_profile; -} SAM_ACCOUNT_INFO; - -/* SAM_GROUP_MEM_INFO (0x8) */ -typedef struct sam_group_mem_info_info { - uint32 ptr_rids; - uint32 ptr_attribs; - uint32 num_members; - uint8 unknown[16]; - - uint32 num_members2; - uint32 *rids; - - uint32 num_members3; - uint32 *attribs; - -} SAM_GROUP_MEM_INFO; - -/* SAM_ALIAS_INFO (0x9) */ -typedef struct sam_alias_info_info { - UNIHDR hdr_als_name; - uint32 als_rid; - BUFHDR2 hdr_sec_desc; /* security descriptor */ - UNIHDR hdr_als_desc; - uint8 reserved[40]; - - UNISTR2 uni_als_name; - RPC_DATA_BLOB buf_sec_desc; - UNISTR2 uni_als_desc; -} SAM_ALIAS_INFO; - -/* SAM_ALIAS_MEM_INFO (0xC) */ -typedef struct sam_alias_mem_info_info { - uint32 num_members; - uint32 ptr_members; - uint8 unknown[16]; - - uint32 num_sids; - uint32 *ptr_sids; - DOM_SID2 *sids; -} SAM_ALIAS_MEM_INFO; - - -/* SAM_DELTA_POLICY (0x0D) */ -typedef struct { - uint32 max_log_size; /* 0x5000 */ - uint64 audit_retention_period; /* 0 */ - uint32 auditing_mode; /* 0 */ - uint32 num_events; - uint32 ptr_events; - UNIHDR hdr_dom_name; - uint32 sid_ptr; - - uint32 paged_pool_limit; /* 0x02000000 */ - uint32 non_paged_pool_limit; /* 0x00100000 */ - uint32 min_workset_size; /* 0x00010000 */ - uint32 max_workset_size; /* 0x0f000000 */ - uint32 page_file_limit; /* 0 */ - uint64 time_limit; /* 0 */ - NTTIME modify_time; /* 0x3c*/ - NTTIME create_time; /* a7080110 */ - BUFHDR2 hdr_sec_desc; - - uint32 num_event_audit_options; - uint32 event_audit_option; - - UNISTR2 domain_name; - DOM_SID2 domain_sid; - - RPC_DATA_BLOB buf_sec_desc; -} SAM_DELTA_POLICY; - -/* SAM_DELTA_TRUST_DOMS */ -typedef struct { - uint32 buf_size; - SEC_DESC *sec_desc; - DOM_SID2 sid; - UNIHDR hdr_domain; - - uint32 unknown0; - uint32 unknown1; - uint32 unknown2; - - uint32 buf_size2; - uint32 ptr; - - uint32 unknown3; - UNISTR2 domain; -} SAM_DELTA_TRUSTDOMS; - -/* SAM_DELTA_PRIVS (0x10) */ -typedef struct { - DOM_SID2 sid; - - uint32 priv_count; - uint32 priv_control; - - uint32 priv_attr_ptr; - uint32 priv_name_ptr; - - uint32 paged_pool_limit; /* 0x02000000 */ - uint32 non_paged_pool_limit; /* 0x00100000 */ - uint32 min_workset_size; /* 0x00010000 */ - uint32 max_workset_size; /* 0x0f000000 */ - uint32 page_file_limit; /* 0 */ - uint64 time_limit; /* 0 */ - uint32 system_flags; /* 1 */ - BUFHDR2 hdr_sec_desc; - - uint32 buf_size2; - - uint32 attribute_count; - uint32 *attributes; - - uint32 privlist_count; - UNIHDR *hdr_privslist; - UNISTR2 *uni_privslist; - - RPC_DATA_BLOB buf_sec_desc; -} SAM_DELTA_PRIVS; - -/* SAM_DELTA_SECRET */ -typedef struct { - uint32 buf_size; - SEC_DESC *sec_desc; - UNISTR2 secret; - - uint32 count1; - uint32 count2; - uint32 ptr; - NTTIME time1; - uint32 count3; - uint32 count4; - uint32 ptr2; - NTTIME time2; - uint32 unknow1; - - uint32 buf_size2; - uint32 ptr3; - uint32 unknow2; /* 0x0 12 times */ - - uint32 chal_len; - uint32 reserved1; /* 0 */ - uint32 chal_len2; - uint8 chal[16]; - - uint32 key_len; - uint32 reserved2; /* 0 */ - uint32 key_len2; - uint8 key[8]; - - uint32 buf_size3; - SEC_DESC *sec_desc2; -} SAM_DELTA_SECRET; - -/* SAM_DELTA_MOD_COUNT (0x16) */ -typedef struct { - uint32 seqnum; - uint32 dom_mod_count_ptr; - uint64 dom_mod_count; /* domain mod count at last sync */ -} SAM_DELTA_MOD_COUNT; - -typedef union sam_delta_ctr_info { - SAM_DOMAIN_INFO domain_info ; - SAM_GROUP_INFO group_info ; - SAM_ACCOUNT_INFO account_info; - SAM_GROUP_MEM_INFO grp_mem_info; - SAM_ALIAS_INFO alias_info ; - SAM_ALIAS_MEM_INFO als_mem_info; - SAM_DELTA_POLICY policy_info; - SAM_DELTA_PRIVS privs_info; - SAM_DELTA_MOD_COUNT mod_count; - SAM_DELTA_TRUSTDOMS trustdoms_info; - SAM_DELTA_SECRET secret_info; -} SAM_DELTA_CTR; - -/* NET_R_SAM_SYNC */ -typedef struct net_r_sam_sync_info { - DOM_CRED srv_creds; - - uint32 sync_context; - - uint32 ptr_deltas; - uint32 num_deltas; - uint32 ptr_deltas2; - uint32 num_deltas2; - - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - - NTSTATUS status; -} NET_R_SAM_SYNC; - -/* NET_Q_SAM_DELTAS */ -typedef struct net_q_sam_deltas_info { - UNISTR2 uni_srv_name; - UNISTR2 uni_cli_name; - DOM_CRED cli_creds; - DOM_CRED ret_creds; - - uint32 database_id; - uint64 dom_mod_count; /* domain mod count at last sync */ - - uint32 max_size; /* preferred maximum length */ -} NET_Q_SAM_DELTAS; - -/* NET_R_SAM_DELTAS */ -typedef struct net_r_sam_deltas_info { - DOM_CRED srv_creds; - - uint64 dom_mod_count; /* new domain mod count */ - - uint32 ptr_deltas; - uint32 num_deltas; - uint32 num_deltas2; - - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - - NTSTATUS status; -} NET_R_SAM_DELTAS; - #define DSGETDC_VALID_FLAGS ( \ DS_FORCE_REDISCOVERY | \ DS_DIRECTORY_SERVICE_REQUIRED | \ diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 4d998acad8..c3872b68de 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -62,7 +62,7 @@ static WERROR libnet_conf_reg_initialize(struct libnet_conf_ctx *ctx) { WERROR werr = WERR_OK; - if (!registry_init_regdb()) { + if (!registry_init_smbconf()) { werr = WERR_REG_IO_FAILURE; goto done; } diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c index 7efcae2c56..ef9eeaf7c2 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.c +++ b/source3/librpc/gen_ndr/cli_netlogon.c @@ -363,12 +363,12 @@ NTSTATUS rpccli_netr_DatabaseDeltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server, const char *computername, - struct netr_Authenticator credential, + struct netr_Authenticator *credential, struct netr_Authenticator *return_authenticator, enum netr_SamDatabaseID database_id, uint64_t *sequence_num, - uint32_t preferredmaximumlength, - struct netr_DELTA_ENUM_ARRAY *delta_enum_array) + struct netr_DELTA_ENUM_ARRAY **delta_enum_array, + uint32_t preferredmaximumlength) { struct netr_DatabaseDeltas r; NTSTATUS status; @@ -847,13 +847,13 @@ NTSTATUS rpccli_netr_DatabaseSync2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server, const char *computername, - struct netr_Authenticator credential, + struct netr_Authenticator *credential, struct netr_Authenticator *return_authenticator, enum netr_SamDatabaseID database_id, uint16_t restart_state, uint32_t *sync_context, - uint32_t preferredmaximumlength, - struct netr_DELTA_ENUM_ARRAY *delta_enum_array) + struct netr_DELTA_ENUM_ARRAY **delta_enum_array, + uint32_t preferredmaximumlength) { struct netr_DatabaseSync2 r; NTSTATUS status; diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h index f07c429224..35f903267d 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.h +++ b/source3/librpc/gen_ndr/cli_netlogon.h @@ -59,12 +59,12 @@ NTSTATUS rpccli_netr_DatabaseDeltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server, const char *computername, - struct netr_Authenticator credential, + struct netr_Authenticator *credential, struct netr_Authenticator *return_authenticator, enum netr_SamDatabaseID database_id, uint64_t *sequence_num, - uint32_t preferredmaximumlength, - struct netr_DELTA_ENUM_ARRAY *delta_enum_array); + struct netr_DELTA_ENUM_ARRAY **delta_enum_array, + uint32_t preferredmaximumlength); NTSTATUS rpccli_netr_DatabaseSync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server, @@ -142,13 +142,13 @@ NTSTATUS rpccli_netr_DatabaseSync2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server, const char *computername, - struct netr_Authenticator credential, + struct netr_Authenticator *credential, struct netr_Authenticator *return_authenticator, enum netr_SamDatabaseID database_id, uint16_t restart_state, uint32_t *sync_context, - uint32_t preferredmaximumlength, - struct netr_DELTA_ENUM_ARRAY *delta_enum_array); + struct netr_DELTA_ENUM_ARRAY **delta_enum_array, + uint32_t preferredmaximumlength); NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *logon_server, diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index d31e19a9cc..e5766487b3 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -9009,7 +9009,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computername, CH_UTF16))); NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computername, ndr_charset_length(r->in.computername, CH_UTF16), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); + if (r->in.credential == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); if (r->in.return_authenticator == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -9033,7 +9036,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int if (r->out.delta_enum_array == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array)); + NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.delta_enum_array)); + if (*r->out.delta_enum_array) { + NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array)); + } NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -9041,9 +9047,12 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int flags, struct netr_DatabaseDeltas *r) { + uint32_t _ptr_delta_enum_array; + TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_sequence_num_0; TALLOC_CTX *_mem_save_delta_enum_array_0; + TALLOC_CTX *_mem_save_delta_enum_array_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -9061,7 +9070,13 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int } NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->in.credential); + } + _mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); } @@ -9105,7 +9120,18 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int } _mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delta_enum_array)); + if (_ptr_delta_enum_array) { + NDR_PULL_ALLOC(ndr, *r->out.delta_enum_array); + } else { + *r->out.delta_enum_array = NULL; + } + if (*r->out.delta_enum_array) { + _mem_save_delta_enum_array_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, *r->out.delta_enum_array, 0); + NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_1, 0); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } @@ -9124,7 +9150,10 @@ _PUBLIC_ void ndr_print_netr_DatabaseDeltas(struct ndr_print *ndr, const char *n ndr->depth++; ndr_print_string(ndr, "logon_server", r->in.logon_server); ndr_print_string(ndr, "computername", r->in.computername); - ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential); + ndr_print_ptr(ndr, "credential", r->in.credential); + ndr->depth++; + ndr_print_netr_Authenticator(ndr, "credential", r->in.credential); + ndr->depth--; ndr_print_ptr(ndr, "return_authenticator", r->in.return_authenticator); ndr->depth++; ndr_print_netr_Authenticator(ndr, "return_authenticator", r->in.return_authenticator); @@ -9150,7 +9179,12 @@ _PUBLIC_ void ndr_print_netr_DatabaseDeltas(struct ndr_print *ndr, const char *n ndr->depth--; ndr_print_ptr(ndr, "delta_enum_array", r->out.delta_enum_array); ndr->depth++; - ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array); + ndr_print_ptr(ndr, "delta_enum_array", *r->out.delta_enum_array); + ndr->depth++; + if (*r->out.delta_enum_array) { + ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", *r->out.delta_enum_array); + } + ndr->depth--; ndr->depth--; ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; @@ -10482,7 +10516,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computername, CH_UTF16))); NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computername, ndr_charset_length(r->in.computername, CH_UTF16), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); + if (r->in.credential == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); if (r->in.return_authenticator == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -10507,7 +10544,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f if (r->out.delta_enum_array == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array)); + NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.delta_enum_array)); + if (*r->out.delta_enum_array) { + NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array)); + } NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -10515,9 +10555,12 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync2 *r) { + uint32_t _ptr_delta_enum_array; + TALLOC_CTX *_mem_save_credential_0; TALLOC_CTX *_mem_save_return_authenticator_0; TALLOC_CTX *_mem_save_sync_context_0; TALLOC_CTX *_mem_save_delta_enum_array_0; + TALLOC_CTX *_mem_save_delta_enum_array_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -10535,7 +10578,13 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f } NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t))); NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->in.credential); + } + _mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.return_authenticator); } @@ -10580,7 +10629,18 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f } _mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delta_enum_array)); + if (_ptr_delta_enum_array) { + NDR_PULL_ALLOC(ndr, *r->out.delta_enum_array); + } else { + *r->out.delta_enum_array = NULL; + } + if (*r->out.delta_enum_array) { + _mem_save_delta_enum_array_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, *r->out.delta_enum_array, 0); + NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_1, 0); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } @@ -10599,7 +10659,10 @@ _PUBLIC_ void ndr_print_netr_DatabaseSync2(struct ndr_print *ndr, const char *na ndr->depth++; ndr_print_string(ndr, "logon_server", r->in.logon_server); ndr_print_string(ndr, "computername", r->in.computername); - ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential); + ndr_print_ptr(ndr, "credential", r->in.credential); + ndr->depth++; + ndr_print_netr_Authenticator(ndr, "credential", r->in.credential); + ndr->depth--; ndr_print_ptr(ndr, "return_authenticator", r->in.return_authenticator); ndr->depth++; ndr_print_netr_Authenticator(ndr, "return_authenticator", r->in.return_authenticator); @@ -10626,7 +10689,12 @@ _PUBLIC_ void ndr_print_netr_DatabaseSync2(struct ndr_print *ndr, const char *na ndr->depth--; ndr_print_ptr(ndr, "delta_enum_array", r->out.delta_enum_array); ndr->depth++; - ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array); + ndr_print_ptr(ndr, "delta_enum_array", *r->out.delta_enum_array); + ndr->depth++; + if (*r->out.delta_enum_array) { + ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", *r->out.delta_enum_array); + } + ndr->depth--; ndr->depth--; ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index 97089d45f7..c18527da00 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -936,7 +936,7 @@ struct netr_DatabaseDeltas { struct { const char *logon_server;/* [charset(UTF16)] */ const char *computername;/* [charset(UTF16)] */ - struct netr_Authenticator credential; + struct netr_Authenticator *credential;/* [ref] */ enum netr_SamDatabaseID database_id; uint32_t preferredmaximumlength; struct netr_Authenticator *return_authenticator;/* [ref] */ @@ -944,7 +944,7 @@ struct netr_DatabaseDeltas { } in; struct { - struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [ref] */ + struct netr_DELTA_ENUM_ARRAY **delta_enum_array;/* [ref] */ struct netr_Authenticator *return_authenticator;/* [ref] */ uint64_t *sequence_num;/* [ref] */ NTSTATUS result; @@ -1105,7 +1105,7 @@ struct netr_DatabaseSync2 { struct { const char *logon_server;/* [charset(UTF16)] */ const char *computername;/* [charset(UTF16)] */ - struct netr_Authenticator credential; + struct netr_Authenticator *credential;/* [ref] */ enum netr_SamDatabaseID database_id; uint16_t restart_state; uint32_t preferredmaximumlength; @@ -1114,7 +1114,7 @@ struct netr_DatabaseSync2 { } in; struct { - struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [ref] */ + struct netr_DELTA_ENUM_ARRAY **delta_enum_array;/* [ref] */ struct netr_Authenticator *return_authenticator;/* [ref] */ uint32_t *sync_context;/* [ref] */ NTSTATUS result; diff --git a/source3/librpc/gen_ndr/srv_netlogon.c b/source3/librpc/gen_ndr/srv_netlogon.c index 808493463a..98ba48aa17 100644 --- a/source3/librpc/gen_ndr/srv_netlogon.c +++ b/source3/librpc/gen_ndr/srv_netlogon.c @@ -599,7 +599,7 @@ static bool api_netr_DatabaseDeltas(pipes_struct *p) ZERO_STRUCT(r->out); r->out.return_authenticator = r->in.return_authenticator; r->out.sequence_num = r->in.sequence_num; - r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY); + r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY *); if (r->out.delta_enum_array == NULL) { talloc_free(r); return false; @@ -1358,7 +1358,7 @@ static bool api_netr_DatabaseSync2(pipes_struct *p) ZERO_STRUCT(r->out); r->out.return_authenticator = r->in.return_authenticator; r->out.sync_context = r->in.sync_context; - r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY); + r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY *); if (r->out.delta_enum_array == NULL) { talloc_free(r); return false; diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl index 7f977a454b..60bf075ddf 100644 --- a/source3/librpc/idl/netlogon.idl +++ b/source3/librpc/idl/netlogon.idl @@ -680,12 +680,12 @@ interface netlogon NTSTATUS netr_DatabaseDeltas( [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], - [in] netr_Authenticator credential, + [in,ref] netr_Authenticator *credential, [in,out,ref] netr_Authenticator *return_authenticator, [in] netr_SamDatabaseID database_id, [in,out,ref] udlong *sequence_num, - [in] uint32 preferredmaximumlength, - [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array + [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array, + [in] uint32 preferredmaximumlength ); @@ -865,13 +865,13 @@ interface netlogon NTSTATUS netr_DatabaseSync2( [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], - [in] netr_Authenticator credential, + [in] netr_Authenticator *credential, [in,out,ref] netr_Authenticator *return_authenticator, [in] netr_SamDatabaseID database_id, [in] uint16 restart_state, [in,out,ref] uint32 *sync_context, - [in] uint32 preferredmaximumlength, - [out,ref] netr_DELTA_ENUM_ARRAY *delta_enum_array + [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array, + [in] uint32 preferredmaximumlength ); diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 1256a6210e..f03bf22df1 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -329,6 +329,25 @@ bool creds_client_check(const struct dcinfo *dc, const DOM_CHAL *rcv_srv_chal_in return True; } +bool netlogon_creds_client_check(const struct dcinfo *dc, + const struct netr_Credential *rcv_srv_chal_in) +{ + if (memcmp(dc->srv_chal.data, rcv_srv_chal_in->data, + sizeof(dc->srv_chal.data))) { + + DEBUG(0,("netlogon_creds_client_check: credentials check failed.\n")); + DEBUGADD(5,("netlogon_creds_client_check: challenge : %s\n", + credstr(rcv_srv_chal_in->data))); + DEBUGADD(5,("calculated: %s\n", credstr(dc->srv_chal.data))); + return false; + } + + DEBUG(10,("netlogon_creds_client_check: credentials check OK.\n")); + + return true; +} + + /**************************************************************************** Step the client credentials to the next element in the chain, updating the current client and server credentials and the seed @@ -345,3 +364,15 @@ void creds_client_step(struct dcinfo *dc, DOM_CRED *next_cred_out) next_cred_out->challenge = dc->clnt_chal; next_cred_out->timestamp.time = dc->sequence; } + +void netlogon_creds_client_step(struct dcinfo *dc, + struct netr_Authenticator *next_cred_out) +{ + dc->sequence += 2; + creds_step(dc); + creds_reseed(dc); + + memcpy(&next_cred_out->cred.data, &dc->clnt_chal.data, + sizeof(next_cred_out->cred.data)); + next_cred_out->timestamp = dc->sequence; +} diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index d614474cb7..9b8a913a57 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -34,30 +34,16 @@ wbcErr wbcAuthenticateUser(const char *username, const char *password) { - wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - struct winbindd_request request; - struct winbindd_response response; - - if (!username) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - - /* Initialize request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcAuthUserParams params; - /* dst is already null terminated from the memset above */ + ZERO_STRUCT(params); - strncpy(request.data.auth.user, username, - sizeof(request.data.auth.user)-1); - strncpy(request.data.auth.pass, password, - sizeof(request.data.auth.user)-1); + params.account_name = username; + params.level = WBC_AUTH_USER_LEVEL_PLAIN; + params.password.plaintext = password; - wbc_status = wbcRequestResponse(WINBINDD_PAM_AUTH, - &request, - &response); + wbc_status = wbcAuthenticateUserEx(¶ms, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -252,8 +238,8 @@ done: /** @brief Authenticate with more detailed information * - * @param params Input parameters, only WBC_AUTH_USER_LEVEL_RESPONSE - * is supported yet + * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH + * is not supported yet * @param info Output details on WBC_ERR_SUCCESS * @param error Output details on WBC_ERR_AUTH_ERROR * @@ -265,11 +251,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthErrorInfo **error) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - int cmd; + int cmd = 0; struct winbindd_request request; struct winbindd_response response; - ZERO_STRUCT(request); ZERO_STRUCT(response); @@ -282,12 +267,49 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, BAIL_ON_WBC_ERROR(wbc_status); } + if (!params->account_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + /* Initialize request */ switch (params->level) { case WBC_AUTH_USER_LEVEL_PLAIN: - wbc_status = WBC_ERR_NOT_IMPLEMENTED; - BAIL_ON_WBC_ERROR(wbc_status); + cmd = WINBINDD_PAM_AUTH; + request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (!params->password.plaintext) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->domain_name && params->domain_name[0]) { + /* We need to get the winbind separator :-( */ + struct winbindd_response sep_response; + + ZERO_STRUCT(sep_response); + + wbc_status = wbcRequestResponse(WINBINDD_INFO, + NULL, &sep_response); + BAIL_ON_WBC_ERROR(wbc_status); + + snprintf(request.data.auth.user, + sizeof(request.data.auth.user)-1, + "%s%c%s", + params->domain_name, + sep_response.data.info.winbind_separator, + params->account_name); + } else { + strncpy(request.data.auth.user, + params->account_name, + sizeof(request.data.auth.user)-1); + } + strncpy(request.data.auth.pass, + params->password.plaintext, + sizeof(request.data.auth.user)-1); break; case WBC_AUTH_USER_LEVEL_HASH: @@ -301,12 +323,36 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_LMKEY; + if (params->password.response.lm_length && + params->password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if (params->password.response.lm_length == 0 && + params->password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->password.response.nt_length && + !params->password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if (params->password.response.nt_length == 0&& + params->password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + strncpy(request.data.auth_crap.user, params->account_name, sizeof(request.data.auth_crap.user)-1); - strncpy(request.data.auth_crap.domain, - params->domain_name, - sizeof(request.data.auth_crap.domain)-1); + if (params->domain_name) { + strncpy(request.data.auth_crap.domain, + params->domain_name, + sizeof(request.data.auth_crap.domain)-1); + } if (params->workstation_name) { strncpy(request.data.auth_crap.workstation, params->workstation_name, @@ -326,19 +372,27 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.data.auth_crap.nt_resp_len = MIN(params->password.response.nt_length, sizeof(request.data.auth_crap.nt_resp)); - memcpy(request.data.auth_crap.lm_resp, - params->password.response.lm_data, - request.data.auth_crap.lm_resp_len); - memcpy(request.data.auth_crap.nt_resp, - params->password.response.nt_data, - request.data.auth_crap.nt_resp_len); - + if (params->password.response.lm_data) { + memcpy(request.data.auth_crap.lm_resp, + params->password.response.lm_data, + request.data.auth_crap.lm_resp_len); + } + if (params->password.response.nt_data) { + memcpy(request.data.auth_crap.nt_resp, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } break; default: wbc_status = WBC_ERR_INVALID_PARAM; BAIL_ON_WBC_ERROR(wbc_status); } + if (cmd == 0) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + wbc_status = wbcRequestResponse(cmd, &request, &response); diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 689dc5e9e1..ee51cce835 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -906,6 +906,7 @@ static bool wbinfo_auth_crap(char *username) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcAuthUserParams params; + struct wbcAuthUserInfo *info = NULL; struct wbcAuthErrorInfo *err = NULL; DATA_BLOB lm = data_blob_null; DATA_BLOB nt = data_blob_null; @@ -974,7 +975,7 @@ static bool wbinfo_auth_crap(char *username) params.password.response.lm_length = lm.length; params.password.response.lm_data = lm.data; - wbc_status = wbcAuthenticateUserEx(¶ms, NULL, &err); + wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err); /* Display response */ @@ -987,6 +988,8 @@ static bool wbinfo_auth_crap(char *username) err->nt_status, err->display_string); wbcFreeMemory(err); + } else if (WBC_ERROR_IS_OK(wbc_status)) { + wbcFreeMemory(info); } data_blob_free(&nt); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 3737224275..29de336df5 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -3561,7 +3561,7 @@ static bool process_registry_globals(bool (*pfunc)(const char *, const char *)) smb_panic("Failed to create talloc context!"); } - if (!registry_init_regdb()) { + if (!registry_init_smbconf()) { DEBUG(1, ("Error initializing the registry.\n")); goto done; } diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index 9c4009368d..aba5735a0c 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -43,8 +43,8 @@ * 0x10 winreg_QueryInfoKey reg_queryinfokey * 0x11 winreg_QueryValue reg_queryvalue * 0x12 winreg_ReplaceKey - * 0x13 winreg_RestoreKey - * 0x14 winreg_SaveKey + * 0x13 winreg_RestoreKey reg_restorekey + * 0x14 winreg_SaveKey reg_savekey * 0x15 winreg_SetKeySecurity reg_setkeysecurity * 0x16 winreg_SetValue reg_setvalue * 0x17 winreg_UnLoadKey @@ -63,6 +63,7 @@ */ #include "includes.h" +#include "regfio.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_REGISTRY @@ -696,6 +697,328 @@ WERROR reg_getversion(uint32_t *version) return WERR_OK; } +/******************************************************************* + Note: topkeypat is the *full* path that this *key will be + loaded into (including the name of the key) + ********************************************************************/ + +static WERROR reg_load_tree(REGF_FILE *regfile, const char *topkeypath, + REGF_NK_REC *key) +{ + REGF_NK_REC *subkey; + REGISTRY_KEY registry_key; + REGVAL_CTR *values; + REGSUBKEY_CTR *subkeys; + int i; + char *path = NULL; + WERROR result = WERR_OK; + + /* initialize the REGISTRY_KEY structure */ + + registry_key.hook = reghook_cache_find(topkeypath); + if (!registry_key.hook) { + DEBUG(0, ("reg_load_tree: Failed to assigned a REGISTRY_HOOK " + "to [%s]\n", topkeypath)); + return WERR_BADFILE; + } + + registry_key.name = talloc_strdup(regfile->mem_ctx, topkeypath); + if (!registry_key.name) { + DEBUG(0, ("reg_load_tree: Talloc failed for reg_key.name!\n")); + return WERR_NOMEM; + } + + /* now start parsing the values and subkeys */ + + subkeys = TALLOC_ZERO_P(regfile->mem_ctx, REGSUBKEY_CTR); + if (subkeys == NULL) { + return WERR_NOMEM; + } + + values = TALLOC_ZERO_P(subkeys, REGVAL_CTR); + if (values == NULL) { + return WERR_NOMEM; + } + + /* copy values into the REGVAL_CTR */ + + for (i=0; i<key->num_values; i++) { + regval_ctr_addvalue(values, key->values[i].valuename, + key->values[i].type, + (char*)key->values[i].data, + (key->values[i].data_size & ~VK_DATA_IN_OFFSET)); + } + + /* copy subkeys into the REGSUBKEY_CTR */ + + key->subkey_index = 0; + while ((subkey = regfio_fetch_subkey( regfile, key ))) { + regsubkey_ctr_addkey(subkeys, subkey->keyname); + } + + /* write this key and values out */ + + if (!store_reg_values(®istry_key, values) + || !store_reg_keys(®istry_key, subkeys)) + { + DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath)); + result = WERR_REG_IO_FAILURE; + } + + TALLOC_FREE(subkeys); + + if (!W_ERROR_IS_OK(result)) { + return result; + } + + /* now continue to load each subkey registry tree */ + + key->subkey_index = 0; + while ((subkey = regfio_fetch_subkey(regfile, key))) { + path = talloc_asprintf(regfile->mem_ctx, + "%s\\%s", + topkeypath, + subkey->keyname); + if (path == NULL) { + return WERR_NOMEM; + } + result = reg_load_tree(regfile, path, subkey); + if (!W_ERROR_IS_OK(result)) { + break; + } + } + + return result; +} + +/******************************************************************* + ********************************************************************/ + +static WERROR restore_registry_key(REGISTRY_KEY *krecord, const char *fname) +{ + REGF_FILE *regfile; + REGF_NK_REC *rootkey; + WERROR result; + + /* open the registry file....fail if the file already exists */ + + regfile = regfio_open(fname, (O_RDONLY), 0); + if (regfile == NULL) { + DEBUG(0, ("restore_registry_key: failed to open \"%s\" (%s)\n", + fname, strerror(errno))); + return ntstatus_to_werror(map_nt_error_from_unix(errno)); + } + + /* get the rootkey from the regf file and then load the tree + via recursive calls */ + + if (!(rootkey = regfio_rootkey(regfile))) { + regfio_close(regfile); + return WERR_REG_FILE_INVALID; + } + + result = reg_load_tree(regfile, krecord->name, rootkey); + + /* cleanup */ + + regfio_close(regfile); + + return result; +} + +WERROR reg_restorekey(struct registry_key *key, const char *fname) +{ + return restore_registry_key(key->key, fname); +} + +/******************************************************************** +********************************************************************/ + +static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, + REGF_NK_REC *parent, SEC_DESC *sec_desc) +{ + REGF_NK_REC *key; + REGVAL_CTR *values; + REGSUBKEY_CTR *subkeys; + int i, num_subkeys; + char *key_tmp = NULL; + char *keyname, *parentpath; + char *subkeypath = NULL; + char *subkeyname; + REGISTRY_KEY registry_key; + WERROR result = WERR_OK; + + if (!regfile) { + return WERR_GENERAL_FAILURE; + } + + if (!keypath) { + return WERR_OBJECT_PATH_INVALID; + } + + /* split up the registry key path */ + + key_tmp = talloc_strdup(regfile->mem_ctx, keypath); + if (!key_tmp) { + return WERR_NOMEM; + } + if (!reg_split_key(key_tmp, &parentpath, &keyname)) { + return WERR_OBJECT_PATH_INVALID; + } + + if (!keyname) { + keyname = parentpath; + } + + /* we need a REGISTRY_KEY object here to enumerate subkeys and values */ + + ZERO_STRUCT(registry_key); + + registry_key.name = talloc_strdup(regfile->mem_ctx, keypath); + if (registry_key.name == NULL) { + return WERR_NOMEM; + } + + registry_key.hook = reghook_cache_find(registry_key.name); + if (registry_key.hook == NULL) { + return WERR_BADFILE; + } + + /* lookup the values and subkeys */ + + subkeys = TALLOC_ZERO_P(regfile->mem_ctx, REGSUBKEY_CTR); + if (subkeys == NULL) { + return WERR_NOMEM; + } + + values = TALLOC_ZERO_P(subkeys, REGVAL_CTR); + if (values == NULL) { + return WERR_NOMEM; + } + + fetch_reg_keys(®istry_key, subkeys); + fetch_reg_values(®istry_key, values); + + /* write out this key */ + + key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc, + parent); + if (key == NULL) { + result = WERR_CAN_NOT_COMPLETE; + goto done; + } + + /* write each one of the subkeys out */ + + num_subkeys = regsubkey_ctr_numkeys(subkeys); + for (i=0; i<num_subkeys; i++) { + subkeyname = regsubkey_ctr_specific_key(subkeys, i); + subkeypath = talloc_asprintf(regfile->mem_ctx, "%s\\%s", + keypath, subkeyname); + if (subkeypath == NULL) { + result = WERR_NOMEM; + goto done; + } + result = reg_write_tree(regfile, subkeypath, key, sec_desc); + if (!W_ERROR_IS_OK(result)) + goto done; + } + + DEBUG(6, ("reg_write_tree: wrote key [%s]\n", keypath)); + +done: + TALLOC_FREE(subkeys); + TALLOC_FREE(registry_key.name); + + return result; +} + +static const struct generic_mapping reg_generic_map = + { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL }; + +static WERROR make_default_reg_sd(TALLOC_CTX *ctx, SEC_DESC **psd) +{ + DOM_SID adm_sid, owner_sid; + SEC_ACE ace[2]; /* at most 2 entries */ + SEC_ACCESS mask; + SEC_ACL *psa = NULL; + size_t sd_size; + + /* set the owner to BUILTIN\Administrator */ + + sid_copy(&owner_sid, &global_sid_Builtin); + sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN ); + + + /* basic access for Everyone */ + + init_sec_access(&mask, reg_generic_map.generic_execute + | reg_generic_map.generic_read); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + mask, 0); + + /* add Full Access 'BUILTIN\Administrators' */ + + init_sec_access(&mask, reg_generic_map.generic_all); + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /* create the security descriptor */ + + psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace); + if (psa == NULL) { + return WERR_NOMEM; + } + + *psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, + NULL, psa, &sd_size); + if (*psd == NULL) { + return WERR_NOMEM; + } + + return WERR_OK; +} + +static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname) +{ + REGF_FILE *regfile; + WERROR result; + SEC_DESC *sd = NULL; + + /* open the registry file....fail if the file already exists */ + + regfile = regfio_open(fname, (O_RDWR|O_CREAT|O_EXCL), + (S_IREAD|S_IWRITE)); + if (regfile == NULL) { + DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n", + fname, strerror(errno) )); + return ntstatus_to_werror(map_nt_error_from_unix(errno)); + } + + result = make_default_reg_sd(regfile->mem_ctx, &sd); + if (!W_ERROR_IS_OK(result)) { + regfio_close(regfile); + return result; + } + + /* write the registry tree to the file */ + + result = reg_write_tree(regfile, krecord->name, NULL, sd); + + /* cleanup */ + + regfio_close(regfile); + + return result; +} + +WERROR reg_savekey(struct registry_key *key, const char *fname) +{ + return backup_registry_key(key->key, fname); +} + /********************************************************************** * Higher level utility functions **********************************************************************/ @@ -726,9 +1049,7 @@ WERROR reg_deleteallvalues(struct registry_key *key) } /* - * Utility function to open a complete registry path including the hive - * prefix. This should become the replacement function for - * regkey_open_internal. + * Utility function to open a complete registry path including the hive prefix. */ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, diff --git a/source3/registry/reg_init_smbconf.c b/source3/registry/reg_init_smbconf.c index 6452b0b15b..b7e6add112 100644 --- a/source3/registry/reg_init_smbconf.c +++ b/source3/registry/reg_init_smbconf.c @@ -67,13 +67,13 @@ done: * for use in places where not the whole registry is needed, * e.g. utils/net_conf.c and loadparm.c */ -bool registry_init_regdb(void) +bool registry_init_smbconf(void) { bool ret = false; int saved_errno = 0; static REGISTRY_HOOK smbconf_reg_hook = {KEY_SMBCONF, &smbconf_reg_ops}; - DEBUG(10, ("registry_init_regdb called\n")); + DEBUG(10, ("registry_init_smbconf called\n")); if (!regdb_init()) { saved_errno = errno; diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index d28df3c164..f15340ffec 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -347,111 +347,6 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, return NT_STATUS_OK; } -/* Sam synchronisation */ - -NTSTATUS rpccli_netlogon_sam_sync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32 database_id, uint32 next_rid, uint32 *num_deltas, - SAM_DELTA_HDR **hdr_deltas, - SAM_DELTA_CTR **deltas) -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_SYNC q; - NET_R_SAM_SYNC r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - DOM_CRED ret_creds; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - ZERO_STRUCT(ret_creds); - - /* Initialise input parameters */ - - creds_client_step(cli->dc, &clnt_creds); - - init_net_q_sam_sync(&q, cli->dc->remote_machine, global_myname(), - &clnt_creds, &ret_creds, database_id, next_rid); - - /* Marshall data and send request */ - - CLI_DO_RPC_COPY_SESS_KEY(cli, mem_ctx, PI_NETLOGON, NET_SAM_SYNC, - q, r, - qbuf, rbuf, - net_io_q_sam_sync, - net_io_r_sam_sync, - NT_STATUS_UNSUCCESSFUL); - - /* Return results */ - - result = r.status; - *num_deltas = r.num_deltas2; - *hdr_deltas = r.hdr_deltas; - *deltas = r.deltas; - - if (!NT_STATUS_IS_ERR(result)) { - /* Check returned credentials. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { - DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - } - - return result; -} - -/* Sam synchronisation */ - -NTSTATUS rpccli_netlogon_sam_deltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32 database_id, uint64 seqnum, - uint32 *num_deltas, - SAM_DELTA_HDR **hdr_deltas, - SAM_DELTA_CTR **deltas) -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_DELTAS q; - NET_R_SAM_DELTAS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - creds_client_step(cli->dc, &clnt_creds); - - init_net_q_sam_deltas(&q, cli->dc->remote_machine, - global_myname(), &clnt_creds, - database_id, seqnum); - - /* Marshall data and send request */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAM_DELTAS, - q, r, - qbuf, rbuf, - net_io_q_sam_deltas, - net_io_r_sam_deltas, - NT_STATUS_UNSUCCESSFUL); - - /* Return results */ - - result = r.status; - *num_deltas = r.num_deltas2; - *hdr_deltas = r.hdr_deltas; - *deltas = r.deltas; - - if (!NT_STATUS_IS_ERR(result)) { - /* Check returned credentials. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { - DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - } - - return result; -} - /* Logon domain user */ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 8105ac5470..8677924d6a 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1406,1303 +1406,3 @@ bool net_io_r_sam_logoff(const char *desc, NET_R_SAM_LOGOFF *r_l, prs_struct *ps return True; } - -/******************************************************************* -makes a NET_Q_SAM_SYNC structure. -********************************************************************/ -bool init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name, - const char *cli_name, DOM_CRED *cli_creds, - DOM_CRED *ret_creds, uint32 database_id, - uint32 next_rid) -{ - DEBUG(5, ("init_q_sam_sync\n")); - - init_unistr2(&q_s->uni_srv_name, srv_name, UNI_STR_TERMINATE); - init_unistr2(&q_s->uni_cli_name, cli_name, UNI_STR_TERMINATE); - - if (cli_creds) - memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds)); - - if (cli_creds) - memcpy(&q_s->ret_creds, ret_creds, sizeof(q_s->ret_creds)); - else - memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds)); - - q_s->database_id = database_id; - q_s->restart_state = 0; - q_s->sync_context = next_rid; - q_s->max_size = 0xffff; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -bool net_io_q_sam_sync(const char *desc, NET_Q_SAM_SYNC * q_s, prs_struct *ps, - int depth) -{ - prs_debug(ps, depth, desc, "net_io_q_sam_sync"); - depth++; - - if (!smb_io_unistr2("", &q_s->uni_srv_name, True, ps, depth)) - return False; - if (!smb_io_unistr2("", &q_s->uni_cli_name, True, ps, depth)) - return False; - - if (!smb_io_cred("", &q_s->cli_creds, ps, depth)) - return False; - if (!smb_io_cred("", &q_s->ret_creds, ps, depth)) - return False; - - if (!prs_uint32("database_id ", ps, depth, &q_s->database_id)) - return False; - if (!prs_uint32("restart_state", ps, depth, &q_s->restart_state)) - return False; - if (!prs_uint32("sync_context ", ps, depth, &q_s->sync_context)) - return False; - - if (!prs_uint32("max_size", ps, depth, &q_s->max_size)) - return False; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_delta_hdr(const char *desc, SAM_DELTA_HDR * delta, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "net_io_sam_delta_hdr"); - depth++; - - if (!prs_uint16("type", ps, depth, &delta->type)) - return False; - if (!prs_uint16("type2", ps, depth, &delta->type2)) - return False; - if (!prs_uint32("target_rid", ps, depth, &delta->target_rid)) - return False; - - if (!prs_uint32("type3", ps, depth, &delta->type3)) - return False; - - /* Not sure why we need this but it seems to be necessary to get - sam deltas working. */ - - if (delta->type != 0x16) { - if (!prs_uint32("ptr_delta", ps, depth, &delta->ptr_delta)) - return False; - } - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_delta_mod_count(const char *desc, SAM_DELTA_MOD_COUNT *info, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "net_io_sam_delta_stamp"); - depth++; - - if (!prs_uint32("seqnum", ps, depth, &info->seqnum)) - return False; - if (!prs_uint32("dom_mod_count_ptr", ps, depth, - &info->dom_mod_count_ptr)) - return False; - - if (info->dom_mod_count_ptr) { - if (!prs_uint64("dom_mod_count", ps, depth, - &info->dom_mod_count)) - return False; - } - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_domain_info(const char *desc, SAM_DOMAIN_INFO * info, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "net_io_sam_domain_info"); - depth++; - - if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_oem_info", &info->hdr_oem_info, ps, depth)) - return False; - - if (!prs_uint64("force_logoff", ps, depth, &info->force_logoff)) - return False; - if (!prs_uint16("min_pwd_len", ps, depth, &info->min_pwd_len)) - return False; - if (!prs_uint16("pwd_history_len", ps, depth, &info->pwd_history_len)) - return False; - if (!prs_uint64("max_pwd_age", ps, depth, &info->max_pwd_age)) - return False; - if (!prs_uint64("min_pwd_age", ps, depth, &info->min_pwd_age)) - return False; - if (!prs_uint64("dom_mod_count", ps, depth, &info->dom_mod_count)) - return False; - if (!smb_io_time("creation_time", &info->creation_time, ps, depth)) - return False; - if (!prs_uint32("security_information", ps, depth, &info->security_information)) - return False; - if (!smb_io_bufhdr4("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) - return False; - if (!smb_io_lockout_string_hdr("hdr_account_lockout_string", &info->hdr_account_lockout, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_unknown2", &info->hdr_unknown2, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_unknown3", &info->hdr_unknown3, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_unknown4", &info->hdr_unknown4, ps, depth)) - return False; - if (!prs_uint32("logon_chgpass", ps, depth, &info->logon_chgpass)) - return False; - if (!prs_uint32("unknown6", ps, depth, &info->unknown6)) - return False; - if (!prs_uint32("unknown7", ps, depth, &info->unknown7)) - return False; - if (!prs_uint32("unknown8", ps, depth, &info->unknown8)) - return False; - - if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name, - info->hdr_dom_name.buffer, ps, depth)) - return False; - if (!smb_io_unistr2("buf_oem_info", &info->buf_oem_info, - info->hdr_oem_info.buffer, ps, depth)) - return False; - - if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth)) - return False; - - if (!smb_io_account_lockout_str("account_lockout", &info->account_lockout, - info->hdr_account_lockout.buffer, ps, depth)) - return False; - - if (!smb_io_unistr2("buf_unknown2", &info->buf_unknown2, - info->hdr_unknown2.buffer, ps, depth)) - return False; - if (!smb_io_unistr2("buf_unknown3", &info->buf_unknown3, - info->hdr_unknown3.buffer, ps, depth)) - return False; - if (!smb_io_unistr2("buf_unknown4", &info->buf_unknown4, - info->hdr_unknown4.buffer, ps, depth)) - return False; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_group_info(const char *desc, SAM_GROUP_INFO * info, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "net_io_sam_group_info"); - depth++; - - if (!smb_io_unihdr("hdr_grp_name", &info->hdr_grp_name, ps, depth)) - return False; - if (!smb_io_gid("gid", &info->gid, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_grp_desc", &info->hdr_grp_desc, ps, depth)) - return False; - if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) - return False; - - if (ps->data_offset + 48 > ps->buffer_size) - return False; - ps->data_offset += 48; - - if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name, - info->hdr_grp_name.buffer, ps, depth)) - return False; - if (!smb_io_unistr2("uni_grp_desc", &info->uni_grp_desc, - info->hdr_grp_desc.buffer, ps, depth)) - return False; - if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth)) - return False; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_passwd_info(const char *desc, SAM_PWD * pwd, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "net_io_sam_passwd_info"); - depth++; - - if (!prs_uint32("unk_0 ", ps, depth, &pwd->unk_0)) - return False; - - if (!smb_io_unihdr("hdr_lm_pwd", &pwd->hdr_lm_pwd, ps, depth)) - return False; - if (!prs_uint8s(False, "buf_lm_pwd", ps, depth, pwd->buf_lm_pwd, 16)) - return False; - - if (!smb_io_unihdr("hdr_nt_pwd", &pwd->hdr_nt_pwd, ps, depth)) - return False; - if (!prs_uint8s(False, "buf_nt_pwd", ps, depth, pwd->buf_nt_pwd, 16)) - return False; - - if (!smb_io_unihdr("", &pwd->hdr_empty_lm, ps, depth)) - return False; - if (!smb_io_unihdr("", &pwd->hdr_empty_nt, ps, depth)) - return False; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_account_info(const char *desc, SAM_ACCOUNT_INFO *info, - prs_struct *ps, int depth) -{ - BUFHDR2 hdr_priv_data; - uint32 i; - - prs_debug(ps, depth, desc, "net_io_sam_account_info"); - depth++; - - if (!smb_io_unihdr("hdr_acct_name", &info->hdr_acct_name, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth)) - return False; - - if (!prs_uint32("user_rid ", ps, depth, &info->user_rid)) - return False; - if (!prs_uint32("group_rid", ps, depth, &info->group_rid)) - return False; - - if (!smb_io_unihdr("hdr_home_dir ", &info->hdr_home_dir, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script, ps, - depth)) - return False; - - if (!smb_io_unihdr("hdr_acct_desc", &info->hdr_acct_desc, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_workstations", &info->hdr_workstations, ps, - depth)) - return False; - - if (!smb_io_time("logon_time", &info->logon_time, ps, depth)) - return False; - if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth)) - return False; - - if (!prs_uint32("logon_divs ", ps, depth, &info->logon_divs)) - return False; - if (!prs_uint32("ptr_logon_hrs", ps, depth, &info->ptr_logon_hrs)) - return False; - - if (!prs_uint16("bad_pwd_count", ps, depth, &info->bad_pwd_count)) - return False; - if (!prs_uint16("logon_count", ps, depth, &info->logon_count)) - return False; - if (!smb_io_time("pwd_last_set_time", &info->pwd_last_set_time, ps, - depth)) - return False; - if (!smb_io_time("acct_expiry_time", &info->acct_expiry_time, ps, - depth)) - return False; - - if (!prs_uint32("acb_info", ps, depth, &info->acb_info)) - return False; - if (!prs_uint8s(False, "nt_pwd", ps, depth, info->nt_pwd, 16)) - return False; - if (!prs_uint8s(False, "lm_pwd", ps, depth, info->lm_pwd, 16)) - return False; - if (!prs_uint8("lm_pwd_present", ps, depth, &info->lm_pwd_present)) - return False; - if (!prs_uint8("nt_pwd_present", ps, depth, &info->nt_pwd_present)) - return False; - if (!prs_uint8("pwd_expired", ps, depth, &info->pwd_expired)) - return False; - - if (!smb_io_unihdr("hdr_comment", &info->hdr_comment, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_parameters", &info->hdr_parameters, ps, - depth)) - return False; - if (!prs_uint16("country", ps, depth, &info->country)) - return False; - if (!prs_uint16("codepage", ps, depth, &info->codepage)) - return False; - - if (!smb_io_bufhdr2("hdr_priv_data", &hdr_priv_data, ps, depth)) - return False; - if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_profile", &info->hdr_profile, ps, depth)) - return False; - - for (i = 0; i < 3; i++) - { - if (!smb_io_unihdr("hdr_reserved", &info->hdr_reserved[i], - ps, depth)) - return False; - } - - for (i = 0; i < 4; i++) - { - if (!prs_uint32("dw_reserved", ps, depth, - &info->dw_reserved[i])) - return False; - } - - if (!smb_io_unistr2("uni_acct_name", &info->uni_acct_name, - info->hdr_acct_name.buffer, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_full_name", &info->uni_full_name, - info->hdr_full_name.buffer, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_home_dir ", &info->uni_home_dir, - info->hdr_home_dir.buffer, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive, - info->hdr_dir_drive.buffer, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_logon_script", &info->uni_logon_script, - info->hdr_logon_script.buffer, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_acct_desc", &info->uni_acct_desc, - info->hdr_acct_desc.buffer, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_workstations", &info->uni_workstations, - info->hdr_workstations.buffer, ps, depth)) - return False; - prs_align(ps); - - if (!prs_uint32("unknown1", ps, depth, &info->unknown1)) - return False; - if (!prs_uint32("unknown2", ps, depth, &info->unknown2)) - return False; - - if (!smb_io_rpc_blob("buf_logon_hrs", &info->buf_logon_hrs, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_comment", &info->uni_comment, - info->hdr_comment.buffer, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_parameters", &info->uni_parameters, - info->hdr_parameters.buffer, ps, depth)) - return False; - prs_align(ps); - if (hdr_priv_data.buffer != 0) - { - int old_offset = 0; - uint32 len = 0x44; - if (!prs_uint32("pwd_len", ps, depth, &len)) - return False; - old_offset = ps->data_offset; - if (len > 0) - { - if (ps->io) - { - /* reading */ - if (!prs_hash1(ps, ps->data_offset, len)) - return False; - } - if (!net_io_sam_passwd_info("pass", &info->pass, - ps, depth)) - return False; - - if (!ps->io) - { - /* writing */ - if (!prs_hash1(ps, old_offset, len)) - return False; - } - } - if (old_offset + len > ps->buffer_size) - return False; - ps->data_offset = old_offset + len; - } - if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth)) - return False; - prs_align(ps); - if (!smb_io_unistr2("uni_profile", &info->uni_profile, - info->hdr_profile.buffer, ps, depth)) - return False; - - prs_align(ps); - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * info, - prs_struct *ps, int depth) -{ - uint32 i; - fstring tmp; - - prs_debug(ps, depth, desc, "net_io_sam_group_mem_info"); - depth++; - - prs_align(ps); - if (!prs_uint32("ptr_rids ", ps, depth, &info->ptr_rids)) - return False; - if (!prs_uint32("ptr_attribs", ps, depth, &info->ptr_attribs)) - return False; - if (!prs_uint32("num_members", ps, depth, &info->num_members)) - return False; - - if (ps->data_offset + 16 > ps->buffer_size) - return False; - ps->data_offset += 16; - - if (info->ptr_rids != 0) - { - if (!prs_uint32("num_members2", ps, depth, - &info->num_members2)) - return False; - - if (info->num_members2 != info->num_members) - { - /* RPC fault */ - return False; - } - - if (UNMARSHALLING(ps)) { - if (info->num_members2) { - info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2); - - if (info->rids == NULL) { - DEBUG(0, ("out of memory allocating %d rids\n", - info->num_members2)); - return False; - } - } else { - info->rids = NULL; - } - } - - for (i = 0; i < info->num_members2; i++) - { - slprintf(tmp, sizeof(tmp) - 1, "rids[%02d]", i); - if (!prs_uint32(tmp, ps, depth, &info->rids[i])) - return False; - } - } - - if (info->ptr_attribs != 0) - { - if (!prs_uint32("num_members3", ps, depth, - &info->num_members3)) - return False; - if (info->num_members3 != info->num_members) - { - /* RPC fault */ - return False; - } - - if (UNMARSHALLING(ps)) { - if (info->num_members3) { - info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3); - - if (info->attribs == NULL) { - DEBUG(0, ("out of memory allocating %d attribs\n", - info->num_members3)); - return False; - } - } else { - info->attribs = NULL; - } - } - - for (i = 0; i < info->num_members3; i++) - { - slprintf(tmp, sizeof(tmp) - 1, "attribs[%02d]", i); - if (!prs_uint32(tmp, ps, depth, &info->attribs[i])) - return False; - } - } - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_alias_info(const char *desc, SAM_ALIAS_INFO * info, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "net_io_sam_alias_info"); - depth++; - - if (!smb_io_unihdr("hdr_als_name", &info->hdr_als_name, ps, depth)) - return False; - if (!prs_uint32("als_rid", ps, depth, &info->als_rid)) - return False; - if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) - return False; - if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth)) - return False; - - if (ps->data_offset + 40 > ps->buffer_size) - return False; - ps->data_offset += 40; - - if (!smb_io_unistr2("uni_als_name", &info->uni_als_name, - info->hdr_als_name.buffer, ps, depth)) - return False; - if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth)) - return False; - - if (!smb_io_unistr2("uni_als_desc", &info->uni_als_desc, - info->hdr_als_desc.buffer, ps, depth)) - return False; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * info, - prs_struct *ps, int depth) -{ - uint32 i; - fstring tmp; - - prs_debug(ps, depth, desc, "net_io_sam_alias_mem_info"); - depth++; - - prs_align(ps); - if (!prs_uint32("num_members", ps, depth, &info->num_members)) - return False; - if (!prs_uint32("ptr_members", ps, depth, &info->ptr_members)) - return False; - - if (ps->data_offset + 16 > ps->buffer_size) - return False; - ps->data_offset += 16; - - if (info->ptr_members != 0) - { - if (!prs_uint32("num_sids", ps, depth, &info->num_sids)) - return False; - if (info->num_sids != info->num_members) - { - /* RPC fault */ - return False; - } - - if (UNMARSHALLING(ps)) { - if (info->num_sids) { - info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids); - - if (info->ptr_sids == NULL) { - DEBUG(0, ("out of memory allocating %d ptr_sids\n", - info->num_sids)); - return False; - } - } else { - info->ptr_sids = NULL; - } - } - - for (i = 0; i < info->num_sids; i++) - { - slprintf(tmp, sizeof(tmp) - 1, "ptr_sids[%02d]", i); - if (!prs_uint32(tmp, ps, depth, &info->ptr_sids[i])) - return False; - } - - if (UNMARSHALLING(ps)) { - if (info->num_sids) { - info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids); - - if (info->sids == NULL) { - DEBUG(0, ("error allocating %d sids\n", - info->num_sids)); - return False; - } - } else { - info->sids = NULL; - } - } - - for (i = 0; i < info->num_sids; i++) - { - if (info->ptr_sids[i] != 0) - { - slprintf(tmp, sizeof(tmp) - 1, "sids[%02d]", - i); - if (!smb_io_dom_sid2(tmp, &info->sids[i], - ps, depth)) - return False; - } - } - } - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_policy_info(const char *desc, SAM_DELTA_POLICY *info, - prs_struct *ps, int depth) -{ - unsigned int i; - prs_debug(ps, depth, desc, "net_io_sam_policy_info"); - depth++; - - if(!prs_align(ps)) - return False; - - if (!prs_uint32("max_log_size", ps, depth, &info->max_log_size)) - return False; - if (!prs_uint64("audit_retention_period", ps, depth, - &info->audit_retention_period)) - return False; - if (!prs_uint32("auditing_mode", ps, depth, &info->auditing_mode)) - return False; - if (!prs_uint32("num_events", ps, depth, &info->num_events)) - return False; - if (!prs_uint32("ptr_events", ps, depth, &info->ptr_events)) - return False; - - if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth)) - return False; - - if (!prs_uint32("sid_ptr", ps, depth, &info->sid_ptr)) - return False; - - if (!prs_uint32("paged_pool_limit", ps, depth, &info->paged_pool_limit)) - return False; - if (!prs_uint32("non_paged_pool_limit", ps, depth, - &info->non_paged_pool_limit)) - return False; - if (!prs_uint32("min_workset_size", ps, depth, &info->min_workset_size)) - return False; - if (!prs_uint32("max_workset_size", ps, depth, &info->max_workset_size)) - return False; - if (!prs_uint32("page_file_limit", ps, depth, &info->page_file_limit)) - return False; - if (!prs_uint64("time_limit", ps, depth, &info->time_limit)) - return False; - if (!smb_io_time("modify_time", &info->modify_time, ps, depth)) - return False; - if (!smb_io_time("create_time", &info->create_time, ps, depth)) - return False; - if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) - return False; - - for (i=0; i<4; i++) { - UNIHDR dummy; - if (!smb_io_unihdr("dummy", &dummy, ps, depth)) - return False; - } - - for (i=0; i<4; i++) { - uint32 reserved; - if (!prs_uint32("reserved", ps, depth, &reserved)) - return False; - } - - if (!prs_uint32("num_event_audit_options", ps, depth, - &info->num_event_audit_options)) - return False; - - for (i=0; i<info->num_event_audit_options; i++) - if (!prs_uint32("event_audit_option", ps, depth, - &info->event_audit_option)) - return False; - - if (!smb_io_unistr2("domain_name", &info->domain_name, True, ps, depth)) - return False; - - if(!smb_io_dom_sid2("domain_sid", &info->domain_sid, ps, depth)) - return False; - - if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth)) - - return False; - - return True; -} - -#if 0 - -/* This function is pretty broken - see bug #334 */ - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_trustdoms_info(const char *desc, SAM_DELTA_TRUSTDOMS *info, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "net_io_sam_trustdoms_info"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("buf_size", ps, depth, &info->buf_size)) - return False; - - if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth)) - return False; - - if(!smb_io_dom_sid2("sid", &info->sid, ps, depth)) - return False; - - if(!smb_io_unihdr("hdr_domain", &info->hdr_domain, ps, depth)) - return False; - - if(!prs_uint32("unknown0", ps, depth, &info->unknown0)) - return False; - if(!prs_uint32("unknown1", ps, depth, &info->unknown1)) - return False; - if(!prs_uint32("unknown2", ps, depth, &info->unknown2)) - return False; - - if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2)) - return False; - if(!prs_uint32("ptr", ps, depth, &info->ptr)) - return False; - - for (i=0; i<12; i++) - if(!prs_uint32("unknown3", ps, depth, &info->unknown3)) - return False; - - if (!smb_io_unistr2("domain", &info->domain, True, ps, depth)) - return False; - - return True; -} - -#endif - -#if 0 - -/* This function doesn't work - see bug #334 */ - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_secret_info(const char *desc, SAM_DELTA_SECRET *info, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "net_io_sam_secret_info"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("buf_size", ps, depth, &info->buf_size)) - return False; - - if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth)) - return False; - - if (!smb_io_unistr2("secret", &info->secret, True, ps, depth)) - return False; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("count1", ps, depth, &info->count1)) - return False; - if(!prs_uint32("count2", ps, depth, &info->count2)) - return False; - if(!prs_uint32("ptr", ps, depth, &info->ptr)) - return False; - - - if(!smb_io_time("time1", &info->time1, ps, depth)) /* logon time */ - return False; - if(!prs_uint32("count3", ps, depth, &info->count3)) - return False; - if(!prs_uint32("count4", ps, depth, &info->count4)) - return False; - if(!prs_uint32("ptr2", ps, depth, &info->ptr2)) - return False; - if(!smb_io_time("time2", &info->time2, ps, depth)) /* logon time */ - return False; - if(!prs_uint32("unknow1", ps, depth, &info->unknow1)) - return False; - - - if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2)) - return False; - if(!prs_uint32("ptr3", ps, depth, &info->ptr3)) - return False; - for(i=0; i<12; i++) - if(!prs_uint32("unknow2", ps, depth, &info->unknow2)) - return False; - - if(!prs_uint32("chal_len", ps, depth, &info->chal_len)) - return False; - if(!prs_uint32("reserved1", ps, depth, &info->reserved1)) - return False; - if(!prs_uint32("chal_len2", ps, depth, &info->chal_len2)) - return False; - - if(!prs_uint8s (False, "chal", ps, depth, info->chal, info->chal_len2)) - return False; - - if(!prs_uint32("key_len", ps, depth, &info->key_len)) - return False; - if(!prs_uint32("reserved2", ps, depth, &info->reserved2)) - return False; - if(!prs_uint32("key_len2", ps, depth, &info->key_len2)) - return False; - - if(!prs_uint8s (False, "key", ps, depth, info->key, info->key_len2)) - return False; - - - if(!prs_uint32("buf_size3", ps, depth, &info->buf_size3)) - return False; - - if(!sec_io_desc("sec_desc2", &info->sec_desc2, ps, depth)) - return False; - - - return True; -} - -#endif - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_privs_info(const char *desc, SAM_DELTA_PRIVS *info, - prs_struct *ps, int depth) -{ - unsigned int i; - - prs_debug(ps, depth, desc, "net_io_sam_privs_info"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!smb_io_dom_sid2("sid", &info->sid, ps, depth)) - return False; - - if(!prs_uint32("priv_count", ps, depth, &info->priv_count)) - return False; - if(!prs_uint32("priv_control", ps, depth, &info->priv_control)) - return False; - - if(!prs_uint32("priv_attr_ptr", ps, depth, &info->priv_attr_ptr)) - return False; - if(!prs_uint32("priv_name_ptr", ps, depth, &info->priv_name_ptr)) - return False; - - if (!prs_uint32("paged_pool_limit", ps, depth, &info->paged_pool_limit)) - return False; - if (!prs_uint32("non_paged_pool_limit", ps, depth, - &info->non_paged_pool_limit)) - return False; - if (!prs_uint32("min_workset_size", ps, depth, &info->min_workset_size)) - return False; - if (!prs_uint32("max_workset_size", ps, depth, &info->max_workset_size)) - return False; - if (!prs_uint32("page_file_limit", ps, depth, &info->page_file_limit)) - return False; - if (!prs_uint64("time_limit", ps, depth, &info->time_limit)) - return False; - if (!prs_uint32("system_flags", ps, depth, &info->system_flags)) - return False; - if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) - return False; - - for (i=0; i<4; i++) { - UNIHDR dummy; - if (!smb_io_unihdr("dummy", &dummy, ps, depth)) - return False; - } - - for (i=0; i<4; i++) { - uint32 reserved; - if (!prs_uint32("reserved", ps, depth, &reserved)) - return False; - } - - if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count)) - return False; - - if (UNMARSHALLING(ps)) { - if (info->attribute_count) { - info->attributes = TALLOC_ARRAY(ps->mem_ctx, uint32, info->attribute_count); - if (!info->attributes) { - return False; - } - } else { - info->attributes = NULL; - } - } - - for (i=0; i<info->attribute_count; i++) - if(!prs_uint32("attributes", ps, depth, &info->attributes[i])) - return False; - - if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count)) - return False; - - if (UNMARSHALLING(ps)) { - if (info->privlist_count) { - info->hdr_privslist = TALLOC_ARRAY(ps->mem_ctx, UNIHDR, info->privlist_count); - info->uni_privslist = TALLOC_ARRAY(ps->mem_ctx, UNISTR2, info->privlist_count); - if (!info->hdr_privslist) { - return False; - } - if (!info->uni_privslist) { - return False; - } - } else { - info->hdr_privslist = NULL; - info->uni_privslist = NULL; - } - } - - for (i=0; i<info->privlist_count; i++) - if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth)) - return False; - - for (i=0; i<info->privlist_count; i++) - if (!smb_io_unistr2("uni_privslist", &info->uni_privslist[i], True, ps, depth)) - return False; - - if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth)) - return False; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -static bool net_io_sam_delta_ctr(const char *desc, - SAM_DELTA_CTR * delta, uint16 type, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "net_io_sam_delta_ctr"); - depth++; - - switch (type) { - /* Seen in sam deltas */ - case SAM_DELTA_MODIFIED_COUNT: - if (!net_io_sam_delta_mod_count("", &delta->mod_count, ps, depth)) - return False; - break; - - case SAM_DELTA_DOMAIN_INFO: - if (!net_io_sam_domain_info("", &delta->domain_info, ps, depth)) - return False; - break; - - case SAM_DELTA_GROUP_INFO: - if (!net_io_sam_group_info("", &delta->group_info, ps, depth)) - return False; - break; - - case SAM_DELTA_ACCOUNT_INFO: - if (!net_io_sam_account_info("", &delta->account_info, ps, depth)) - return False; - break; - - case SAM_DELTA_GROUP_MEM: - if (!net_io_sam_group_mem_info("", &delta->grp_mem_info, ps, depth)) - return False; - break; - - case SAM_DELTA_ALIAS_INFO: - if (!net_io_sam_alias_info("", &delta->alias_info, ps, depth)) - return False; - break; - - case SAM_DELTA_POLICY_INFO: - if (!net_io_sam_policy_info("", &delta->policy_info, ps, depth)) - return False; - break; - - case SAM_DELTA_ALIAS_MEM: - if (!net_io_sam_alias_mem_info("", &delta->als_mem_info, ps, depth)) - return False; - break; - - case SAM_DELTA_PRIVS_INFO: - if (!net_io_sam_privs_info("", &delta->privs_info, ps, depth)) - return False; - break; - - /* These guys are implemented but broken */ - - case SAM_DELTA_TRUST_DOMS: - case SAM_DELTA_SECRET_INFO: - break; - - /* These guys are not implemented yet */ - - case SAM_DELTA_RENAME_GROUP: - case SAM_DELTA_RENAME_USER: - case SAM_DELTA_RENAME_ALIAS: - case SAM_DELTA_DELETE_GROUP: - case SAM_DELTA_DELETE_USER: - default: - DEBUG(0, ("Replication error: Unknown delta type 0x%x\n", type)); - break; - } - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -bool net_io_r_sam_sync(const char *desc, - NET_R_SAM_SYNC * r_s, prs_struct *ps, int depth) -{ - uint32 i; - - prs_debug(ps, depth, desc, "net_io_r_sam_sync"); - depth++; - - if (!smb_io_cred("srv_creds", &r_s->srv_creds, ps, depth)) - return False; - if (!prs_uint32("sync_context", ps, depth, &r_s->sync_context)) - return False; - - if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas)) - return False; - if (r_s->ptr_deltas != 0) - { - if (!prs_uint32("num_deltas ", ps, depth, &r_s->num_deltas)) - return False; - if (!prs_uint32("ptr_deltas2", ps, depth, &r_s->ptr_deltas2)) - return False; - if (r_s->ptr_deltas2 != 0) - { - if (!prs_uint32("num_deltas2", ps, depth, - &r_s->num_deltas2)) - return False; - - if (r_s->num_deltas2 != r_s->num_deltas) - { - /* RPC fault */ - return False; - } - - if (UNMARSHALLING(ps)) { - if (r_s->num_deltas2) { - r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2); - if (r_s->hdr_deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d delta headers\n", - r_s->num_deltas2)); - return False; - } - } else { - r_s->hdr_deltas = NULL; - } - } - - for (i = 0; i < r_s->num_deltas2; i++) - { - if (!net_io_sam_delta_hdr("", - &r_s->hdr_deltas[i], - ps, depth)) - return False; - } - - if (UNMARSHALLING(ps)) { - if (r_s->num_deltas2) { - r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2); - if (r_s->deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d deltas\n", - r_s->num_deltas2)); - return False; - } - } else { - r_s->deltas = NULL; - } - } - - for (i = 0; i < r_s->num_deltas2; i++) - { - if (!net_io_sam_delta_ctr( - "", &r_s->deltas[i], - r_s->hdr_deltas[i].type3, - ps, depth)) { - DEBUG(0, ("hmm, failed on i=%d\n", i)); - return False; - } - } - } - } - - prs_align(ps); - if (!prs_ntstatus("status", ps, depth, &(r_s->status))) - return False; - - return True; -} - -/******************************************************************* -makes a NET_Q_SAM_DELTAS structure. -********************************************************************/ -bool init_net_q_sam_deltas(NET_Q_SAM_DELTAS *q_s, const char *srv_name, - const char *cli_name, DOM_CRED *cli_creds, - uint32 database_id, uint64 dom_mod_count) -{ - DEBUG(5, ("init_net_q_sam_deltas\n")); - - init_unistr2(&q_s->uni_srv_name, srv_name, UNI_STR_TERMINATE); - init_unistr2(&q_s->uni_cli_name, cli_name, UNI_STR_TERMINATE); - - memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds)); - memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds)); - - q_s->database_id = database_id; - q_s->dom_mod_count = dom_mod_count; - q_s->max_size = 0xffff; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -bool net_io_q_sam_deltas(const char *desc, NET_Q_SAM_DELTAS *q_s, prs_struct *ps, - int depth) -{ - prs_debug(ps, depth, desc, "net_io_q_sam_deltas"); - depth++; - - if (!smb_io_unistr2("", &q_s->uni_srv_name, True, ps, depth)) - return False; - if (!smb_io_unistr2("", &q_s->uni_cli_name, True, ps, depth)) - return False; - - if (!smb_io_cred("", &q_s->cli_creds, ps, depth)) - return False; - if (!smb_io_cred("", &q_s->ret_creds, ps, depth)) - return False; - - if (!prs_uint32("database_id ", ps, depth, &q_s->database_id)) - return False; - if (!prs_uint64("dom_mod_count", ps, depth, &q_s->dom_mod_count)) - return False; - if (!prs_uint32("max_size", ps, depth, &q_s->max_size)) - return False; - - return True; -} - -/******************************************************************* -reads or writes a structure. -********************************************************************/ -bool net_io_r_sam_deltas(const char *desc, - NET_R_SAM_DELTAS *r_s, prs_struct *ps, int depth) -{ - unsigned int i; - - prs_debug(ps, depth, desc, "net_io_r_sam_deltas"); - depth++; - - if (!smb_io_cred("srv_creds", &r_s->srv_creds, ps, depth)) - return False; - if (!prs_uint64("dom_mod_count", ps, depth, &r_s->dom_mod_count)) - return False; - - if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas)) - return False; - if (!prs_uint32("num_deltas", ps, depth, &r_s->num_deltas)) - return False; - if (!prs_uint32("ptr_deltas2", ps, depth, &r_s->num_deltas2)) - return False; - - if (r_s->num_deltas2 != 0) - { - if (!prs_uint32("num_deltas2 ", ps, depth, &r_s->num_deltas2)) - return False; - - if (r_s->ptr_deltas != 0) - { - if (UNMARSHALLING(ps)) { - if (r_s->num_deltas) { - r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas); - if (r_s->hdr_deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d delta headers\n", - r_s->num_deltas)); - return False; - } - } else { - r_s->hdr_deltas = NULL; - } - } - - for (i = 0; i < r_s->num_deltas; i++) - { - net_io_sam_delta_hdr("", &r_s->hdr_deltas[i], - ps, depth); - } - - if (UNMARSHALLING(ps)) { - if (r_s->num_deltas) { - r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas); - if (r_s->deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d deltas\n", - r_s->num_deltas)); - return False; - } - } else { - r_s->deltas = NULL; - } - } - - for (i = 0; i < r_s->num_deltas; i++) - { - if (!net_io_sam_delta_ctr( - "", - &r_s->deltas[i], - r_s->hdr_deltas[i].type2, - ps, depth)) - - return False; - } - } - } - - prs_align(ps); - if (!prs_ntstatus("status", ps, depth, &r_s->status)) - return False; - - return True; -} diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 92c178042f..5d18419c75 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -21,14 +21,10 @@ /* Implementation of registry functions. */ #include "includes.h" -#include "regfio.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -static const struct generic_mapping reg_generic_map = - { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL }; - /****************************************************************** free() function for struct registry_key *****************************************************************/ @@ -655,125 +651,6 @@ static int validate_reg_filename(TALLOC_CTX *ctx, char **pp_fname ) } /******************************************************************* - Note: topkeypat is the *full* path that this *key will be - loaded into (including the name of the key) - ********************************************************************/ - -static WERROR reg_load_tree( REGF_FILE *regfile, const char *topkeypath, - REGF_NK_REC *key ) -{ - REGF_NK_REC *subkey; - REGISTRY_KEY registry_key; - REGVAL_CTR *values; - REGSUBKEY_CTR *subkeys; - int i; - char *path = NULL; - WERROR result = WERR_OK; - - /* initialize the REGISTRY_KEY structure */ - - if ( !(registry_key.hook = reghook_cache_find(topkeypath)) ) { - DEBUG(0,("reg_load_tree: Failed to assigned a REGISTRY_HOOK to [%s]\n", - topkeypath )); - return WERR_BADFILE; - } - - registry_key.name = talloc_strdup( regfile->mem_ctx, topkeypath ); - if ( !registry_key.name ) { - DEBUG(0,("reg_load_tree: Talloc failed for reg_key.name!\n")); - return WERR_NOMEM; - } - - /* now start parsing the values and subkeys */ - - if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) ) - return WERR_NOMEM; - - if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) ) - return WERR_NOMEM; - - /* copy values into the REGVAL_CTR */ - - for ( i=0; i<key->num_values; i++ ) { - regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type, - (char*)key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) ); - } - - /* copy subkeys into the REGSUBKEY_CTR */ - - key->subkey_index = 0; - while ( (subkey = regfio_fetch_subkey( regfile, key )) ) { - regsubkey_ctr_addkey( subkeys, subkey->keyname ); - } - - /* write this key and values out */ - - if ( !store_reg_values( ®istry_key, values ) - || !store_reg_keys( ®istry_key, subkeys ) ) - { - DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath)); - result = WERR_REG_IO_FAILURE; - } - - TALLOC_FREE( subkeys ); - - if ( !W_ERROR_IS_OK(result) ) - return result; - - /* now continue to load each subkey registry tree */ - - key->subkey_index = 0; - while ( (subkey = regfio_fetch_subkey( regfile, key )) ) { - path = talloc_asprintf(regfile->mem_ctx, - "%s\\%s", - topkeypath, - subkey->keyname); - if (!path) { - return WERR_NOMEM; - } - result = reg_load_tree( regfile, path, subkey ); - if ( !W_ERROR_IS_OK(result) ) - break; - } - - return result; -} - -/******************************************************************* - ********************************************************************/ - -static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname ) -{ - REGF_FILE *regfile; - REGF_NK_REC *rootkey; - WERROR result; - - /* open the registry file....fail if the file already exists */ - - if ( !(regfile = regfio_open( fname, (O_RDONLY), 0 )) ) { - DEBUG(0,("restore_registry_key: failed to open \"%s\" (%s)\n", - fname, strerror(errno) )); - return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) ); - } - - /* get the rootkey from the regf file and then load the tree - via recursive calls */ - - if ( !(rootkey = regfio_rootkey( regfile )) ) { - regfio_close( regfile ); - return WERR_REG_FILE_INVALID; - } - - result = reg_load_tree( regfile, krecord->name, rootkey ); - - /* cleanup */ - - regfio_close( regfile ); - - return result; -} - -/******************************************************************* ********************************************************************/ WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r) @@ -807,175 +684,9 @@ WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r) DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n", regkey->key->name, fname, lp_servicename(snum) )); - return restore_registry_key( regkey->key, fname ); -} - -/******************************************************************** -********************************************************************/ - -static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath, - REGF_NK_REC *parent, SEC_DESC *sec_desc ) -{ - REGF_NK_REC *key; - REGVAL_CTR *values; - REGSUBKEY_CTR *subkeys; - int i, num_subkeys; - char *key_tmp = NULL; - char *keyname, *parentpath; - char *subkeypath = NULL; - char *subkeyname; - REGISTRY_KEY registry_key; - WERROR result = WERR_OK; - - if (!regfile) - return WERR_GENERAL_FAILURE; - - if (!keypath) - return WERR_OBJECT_PATH_INVALID; - - /* split up the registry key path */ - - key_tmp = talloc_strdup(regfile->mem_ctx, keypath); - if (!key_tmp) { - return WERR_NOMEM; - } - if (!reg_split_key( key_tmp, &parentpath, &keyname ) ) - return WERR_OBJECT_PATH_INVALID; - - if ( !keyname ) - keyname = parentpath; - - /* we need a REGISTRY_KEY object here to enumerate subkeys and values */ - - ZERO_STRUCT( registry_key ); - - if ( (registry_key.name = talloc_strdup(regfile->mem_ctx, keypath)) == NULL ) - return WERR_NOMEM; - - if ( (registry_key.hook = reghook_cache_find( registry_key.name )) == NULL ) - return WERR_BADFILE; - - /* lookup the values and subkeys */ - - if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) ) - return WERR_NOMEM; - - if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) ) - return WERR_NOMEM; - - fetch_reg_keys( ®istry_key, subkeys ); - fetch_reg_values( ®istry_key, values ); - - /* write out this key */ - - if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) { - result = WERR_CAN_NOT_COMPLETE; - goto done; - } - - /* write each one of the subkeys out */ - - num_subkeys = regsubkey_ctr_numkeys( subkeys ); - for ( i=0; i<num_subkeys; i++ ) { - subkeyname = regsubkey_ctr_specific_key( subkeys, i ); - subkeypath = talloc_asprintf(regfile->mem_ctx, - "%s\\%s", keypath, subkeyname); - if (!subkeypath) { - result = WERR_NOMEM; - goto done; - } - result = reg_write_tree( regfile, subkeypath, key, sec_desc ); - if ( !W_ERROR_IS_OK(result) ) - goto done; - } - - DEBUG(6,("reg_write_tree: wrote key [%s]\n", keypath )); - -done: - TALLOC_FREE( subkeys ); - TALLOC_FREE( registry_key.name ); - - return result; + return reg_restorekey(regkey, fname); } -/******************************************************************* - ********************************************************************/ - -static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd ) -{ - DOM_SID adm_sid, owner_sid; - SEC_ACE ace[2]; /* at most 2 entries */ - SEC_ACCESS mask; - SEC_ACL *psa = NULL; - size_t sd_size; - - /* set the owner to BUILTIN\Administrator */ - - sid_copy(&owner_sid, &global_sid_Builtin); - sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN ); - - - /* basic access for Everyone */ - - init_sec_access(&mask, reg_generic_map.generic_execute | reg_generic_map.generic_read ); - init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - - /* add Full Access 'BUILTIN\Administrators' */ - - init_sec_access(&mask, reg_generic_map.generic_all); - sid_copy(&adm_sid, &global_sid_Builtin); - sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); - init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - - /* create the security descriptor */ - - if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL) - return WERR_NOMEM; - - if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, - NULL, psa, &sd_size)) == NULL) - return WERR_NOMEM; - - return WERR_OK; -} - -/******************************************************************* - ********************************************************************/ - -static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname ) -{ - REGF_FILE *regfile; - WERROR result; - SEC_DESC *sd = NULL; - - /* open the registry file....fail if the file already exists */ - - if ( !(regfile = regfio_open( fname, (O_RDWR|O_CREAT|O_EXCL), (S_IREAD|S_IWRITE) )) ) { - DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n", - fname, strerror(errno) )); - return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) ); - } - - if ( !W_ERROR_IS_OK(result = make_default_reg_sd( regfile->mem_ctx, &sd )) ) { - regfio_close( regfile ); - return result; - } - - /* write the registry tree to the file */ - - result = reg_write_tree( regfile, krecord->name, NULL, sd ); - - /* cleanup */ - - regfio_close( regfile ); - - return result; -} - -/******************************************************************* - ********************************************************************/ - WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r) { struct registry_key *regkey = find_regkey_by_hnd( p, r->in.handle ); @@ -1002,7 +713,7 @@ WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r) DEBUG(2,("_winreg_SaveKey: Saving [%s] to %s in share %s\n", regkey->key->name, fname, lp_servicename(snum) )); - return backup_registry_key( regkey->key, fname ); + return reg_savekey(regkey, fname); } /******************************************************************* diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index ac27d387ce..49098b12e4 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -439,141 +439,242 @@ static WERROR cmd_netlogon_logon_ctrl(struct rpc_pipe_client *cli, /* Display sam synchronisation information */ -static void display_sam_sync(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas, - SAM_DELTA_CTR *deltas) +static void display_sam_sync(struct netr_DELTA_ENUM_ARRAY *r) { - fstring name; - uint32 i, j; - - for (i = 0; i < num_deltas; i++) { - switch (hdr_deltas[i].type) { - case SAM_DELTA_DOMAIN_INFO: - unistr2_to_ascii(name, - &deltas[i].domain_info.uni_dom_name, - sizeof(name)); - printf("Domain: %s\n", name); - break; - case SAM_DELTA_GROUP_INFO: - unistr2_to_ascii(name, - &deltas[i].group_info.uni_grp_name, - sizeof(name)); - printf("Group: %s\n", name); - break; - case SAM_DELTA_ACCOUNT_INFO: - unistr2_to_ascii(name, - &deltas[i].account_info.uni_acct_name, - sizeof(name)); - printf("Account: %s\n", name); - break; - case SAM_DELTA_ALIAS_INFO: - unistr2_to_ascii(name, - &deltas[i].alias_info.uni_als_name, - sizeof(name)); - printf("Alias: %s\n", name); - break; - case SAM_DELTA_ALIAS_MEM: { - SAM_ALIAS_MEM_INFO *alias = &deltas[i].als_mem_info; - - for (j = 0; j < alias->num_members; j++) { - fstring sid_str; - - sid_to_fstring(sid_str, &alias->sids[j].sid); - - printf("%s\n", sid_str); - } - break; - } - case SAM_DELTA_GROUP_MEM: { - SAM_GROUP_MEM_INFO *group = &deltas[i].grp_mem_info; - - for (j = 0; j < group->num_members; j++) - printf("rid 0x%x, attrib 0x%08x\n", - group->rids[j], group->attribs[j]); - break; - } - case SAM_DELTA_MODIFIED_COUNT: { - SAM_DELTA_MOD_COUNT *mc = &deltas[i].mod_count; - - printf("sam sequence update: 0x%04x\n", mc->seqnum); - break; - } - default: - printf("unknown delta type 0x%02x\n", - hdr_deltas[i].type); - break; - } - } + uint32_t i, j; + + for (i=0; i < r->num_deltas; i++) { + + union netr_DELTA_UNION u = r->delta_enum[i].delta_union; + union netr_DELTA_ID_UNION id = r->delta_enum[i].delta_id_union; + + switch (r->delta_enum[i].delta_type) { + case NETR_DELTA_DOMAIN: + printf("Domain: %s\n", + u.domain->domain_name.string); + break; + case NETR_DELTA_GROUP: + printf("Group: %s\n", + u.group->group_name.string); + break; + case NETR_DELTA_DELETE_GROUP: + printf("Delete Group: %d\n", + u.delete_account.unknown); + break; + case NETR_DELTA_RENAME_GROUP: + printf("Rename Group: %s -> %s\n", + u.rename_group->OldName.string, + u.rename_group->NewName.string); + break; + case NETR_DELTA_USER: + printf("Account: %s\n", + u.user->account_name.string); + break; + case NETR_DELTA_DELETE_USER: + printf("Delete User: %d\n", + id.rid); + break; + case NETR_DELTA_RENAME_USER: + printf("Rename user: %s -> %s\n", + u.rename_user->OldName.string, + u.rename_user->NewName.string); + break; + case NETR_DELTA_GROUP_MEMBER: + for (j=0; j < u.group_member->num_rids; j++) { + printf("rid 0x%x, attrib 0x%08x\n", + u.group_member->rids[j], + u.group_member->attribs[j]); + } + break; + case NETR_DELTA_ALIAS: + printf("Alias: %s\n", + u.alias->alias_name.string); + break; + case NETR_DELTA_DELETE_ALIAS: + printf("Delete Alias: %d\n", + r->delta_enum[i].delta_id_union.rid); + break; + case NETR_DELTA_RENAME_ALIAS: + printf("Rename alias: %s -> %s\n", + u.rename_alias->OldName.string, + u.rename_alias->NewName.string); + break; + case NETR_DELTA_ALIAS_MEMBER: + for (j=0; j < u.alias_member->sids.num_sids; j++) { + fstring sid_str; + sid_to_fstring(sid_str, + u.alias_member->sids.sids[j].sid); + printf("%s\n", sid_str); + } + break; + case NETR_DELTA_POLICY: + printf("Policy\n"); + break; + case NETR_DELTA_TRUSTED_DOMAIN: + printf("Trusted Domain: %s\n", + u.trusted_domain->domain_name.string); + break; + case NETR_DELTA_DELETE_TRUST: + printf("Delete Trust: %d\n", + u.delete_trust.unknown); + break; + case NETR_DELTA_ACCOUNT: + printf("Account\n"); + break; + case NETR_DELTA_DELETE_ACCOUNT: + printf("Delete Account: %d\n", + u.delete_account.unknown); + break; + case NETR_DELTA_SECRET: + printf("Secret\n"); + break; + case NETR_DELTA_DELETE_SECRET: + printf("Delete Secret: %d\n", + u.delete_secret.unknown); + break; + case NETR_DELTA_DELETE_GROUP2: + printf("Delete Group2: %s\n", + u.delete_group->account_name); + break; + case NETR_DELTA_DELETE_USER2: + printf("Delete User2: %s\n", + u.delete_user->account_name); + break; + case NETR_DELTA_MODIFY_COUNT: + printf("sam sequence update: 0x%016llx\n", + (unsigned long long) *u.modified_count); + break; + default: + printf("unknown delta type 0x%02x\n", + r->delta_enum[i].delta_type); + break; + } + } } /* Perform sam synchronisation */ -static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli, +static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 database_id = 0, num_deltas; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; + const char *logon_server = cli->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN; + uint16_t restart_state = 0; + uint32_t sync_context = 0; if (argc > 2) { fprintf(stderr, "Usage: %s [database_id]\n", argv[0]); return NT_STATUS_OK; } - if (argc == 2) - database_id = atoi(argv[1]); + if (argc == 2) { + database_id = atoi(argv[1]); + } - /* Synchronise sam database */ + /* Synchronise sam database */ - result = rpccli_netlogon_sam_sync(cli, mem_ctx, database_id, - 0, &num_deltas, &hdr_deltas, &deltas); + do { + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; - if (!NT_STATUS_IS_OK(result)) - goto done; + netlogon_creds_client_step(cli->dc, &credential); - /* Display results */ + result = rpccli_netr_DatabaseSync2(cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); - display_sam_sync(num_deltas, hdr_deltas, deltas); + /* Check returned credentials. */ + if (!netlogon_creds_client_check(cli->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } - done: - return result; + if (NT_STATUS_IS_ERR(result)) { + break; + } + + /* Display results */ + + display_sam_sync(delta_enum_array); + + TALLOC_FREE(delta_enum_array); + + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + return result; } /* Perform sam delta synchronisation */ -static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, int argc, - const char **argv) +static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 database_id, num_deltas, tmp; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - uint64 seqnum; + uint32_t tmp; + const char *logon_server = cli->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN; + uint64_t sequence_num; + + if (argc != 3) { + fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]); + return NT_STATUS_OK; + } - if (argc != 3) { - fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]); - return NT_STATUS_OK; - } + database_id = atoi(argv[1]); + tmp = atoi(argv[2]); - database_id = atoi(argv[1]); - tmp = atoi(argv[2]); + sequence_num = tmp & 0xffff; - seqnum = tmp & 0xffff; + do { + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; - result = rpccli_netlogon_sam_deltas(cli, mem_ctx, database_id, - seqnum, &num_deltas, - &hdr_deltas, &deltas); + netlogon_creds_client_step(cli->dc, &credential); - if (!NT_STATUS_IS_OK(result)) - goto done; + result = rpccli_netr_DatabaseDeltas(cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + &sequence_num, + &delta_enum_array, + 0xffff); - /* Display results */ + /* Check returned credentials. */ + if (!netlogon_creds_client_check(cli->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (NT_STATUS_IS_ERR(result)) { + break; + } + + /* Display results */ + + display_sam_sync(delta_enum_array); + + TALLOC_FREE(delta_enum_array); + + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - display_sam_sync(num_deltas, hdr_deltas, deltas); - - done: return result; } diff --git a/source3/torture/samtest.h b/source3/torture/samtest.h deleted file mode 100644 index 5cde3fadb5..0000000000 --- a/source3/torture/samtest.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM module tester - - Copyright (C) Jelmer Vernooij 2002 - - Most of this code was ripped off of rpcclient. - Copyright (C) Tim Potter 2000-2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -struct samtest_state { - SAM_CONTEXT *context; - NT_USER_TOKEN *token; -}; - -struct cmd_set { - char *name; - NTSTATUS (*fn)(struct samtest_state *sam, TALLOC_CTX *mem_ctx, int argc, - char **argv); - char *description; - char *usage; -}; - - diff --git a/source3/torture/smbiconv.c b/source3/torture/smbiconv.c index 05a8c3d815..72fbdc470f 100644 --- a/source3/torture/smbiconv.c +++ b/source3/torture/smbiconv.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#undef realloc static int process_block (smb_iconv_t cd, const char *addr, size_t len, FILE *output) @@ -85,7 +86,7 @@ incomplete character or shift sequence at end of buffer")); static int -process_fd (iconv_t cd, int fd, FILE *output) +process_fd (smb_iconv_t cd, int fd, FILE *output) { /* we have a problem with reading from a descriptor since we must not provide the iconv() function an incomplete character or shift @@ -167,8 +168,8 @@ process_fd (iconv_t cd, int fd, FILE *output) int main(int argc, char *argv[]) { const char *file = NULL; - char *from = ""; - char *to = ""; + const char *from = ""; + const char *to = ""; char *output = NULL; const char *preload_modules[] = {NULL, NULL}; FILE *out = stdout; @@ -213,7 +214,7 @@ int main(int argc, char *argv[]) } cd = smb_iconv_open(to, from); - if((int)cd == -1) { + if (cd == (smb_iconv_t)-1) { DEBUG(0,("unable to find from or to encoding, exiting...\n")); return 1; } diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e1f0cd3751..569bbea857 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. dump the remote SAM using rpc samsync operations @@ -12,12 +12,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -31,57 +31,62 @@ static uint32 ldif_uid = 999; /* Keep track of ldap initialization */ static int init_ldap = 1; -static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) +static void display_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) { int i; d_printf("Group mem %u: ", rid); - for (i=0;i<g->num_members;i++) { - d_printf("%u ", g->rids[i]); + for (i=0; i< r->num_rids; i++) { + d_printf("%u ", r->rids[i]); } d_printf("\n"); } -static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) +static void display_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r) { - d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); - d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid); + d_printf("Alias '%s' ", r->alias_name.string); + d_printf("desc='%s' rid=%u\n", r->description.string, r->rid); } -static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a) +static void display_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r) { int i; d_printf("Alias rid %u: ", rid); - for (i=0;i<a->num_members;i++) { - d_printf("%s ", sid_string_tos(&a->sids[i].sid)); + for (i=0; i< r->sids.num_sids; i++) { + d_printf("%s ", sid_string_tos(r->sids.sids[i].sid)); } d_printf("\n"); } -static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) +static void display_account_info(uint32_t rid, + struct netr_DELTA_USER *r) { fstring hex_nt_passwd, hex_lm_passwd; uchar lm_passwd[16], nt_passwd[16]; static uchar zero_buf[16]; /* Decode hashes from password hash (if they are not NULL) */ - - if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } - if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } - - printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), - a->user_rid, hex_lm_passwd, hex_nt_passwd, - pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + + printf("%s:%d:%s:%s:%s:LCT-0\n", + r->account_name.string, + r->rid, hex_lm_passwd, hex_nt_passwd, + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) @@ -91,102 +96,201 @@ static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) return nt_time_to_unix_abs(&nttime); } -static void display_domain_info(SAM_DOMAIN_INFO *a) +static void display_domain_info(struct netr_DELTA_DOMAIN *r) { time_t u_logout; - u_logout = uint64s_nt_time_to_unix_abs(&a->force_logoff); + u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time); - d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name)); + d_printf("Domain name: %s\n", r->domain_name.string); - d_printf("Minimal Password Length: %d\n", a->min_pwd_len); - d_printf("Password History Length: %d\n", a->pwd_history_len); + d_printf("Minimal Password Length: %d\n", r->min_password_length); + d_printf("Password History Length: %d\n", r->password_history_length); d_printf("Force Logoff: %d\n", (int)u_logout); - d_printf("Max Password Age: %s\n", display_time(a->max_pwd_age)); - d_printf("Min Password Age: %s\n", display_time(a->min_pwd_age)); + d_printf("Max Password Age: %s\n", display_time(r->max_password_age)); + d_printf("Min Password Age: %s\n", display_time(r->min_password_age)); +#if 0 + /* FIXME - gd */ d_printf("Lockout Time: %s\n", display_time(a->account_lockout.lockout_duration)); d_printf("Lockout Reset Time: %s\n", display_time(a->account_lockout.reset_count)); - d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); - d_printf("User must logon to change password: %d\n", a->logon_chgpass); +#endif + d_printf("User must logon to change password: %d\n", r->logon_to_chgpass); } -static void display_group_info(uint32 rid, SAM_GROUP_INFO *a) +static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) { - d_printf("Group '%s' ", unistr2_static(&a->uni_grp_name)); - d_printf("desc='%s', rid=%u\n", unistr2_static(&a->uni_grp_desc), rid); + d_printf("Group '%s' ", r->group_name.string); + d_printf("desc='%s', rid=%u\n", r->description.string, rid); } -static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) +static void display_sam_entry(struct netr_DELTA_ENUM *r) { - switch (hdr_delta->type) { - case SAM_DELTA_ACCOUNT_INFO: - display_account_info(hdr_delta->target_rid, &delta->account_info); + union netr_DELTA_UNION u = r->delta_union; + union netr_DELTA_ID_UNION id = r->delta_id_union; + + switch (r->delta_type) { + case NETR_DELTA_DOMAIN: + display_domain_info(u.domain); + break; + case NETR_DELTA_GROUP: + display_group_info(id.rid, u.group); + break; +#if 0 + case NETR_DELTA_DELETE_GROUP: + printf("Delete Group: %d\n", + u.delete_account.unknown); + break; + case NETR_DELTA_RENAME_GROUP: + printf("Rename Group: %s -> %s\n", + u.rename_group->OldName.string, + u.rename_group->NewName.string); + break; +#endif + case NETR_DELTA_USER: + display_account_info(id.rid, u.user); + break; +#if 0 + case NETR_DELTA_DELETE_USER: + printf("Delete User: %d\n", + id.rid); + break; + case NETR_DELTA_RENAME_USER: + printf("Rename user: %s -> %s\n", + u.rename_user->OldName.string, + u.rename_user->NewName.string); + break; +#endif + case NETR_DELTA_GROUP_MEMBER: + display_group_mem_info(id.rid, u.group_member); + break; + case NETR_DELTA_ALIAS: + display_alias_info(id.rid, u.alias); + break; +#if 0 + case NETR_DELTA_DELETE_ALIAS: + printf("Delete Alias: %d\n", + id.rid); + break; + case NETR_DELTA_RENAME_ALIAS: + printf("Rename alias: %s -> %s\n", + u.rename_alias->OldName.string, + u.rename_alias->NewName.string); + break; +#endif + case NETR_DELTA_ALIAS_MEMBER: + display_alias_mem(id.rid, u.alias_member); + break; +#if 0 + case NETR_DELTA_POLICY: + printf("Policy\n"); + break; + case NETR_DELTA_TRUSTED_DOMAIN: + printf("Trusted Domain: %s\n", + u.trusted_domain->domain_name.string); + break; + case NETR_DELTA_DELETE_TRUST: + printf("Delete Trust: %d\n", + u.delete_trust.unknown); + break; + case NETR_DELTA_ACCOUNT: + printf("Account\n"); + break; + case NETR_DELTA_DELETE_ACCOUNT: + printf("Delete Account: %d\n", + u.delete_account.unknown); break; - case SAM_DELTA_GROUP_MEM: - display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info); + case NETR_DELTA_SECRET: + printf("Secret\n"); break; - case SAM_DELTA_ALIAS_INFO: - display_alias_info(hdr_delta->target_rid, &delta->alias_info); + case NETR_DELTA_DELETE_SECRET: + printf("Delete Secret: %d\n", + u.delete_secret.unknown); + break; + case NETR_DELTA_DELETE_GROUP2: + printf("Delete Group2: %s\n", + u.delete_group->account_name); + break; + case NETR_DELTA_DELETE_USER2: + printf("Delete User2: %s\n", + u.delete_user->account_name); + break; + case NETR_DELTA_MODIFY_COUNT: + printf("sam sequence update: 0x%016llx\n", + (unsigned long long) *u.modified_count); + break; +#endif + /* The following types are recognised but not handled */ + case NETR_DELTA_RENAME_GROUP: + d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); break; - case SAM_DELTA_ALIAS_MEM: - display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info); + case NETR_DELTA_RENAME_USER: + d_printf("NETR_DELTA_RENAME_USER not handled\n"); break; - case SAM_DELTA_DOMAIN_INFO: - display_domain_info(&delta->domain_info); + case NETR_DELTA_RENAME_ALIAS: + d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); break; - case SAM_DELTA_GROUP_INFO: - display_group_info(hdr_delta->target_rid, &delta->group_info); + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); break; - /* The following types are recognised but not handled */ - case SAM_DELTA_RENAME_GROUP: - d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); break; - case SAM_DELTA_RENAME_USER: - d_printf("SAM_DELTA_RENAME_USER not handled\n"); + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); break; - case SAM_DELTA_RENAME_ALIAS: - d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); break; - case SAM_DELTA_POLICY_INFO: - d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + case NETR_DELTA_DELETE_GROUP: + d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); break; - case SAM_DELTA_TRUST_DOMS: - d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + case NETR_DELTA_DELETE_USER: + d_printf("NETR_DELTA_DELETE_USER not handled\n"); break; - case SAM_DELTA_PRIVS_INFO: - d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); break; - case SAM_DELTA_SECRET_INFO: - d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + case NETR_DELTA_DELETE_ALIAS: + d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); break; - case SAM_DELTA_DELETE_GROUP: - d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); break; - case SAM_DELTA_DELETE_USER: - d_printf("SAM_DELTA_DELETE_USER not handled\n"); + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); break; - case SAM_DELTA_MODIFIED_COUNT: - d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); break; default: - d_printf("Unknown delta record type %d\n", hdr_delta->type); + printf("unknown delta type 0x%02x\n", + r->delta_type); break; } } static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) { - uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - uint32 num_deltas; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; if (!(mem_ctx = talloc_init("dump_database"))) { return; @@ -208,29 +312,52 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type, - sync_context, - &num_deltas, &hdr_deltas, &deltas); - if (!NT_STATUS_IS_OK(result)) + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return; + } + + if (NT_STATUS_IS_ERR(result)) { break; + } - for (i = 0; i < num_deltas; i++) { - display_sam_entry(&hdr_deltas[i], &deltas[i]); + /* Display results */ + for (i = 0; i < delta_enum_array->num_deltas; i++) { + display_sam_entry(&delta_enum_array->delta_enum[i]); } - sync_context += 1; + + TALLOC_FREE(delta_enum_array); + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); } /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, - const char *domain_name, +NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, - const char **argv) + const char **argv) { #if 0 /* net_rpc.c now always tries to create an schannel pipe.. */ @@ -277,7 +404,8 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, (!(s1) && (s2)) ||\ ((s1) && (s2) && (strcmp((s1), (s2)) != 0)) -static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *delta) +static NTSTATUS sam_account_from_delta(struct samu *account, + struct netr_DELTA_USER *r) { const char *old_string, *new_string; time_t unix_time, stored_time; @@ -287,15 +415,14 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ - if (delta->hdr_acct_name.buffer) { + if (r->account_name.string) { old_string = pdb_get_nt_username(account); - new_string = unistr2_static(&delta->uni_acct_name); + new_string = r->account_name.string; if (STRING_CHANGED) { pdb_set_nt_username(account, new_string, PDB_CHANGED); - } - + /* Unix username is the same - for sanity */ old_string = pdb_get_username( account ); if (STRING_CHANGED) { @@ -303,68 +430,68 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d } } - if (delta->hdr_full_name.buffer) { + if (r->full_name.string) { old_string = pdb_get_fullname(account); - new_string = unistr2_static(&delta->uni_full_name); + new_string = r->full_name.string; if (STRING_CHANGED) pdb_set_fullname(account, new_string, PDB_CHANGED); } - if (delta->hdr_home_dir.buffer) { + if (r->home_directory.string) { old_string = pdb_get_homedir(account); - new_string = unistr2_static(&delta->uni_home_dir); + new_string = r->home_directory.string; if (STRING_CHANGED) pdb_set_homedir(account, new_string, PDB_CHANGED); } - if (delta->hdr_dir_drive.buffer) { + if (r->home_drive.string) { old_string = pdb_get_dir_drive(account); - new_string = unistr2_static(&delta->uni_dir_drive); + new_string = r->home_drive.string; if (STRING_CHANGED) pdb_set_dir_drive(account, new_string, PDB_CHANGED); } - if (delta->hdr_logon_script.buffer) { + if (r->logon_script.string) { old_string = pdb_get_logon_script(account); - new_string = unistr2_static(&delta->uni_logon_script); + new_string = r->logon_script.string; if (STRING_CHANGED) pdb_set_logon_script(account, new_string, PDB_CHANGED); } - if (delta->hdr_acct_desc.buffer) { + if (r->description.string) { old_string = pdb_get_acct_desc(account); - new_string = unistr2_static(&delta->uni_acct_desc); + new_string = r->description.string; if (STRING_CHANGED) pdb_set_acct_desc(account, new_string, PDB_CHANGED); } - if (delta->hdr_workstations.buffer) { + if (r->workstations.string) { old_string = pdb_get_workstations(account); - new_string = unistr2_static(&delta->uni_workstations); + new_string = r->workstations.string; if (STRING_CHANGED) pdb_set_workstations(account, new_string, PDB_CHANGED); } - if (delta->hdr_profile.buffer) { + if (r->profile_path.string) { old_string = pdb_get_profile_path(account); - new_string = unistr2_static(&delta->uni_profile); + new_string = r->profile_path.string; if (STRING_CHANGED) pdb_set_profile_path(account, new_string, PDB_CHANGED); } - if (delta->hdr_parameters.buffer) { + if (r->parameters.string) { DATA_BLOB mung; char *newstr; old_string = pdb_get_munged_dial(account); - mung.length = delta->hdr_parameters.uni_str_len; - mung.data = (uint8 *) delta->uni_parameters.buffer; + mung.length = r->parameters.length; + mung.data = (uint8 *) r->parameters.string; newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); @@ -374,57 +501,59 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d } /* User and group sid */ - if (pdb_get_user_rid(account) != delta->user_rid) - pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); - if (pdb_get_group_rid(account) != delta->group_rid) - pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); + if (pdb_get_user_rid(account) != r->rid) + pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED); + if (pdb_get_group_rid(account) != r->primary_gid) + pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED); /* Logon and password information */ - if (!nt_time_is_zero(&delta->logon_time)) { - unix_time = nt_time_to_unix(delta->logon_time); + if (!nt_time_is_zero(&r->last_logon)) { + unix_time = nt_time_to_unix(r->last_logon); stored_time = pdb_get_logon_time(account); if (stored_time != unix_time) pdb_set_logon_time(account, unix_time, PDB_CHANGED); } - if (!nt_time_is_zero(&delta->logoff_time)) { - unix_time = nt_time_to_unix(delta->logoff_time); + if (!nt_time_is_zero(&r->last_logoff)) { + unix_time = nt_time_to_unix(r->last_logoff); stored_time = pdb_get_logoff_time(account); if (stored_time != unix_time) pdb_set_logoff_time(account, unix_time,PDB_CHANGED); } /* Logon Divs */ - if (pdb_get_logon_divs(account) != delta->logon_divs) - pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); + if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week) + pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED); +#if 0 + /* no idea what to do with this one - gd */ /* Max Logon Hours */ if (delta->unknown1 != pdb_get_unknown_6(account)) { pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED); } - +#endif /* Logon Hours Len */ - if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) { - pdb_set_hours_len(account, delta->buf_logon_hrs.buf_len, PDB_CHANGED); + if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) { + pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED); } /* Logon Hours */ - if (delta->buf_logon_hrs.buffer) { + if (r->logon_hours.bits) { char oldstr[44], newstr[44]; pdb_sethexhours(oldstr, pdb_get_hours(account)); - pdb_sethexhours(newstr, delta->buf_logon_hrs.buffer); + pdb_sethexhours(newstr, r->logon_hours.bits); if (!strequal(oldstr, newstr)) - pdb_set_hours(account, (const uint8 *)delta->buf_logon_hrs.buffer, PDB_CHANGED); + pdb_set_hours(account, r->logon_hours.bits, PDB_CHANGED); } - if (pdb_get_bad_password_count(account) != delta->bad_pwd_count) - pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED); + if (pdb_get_bad_password_count(account) != r->bad_password_count) + pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED); - if (pdb_get_logon_count(account) != delta->logon_count) - pdb_set_logon_count(account, delta->logon_count, PDB_CHANGED); + if (pdb_get_logon_count(account) != r->logon_count) + pdb_set_logon_count(account, r->logon_count, PDB_CHANGED); - if (!nt_time_is_zero(&delta->pwd_last_set_time)) { - unix_time = nt_time_to_unix(delta->pwd_last_set_time); + if (!nt_time_is_zero(&r->last_password_change)) { + unix_time = nt_time_to_unix(r->last_password_change); stored_time = pdb_get_pass_last_set_time(account); if (stored_time != unix_time) pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); @@ -433,42 +562,41 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED); } -#if 0 -/* No kickoff time in the delta? */ - if (!nt_time_is_zero(&delta->kickoff_time)) { - unix_time = nt_time_to_unix(&delta->kickoff_time); + if (!nt_time_is_zero(&r->acct_expiry)) { + unix_time = nt_time_to_unix(r->acct_expiry); stored_time = pdb_get_kickoff_time(account); if (stored_time != unix_time) pdb_set_kickoff_time(account, unix_time, PDB_CHANGED); } -#endif - /* Decode hashes from password hash - Note that win2000 may send us all zeros for the hashes if it doesn't + /* Decode hashes from password hash + Note that win2000 may send us all zeros for the hashes if it doesn't think this channel is secure enough - don't set the passwords at all in that case */ - if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); } - if (memcmp(delta->pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); } /* TODO: account expiry time */ - pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED); pdb_set_domain(account, lp_workgroup(), PDB_CHANGED); return NT_STATUS_OK; } -static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) +static NTSTATUS fetch_account_info(uint32_t rid, + struct netr_DELTA_USER *r) { + NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; fstring account; char *add_script = NULL; @@ -480,7 +608,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) struct passwd *passwd; fstring sid_string; - fstrcpy(account, unistr2_static(&delta->uni_acct_name)); + fstrcpy(account, r->account_name.string); d_printf("Creating account: %s\n", account); if ( !(sam_account = samu_new( NULL )) ) { @@ -489,17 +617,17 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (!(passwd = Get_Pwnam_alloc(sam_account, account))) { /* Create appropriate user */ - if (delta->acb_info & ACB_NORMAL) { + if (r->acct_flags & ACB_NORMAL) { add_script = talloc_strdup(sam_account, lp_adduser_script()); - } else if ( (delta->acb_info & ACB_WSTRUST) || - (delta->acb_info & ACB_SVRTRUST) || - (delta->acb_info & ACB_DOMTRUST) ) { + } else if ( (r->acct_flags & ACB_WSTRUST) || + (r->acct_flags & ACB_SVRTRUST) || + (r->acct_flags & ACB_DOMTRUST) ) { add_script = talloc_strdup(sam_account, lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", - pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN))); + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN))); nt_ret = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -534,30 +662,30 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } sid_copy(&user_sid, get_global_sam_sid()); - sid_append_rid(&user_sid, delta->user_rid); + sid_append_rid(&user_sid, r->rid); DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), account)); if (!pdb_getsampwsid(sam_account, &user_sid)) { - sam_account_from_delta(sam_account, delta); - DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", account)); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } } else { - sam_account_from_delta(sam_account, delta); - DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); TALLOC_FREE(sam_account); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } } @@ -573,7 +701,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { if (map.gid != passwd->pw_gid) { if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", + DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); @@ -582,7 +710,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } if ( !passwd ) { - DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", + DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account))); } @@ -591,7 +719,8 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) return nt_ret; } -static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) +static NTSTATUS fetch_group_info(uint32_t rid, + struct netr_DELTA_GROUP *r) { fstring name; fstring comment; @@ -601,8 +730,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) GROUP_MAP map; bool insert = True; - unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)); - unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)); + fstrcpy(name, r->group_name.string); + fstrcpy(comment, r->description.string); /* add the group to the mapping table */ sid_copy(&group_sid, get_global_sam_sid()); @@ -620,14 +749,14 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { - + /* No appropriate group found, create one */ - + d_printf("Creating unix group: '%s'\n", name); - + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; - + if ((grp = getgrnam(name)) == NULL) return NT_STATUS_ACCESS_DENIED; } @@ -637,7 +766,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) map.sid = group_sid; map.sid_name_use = SID_NAME_DOM_GRP; fstrcpy(map.nt_name, name); - if (delta->hdr_grp_desc.buffer) { + if (r->description.string) { fstrcpy(map.comment, comment); } else { fstrcpy(map.comment, ""); @@ -651,7 +780,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) return NT_STATUS_OK; } -static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) +static NTSTATUS fetch_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) { int i; TALLOC_CTX *t = NULL; @@ -661,7 +791,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) GROUP_MAP map; struct group *grp; - if (delta->num_members == 0) { + if (r->num_rids == 0) { return NT_STATUS_OK; } @@ -685,8 +815,8 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) return NT_STATUS_NO_MEMORY; } - if (delta->num_members) { - if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { + if (r->num_rids) { + if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, r->num_rids)) == NULL) { DEBUG(0, ("talloc failed\n")); talloc_free(t); return NT_STATUS_NO_MEMORY; @@ -695,7 +825,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) nt_members = NULL; } - for (i=0; i<delta->num_members; i++) { + for (i=0; i < r->num_rids; i++) { struct samu *member = NULL; DOM_SID member_sid; @@ -705,11 +835,11 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) } sid_copy(&member_sid, get_global_sam_sid()); - sid_append_rid(&member_sid, delta->rids[i]); + sid_append_rid(&member_sid, r->rids[i]); if (!pdb_getsampwsid(member, &member_sid)) { DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", - delta->rids[i], sid_string_tos(&member_sid), grp->gr_name)); + r->rids[i], sid_string_tos(&member_sid), grp->gr_name)); TALLOC_FREE(member); continue; } @@ -719,7 +849,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) TALLOC_FREE(member); continue; } - + d_printf("%s,", pdb_get_username(member)); nt_members[i] = talloc_strdup(t, pdb_get_username(member)); TALLOC_FREE(member); @@ -731,7 +861,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) while (*unix_members) { bool is_nt_member = False; - for (i=0; i<delta->num_members; i++) { + for (i=0; i < r->num_rids; i++) { if (nt_members[i] == NULL) { /* This was a primary group */ continue; @@ -751,7 +881,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) unix_members += 1; } - for (i=0; i<delta->num_members; i++) { + for (i=0; i < r->num_rids; i++) { bool is_unix_member = False; if (nt_members[i] == NULL) { @@ -776,12 +906,13 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) smb_add_user_group(grp->gr_name, nt_members[i]); } } - + talloc_destroy(t); return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, +static NTSTATUS fetch_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r, DOM_SID dom_sid) { fstring name; @@ -792,8 +923,8 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, GROUP_MAP map; bool insert = True; - unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)); - unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)); + fstrcpy(name, r->alias_name.string); + fstrcpy(comment, r->description.string); /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); @@ -838,24 +969,29 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) +static NTSTATUS fetch_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r, + DOM_SID dom_sid) { return NT_STATUS_OK; } -static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) +static NTSTATUS fetch_domain_info(uint32_t rid, + struct netr_DELTA_DOMAIN *r) { time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char *domname; + const char *domname; - u_max_age = uint64s_nt_time_to_unix_abs(&delta->max_pwd_age); - u_min_age = uint64s_nt_time_to_unix_abs(&delta->min_pwd_age); - u_logout = uint64s_nt_time_to_unix_abs(&delta->force_logoff); + u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age); + u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age); + u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time); +#if 0 + /* FIXME: gd */ u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count); u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration); - - domname = unistr2_to_ascii_talloc(talloc_tos(), &delta->uni_dom_name); +#endif + domname = r->domain_name.string; if (!domname) { return NT_STATUS_NO_MEMORY; } @@ -867,10 +1003,12 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) } - if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, + r->password_history_length)) return nt_status; - if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, + r->min_password_length)) return nt_status; if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) @@ -881,9 +1019,11 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; - +#if 0 +/* FIXME: gd */ if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; +#endif if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; @@ -894,87 +1034,109 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; - if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + r->logon_to_chgpass)) return nt_status; return NT_STATUS_OK; } - -static void fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, - DOM_SID dom_sid) +static void fetch_sam_entry(struct netr_DELTA_ENUM *r, DOM_SID dom_sid) { - switch(hdr_delta->type) { - case SAM_DELTA_ACCOUNT_INFO: - fetch_account_info(hdr_delta->target_rid, - &delta->account_info); + switch(r->delta_type) { + case NETR_DELTA_USER: + fetch_account_info(r->delta_id_union.rid, + r->delta_union.user); break; - case SAM_DELTA_GROUP_INFO: - fetch_group_info(hdr_delta->target_rid, - &delta->group_info); + case NETR_DELTA_GROUP: + fetch_group_info(r->delta_id_union.rid, + r->delta_union.group); break; - case SAM_DELTA_GROUP_MEM: - fetch_group_mem_info(hdr_delta->target_rid, - &delta->grp_mem_info); + case NETR_DELTA_GROUP_MEMBER: + fetch_group_mem_info(r->delta_id_union.rid, + r->delta_union.group_member); break; - case SAM_DELTA_ALIAS_INFO: - fetch_alias_info(hdr_delta->target_rid, - &delta->alias_info, dom_sid); + case NETR_DELTA_ALIAS: + fetch_alias_info(r->delta_id_union.rid, + r->delta_union.alias, + dom_sid); break; - case SAM_DELTA_ALIAS_MEM: - fetch_alias_mem(hdr_delta->target_rid, - &delta->als_mem_info, dom_sid); + case NETR_DELTA_ALIAS_MEMBER: + fetch_alias_mem(r->delta_id_union.rid, + r->delta_union.alias_member, + dom_sid); break; - case SAM_DELTA_DOMAIN_INFO: - fetch_domain_info(hdr_delta->target_rid, - &delta->domain_info); + case NETR_DELTA_DOMAIN: + fetch_domain_info(r->delta_id_union.rid, + r->delta_union.domain); break; /* The following types are recognised but not handled */ - case SAM_DELTA_RENAME_GROUP: - d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + case NETR_DELTA_RENAME_GROUP: + d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); + break; + case NETR_DELTA_RENAME_USER: + d_printf("NETR_DELTA_RENAME_USER not handled\n"); + break; + case NETR_DELTA_RENAME_ALIAS: + d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); + break; + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); break; - case SAM_DELTA_RENAME_USER: - d_printf("SAM_DELTA_RENAME_USER not handled\n"); + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); break; - case SAM_DELTA_RENAME_ALIAS: - d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); break; - case SAM_DELTA_POLICY_INFO: - d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); break; - case SAM_DELTA_TRUST_DOMS: - d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + case NETR_DELTA_DELETE_GROUP: + d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); break; - case SAM_DELTA_PRIVS_INFO: - d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + case NETR_DELTA_DELETE_USER: + d_printf("NETR_DELTA_DELETE_USER not handled\n"); break; - case SAM_DELTA_SECRET_INFO: - d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); break; - case SAM_DELTA_DELETE_GROUP: - d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + case NETR_DELTA_DELETE_ALIAS: + d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); break; - case SAM_DELTA_DELETE_USER: - d_printf("SAM_DELTA_DELETE_USER not handled\n"); + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); break; - case SAM_DELTA_MODIFIED_COUNT: - d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); + break; + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); break; default: - d_printf("Unknown delta record type %d\n", hdr_delta->type); + d_printf("Unknown delta record type %d\n", r->delta_type); break; } } static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, DOM_SID dom_sid) { - uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - uint32 num_deltas; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; if (!(mem_ctx = talloc_init("fetch_database"))) return NT_STATUS_NO_MEMORY; @@ -995,20 +1157,36 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, - db_type, sync_context, - &num_deltas, - &hdr_deltas, &deltas); - - if (NT_STATUS_IS_OK(result) || - NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - for (i = 0; i < num_deltas; i++) { - fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); - } - } else - return result; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (NT_STATUS_IS_ERR(result)) { + break; + } + + for (i = 0; i < delta_enum_array->num_deltas; i++) { + fetch_sam_entry(&delta_enum_array->delta_enum[i], dom_sid); + } - sync_context += 1; } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); @@ -1016,7 +1194,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, return result; } -static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char +static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char *builtin_sid, FILE *add_fd) { const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; @@ -1048,7 +1226,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch SAFE_FREE(suffix_attr); return NT_STATUS_NO_MEMORY; } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Users entity */ if (*user_suffix && strcmp(user_suffix, suffix)) { user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ','); @@ -1067,7 +1245,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch SAFE_FREE(user_attr); return NT_STATUS_NO_MEMORY; } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Groups entity */ if (*group_suffix && strcmp(group_suffix, suffix)) { group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); @@ -1079,7 +1257,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Computers entity */ machine_suffix = lp_ldap_machine_suffix(); if (machine_suffix == NULL) { @@ -1103,7 +1281,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the IdMap entity */ idmap_suffix = lp_ldap_idmap_suffix(); if (idmap_suffix == NULL) { @@ -1139,7 +1317,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Admins entity */ + /* Write the Domain Admins entity */ fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr, @@ -1156,7 +1334,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Users entity */ + /* Write the Domain Users entity */ fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr, @@ -1172,7 +1350,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Guests entity */ + /* Write the Domain Guests entity */ fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr, @@ -1273,7 +1451,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch return NT_STATUS_OK; } -static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, +static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, const char *suffix, const char *builtin_sid) { char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); @@ -1431,7 +1609,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, return res; } -static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, +static NTSTATUS fetch_group_info_to_ldif(struct netr_DELTA_GROUP *r, GROUPMAP *groupmap, FILE *add_fd, fstring sid, char *suffix) { fstring groupname; @@ -1439,9 +1617,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Get the group name */ - unistr2_to_ascii(groupname, - &delta->group_info.uni_grp_name, - sizeof(groupname)); + fstrcpy(groupname, r->group_name.string); /* Set up the group type (always 2 for group info) */ grouptype = 2; @@ -1463,7 +1639,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma } /* Map the group rid, gid, and dn */ - g_rid = delta->group_info.gid.g_rid; + g_rid = r->rid; groupmap->rid = g_rid; groupmap->gidNumber = ldif_gid; snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), @@ -1491,7 +1667,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma return NT_STATUS_OK; } -static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, +static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *add_fd, @@ -1511,21 +1687,18 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, int i; /* Get the username */ - unistr2_to_ascii(username, - &(delta->account_info.uni_acct_name), - sizeof(username)); + fstrcpy(username, r->account_name.string); /* Get the rid */ - rid = delta->account_info.user_rid; + rid = r->rid; /* Map the rid and username for group member info later */ accountmap->rid = rid; snprintf(accountmap->cn, sizeof(accountmap->cn), "%s", username); /* Get the home directory */ - if (delta->account_info.acb_info & ACB_NORMAL) { - unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), - sizeof(homedir)); + if (r->acct_flags & ACB_NORMAL) { + fstrcpy(homedir, r->home_directory.string); if (!*homedir) { snprintf(homedir, sizeof(homedir), "/home/%s", username); } else { @@ -1538,60 +1711,48 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, } /* Get the logon script */ - unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script), - sizeof(logonscript)); + fstrcpy(logonscript, r->logon_script.string); /* Get the home drive */ - unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive), - sizeof(homedrive)); + fstrcpy(homedrive, r->home_drive.string); /* Get the home path */ - unistr2_to_ascii(homepath, &(delta->account_info.uni_home_dir), - sizeof(homepath)); + fstrcpy(homepath, r->home_directory.string); /* Get the description */ - unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), - sizeof(description)); + fstrcpy(description, r->description.string); /* Get the display name */ - unistr2_to_ascii(fullname, &(delta->account_info.uni_full_name), - sizeof(fullname)); + fstrcpy(fullname, r->full_name.string); /* Get the profile path */ - unistr2_to_ascii(profilepath, &(delta->account_info.uni_profile), - sizeof(profilepath)); + fstrcpy(profilepath, r->profile_path.string); /* Get lm and nt password data */ - if (memcmp(delta->account_info.pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->account_info.user_rid, - delta->account_info.pass.buf_lm_pwd, - lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, - delta->account_info.acb_info); + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } - if (memcmp(delta->account_info.pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->account_info.user_rid, - delta->account_info.pass.buf_nt_pwd, - nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, - delta->account_info.acb_info); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } - unix_time = nt_time_to_unix(delta->account_info.pwd_last_set_time); + unix_time = nt_time_to_unix(r->last_password_change); /* Increment the uid for the new user */ ldif_uid++; /* Set up group id and sambaSID for the user */ - group_rid = delta->account_info.group_rid; + group_rid = r->primary_gid; for (i=0; i<alloced; i++) { if (groupmap[i].rid == group_rid) break; } if (i == alloced){ - DEBUG(1, ("Could not find rid %d in groupmap array\n", + DEBUG(1, ("Could not find rid %d in groupmap array\n", group_rid)); return NT_STATUS_UNSUCCESSFUL; } @@ -1599,7 +1760,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, snprintf(sambaSID, sizeof(sambaSID), groupmap[i].sambaSID); /* Set up sambaAcctFlags */ - flags = pdb_encode_acct_ctrl(delta->account_info.acb_info, + flags = pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN); /* Add the user to the temporary add ldif file */ @@ -1626,8 +1787,8 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive); if (*logonscript) fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript); - fprintf(add_fd, "loginShell: %s\n", - ((delta->account_info.acb_info & ACB_NORMAL) ? + fprintf(add_fd, "loginShell: %s\n", + ((r->acct_flags & ACB_NORMAL) ? "/bin/bash" : "/bin/false")); fprintf(add_fd, "gecos: System User\n"); if (*description) @@ -1651,10 +1812,10 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, +static NTSTATUS fetch_alias_info_to_ldif(struct netr_DELTA_ALIAS *r, GROUPMAP *groupmap, FILE *add_fd, fstring sid, - char *suffix, + char *suffix, unsigned db_type) { fstring aliasname, description; @@ -1662,12 +1823,10 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Get the alias name */ - unistr2_to_ascii(aliasname, &(delta->alias_info.uni_als_name), - sizeof(aliasname)); + fstrcpy(aliasname, r->alias_name.string); /* Get the alias description */ - unistr2_to_ascii(description, &(delta->alias_info.uni_als_desc), - sizeof(description)); + fstrcpy(description, r->description.string); /* Set up the group type */ switch (db_type) { @@ -1684,7 +1843,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, /* These groups are entered by populate_ldap_for_ldif - Note that populate creates a group called Relicators, + Note that populate creates a group called Relicators, but NT returns a group called Replicator */ if (strcmp(aliasname, "Domain Admins") == 0 || @@ -1703,7 +1862,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, } /* Map the group rid and gid */ - g_rid = delta->group_info.gid.g_rid; + g_rid = r->rid; groupmap->gidNumber = ldif_gid; snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), "%s-%d", sid, g_rid); @@ -1730,8 +1889,8 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, - SAM_DELTA_HDR *hdr_delta, +static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, + uint32_t id_rid, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *mod_fd, int alloced) @@ -1741,8 +1900,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, int i, j, k; /* Get the dn for the group */ - if (delta->grp_mem_info.num_members > 0) { - group_rid = hdr_delta->target_rid; + if (r->num_rids > 0) { + group_rid = id_rid; for (j=0; j<alloced; j++) { if (groupmap[j].rid == group_rid) break; } @@ -1755,8 +1914,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, fprintf(mod_fd, "dn: %s\n", group_dn); /* Get the cn for each member */ - for (i=0; i<delta->grp_mem_info.num_members; i++) { - rid = delta->grp_mem_info.rids[i]; + for (i=0; i < r->num_rids; i++) { + rid = r->rids[i]; for (k=0; k<alloced; k++) { if (accountmap[k].rid == rid) break; } @@ -1786,15 +1945,19 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, const char *add_template = "/tmp/add.ldif.XXXXXX"; const char *mod_template = "/tmp/mod.ldif.XXXXXX"; fstring sid, domainname; - uint32 sync_context = 0; NTSTATUS ret = NT_STATUS_OK, result; int k; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; uint32 num_deltas; FILE *add_file = NULL, *mod_file = NULL, *ldif_file = NULL; int num_alloced = 0, g_index = 0, a_index = 0; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; /* Set up array for mapping accounts to groups */ /* Array element is the group rid */ @@ -1802,7 +1965,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Set up array for mapping account rid's to cn's */ /* Array element is the account rid */ - ACCOUNTMAP *accountmap = NULL; + ACCOUNTMAP *accountmap = NULL; if (!(mem_ctx = talloc_init("fetch_database"))) { return NT_STATUS_NO_MEMORY; @@ -1838,7 +2001,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, DEBUG(1, ("Could not open %s\n", mod_name)); ret = NT_STATUS_UNSUCCESSFUL; goto done; - } + } /* Get the sid */ sid_to_fstring(sid, &dom_sid); @@ -1894,23 +2057,41 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, d_fprintf(stderr, "Fetching PRIVS databases\n"); break; default: - d_fprintf(stderr, - "Fetching unknown database type %u\n", + d_fprintf(stderr, + "Fetching unknown database type %u\n", db_type ); break; } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, - db_type, sync_context, - &num_deltas, &hdr_deltas, - &deltas); - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - ret = NT_STATUS_OK; - goto done; /* is this correct? jmcd */ + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; } + if (NT_STATUS_IS_ERR(result)) { + break; + } + + num_deltas = delta_enum_array->num_deltas; + /* Re-allocate memory for groupmap and accountmap arrays */ groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP, num_deltas+num_alloced); @@ -1923,7 +2104,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, } /* Initialize the new records */ - memset(&groupmap[num_alloced], 0, + memset(&groupmap[num_alloced], 0, sizeof(GROUPMAP)*num_deltas); memset(&accountmap[num_alloced], 0, sizeof(ACCOUNTMAP)*num_deltas); @@ -1933,73 +2114,60 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Loop through the deltas */ for (k=0; k<num_deltas; k++) { - switch(hdr_deltas[k].type) { - case SAM_DELTA_DOMAIN_INFO: + + union netr_DELTA_UNION u = + delta_enum_array->delta_enum[k].delta_union; + union netr_DELTA_ID_UNION id = + delta_enum_array->delta_enum[k].delta_id_union; + + switch(delta_enum_array->delta_enum[k].delta_type) { + case NETR_DELTA_DOMAIN: /* Is this case needed? */ - unistr2_to_ascii( - domainname, - &deltas[k].domain_info.uni_dom_name, - sizeof(domainname)); + fstrcpy(domainname, + u.domain->domain_name.string); break; - case SAM_DELTA_GROUP_INFO: + case NETR_DELTA_GROUP: fetch_group_info_to_ldif( - &deltas[k], &groupmap[g_index], + u.group, + &groupmap[g_index], add_file, sid, suffix); g_index++; break; - case SAM_DELTA_ACCOUNT_INFO: + case NETR_DELTA_USER: fetch_account_info_to_ldif( - &deltas[k], groupmap, + u.user, groupmap, &accountmap[a_index], add_file, sid, suffix, num_alloced); a_index++; break; - case SAM_DELTA_ALIAS_INFO: + case NETR_DELTA_ALIAS: fetch_alias_info_to_ldif( - &deltas[k], &groupmap[g_index], + u.alias, &groupmap[g_index], add_file, sid, suffix, db_type); g_index++; break; - case SAM_DELTA_GROUP_MEM: + case NETR_DELTA_GROUP_MEMBER: fetch_groupmem_info_to_ldif( - &deltas[k], &hdr_deltas[k], - groupmap, accountmap, + u.group_member, id.rid, + groupmap, accountmap, mod_file, num_alloced); break; - case SAM_DELTA_ALIAS_MEM: - break; - case SAM_DELTA_POLICY_INFO: - break; - case SAM_DELTA_PRIVS_INFO: - break; - case SAM_DELTA_TRUST_DOMS: - /* Implemented but broken */ - break; - case SAM_DELTA_SECRET_INFO: - /* Implemented but broken */ - break; - case SAM_DELTA_RENAME_GROUP: - /* Not yet implemented */ - break; - case SAM_DELTA_RENAME_USER: - /* Not yet implemented */ - break; - case SAM_DELTA_RENAME_ALIAS: - /* Not yet implemented */ - break; - case SAM_DELTA_DELETE_GROUP: - /* Not yet implemented */ - break; - case SAM_DELTA_DELETE_USER: - /* Not yet implemented */ - break; - case SAM_DELTA_MODIFIED_COUNT: - break; + case NETR_DELTA_ALIAS_MEMBER: + case NETR_DELTA_POLICY: + case NETR_DELTA_ACCOUNT: + case NETR_DELTA_TRUSTED_DOMAIN: + case NETR_DELTA_SECRET: + case NETR_DELTA_RENAME_GROUP: + case NETR_DELTA_RENAME_USER: + case NETR_DELTA_RENAME_ALIAS: + case NETR_DELTA_DELETE_GROUP: + case NETR_DELTA_DELETE_USER: + case NETR_DELTA_MODIFY_COUNT: default: break; } /* end of switch */ @@ -2065,7 +2233,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, DEBUG(1,("unlink(%s) failed, error was (%s)\n", mod_name, strerror(errno))); } - + if (ldif_file && (ldif_file != stdout)) { fclose(ldif_file); } @@ -2079,15 +2247,15 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, return ret; } -/** +/** * Basic usage function for 'net rpc vampire' * @param argc Standard main() style argc * @param argc Standard main() style argv. Initial components are already * stripped **/ -int rpc_vampire_usage(int argc, const char **argv) -{ +int rpc_vampire_usage(int argc, const char **argv) +{ d_printf("net rpc vampire [ldif [<ldif-filename>] [options]\n" "\t to pull accounts from a remote PDC where we are a BDC\n" "\t\t no args puts accounts in local passdb from smb.conf\n" @@ -2100,13 +2268,13 @@ int rpc_vampire_usage(int argc, const char **argv) /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, - const char *domain_name, +NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, - const char **argv) + const char **argv) { NTSTATUS result; fstring my_dom_sid_str; @@ -2120,7 +2288,7 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, "workgroup=%s\n\n in your smb.conf?\n", domain_name, get_global_sam_name(), - sid_to_fstring(my_dom_sid_str, + sid_to_fstring(my_dom_sid_str, get_global_sam_sid()), domain_name, sid_to_fstring(rem_dom_sid_str, domain_sid), |