summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in25
-rw-r--r--source3/configure.in9
-rw-r--r--source3/include/genparser_samba.h5
-rw-r--r--source3/include/gums.h172
-rw-r--r--source3/include/includes.h4
-rw-r--r--source3/include/passdb.h77
-rw-r--r--source3/include/tdbsam2.h107
-rw-r--r--source3/lib/genparser.c5
-rw-r--r--source3/lib/genparser_samba.c18
-rw-r--r--source3/nsswitch/wb_common.c2
-rw-r--r--source3/param/loadparm.c4
-rw-r--r--source3/passdb/pdb_guest.c15
-rw-r--r--source3/passdb/pdb_xml.c18
-rw-r--r--source3/sam/gumm_tdb.c4
-rw-r--r--source3/sam/gums.c171
-rw-r--r--source3/sam/gums_api.c1230
-rw-r--r--source3/sam/gums_helper.c591
17 files changed, 1208 insertions, 1249 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 4769604243..1d25058df6 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -184,7 +184,8 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \
- lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o
+ lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o \
+ lib/genparser.o lib/genparser_samba.o
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
@@ -282,11 +283,14 @@ RPC_CLIENT_OBJ = rpc_client/cli_pipe.o
LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o
+GUMS_OBJ = sam/gums.o sam/gums_api.o sam/gums_helper.o
+
PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
passdb/machine_sid.o passdb/util_sam_sid.o passdb/pdb_compat.o \
- passdb/privileges.o passdb/lookup_sid.o @PDB_STATIC@
+ passdb/privileges.o passdb/lookup_sid.o @PDB_STATIC@ \
+ $(GUMS_OBJ) @GUMS_STATIC@
XML_OBJ = passdb/pdb_xml.o
MYSQL_OBJ = passdb/pdb_mysql.o
@@ -1304,14 +1308,15 @@ clean: delheaders python_clean
# afterwards.
proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h \
nsswitch/winbindd_proto.h web/swat_proto.h \
- client/client_proto.h utils/net_proto.h smbd/build_options.c
+ client/client_proto.h utils/net_proto.h smbd/build_options.c \
+ include/tdbsam2_parse_info.h
delheaders:
@echo Removing prototype headers
@rm -f include/proto.h include/build_env.h include/wrepld_proto.h \
nsswitch/winbindd_proto.h web/swat_proto.h \
client/client_proto.h utils/net_proto.h \
- smbd/build_options.c
+ smbd/build_options.c include/tdbsam2_parse_info.h
MKPROTO_SH = $(srcdir)/script/mkproto.sh
@@ -1352,6 +1357,15 @@ utils/net_proto.h:
-h _CLIENT_PROTO_H_ $(builddir)/utils/net_proto.h \
$(NET_OBJ1)
+include/tdbsam2_parse_info.h:
+ @if test -n "$(PERL)"; then \
+ cd $(srcdir) && @PERL@ -w script/genstruct.pl \
+ -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \
+ include/tdbsam2.h; \
+ else \
+ echo Unable to build $@, continuing; \
+ fi
+
# "make headers" or "make proto" calls a subshell because we need to
# make sure these commands are executed in sequence even for a
# parallel make.
@@ -1364,7 +1378,8 @@ headers:
$(MAKE) nsswitch/winbindd_proto.h; \
$(MAKE) web/swat_proto.h; \
$(MAKE) client/client_proto.h; \
- $(MAKE) utils/net_proto.h
+ $(MAKE) utils/net_proto.h; \
+ $(MAKE) include/tdbsam2_parse_info.h
proto: headers
diff --git a/source3/configure.in b/source3/configure.in
index 1bb97460ac..5c5cfb2ee2 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -296,7 +296,7 @@ DYNEXP=
dnl Add modules that have to be built by default here
dnl These have to be built static:
-default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
+default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin pdb_gums gums_tdbsam2"
dnl These are preferably build shared, and static if dlopen() is not available
default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap charset_CP850 charset_CP437"
@@ -4072,6 +4072,7 @@ MODULE_pdb_guest=STATIC
MODULE_rpc_spoolss=STATIC
MODULE_rpc_srv=STATIC
MODULE_idmap_tdb=STATIC
+MODULE_gums_tdbsam2=STATIC
AC_ARG_WITH(static-modules,
[ --with-static-modules=MODULES Comma-seperated list of names of modules to statically link in],
@@ -4107,7 +4108,11 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, "bin/ldapsam.$SHLIBEXT", PDB,
SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB)
SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB)
SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB)
-SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o)
+SMB_MODULE(pdb_gums, passdb/pdb_gums.o, "bin/gums.$SHLIBEXT", PDB)
+SMB_SUBSYSTEM(PDB,passdb/pdb_interface.c)
+
+SMB_MODULE(gums_tdbsam2, sam/gums_tdbsam2.o, "bin/tdbsam2.$SHLIBEXT", GUMS)
+SMB_SUBSYSTEM(GUMS)
SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC)
SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC)
diff --git a/source3/include/genparser_samba.h b/source3/include/genparser_samba.h
index 172ff2362c..213d51da87 100644
--- a/source3/include/genparser_samba.h
+++ b/source3/include/genparser_samba.h
@@ -55,4 +55,9 @@ const struct parse_struct pinfo_luid_attr_info[] = {
{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID},
{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
+const struct parse_struct pinfo_data_blob_info[] = {
+{"length", 0, sizeof(int), offsetof(DATA_BLOB, length), 0, NULL, 0, gen_dump_int, gen_parse_int},
+{"data", 1, sizeof(char), offsetof(DATA_BLOB, data), 0, "length", 0, gen_dump_char, gen_parse_char},
+{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
+
#endif /* _GENPARSER_SAMBA_H */
diff --git a/source3/include/gums.h b/source3/include/gums.h
index 789acc269f..9ce2ec4e56 100644
--- a/source3/include/gums.h
+++ b/source3/include/gums.h
@@ -24,14 +24,60 @@
#define GUMS_VERSION_MAJOR 0
#define GUMS_VERSION_MINOR 1
#define GUMS_OBJECT_VERSION 1
+#define GUMS_INTERFACE_VERSION 1
-#define GUMS_OBJ_DOMAIN 1
-#define GUMS_OBJ_NORMAL_USER 2
-#define GUMS_OBJ_GROUP 3
-#define GUMS_OBJ_ALIAS 4
-#define GUMS_OBJ_WORKSTATION_TRUST 5
-#define GUMS_OBJ_SERVER_TRUST 6
-#define GUMS_OBJ_DOMAIN_TRUST 7
+#define GUMS_OBJ_DOMAIN 0x10
+#define GUMS_OBJ_NORMAL_USER 0x20
+#define GUMS_OBJ_GROUP 0x30
+#define GUMS_OBJ_ALIAS 0x31
+#define GUMS_OBJ_PRIVILEGE 0x40
+
+/* define value types */
+#define GUMS_SET_PRIMARY_GROUP 0x1
+#define GUMS_SET_SEC_DESC 0x2
+
+#define GUMS_SET_NAME 0x10
+#define GUMS_SET_DESCRIPTION 0x11
+#define GUMS_SET_FULL_NAME 0x12
+
+/* user specific type values */
+#define GUMS_SET_LOGON_TIME 0x20
+#define GUMS_SET_LOGOFF_TIME 0x21
+#define GUMS_SET_KICKOFF_TIME 0x23
+#define GUMS_SET_PASS_LAST_SET_TIME 0x24
+#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25
+#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26
+
+
+#define GUMS_SET_HOME_DIRECTORY 0x31
+#define GUMS_SET_DRIVE 0x32
+#define GUMS_SET_LOGON_SCRIPT 0x33
+#define GUMS_SET_PROFILE_PATH 0x34
+#define GUMS_SET_WORKSTATIONS 0x35
+#define GUMS_SET_UNKNOWN_STRING 0x36
+#define GUMS_SET_MUNGED_DIAL 0x37
+
+#define GUMS_SET_LM_PASSWORD 0x40
+#define GUMS_SET_NT_PASSWORD 0x41
+#define GUMS_SET_PLAINTEXT_PASSWORD 0x42
+#define GUMS_SET_UNKNOWN_3 0x43
+#define GUMS_SET_LOGON_DIVS 0x44
+#define GUMS_SET_HOURS_LEN 0x45
+#define GUMS_SET_HOURS 0x46
+#define GUMS_SET_BAD_PASSWORD_COUNT 0x47
+#define GUMS_SET_LOGON_COUNT 0x48
+#define GUMS_SET_UNKNOWN_6 0x49
+
+#define GUMS_SET_MUST_CHANGE_PASS 0x50
+#define GUMS_SET_CANNOT_CHANGE_PASS 0x51
+#define GUMS_SET_PASS_NEVER_EXPIRE 0x52
+#define GUMS_SET_ACCOUNT_DISABLED 0x53
+#define GUMS_SET_ACCOUNT_LOCKOUT 0x54
+
+/*group specific type values */
+#define GUMS_ADD_SID_LIST 0x60
+#define GUMS_DEL_SID_LIST 0x61
+#define GUMS_SET_SID_LIST 0x62
typedef struct gums_user
{
@@ -52,17 +98,18 @@ typedef struct gums_user
char *workstations; /* login from workstations string */
char *unknown_str; /* don't know what this is, yet. */
char *munged_dial; /* munged path name and dial-back tel number */
-
+
DATA_BLOB lm_pw; /* .data is Null if no password */
DATA_BLOB nt_pw; /* .data is Null if no password */
-
- uint32 unknown_3; /* 0x00ff ffff */
-
+
+ uint16 acct_ctrl; /* account type & status flags */
uint16 logon_divs; /* 168 - number of hours in a week */
uint32 hours_len; /* normally 21 bytes */
uint8 *hours;
-
- uint32 unknown_5; /* 0x0002 0000 */
+
+ uint16 bad_password_count; /* 0 */
+ uint16 logon_count; /* 0 */
+ uint32 unknown_3; /* 0x00ff ffff */
uint32 unknown_6; /* 0x0000 04ec */
} GUMS_USER;
@@ -70,7 +117,7 @@ typedef struct gums_user
typedef struct gums_group
{
uint32 count; /* Number of SIDs */
- DOM_SID **members; /* SID array */
+ DOM_SID *members; /* SID array */
} GUMS_GROUP;
@@ -80,10 +127,20 @@ typedef struct gums_domain
} GUMS_DOMAIN;
+typedef struct gums_privilege
+{
+ LUID_ATTR *privilege; /* Privilege Type */
+
+ uint32 count;
+ DOM_SID *members;
+
+} GUMS_PRIVILEGE;
+
union gums_obj_p {
GUMS_USER *user;
GUMS_GROUP *group;
GUMS_DOMAIN *domain;
+ GUMS_PRIVILEGE *priv;
};
typedef struct gums_object
@@ -118,47 +175,47 @@ typedef struct gums_commit_set
uint32 type; /* Object type */
DOM_SID sid; /* Object Sid */
uint32 count; /* number of changes */
- GUMS_DATA_SET **data;
+ GUMS_DATA_SET *data;
} GUMS_COMMIT_SET;
-typedef struct gums_privilege
+typedef struct gums_priv_commit_set
{
TALLOC_CTX *mem_ctx;
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- LUID_ATTR *privilege; /* Privilege Type */
- char *name; /* Object Name */
- char *description; /* Object Description */
+ uint32 type; /* Object type */
+ char *name; /* Object Sid */
+ uint32 count; /* number of changes */
+ GUMS_DATA_SET *data;
- uint32 count;
- DOM_SID **members;
-
-} GUMS_PRIVILEGE;
+} GUMS_PRIV_COMMIT_SET;
typedef struct gums_functions
{
+ /* module data */
+ TALLOC_CTX *mem_ctx;
+ char *name;
+ void *private_data;
+ void (*free_private_data)(void **);
+
/* Generic object functions */
- NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name);
+ NTSTATUS (*get_domain_sid) (DOM_SID *sid, const char* name);
NTSTATUS (*set_domain_sid) (const DOM_SID *sid);
NTSTATUS (*get_sequence_number) (void);
- NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type);
+ NTSTATUS (*new_object) (DOM_SID *sid, const char *name, const int obj_type);
NTSTATUS (*delete_object) (const DOM_SID *sid);
NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int onj_type);
+ NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int obj_type);
/* This function is used to get the list of all objects changed since b_time, it is
used to support PDC<->BDC synchronization */
NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
- NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
+ NTSTATUS (*enumerate_objects_start) (void **handle, const DOM_SID *sid, const int obj_type);
NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
NTSTATUS (*enumerate_objects_stop) (void *handle);
@@ -167,7 +224,7 @@ typedef struct gums_functions
NTSTATUS (*set_object) (const GUMS_OBJECT *object);
/* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET **data_set);
+ NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
/* Group related functions */
NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members);
@@ -191,50 +248,15 @@ typedef struct gums_functions
} GUMS_FUNCTIONS;
-/* define value types */
-#define GUMS_SET_PRIMARY_GROUP 0x1
-#define GUMS_SET_SEC_DESC 0x2
-
-#define GUMS_SET_NAME 0x10
-#define GUMS_SET_DESCRIPTION 0x11
-#define GUMS_SET_FULL_NAME 0x12
+typedef NTSTATUS (*gums_init_function)(
+ struct gums_functions *,
+ const char *);
-/* user specific type values */
-#define GUMS_SET_LOGON_TIME 0x20
-#define GUMS_SET_LOGOFF_TIME 0x21
-#define GUMS_SET_KICKOFF_TIME 0x23
-#define GUMS_SET_PASS_LAST_SET_TIME 0x24
-#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25
-#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26
+struct gums_init_function_entry {
-
-#define GUMS_SET_HOME_DIRECTORY 0x31
-#define GUMS_SET_DRIVE 0x32
-#define GUMS_SET_LOGON_SCRIPT 0x33
-#define GUMS_SET_PROFILE_PATH 0x34
-#define GUMS_SET_WORKSTATIONS 0x35
-#define GUMS_SET_UNKNOWN_STRING 0x36
-#define GUMS_SET_MUNGED_DIAL 0x37
-
-#define GUMS_SET_LM_PASSWORD 0x40
-#define GUMS_SET_NT_PASSWORD 0x41
-#define GUMS_SET_PLAINTEXT_PASSWORD 0x42
-#define GUMS_SET_UNKNOWN_3 0x43
-#define GUMS_SET_LOGON_DIVS 0x44
-#define GUMS_SET_HOURS_LEN 0x45
-#define GUMS_SET_HOURS 0x46
-#define GUMS_SET_UNKNOWN_5 0x47
-#define GUMS_SET_UNKNOWN_6 0x48
-
-#define GUMS_SET_MUST_CHANGE_PASS 0x50
-#define GUMS_SET_CANNOT_CHANGE_PASS 0x51
-#define GUMS_SET_PASS_NEVER_EXPIRE 0x52
-#define GUMS_SET_ACCOUNT_DISABLED 0x53
-#define GUMS_SET_ACCOUNT_LOCKOUT 0x54
-
-/*group specific type values */
-#define GUMS_ADD_SID_LIST 0x60
-#define GUMS_DEL_SID_LIST 0x61
-#define GUMS_SET_SID_LIST 0x62
+ const char *name;
+ gums_init_function init_fn;
+ struct gums_init_function_entry *prev, *next;
+};
#endif /* _GUMS_H */
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 29bb53980f..452b489547 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -806,6 +806,10 @@ extern int errno;
#include "rpc_secdes.h"
+#include "genparser.h"
+
+#include "gums.h"
+
#include "nt_printing.h"
#include "msdfs.h"
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index a4b2bcff3f..cd9c57a991 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -177,6 +177,15 @@ typedef struct sam_group {
} SAM_GROUP;
+typedef struct _GROUP_INFO {
+ struct pdb_methods *methods;
+ DOM_SID sid;
+ enum SID_NAME_USE sid_name_use;
+ fstring nt_name;
+ fstring comment;
+} GROUP_INFO;
+
+
/*****************************************************************
Functions to be implemented by the new (v2) passdb API
****************************************************************/
@@ -192,26 +201,28 @@ typedef struct pdb_context
{
struct pdb_methods *pdb_methods;
struct pdb_methods *pwent_methods;
-
+
/* These functions are wrappers for the functions listed above.
They may do extra things like re-reading a SAM_ACCOUNT on update */
NTSTATUS (*pdb_setsampwent)(struct pdb_context *, BOOL update);
-
+
void (*pdb_endsampwent)(struct pdb_context *);
-
+
NTSTATUS (*pdb_getsampwent)(struct pdb_context *, SAM_ACCOUNT *user);
-
+
NTSTATUS (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username);
-
+
NTSTATUS (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid);
NTSTATUS (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
-
+
NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
-
+
NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
+ /* group mapping functions: to be removed */
+
NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid);
NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid);
@@ -232,6 +243,30 @@ typedef struct pdb_context
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only);
+ /* group functions */
+
+ NTSTATUS (*pdb_get_group_info_by_sid)(struct pdb_context *context, GROUP_INFO *info, const DOM_SID *group);
+
+ NTSTATUS (*pdb_get_group_list)(struct pdb_context *context, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups);
+
+ NTSTATUS (*pdb_get_group_sids)(struct pdb_context *context, const DOM_SID *group, DOM_SID **members, int *num_members);
+
+ NTSTATUS (*pdb_add_group)(struct pdb_context *context, const SAM_GROUP *group);
+
+ NTSTATUS (*pdb_update_group)(struct pdb_context *context, const SAM_GROUP *group);
+
+ NTSTATUS (*pdb_delete_group)(struct pdb_context *context, const DOM_SID *group);
+
+ NTSTATUS (*pdb_add_sid_to_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member);
+
+ NTSTATUS (*pdb_remove_sid_from_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member);
+
+ NTSTATUS (*pdb_get_group_info_by_name)(struct pdb_context *context, GROUP_INFO *info, const char *name);
+
+ NTSTATUS (*pdb_get_group_info_by_nt_name)(struct pdb_context *context, GROUP_INFO *info, const char *nt_name);
+
+ NTSTATUS (*pdb_get_group_uids)(struct pdb_context *context, const DOM_SID *group, uid_t **members, int *num_members);
+
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
@@ -262,7 +297,9 @@ typedef struct pdb_methods
NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username);
-
+
+ /* group mapping functions: to be removed */
+
NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid);
NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid);
@@ -283,6 +320,30 @@ typedef struct pdb_methods
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only);
+ /* group functions */
+
+ NTSTATUS (*get_group_info_by_sid)(struct pdb_methods *methods, GROUP_INFO *info, const DOM_SID *group);
+
+ NTSTATUS (*get_group_list)(struct pdb_methods *methods, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups);
+
+ NTSTATUS (*get_group_sids)(struct pdb_methods *methods, const DOM_SID *group, DOM_SID **members, int *num_members);
+
+ NTSTATUS (*add_group)(struct pdb_methods *methods, const SAM_GROUP *group);
+
+ NTSTATUS (*update_group)(struct pdb_methods *methods, const SAM_GROUP *group);
+
+ NTSTATUS (*delete_group)(struct pdb_methods *methods, const DOM_SID *group);
+
+ NTSTATUS (*add_sid_to_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member);
+
+ NTSTATUS (*remove_sid_from_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member);
+
+ NTSTATUS (*get_group_info_by_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *name);
+
+ NTSTATUS (*get_group_info_by_nt_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *nt_name);
+
+ NTSTATUS (*get_group_uids)(struct pdb_methods *methods, const DOM_SID *group, uid_t **members, int *num_members);
+
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);
diff --git a/source3/include/tdbsam2.h b/source3/include/tdbsam2.h
index 047b4e7c90..b99e16586b 100644
--- a/source3/include/tdbsam2.h
+++ b/source3/include/tdbsam2.h
@@ -20,33 +20,46 @@
/* ALL strings assumes UTF8 as encoding */
-GENSTRUCT struct tdbsam2_domain_data {
- uint32 xcounter; /* counter to be updated at any change */
+#ifndef TDBSAM2_H
+#define TDBSAM2_H
- SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *dom_sid; /* The Domain SID */
- char *name; _NULLTERM /* NT Domain Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
+/* IMPORTANT: these structures must follow closely the GUMS_OBJECTs
+ * structures as they will be casted over !!
+ * the GUMS_OBJECT union is unrolled here into four tdbsam2
+ * objects cause genstruct is not able to follow arbitrary unions */
+GENSTRUCT struct domain_sub_structure
+{
uint32 next_rid; /* The Next free RID */
};
-GENSTRUCT struct tdbsam2_user_data {
+GENSTRUCT struct tdbsam2_domain_data
+{
+ TALLOC_CTX *mem_ctx;
+
+ uint32 type;
+ uint32 version;
uint32 xcounter; /* counter to be updated at any change */
SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *user_sid; /* The User SID */
- char *name; _NULLTERM /* NT User Name */
+
+ DOM_SID *dom_sid; /* The Domain SID */
+ char *name; _NULLTERM /* NT Domain Name */
char *description; _NULLTERM /* Descritpion (Gecos) */
+ struct domain_sub_structure *dss;
+};
+
+GENSTRUCT struct user_sub_structure
+{
DOM_SID *group_sid; /* The Primary Group SID */
- NTTIME *logon_time;
- NTTIME *logoff_time;
- NTTIME *kickoff_time;
- NTTIME *pass_last_set_time;
- NTTIME *pass_can_change_time;
- NTTIME *pass_must_change_time;
+ NTTIME logon_time;
+ NTTIME logoff_time;
+ NTTIME kickoff_time;
+ NTTIME pass_last_set_time;
+ NTTIME pass_can_change_time;
+ NTTIME pass_must_change_time;
char *full_name; _NULLTERM /* The Full Name */
char *home_dir; _NULLTERM /* Home Directory */
@@ -57,39 +70,81 @@ GENSTRUCT struct tdbsam2_user_data {
char *unknown_str; _NULLTERM /* Guess ... Unknown */
char *munged_dial; _NULLTERM /* Callback Number */
- /* passwords are 16 byte leght, pointer is null if no password */
- uint8 *lm_pw_ptr; _LEN(16) /* Lanman hashed password */
- uint8 *nt_pw_ptr; _LEN(16) /* NT hashed password */
+ DATA_BLOB lm_pw; /* .data is Null if no password */
+ DATA_BLOB nt_pw; /* .data is Null if no password */
+ uint16 acct_ctrl; /* account flags */
uint16 logon_divs; /* 168 - num of hours in a week */
uint32 hours_len; /* normally 21 */
uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */
+ uint16 bad_password_count; /* 0 */
+ uint16 logon_count; /* 0 */
uint32 unknown_3; /* 0x00ff ffff */
- uint32 unknown_5; /* 0x0002 0000 */
uint32 unknown_6; /* 0x0000 04ec */
};
-GENSTRUCT struct tdbsam2_group_data {
+GENSTRUCT struct tdbsam2_user_data
+{
+ TALLOC_CTX *mem_ctx;
+
+ uint32 type;
+ uint32 version;
uint32 xcounter; /* counter to be updated at any change */
SEC_DESC *sec_desc; /* Security Descriptor */
+
+ DOM_SID *user_sid; /* The User SID */
+ char *name; _NULLTERM /* NT User Name */
+ char *description; _NULLTERM /* Descritpion (Gecos) */
+
+ struct user_sub_structure *uss;
+};
+
+GENSTRUCT struct group_sub_structure
+{
+ uint32 count; /* number of sids */
+ DOM_SID *members; _LEN(count) /* SID array */
+};
+
+GENSTRUCT struct tdbsam2_group_data
+{
+ TALLOC_CTX *mem_ctx;
+
+ uint32 type;
+ uint32 version;
+ uint32 xcounter; /* counter to be updated at any change */
+
+ SEC_DESC *sec_desc; /* Security Descriptor */
+
DOM_SID *group_sid; /* The Group SID */
char *name; _NULLTERM /* NT Group Name */
char *description; _NULLTERM /* Descritpion (Gecos) */
+ struct group_sub_structure *gss;
+};
+
+GENSTRUCT struct priv_sub_structure
+{
+ LUID_ATTR *privilege; /* Privilege */
+
uint32 count; /* number of sids */
- DOM_SID **members; _LEN(count) /* SID array */
+ DOM_SID *members; _LEN(count) /* SID array */
};
-GENSTRUCT struct tdbsam2_privilege_data {
+GENSTRUCT struct tdbsam2_priv_data
+{
+ TALLOC_CTX *mem_ctx;
+
+ uint32 type;
+ uint32 version;
uint32 xcounter; /* counter to be updated at any change */
- LUID_ATTR *privilege; /* Privilege */
- char *name; _NULLTERM /* NT User Name */
+ DOM_SID *null_sid;
+ char *name; _NULLTERM /* Privilege Name */
char *description; _NULLTERM /* Descritpion (Gecos) */
- uint32 count; /* number of sids */
- DOM_SID **members; _LEN(count) /* SID array */
+ struct priv_sub_structure *pss;
};
+#endif /* TDBSAM2_H */
diff --git a/source3/lib/genparser.c b/source3/lib/genparser.c
index 233050b432..7476b5d0af 100644
--- a/source3/lib/genparser.c
+++ b/source3/lib/genparser.c
@@ -256,7 +256,6 @@ static int gen_dump_array(TALLOC_CTX *mem_ctx,
addstr(mem_ctx, p, "}\n")) {
return -1;
}
- free(s);
return 0;
}
@@ -673,7 +672,7 @@ int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data,
{
char *str, *s0;
- s0 = strdup(s);
+ s0 = talloc_strdup(mem_ctx, s);
str = s0;
while (*str) {
@@ -706,12 +705,10 @@ int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data,
*str++ = 0;
if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) {
- free(s0);
return -1;
}
}
- free(s0);
return 0;
}
diff --git a/source3/lib/genparser_samba.c b/source3/lib/genparser_samba.c
index bece587747..7eabf5a56e 100644
--- a/source3/lib/genparser_samba.c
+++ b/source3/lib/genparser_samba.c
@@ -118,7 +118,16 @@ int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
return 0;
}
+int gen_parse_DATA_BLOB(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
+{
+ return gen_parse_struct(mem_ctx, pinfo_data_blob_info, ptr, str);
+}
+int gen_parse_TALLOC_CTX(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
+{
+ (TALLOC_CTX *)ptr = NULL;
+ return 0;
+}
/* DUMP functions */
@@ -198,3 +207,12 @@ int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr,
return addshort(mem_ctx, p, "%u,%u", high, low);
}
+int gen_dump_DATA_BLOB(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
+{
+ return gen_dump_struct(mem_ctx, pinfo_data_blob_info, p, ptr, indent);
+}
+
+int gen_dump_TALLOC_CTX(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
+{
+ return addshort(mem_ctx, p, "TALLOC_CTX");
+}
diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c
index 468b532cbe..79553e9e4f 100644
--- a/source3/nsswitch/wb_common.c
+++ b/source3/nsswitch/wb_common.c
@@ -191,8 +191,6 @@ static int winbind_named_pipe_sock(const char *dir)
if (connect(fd, (struct sockaddr *)&sunaddr,
sizeof(sunaddr)) == -1) {
- DEBUG(10, ("error connecting to pipe socket: %s\n",
- strerror(errno)));
close(fd);
return -1;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 5a5ac4a2cc..e6705d8c7b 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -122,6 +122,7 @@ typedef struct
char *szSMBPasswdFile;
char *szPrivateDir;
char **szPassdbBackend;
+ char *szGumsBackend;
char **szPreloadModules;
char *szPasswordServer;
char *szSocketOptions;
@@ -791,6 +792,7 @@ static struct parm_struct parm_table[] = {
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED},
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED},
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD},
+ {"gums backend", P_STRING, P_GLOBAL, &Globals.szGumsBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD},
{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE},
@@ -1453,6 +1455,7 @@ static void init_globals(void)
#else
Globals.szPassdbBackend = str_list_make("smbpasswd", NULL);
#endif /* WITH_LDAP_SAMCONFIG */
+ string_set(&Globals.szGumsBackend, "tdbsam2");
string_set(&Globals.szLdapSuffix, "");
string_set(&Globals.szLdapFilter, "(uid=%u)");
@@ -1651,6 +1654,7 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName)
static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion)
FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases)
FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend)
+FN_GLOBAL_STRING(lp_gums_backend, &Globals.szGumsBackend)
FN_GLOBAL_LIST(lp_preload_modules, &Globals.szPreloadModules)
FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c
index fa29657edc..3cd6efb38a 100644
--- a/source3/passdb/pdb_guest.c
+++ b/source3/passdb/pdb_guest.c
@@ -141,6 +141,21 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c
(*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry;
(*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping;
+ /* we do not handle groups in guest backend */
+/* FIXME
+ (*pdb_method)->get_group_info_by_sid = pdb_nop_get_group_info_by_sid;
+ (*pdb_method)->get_group_list = pdb_nop_get_group_list;
+ (*pdb_method)->get_group_sids = pdb_nop_get_group_sids;
+ (*pdb_method)->add_group = pdb_nop_add_group;
+ (*pdb_method)->update_group = pdb_nop_update_group;
+ (*pdb_method)->delete_group = pdb_nop_delete_group;
+ (*pdb_method)->add_sid_to_group = pdb_nop_add_sid_to_group;
+ (*pdb_method)->remove_sid_from_group = pdb_nop_remove_sid_from_group;
+ (*pdb_method)->get_group_info_by_name = pdb_nop_get_group_info_by_name;
+ (*pdb_method)->get_group_info_by_nt_name = pdb_nop_get_group_info_by_nt_name;
+ (*pdb_method)->get_group_uids = pdb_nop_get_group_uids;
+*/
+
/* There's not very much to initialise here */
return NT_STATUS_OK;
diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c
index 29922bca4f..19998a6655 100644
--- a/source3/passdb/pdb_xml.c
+++ b/source3/passdb/pdb_xml.c
@@ -540,13 +540,17 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method
(*pdb_method)->getsampwsid = NULL;
(*pdb_method)->update_sam_account = NULL;
(*pdb_method)->delete_sam_account = NULL;
- (*pdb_method)->getgrsid = NULL;
- (*pdb_method)->getgrgid = NULL;
- (*pdb_method)->getgrnam = NULL;
- (*pdb_method)->add_group_mapping_entry = NULL;
- (*pdb_method)->update_group_mapping_entry = NULL;
- (*pdb_method)->delete_group_mapping_entry = NULL;
- (*pdb_method)->enum_group_mapping = NULL;
+ (*pdb_method)->get_group_info_by_sid = NULL;
+ (*pdb_method)->get_group_list = NULL;
+ (*pdb_method)->get_group_sids = NULL;
+ (*pdb_method)->add_group = NULL;
+ (*pdb_method)->update_group = NULL;
+ (*pdb_method)->delete_group = NULL;
+ (*pdb_method)->add_sid_to_group = NULL;
+ (*pdb_method)->remove_sid_from_group = NULL;
+ (*pdb_method)->get_group_info_by_name = NULL;
+ (*pdb_method)->get_group_info_by_nt_name = NULL;
+ (*pdb_method)->get_group_uids = NULL;
data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml));
data->location = talloc_strdup(pdb_context->mem_ctx, (location ? location : "passdb.xml"));
diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c
index 5da2407faa..2623180afb 100644
--- a/source3/sam/gumm_tdb.c
+++ b/source3/sam/gumm_tdb.c
@@ -464,7 +464,7 @@ static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_us
SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error);
SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error);
- SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error);
+ SET_OR_FAIL(gums_set_user_bad_password_count(*object, userdata->bad_password_count), error);
SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error);
SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error);
@@ -750,7 +750,7 @@ static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj
obj.data.user->hours = &defhours;
obj.data.user->unknown_3 = 0x00ffffff;
- obj.data.user->unknown_5 = 0x00020000;
+ obj.data.user->bad_password_count = 0x00020000;
obj.data.user->unknown_6 = 0x000004ec;
break;
diff --git a/source3/sam/gums.c b/source3/sam/gums.c
index a118740637..ab374b9342 100644
--- a/source3/sam/gums.c
+++ b/source3/sam/gums.c
@@ -20,8 +20,8 @@
#include "includes.h"
-/*#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_GUMS*/
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
#define GMV_MAJOR 0
#define GMV_MINOR 1
@@ -56,8 +56,7 @@
#define PRIV_ALL 255
-GUMS_FUNCTIONS *gums_storage;
-static void *dl_handle;
+static GUMS_FUNCTIONS *gums_backend = NULL;
static PRIVS gums_privs[] = {
{PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
@@ -90,72 +89,146 @@ static PRIVS gums_privs[] = {
{PRIV_ALL, "SaAllPrivs", "All Privileges"}
};
-NTSTATUS gums_init(const char *module_name)
+static struct gums_init_function_entry *backends = NULL;
+
+static void lazy_initialize_gums(void)
{
- int (*module_version)(int);
- NTSTATUS (*module_init)();
-/* gums_module_init module_init;*/
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ static BOOL initialized = False;
+
+ if (initialized)
+ return;
- DEBUG(5, ("Opening gums module %s\n", module_name));
- dl_handle = sys_dlopen(module_name, RTLD_NOW);
- if (!dl_handle) {
- DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
+ static_init_gums;
+ initialized = True;
+}
- module_version = sys_dlsym(dl_handle, "gumm_version");
- if (!module_version) {
- DEBUG(0, ("ERROR: Failed to find gums module version!\n"));
- goto error;
- }
+static struct gums_init_function_entry *gums_find_backend_entry(const char *name);
+
+NTSTATUS gums_register_module(int version, const char *name, gums_init_function init_fn)
+{
+ struct gums_init_function_entry *entry = backends;
+
+ if (version != GUMS_INTERFACE_VERSION) {
+ DEBUG(0,("Can't register gums backend!\n"
+ "You tried to register a gums module with"
+ "GUMS_INTERFACE_VERSION %d, while this version"
+ "of samba uses version %d\n", version,
+ GUMS_INTERFACE_VERSION));
- if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) {
- DEBUG(0, ("ERROR: Module's major version does not match gums version!\n"));
- goto error;
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
}
- if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) {
- DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n"));
+ if (!name || !init_fn) {
+ return NT_STATUS_INVALID_PARAMETER;
}
- module_init = sys_dlsym(dl_handle, "gumm_init");
- if (!module_init) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- goto error;
+ DEBUG(5,("Attempting to register gums backend %s\n", name));
+
+ /* Check for duplicates */
+ if (gums_find_backend_entry(name)) {
+ DEBUG(0,("There already is a gums backend registered"
+ "with the name %s!\n", name));
+ return NT_STATUS_OBJECT_NAME_COLLISION;
}
- DEBUG(5, ("Initializing module %s\n", module_name));
+ entry = smb_xmalloc(sizeof(struct gums_init_function_entry));
+ entry->name = smb_xstrdup(name);
+ entry->init_fn = init_fn;
- ret = module_init(&gums_storage);
- goto done;
+ DLIST_ADD(backends, entry);
+ DEBUG(5,("Successfully added gums backend '%s'\n", name));
+ return NT_STATUS_OK;
+}
-error:
- ret = NT_STATUS_UNSUCCESSFUL;
- sys_dlclose(dl_handle);
+static struct gums_init_function_entry *gums_find_backend_entry(const char *name)
+{
+ struct gums_init_function_entry *entry = backends;
-done:
- return ret;
+ while (entry) {
+ if (strcmp(entry->name, name) == 0)
+ return entry;
+ entry = entry->next;
+ }
+
+ return NULL;
}
-NTSTATUS gums_unload(void)
+NTSTATUS gums_setup_backend(const char *backend)
{
- NTSTATUS ret;
- NTSTATUS (*module_finalize)();
- if (!dl_handle)
- return NT_STATUS_UNSUCCESSFUL;
+ TALLOC_CTX *mem_ctx;
+ char *module_name = smb_xstrdup(backend);
+ char *p, *module_data = NULL;
+ struct gums_init_function_entry *entry;
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ lazy_initialize_gums();
+
+ p = strchr(module_name, ':');
+ if (p) {
+ *p = 0;
+ module_data = p+1;
+ trim_string(module_data, " ", " ");
+ }
+
+ trim_string(module_name, " ", " ");
- module_finalize = sys_dlsym(dl_handle, "gumm_finalize");
- if (!module_finalize) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ DEBUG(5,("Attempting to find a gums backend to match %s (%s)\n", backend, module_name));
+
+ entry = gums_find_backend_entry(module_name);
+
+ /* Try to find a module that contains this module */
+ if (!entry) {
+ DEBUG(2,("No builtin backend found, trying to load plugin\n"));
+ if(NT_STATUS_IS_OK(smb_probe_module("gums", module_name)) && !(entry = gums_find_backend_entry(module_name))) {
+ DEBUG(0,("Plugin is available, but doesn't register gums backend %s\n", module_name));
+ SAFE_FREE(module_name);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
}
- DEBUG(5, ("Finalizing module"));
+ /* No such backend found */
+ if(!entry) {
+ DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
+ SAFE_FREE(module_name);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- ret = module_finalize();
- sys_dlclose(dl_handle);
+ DEBUG(5,("Found gums backend %s\n", module_name));
+ /* free current functions structure if any */
+ if (gums_backend) {
+ gums_backend->free_private_data(gums_backend->private_data);
+ talloc_destroy(gums_backend->mem_ctx);
+ gums_backend = NULL;
+ }
+
+ /* allocate a new GUMS_FUNCTIONS structure and memory context */
+ mem_ctx = talloc_init("gums_backend (%s)", module_name);
+ if (!mem_ctx)
+ return NT_STATUS_NO_MEMORY;
+ gums_backend = talloc(mem_ctx, sizeof(GUMS_FUNCTIONS));
+ if (!gums_backend)
+ return NT_STATUS_NO_MEMORY;
+ gums_backend->mem_ctx = mem_ctx;
+
+ /* init the requested backend module */
+ if (NT_STATUS_IS_OK(ret = entry->init_fn(gums_backend, module_data))) {
+ DEBUG(5,("gums backend %s has a valid init\n", backend));
+ } else {
+ DEBUG(0,("gums backend %s did not correctly init (error was %s)\n", backend, nt_errstr(ret)));
+ }
+ SAFE_FREE(module_name);
return ret;
}
+
+NTSTATUS get_gums_fns(GUMS_FUNCTIONS **fns)
+{
+ if (gums_backend != NULL) {
+ *fns = gums_backend;
+ return NT_STATUS_OK;
+ }
+
+ DEBUG(2, ("get_gums_fns: unable to get gums functions! backend uninitialized?\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+}
diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c
index 2e5dcd143a..17f7d33baa 100644
--- a/source3/sam/gums_api.c
+++ b/source3/sam/gums_api.c
@@ -20,195 +20,8 @@
#include "includes.h"
-
-/*******************************************************************
- Create a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
-{
- SEC_ACL *dst;
- int i;
-
- if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->num_aces = num_aces;
- dst->size = SEC_ACL_HEADER_SIZE;
-
- /* Now we need to return a non-NULL address for the ace list even
- if the number of aces required is zero. This is because there
- is a distinct difference between a NULL ace and an ace with zero
- entries in it. This is achieved by checking that num_aces is a
- positive number. */
-
- if ((num_aces) &&
- ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces))
- == NULL)) {
- return NULL;
- }
-
- for (i = 0; i < num_aces; i++) {
- dst->ace[i] = ace_list[i]; /* Structure copy. */
- dst->size += ace_list[i].size;
- }
-
- return dst;
-}
-
-
-
-/*******************************************************************
- Duplicate a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
-{
- if(src == NULL)
- return NULL;
-
- return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
-}
-
-
-
-/*******************************************************************
- Creates a SEC_DESC structure
-********************************************************************/
-
-static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
- DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
-{
- SEC_DESC *dst;
- uint32 offset = 0;
- uint32 offset_sid = SEC_DESC_HEADER_SIZE;
- uint32 offset_acl = 0;
-
- *sd_size = 0;
-
- if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->type = SEC_DESC_SELF_RELATIVE;
-
- if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
- if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
-
- dst->off_owner_sid = 0;
- dst->off_grp_sid = 0;
- dst->off_sacl = 0;
- dst->off_dacl = 0;
-
- if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
- goto error_exit;
-
- if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
- goto error_exit;
-
- if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
- goto error_exit;
-
- if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
- goto error_exit;
-
- offset = 0;
-
- /*
- * Work out the linearization sizes.
- */
- if (dst->owner_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->owner_sid);
- }
-
- if (dst->grp_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->grp_sid);
- }
-
- if (dst->sacl != NULL) {
-
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_sacl = offset_acl;
- offset_acl += dst->sacl->size;
- offset += dst->sacl->size;
- offset_sid += dst->sacl->size;
- }
-
- if (dst->dacl != NULL) {
-
- if (offset_acl == 0)
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_dacl = offset_acl;
- offset_acl += dst->dacl->size;
- offset += dst->dacl->size;
- offset_sid += dst->dacl->size;
- }
-
- *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
-
- if (dst->owner_sid != NULL)
- dst->off_owner_sid = offset_sid;
-
- /* sid_size() returns 0 if the sid is NULL so this is ok */
-
- if (dst->grp_sid != NULL)
- dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
-
- return dst;
-
-error_exit:
-
- *sd_size = 0;
- return NULL;
-}
-
-/*******************************************************************
- Duplicate a SEC_DESC structure.
-********************************************************************/
-
-static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
-{
- size_t dummy;
-
- if(src == NULL)
- return NULL;
-
- return make_sec_desc( ctx, src->revision,
- src->owner_sid, src->grp_sid, src->sacl,
- src->dacl, &dummy);
-}
-
-
-
-
-
-
-
-extern GUMS_FUNCTIONS *gums_storage;
-
/* Functions to get/set info from a GUMS object */
-NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *type = obj->type;
- return NT_STATUS_OK;
-}
-
NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
{
TALLOC_CTX *mem_ctx = talloc_init("gums_create_object");
@@ -222,6 +35,7 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
switch(type) {
case GUMS_OBJ_DOMAIN:
+ go->data.domain = (GUMS_DOMAIN *)talloc_zero(mem_ctx, sizeof(GUMS_DOMAIN));
break;
/*
@@ -238,6 +52,10 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
break;
+ case GUMS_OBJ_PRIVILEGE:
+ go->data.priv = (GUMS_PRIVILEGE *)talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE));
+ break;
+
default:
/* TODO: throw error */
ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
@@ -250,96 +68,170 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
goto error;
}
+ switch(type) {
+ case GUMS_OBJ_NORMAL_USER:
+ gums_set_user_acct_ctrl(go, ACB_NORMAL);
+ gums_set_user_hours(go, 0, NULL);
+ }
+
*obj = go;
return NT_STATUS_OK;
-
+
error:
talloc_destroy(go->mem_ctx);
*obj = NULL;
return ret;
}
-NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj)
+NTSTATUS gums_destroy_object(GUMS_OBJECT **obj)
{
- if (!version || !obj)
+ if (!obj || !(*obj))
return NT_STATUS_INVALID_PARAMETER;
- *version = obj->version;
+ if ((*obj)->mem_ctx)
+ talloc_destroy((*obj)->mem_ctx);
+ *obj = NULL;
+
return NT_STATUS_OK;
}
-NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version)
+void gums_reset_object(GUMS_OBJECT *go)
+{
+ go->seq_num = 0;
+ go->sid = NULL;
+ go->name = NULL;
+ go->description = NULL;
+
+ switch(go->type) {
+ case GUMS_OBJ_DOMAIN:
+ memset(go->data.domain, 0, sizeof(GUMS_DOMAIN));
+ break;
+
+/*
+ case GUMS_OBJ_WORKSTATION_TRUST:
+ case GUMS_OBJ_SERVER_TRUST:
+ case GUMS_OBJ_DOMAIN_TRUST:
+*/
+ case GUMS_OBJ_NORMAL_USER:
+ memset(go->data.user, 0, sizeof(GUMS_USER));
+ gums_set_user_acct_ctrl(go, ACB_NORMAL);
+ break;
+
+ case GUMS_OBJ_GROUP:
+ case GUMS_OBJ_ALIAS:
+ memset(go->data.group, 0, sizeof(GUMS_GROUP));
+ break;
+
+ case GUMS_OBJ_PRIVILEGE:
+ memset(go->data.priv, 0, sizeof(GUMS_PRIVILEGE));
+ break;
+
+ default:
+ return;
+ }
+}
+
+uint32 gums_get_object_type(const GUMS_OBJECT *obj)
{
if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
+ return 0;
- obj->version = version;
- return NT_STATUS_OK;
+ return obj->type;
}
-NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj)
+uint32 gums_get_object_seq_num(const GUMS_OBJECT *obj)
{
- if (!sec_desc || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj)
+ return 0;
- *sec_desc = obj->sec_desc;
- return NT_STATUS_OK;
+ return obj->seq_num;
}
-NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
+uint32 gums_get_object_version(const GUMS_OBJECT *obj)
{
- if (!obj || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj)
+ return 0;
- obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
- if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
+ return obj->version;
+}
+
+const SEC_DESC *gums_get_sec_desc(const GUMS_OBJECT *obj)
+{
+ if (!obj)
+ return NULL;
+
+ return obj->sec_desc;
}
-NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj)
+const DOM_SID *gums_get_object_sid(const GUMS_OBJECT *obj)
{
- if (!sid || !obj)
+ if (!obj)
+ return NULL;
+
+ return obj->sid;
+}
+
+const char *gums_get_object_name(const GUMS_OBJECT *obj)
+{
+ if (!obj)
+ return NULL;
+
+ return obj->name;
+}
+
+const char *gums_get_object_description(const GUMS_OBJECT *obj)
+{
+ if (!obj)
+ return NULL;
+
+ return obj->description;
+}
+
+NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 seq_num)
+{
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
- *sid = obj->sid;
+ obj->seq_num = seq_num;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
+NTSTATUS gums_set_object_version(GUMS_OBJECT *obj, uint32 version)
{
- if (!obj || !sid)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
- obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
+ obj->version = version;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
{
- if (!name || !obj)
+ if (!obj || !sec_desc)
return NT_STATUS_INVALID_PARAMETER;
- *name = obj->name;
+ obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
+ if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
+NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
{
- if (!obj || !name)
+ if (!obj || !sid)
return NT_STATUS_INVALID_PARAMETER;
- obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
- if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
+ obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
+ if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
{
- if (!description || !obj)
+ if (!obj || !name)
return NT_STATUS_INVALID_PARAMETER;
- *description = obj->description;
+ obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
+ if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
}
@@ -353,8 +245,6 @@ NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description)
return NT_STATUS_OK;
}
-/* User specific functions */
-
/*
NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
{
@@ -366,16 +256,12 @@ NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT
}
*/
-NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj)
+uint32 gums_get_domain_next_rid(const GUMS_OBJECT *obj)
{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return -1;
- *rid = obj->data.domain->next_rid;
- return NT_STATUS_OK;
+ return obj->data.domain->next_rid;
}
NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
@@ -390,364 +276,406 @@ NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+/* User specific functions */
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const DOM_SID *gums_get_user_pri_group(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- *sid = obj->data.user->group_sid;
- return NT_STATUS_OK;
+ return obj->data.user->group_sid;
}
-NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
+const DATA_BLOB gums_get_user_nt_pwd(const GUMS_OBJECT *obj)
{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
+ fstring p;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return data_blob(NULL, 0);
- obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+ smbpasswd_sethexpwd(p, (unsigned char *)(obj->data.user->nt_pw.data), 0);
+ DEBUG(100, ("Reading NT Password=[%s]\n", p));
+
+ return obj->data.user->nt_pw;
}
-NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
-{
- if (!nt_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+const DATA_BLOB gums_get_user_lm_pwd(const GUMS_OBJECT *obj)
+{
+ fstring p;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return data_blob(NULL, 0);
- *nt_pwd = &(obj->data.user->nt_pw);
- return NT_STATUS_OK;
+ smbpasswd_sethexpwd(p, (unsigned char *)(obj->data.user->lm_pw.data), 0);
+ DEBUG(100, ("Reading LM Password=[%s]\n", p));
+
+ return obj->data.user->lm_pw;
}
-NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
+const char *gums_get_user_fullname(const GUMS_OBJECT *obj)
{
- if (!obj || nt_pwd.length != NT_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
- return NT_STATUS_OK;
+ return obj->data.user->full_name;
}
-NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
-{
- if (!lm_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const char *gums_get_user_homedir(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- *lm_pwd = &(obj->data.user->lm_pw);
- return NT_STATUS_OK;
+ return obj->data.user->home_dir;
}
-NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
+const char *gums_get_user_dir_drive(const GUMS_OBJECT *obj)
{
- if (!obj || lm_pwd.length != LM_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
- return NT_STATUS_OK;
+ return obj->data.user->dir_drive;
}
-NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj)
+const char *gums_get_user_profile_path(const GUMS_OBJECT *obj)
{
- if (!fullname || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- *fullname = obj->data.user->full_name;
- return NT_STATUS_OK;
+ return obj->data.user->profile_path;
}
-NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
+const char *gums_get_user_logon_script(const GUMS_OBJECT *obj)
{
- if (!obj || !fullname)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
- if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+ return obj->data.user->logon_script;
}
-NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj)
+const char *gums_get_user_workstations(const GUMS_OBJECT *obj)
{
- if (!homedir || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- *homedir = obj->data.user->home_dir;
- return NT_STATUS_OK;
+ return obj->data.user->workstations;
}
-NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
+const char *gums_get_user_unknown_str(const GUMS_OBJECT *obj)
{
- if (!obj || !homedir)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->unknown_str;
+}
- obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
- if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+const char *gums_get_user_munged_dial(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
+
+ return obj->data.user->munged_dial;
}
-NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj)
+NTTIME gums_get_user_logon_time(const GUMS_OBJECT *obj)
{
- if (!dirdrive || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->logon_time;
+}
- *dirdrive = obj->data.user->dir_drive;
- return NT_STATUS_OK;
+NTTIME gums_get_user_logoff_time(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
+
+ return obj->data.user->logoff_time;
}
-NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
+NTTIME gums_get_user_kickoff_time(const GUMS_OBJECT *obj)
{
- if (!obj || !dir_drive)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->kickoff_time;
+}
- obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
- if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+NTTIME gums_get_user_pass_last_set_time(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
+
+ return obj->data.user->pass_last_set_time;
}
-NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj)
+NTTIME gums_get_user_pass_can_change_time(const GUMS_OBJECT *obj)
{
- if (!logon_script || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->pass_can_change_time;
+}
- *logon_script = obj->data.user->logon_script;
- return NT_STATUS_OK;
+NTTIME gums_get_user_pass_must_change_time(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
+
+ return obj->data.user->pass_must_change_time;
}
-NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
+uint16 gums_get_user_acct_ctrl(const GUMS_OBJECT *obj)
{
- if (!obj || !logon_script)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->acct_ctrl;
+}
- obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
- if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+uint16 gums_get_user_logon_divs(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
+
+ return obj->data.user->logon_divs;
}
-NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj)
+uint32 gums_get_user_hours_len(const GUMS_OBJECT *obj)
{
- if (!profile_path || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->hours_len;
+}
- *profile_path = obj->data.user->profile_path;
- return NT_STATUS_OK;
+const uint8 *gums_get_user_hours(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
+
+ return obj->data.user->hours;
}
-NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
+uint32 gums_get_user_unknown_3(const GUMS_OBJECT *obj)
{
- if (!obj || !profile_path)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->unknown_3;
+}
- obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
- if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+uint16 gums_get_user_bad_password_count(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
+
+ return obj->data.user->bad_password_count;
}
-NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj)
+uint16 gums_get_user_logon_count(const GUMS_OBJECT *obj)
{
- if (!workstations || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->logon_count;
+}
- *workstations = obj->data.user->workstations;
- return NT_STATUS_OK;
+uint32 gums_get_user_unknown_6(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
+
+ return obj->data.user->unknown_6;
}
-NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
+NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
{
- if (!obj || !workstations)
+ if (!obj || !sid)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
- if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
+ if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
{
- if (!unknown_str || !obj)
+ fstring p;
+ unsigned char r[16];
+
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *unknown_str = obj->data.user->unknown_str;
+ obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
+
+ memcpy(r, nt_pwd.data, 16);
+ smbpasswd_sethexpwd(p, r, 0);
+ DEBUG(100, ("Setting NT Password=[%s]\n", p));
+
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
+NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
{
- if (!obj || !unknown_str)
+ fstring p;
+ unsigned char r[16];
+
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
- if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
+
+ memcpy(r, lm_pwd.data, 16);
+ smbpasswd_sethexpwd(p, r, 0);
+ DEBUG(100, ("Setting LM Password=[%s]\n", p));
+
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
{
- if (!munged_dial || !obj)
+ if (!obj || !fullname)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *munged_dial = obj->data.user->munged_dial;
+ obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
+ if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
+NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
{
- if (!obj || !munged_dial)
+ if (!obj || !homedir)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
- if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
+ if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
{
- if (!logon_time || !obj)
+ if (!obj || !dir_drive)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *logon_time = obj->data.user->logon_time;
+ obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
+ if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
+NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
{
- if (!obj)
+ if (!obj || !logon_script)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->logon_time = logon_time;
+ obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
+ if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
{
- if (!logoff_time || !obj)
+ if (!obj || !profile_path)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *logoff_time = obj->data.user->logoff_time;
+ obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
+ if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
+NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
{
- if (!obj)
+ if (!obj || !workstations)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->logoff_time = logoff_time;
+ obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
+ if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
{
- if (!kickoff_time || !obj)
+ if (!obj || !unknown_str)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *kickoff_time = obj->data.user->kickoff_time;
+ obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
+ if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
+NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
{
- if (!obj)
+ if (!obj || !munged_dial)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->kickoff_time = kickoff_time;
+ obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
+ if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
{
- if (!pass_last_set_time || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *pass_last_set_time = obj->data.user->pass_last_set_time;
+ obj->data.user->logon_time = logon_time;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
+NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
{
if (!obj)
return NT_STATUS_INVALID_PARAMETER;
@@ -755,23 +683,23 @@ NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->pass_last_set_time = pass_last_set_time;
+ obj->data.user->logoff_time = logoff_time;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
{
- if (!pass_can_change_time || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *pass_can_change_time = obj->data.user->pass_can_change_time;
+ obj->data.user->kickoff_time = kickoff_time;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time)
+NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
{
if (!obj)
return NT_STATUS_INVALID_PARAMETER;
@@ -779,19 +707,19 @@ NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_ch
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->pass_can_change_time = pass_can_change_time;
+ obj->data.user->pass_last_set_time = pass_last_set_time;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time)
{
- if (!pass_must_change_time || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *pass_must_change_time = obj->data.user->pass_must_change_time;
+ obj->data.user->pass_can_change_time = pass_can_change_time;
return NT_STATUS_OK;
}
@@ -807,21 +735,21 @@ NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_acct_ctrl(GUMS_OBJECT *obj, uint16 acct_ctrl)
{
- if (!logon_divs || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *logon_divs = obj->data.user->logon_divs;
+ obj->data.user->acct_ctrl = acct_ctrl;
return NT_STATUS_OK;
}
NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs)
{
- if (!obj || !logon_divs)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
@@ -831,19 +759,28 @@ NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs)
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, uint32 hours_len, const uint8 *hours)
{
- if (!hours_len || !obj)
+ if (!obj || !hours)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *hours_len = obj->data.user->hours_len;
+ obj->data.user->hours_len = hours_len;
+ if (hours_len == 0)
+ DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
+
+ obj->data.user->hours = (uint8 *)talloc(obj->mem_ctx, MAX_HOURS_LEN);
+ if (!(obj->data.user->hours))
+ return NT_STATUS_NO_MEMORY;
+ if (hours_len)
+ memcpy(obj->data.user->hours, hours, hours_len);
+
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len)
+NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
{
if (!obj)
return NT_STATUS_INVALID_PARAMETER;
@@ -851,196 +788,206 @@ NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len)
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->hours_len = hours_len;
+ obj->data.user->unknown_3 = unknown_3;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_bad_password_count(GUMS_OBJECT *obj, uint16 bad_password_count)
{
- if (!hours || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *hours = obj->data.user->hours;
+ obj->data.user->bad_password_count = bad_password_count;
return NT_STATUS_OK;
}
-/* WARNING: always set hours_len before hours */
-NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours)
+NTSTATUS gums_set_user_logon_count(GUMS_OBJECT *obj, uint16 logon_count)
{
- if (!obj || !hours)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (obj->data.user->hours_len == 0)
- DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
-
- obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len);
- if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->logon_count = logon_count;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
{
- if (!unknown_3 || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *unknown_3 = obj->data.user->unknown_3;
+ obj->data.user->unknown_6 = unknown_6;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
+/* Group specific functions */
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const DOM_SID *gums_get_group_members(int *count, const GUMS_OBJECT *obj)
+{
+ if (!count || !obj || !(obj->type == GUMS_OBJ_GROUP || obj->type == GUMS_OBJ_ALIAS)) {
+ *count = -1;
+ return NULL;
+ }
- obj->data.user->unknown_3 = unknown_3;
- return NT_STATUS_OK;
+ *count = obj->data.group->count;
+ return obj->data.group->members;
}
-NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members)
{
- if (!unknown_5 || !obj)
+ uint32 n;
+
+ if (!obj || ((count > 0) && !members))
return NT_STATUS_INVALID_PARAMETER;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (obj->type != GUMS_OBJ_GROUP &&
+ obj->type != GUMS_OBJ_ALIAS)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *unknown_5 = obj->data.user->unknown_5;
- return NT_STATUS_OK;
-}
+ obj->data.group->count = count;
-NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (count) {
+ obj->data.group->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID));
+ if (!(obj->data.group->members)) {
+ return NT_STATUS_NO_MEMORY;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->unknown_5 = unknown_5;
+ n = 0;
+ do {
+ sid_copy(&(obj->data.group->members[n]), &(members[n]));
+ n++;
+ } while (n < count);
+ } else {
+ obj->data.group->members = 0;
+ }
+
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj)
-{
- if (!unknown_6 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+/* Privilege specific functions */
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const LUID_ATTR *gums_get_priv_luid_attr(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_PRIVILEGE)
+ return NULL;
- *unknown_6 = obj->data.user->unknown_6;
- return NT_STATUS_OK;
+ return obj->data.priv->privilege;
}
-NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
+const DOM_SID *gums_get_priv_members(int *count, const GUMS_OBJECT *obj)
{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!count || !obj || obj->type != GUMS_OBJ_PRIVILEGE) {
+ *count = -1;
+ return NULL;
+ }
- obj->data.user->unknown_6 = unknown_6;
- return NT_STATUS_OK;
+ *count = obj->data.priv->count;
+ return obj->data.priv->members;
}
-/* Group specific functions */
-
-NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_priv_luid_attr(GUMS_OBJECT *obj, LUID_ATTR *luid_attr)
{
- if (!count || !members || !obj)
+ if (!luid_attr || !obj)
return NT_STATUS_INVALID_PARAMETER;
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (obj->type != GUMS_OBJ_PRIVILEGE)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *count = obj->data.group->count;
- *members = *(obj->data.group->members);
+ obj->data.priv->privilege = (LUID_ATTR *)talloc_memdup(obj->mem_ctx, luid_attr, sizeof(LUID_ATTR));
+ if (!(obj->data.priv->privilege)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members)
+NTSTATUS gums_set_priv_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members)
{
uint32 n;
if (!obj || !members || !members)
return NT_STATUS_INVALID_PARAMETER;
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (obj->type != GUMS_OBJ_PRIVILEGE)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+ obj->data.priv->count = count;
+ obj->data.priv->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID));
+ if (!(obj->data.priv->members))
+ return NT_STATUS_NO_MEMORY;
- obj->data.group->count = count;
n = 0;
do {
- obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]);
- if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY;
+ sid_copy(&(obj->data.priv->members[n]), &(members[n]));
n++;
} while (n < count);
+
return NT_STATUS_OK;
}
/* data_store set functions */
-NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type)
+NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, DOM_SID *sid, uint32 type)
{
TALLOC_CTX *mem_ctx;
- GUMS_COMMIT_SET *set;
mem_ctx = talloc_init("commit_set");
if (mem_ctx == NULL)
return NT_STATUS_NO_MEMORY;
- set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET));
- if (set == NULL) {
+
+ *com_set = (GUMS_COMMIT_SET *)talloc_zero(mem_ctx, sizeof(GUMS_COMMIT_SET));
+ if (*com_set == NULL) {
talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
- set->mem_ctx = mem_ctx;
- set->type = type;
- sid_copy(&(set->sid), sid);
- set->count = 0;
- set->data = NULL;
- *com_set = set;
+ (*com_set)->mem_ctx = mem_ctx;
+ (*com_set)->type = type;
+ sid_copy(&((*com_set)->sid), sid);
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
+NTSTATUS gums_cs_grow_data_set(GUMS_COMMIT_SET *com_set, int size)
{
GUMS_DATA_SET *data_set;
- SEC_DESC *new_sec_desc;
-
- if (!mem_ctx || !com_set || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ com_set->count = com_set->count + size;
+ if (com_set->count == size) { /* data set is empty*/
+ data_set = (GUMS_DATA_SET *)talloc_zero(com_set->mem_ctx, sizeof(GUMS_DATA_SET));
} else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ data_set = (GUMS_DATA_SET *)talloc_realloc(com_set->mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
}
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ com_set->data = data_set;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_cs_set_sec_desc(GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
+{
+ NTSTATUS ret;
+ GUMS_DATA_SET *data_set;
+ SEC_DESC *new_sec_desc;
+
+ if (!com_set || !sec_desc)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
+
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_SEC_DESC;
- new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
+ new_sec_desc = dup_sec_desc(com_set->mem_ctx, sec_desc);
if (new_sec_desc == NULL)
return NT_STATUS_NO_MEMORY;
@@ -1050,87 +997,72 @@ NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC
}
/*
-NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
+NTSTATUS gums_cs_add_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
LUID_ATTR *new_priv;
- if (!mem_ctx || !com_set)
+ if (!com_set)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_ADD_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv)))
+ return ret;
(SEC_DESC *)(data_set->data) = new_priv;
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
+NTSTATUS gums_cs_del_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
LUID_ATTR *new_priv;
- if (!mem_ctx || !com_set)
+ if (!com_set)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_DEL_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv)))
+ return ret;
(SEC_DESC *)(data_set->data) = new_priv;
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
+NTSTATUS gums_cs_set_privilege_set(GUMS_PRIV_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
PRIVILEGE_SET *new_priv_set;
- if (!mem_ctx || !com_set || !priv_set)
+ if (!com_set || !priv_set)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = init_priv_set_with_ctx(com_set->mem_ctx, &new_priv_set)))
+ return ret;
+
+ if (!NT_STATUS_IS_OK(ret = dup_priv_set(new_priv_set, priv_set)))
+ return ret;
(SEC_DESC *)(data_set->data) = new_priv_set;
@@ -1138,28 +1070,22 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
}
*/
-NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
+NTSTATUS gums_cs_set_string(GUMS_COMMIT_SET *com_set, uint32 type, char *str)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
char *new_str;
- if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
+ if (!com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = type;
- new_str = talloc_strdup(mem_ctx, str);
+ new_str = talloc_strdup(com_set->mem_ctx, str);
if (new_str == NULL)
return NT_STATUS_NO_MEMORY;
@@ -1168,102 +1094,96 @@ NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
+NTSTATUS gums_cs_set_name(GUMS_COMMIT_SET *com_set, char *name)
{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, name);
}
-NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
+NTSTATUS gums_cs_set_description(GUMS_COMMIT_SET *com_set, char *desc)
{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
+ return gums_cs_set_string(com_set, GUMS_SET_DESCRIPTION, desc);
}
-NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
+NTSTATUS gums_cs_set_full_name(GUMS_COMMIT_SET *com_set, char *full_name)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, full_name);
}
-NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
+NTSTATUS gums_cs_set_home_directory(GUMS_COMMIT_SET *com_set, char *home_dir)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, home_dir);
}
-NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
+NTSTATUS gums_cs_set_drive(GUMS_COMMIT_SET *com_set, char *drive)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, drive);
}
-NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
+NTSTATUS gums_cs_set_logon_script(GUMS_COMMIT_SET *com_set, char *logon_script)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, logon_script);
}
-NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
+NTSTATUS gums_cs_set_profile_path(GUMS_COMMIT_SET *com_set, char *prof_path)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, prof_path);
}
-NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
+NTSTATUS gums_cs_set_workstations(GUMS_COMMIT_SET *com_set, char *wks)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, wks);
}
-NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
+NTSTATUS gums_cs_set_unknown_string(GUMS_COMMIT_SET *com_set, char *unkn_str)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, unkn_str);
}
-NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
+NTSTATUS gums_cs_set_munged_dial(GUMS_COMMIT_SET *com_set, char *munged_dial)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, munged_dial);
}
-NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
+NTSTATUS gums_cs_set_nttime(GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
NTTIME *new_time;
- if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
+ if (!com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = type;
- new_time = talloc(mem_ctx, sizeof(NTTIME));
+ new_time = talloc(com_set->mem_ctx, sizeof(NTTIME));
if (new_time == NULL)
return NT_STATUS_NO_MEMORY;
@@ -1274,81 +1194,75 @@ NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
+NTSTATUS gums_cs_set_logon_time(GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, logon_time);
}
-NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
+NTSTATUS gums_cs_set_logoff_time(GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
}
-NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
+NTSTATUS gums_cs_set_kickoff_time(GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
}
-NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
+NTSTATUS gums_cs_set_pass_last_set_time(GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pls_time);
}
-NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
+NTSTATUS gums_cs_set_pass_can_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pcc_time);
}
-NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
+NTSTATUS gums_cs_set_pass_must_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pmc_time);
}
-NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_add_sids_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
DOM_SID **new_sids;
int i;
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_ADD_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
if (new_sids == NULL)
return NT_STATUS_NO_MEMORY;
for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
if (new_sids[i] == NULL)
return NT_STATUS_NO_MEMORY;
}
@@ -1358,55 +1272,49 @@ NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_add_users_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
+ return gums_cs_add_sids_to_group(com_set, sids, count);
}
-NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_add_groups_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
+ return gums_cs_add_sids_to_group(com_set, sids, count);
}
-NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_del_sids_from_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
DOM_SID **new_sids;
int i;
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_DEL_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
if (new_sids == NULL)
return NT_STATUS_NO_MEMORY;
for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
if (new_sids[i] == NULL)
return NT_STATUS_NO_MEMORY;
}
@@ -1416,35 +1324,29 @@ NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_s
return NT_STATUS_OK;
}
-NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_ds_set_sids_in_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
DOM_SID **new_sids;
int i;
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
if (new_sids == NULL)
return NT_STATUS_NO_MEMORY;
for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
if (new_sids[i] == NULL)
return NT_STATUS_NO_MEMORY;
}
@@ -1454,10 +1356,16 @@ NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set
return NT_STATUS_OK;
}
-
NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
{
- return gums_storage->set_object_values(&(set->sid), set->count, set->data);
+ NTSTATUS ret;
+ GUMS_FUNCTIONS *fns;
+
+ if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) {
+ DEBUG(0, ("gums_commit_data: unable to get gums functions! backend uninitialized?\n"));
+ return ret;
+ }
+ return fns->set_object_values(&(set->sid), set->count, set->data);
}
NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c
index c22e6cf7ff..15486d094c 100644
--- a/source3/sam/gums_helper.c
+++ b/source3/sam/gums_helper.c
@@ -20,9 +20,8 @@
#include "includes.h"
-extern GUMS_FUNCTIONS *gums_storage;
-
extern DOM_SID global_sid_World;
+extern DOM_SID global_sid_Builtin;
extern DOM_SID global_sid_Builtin_Administrators;
extern DOM_SID global_sid_Builtin_Power_Users;
extern DOM_SID global_sid_Builtin_Account_Operators;
@@ -37,7 +36,7 @@ extern DOM_SID global_sid_Builtin_Guests;
/* defines */
#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
+#define NTSTATUS_CHECK(err, label, str1, str2) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s\n", str1, str2)); } } while(0)
/****************************************************************************
Check if a user is a mapped group.
@@ -75,224 +74,6 @@ NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
}
#endif
-/****************************************************************************
- duplicate alloc luid_attr
- ****************************************************************************/
-NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
-{
- *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
- if (*new_la == NULL) {
- DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*new_la)->luid.high = old_la.luid.high;
- (*new_la)->luid.low = old_la.luid.low;
- (*new_la)->attr = old_la.attr;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- initialise a privilege list
- ****************************************************************************/
-void gums_init_privilege(PRIVILEGE_SET *priv_set)
-{
- priv_set->count=0;
- priv_set->control=0;
- priv_set->set=NULL;
-}
-
-/****************************************************************************
- add a privilege to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
-
- /* check if the privilege is not already in the list */
- if (gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* we can allocate memory to add the new privilege */
-
- new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- new_set[priv_set->count].luid.high=set.luid.high;
- new_set[priv_set->count].luid.low=set.luid.low;
- new_set[priv_set->count].attr=set.attr;
-
- priv_set->count++;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- add all the privileges to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
-{
- NTSTATUS result = NT_STATUS_OK;
- LUID_ATTR set;
-
- set.attr=0;
- set.luid.high=0;
-
- set.luid.low=SE_PRIV_ADD_USERS;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_ADD_MACHINES;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_PRINT_OPERATOR;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
-done:
- return result;
-}
-
-/****************************************************************************
- check if the privilege list is empty
- ****************************************************************************/
-BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set)
-{
- return (priv_set->count == 0);
-}
-
-/****************************************************************************
- check if the privilege is in the privilege list
- ****************************************************************************/
-BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
-{
- int i;
-
- /* if the list is empty, obviously we can't have it */
- if (gums_check_empty_privilege(priv_set))
- return False;
-
- for (i=0; i<priv_set->count; i++) {
- LUID_ATTR *cur_set;
-
- cur_set=&priv_set->set[i];
- /* check only the low and high part. Checking the attr field has no meaning */
- if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
- return True;
- }
-
- return False;
-}
-
-/****************************************************************************
- remove a privilege from a privilege array
- ****************************************************************************/
-NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i,j;
-
- /* check if the privilege is in the list */
- if (!gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* special case if it's the only privilege in the list */
- if (priv_set->count==1) {
- gums_init_privilege(priv_set);
- return NT_STATUS_OK;
- }
-
- /*
- * the privilege is there, create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0, j=0; i<priv_set->count; i++) {
- if ((old_set[i].luid.low == set.luid.low) &&
- (old_set[i].luid.high == set.luid.high)) {
- continue;
- }
-
- new_set[j].luid.low = old_set[i].luid.low;
- new_set[j].luid.high = old_set[i].luid.high;
- new_set[j].attr = old_set[i].attr;
-
- j++;
- }
-
- if (j != priv_set->count - 1) {
- DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
- DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* ok everything is fine */
-
- priv_set->count--;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- duplicates a privilege array
- ****************************************************************************/
-NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i;
-
- *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
- gums_init_privilege(*new_priv_set);
-
- /* special case if there are no privileges in the list */
- if (priv_set->count == 0) {
- return NT_STATUS_OK;
- }
-
- /*
- * create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i < priv_set->count; i++) {
-
- new_set[i].luid.low = old_set[i].luid.low;
- new_set[i].luid.high = old_set[i].luid.high;
- new_set[i].attr = old_set[i].attr;
- }
-
- (*new_priv_set)->count = priv_set->count;
- (*new_priv_set)->control = priv_set->control;
- (*new_priv_set)->set = new_set;
-
- return NT_STATUS_OK;
-}
-
#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
(READ_CONTROL_ACCESS | \
@@ -302,7 +83,6 @@ NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PR
#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
-#if 0
NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
{
DOM_SID *world = &global_sid_World;
@@ -334,7 +114,7 @@ NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
- *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
+ *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, admins, admins, sacl, dacl, &psize);
if (!(*sec_desc)) {
DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
return NT_STATUS_NO_MEMORY;
@@ -363,248 +143,243 @@ NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *
return result;
}
-NTSTATUS gums_init_builtin_groups(void)
+NTSTATUS gums_make_domain(DOM_SID *sid, const char *name, const char *description)
{
- NTSTATUS result;
- GUMS_OBJECT g_obj;
- GUMS_GROUP *g_grp;
- GUMS_PRIVILEGE g_priv;
-
- /* Build the well known Builtin Local Groups */
- g_obj.type = GUMS_OBJ_GROUP;
- g_obj.version = 1;
- g_obj.seq_num = 0;
- g_obj.mem_ctx = talloc_init("gums_init_backend_acct");
- if (g_obj.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
+ NTSTATUS ret;
+ GUMS_OBJECT *go;
+ GUMS_FUNCTIONS *fns;
- /* Administrators * /
+ if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns)))
+ return ret;
- /* alloc group structure */
- g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP));
- ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done);
+ if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_DOMAIN)))
+ return ret;
- /* make admins sid */
- g_grp = (GUMS_GROUP *)g_obj.data.group;
- sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
+ ret = gums_set_object_sid(go, sid);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!");
- /* make security descriptor */
- result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
- NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
+ ret = gums_set_object_name(go, name);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!");
- /* make privilege set */
- /* From BDC join trace:
- SeSecurityPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- SeTakeOwnershipPrivilege
- SeDebugPrivilege
- SeSystemEnvironmentPrivilege
- SeSystemProfilePrivilege
- SeProfileSingleProcessPrivilege
- SeIncreaseBasePriorityPrivilege
- SeLocalDriverPrivilege
- SeCreatePagefilePrivilege
- SeIncreaseQuotaPrivilege
- */
+ if (description) {
+ ret = gums_set_object_description(go, description);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!");
+ }
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+ /* make security descriptor * /
+ ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx);
+ NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc");
+ */
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ ret = fns->set_object(go);
- /* numebr of group members */
- g_grp->count = 0;
- g_grp->members = NULL;
+done:
+ gums_destroy_object(&go);
+ return ret;
+}
- /* store Administrators group */
- result = gums_storage->set_object(&g_obj);
+NTSTATUS gums_make_alias(DOM_SID *sid, const char *name, const char *description)
+{
+ NTSTATUS ret;
+ GUMS_OBJECT *go;
+ GUMS_FUNCTIONS *fns;
- /* Power Users */
- /* Domain Controllers Does NOT have power Users */
+ if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns)))
+ return ret;
- sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
+ if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_ALIAS)))
+ return ret;
- /* make privilege set */
- /* SE_PRIV_??? */
+ ret = gums_set_object_sid(go, sid);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!");
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+ ret = gums_set_object_name(go, name);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!");
- /* set description */
-/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ if (description) {
+ ret = gums_set_object_description(go, description);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!");
+ }
- /* store Power Users group */
- result = gums_storage->set_object(&g_obj);
+ /* make security descriptor * /
+ ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx);
+ NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc");
+ */
- /* Account Operators */
+ ret = fns->set_object(go);
- sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
+done:
+ gums_destroy_object(&go);
+ return ret;
+}
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
+NTSTATUS gums_init_domain(DOM_SID *sid, const char *name)
+{
+ NTSTATUS ret;
+
+ /* Add the weelknown Builtin Domain */
+ if (!NT_STATUS_IS_OK(ret = gums_make_domain(
+ sid,
+ name,
+ NULL
+ ))) {
+ return ret;
+ }
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+ /* Add default users and groups */
+ /* Administrator
+ Guest
+ Domain Administrators
+ Domain Users
+ Domain Guests
+ */
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ return ret;
+}
- /* store Account Operators group */
- result = gums_storage->set_object(&g_obj);
+NTSTATUS gums_init_builtin_domain(void)
+{
+ NTSTATUS ret;
- /* Server Operators */
+ generate_wellknown_sids();
- sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
+ /* Add the weelknown Builtin Domain */
+ if (!NT_STATUS_IS_OK(ret = gums_make_domain(
+ &global_sid_Builtin,
+ "BUILTIN",
+ "Builtin Domain"
+ ))) {
+ return ret;
+ }
- /* make privilege set */
+ /* Add the well known Builtin Local Groups */
+
+ /* Administrators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Administrators,
+ "Administrators",
+ "Members can fully administer the computer/domain"
+ ))) {
+ return ret;
+ }
+ /* Administrator privilege set */
/* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
+ SeSecurityPrivilege, SeBackupPrivilege, SeRestorePrivilege,
+ SeSystemtimePrivilege, SeShutdownPrivilege,
+ SeRemoteShutdownPrivilege, SeTakeOwnershipPrivilege,
+ SeDebugPrivilege, SeSystemEnvironmentPrivilege,
+ SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege,
+ SeIncreaseBasePriorityPrivilege, SeLocalDriverPrivilege,
+ SeCreatePagefilePrivilege, SeIncreaseQuotaPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Server Operators group */
- result = gums_storage->set_object(&g_obj);
+ /* Power Users */
+ /* Domain Controllers Does NOT have Power Users (?) */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Power_Users,
+ "Power Users",
+ "Power Users"
+ ))) {
+ return ret;
+ }
- /* Print Operators */
+ /* Power Users privilege set */
+ /* (?) */
- sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
+ /* Account Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Account_Operators,
+ "Account Operators",
+ "Members can administer domain user and group accounts"
+ ))) {
+ return ret;
+ }
/* make privilege set */
/* From BDC join trace:
SeShutdownPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Print Operators group */
- result = gums_storage->set_object(&g_obj);
+ /* Server Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Server_Operators,
+ "Server Operators",
+ "Members can administer domain servers"
+ ))) {
+ return ret;
+ }
- /* Backup Operators */
+ /* make privilege set */
+ /* From BDC join trace:
+ SeBackupPrivilege, SeRestorePrivilege, SeSystemtimePrivilege,
+ SeShutdownPrivilege, SeRemoteShutdownPrivilege
+ */
- sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
+ /* Print Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Print_Operators,
+ "Print Operators",
+ "Members can administer domain printers"
+ ))) {
+ return ret;
+ }
/* make privilege set */
/* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
SeShutdownPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ /* Backup Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Backup_Operators,
+ "Backup Operators",
+ "Members can bypass file security to backup files"
+ ))) {
+ return ret;
+ }
- /* store Backup Operators group */
- result = gums_storage->set_object(&g_obj);
+ /* make privilege set */
+ /* From BDC join trace:
+ SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege
+ */
/* Replicator */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Replicator,
+ "Replicator",
+ "Supports file replication in a domain"
+ ))) {
+ return ret;
+ }
/* make privilege set */
/* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
+ SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Replicator group */
- result = gums_storage->set_object(&g_obj);
-
/* Users */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Users,
+ "Users",
+ "Ordinary users"
+ ))) {
+ return ret;
+ }
- sid_copy(g_obj.sid, &global_sid_Builtin_Users);
-
- /* add ACE to sec dsec dacl */
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Users group */
- result = gums_storage->set_object(&g_obj);
+ /* Users specific ACEs * /
+ sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
+ sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
+ */
/* Guests */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Guests group */
- result = gums_storage->set_object(&g_obj);
-
- /* set default privileges */
- g_priv.type = GUMS_OBJ_GROUP;
- g_priv.version = 1;
- g_priv.seq_num = 0;
- g_priv.mem_ctx = talloc_init("gums_init_backend_priv");
- if (g_priv.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Guests,
+ "Guests",
+ "Users granted guest access to the computer/domain"
+ ))) {
+ return ret;
}
-
-
-done:
- talloc_destroy(g_obj.mem_ctx);
- talloc_destroy(g_priv.mem_ctx);
- return result;
+ return ret;
}
-#endif