diff options
-rw-r--r-- | source3/Makefile.in | 25 | ||||
-rw-r--r-- | source3/configure.in | 9 | ||||
-rw-r--r-- | source3/include/genparser_samba.h | 5 | ||||
-rw-r--r-- | source3/include/gums.h | 172 | ||||
-rw-r--r-- | source3/include/includes.h | 4 | ||||
-rw-r--r-- | source3/include/passdb.h | 77 | ||||
-rw-r--r-- | source3/include/tdbsam2.h | 107 | ||||
-rw-r--r-- | source3/lib/genparser.c | 5 | ||||
-rw-r--r-- | source3/lib/genparser_samba.c | 18 | ||||
-rw-r--r-- | source3/nsswitch/wb_common.c | 2 | ||||
-rw-r--r-- | source3/param/loadparm.c | 4 | ||||
-rw-r--r-- | source3/passdb/pdb_guest.c | 15 | ||||
-rw-r--r-- | source3/passdb/pdb_xml.c | 18 | ||||
-rw-r--r-- | source3/sam/gumm_tdb.c | 4 | ||||
-rw-r--r-- | source3/sam/gums.c | 171 | ||||
-rw-r--r-- | source3/sam/gums_api.c | 1230 | ||||
-rw-r--r-- | source3/sam/gums_helper.c | 591 |
17 files changed, 1208 insertions, 1249 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 4769604243..1d25058df6 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -184,7 +184,8 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \ - lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o + lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o \ + lib/genparser.o lib/genparser_samba.o LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o @@ -282,11 +283,14 @@ RPC_CLIENT_OBJ = rpc_client/cli_pipe.o LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o +GUMS_OBJ = sam/gums.o sam/gums_api.o sam/gums_helper.o + PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ passdb/machine_sid.o passdb/util_sam_sid.o passdb/pdb_compat.o \ - passdb/privileges.o passdb/lookup_sid.o @PDB_STATIC@ + passdb/privileges.o passdb/lookup_sid.o @PDB_STATIC@ \ + $(GUMS_OBJ) @GUMS_STATIC@ XML_OBJ = passdb/pdb_xml.o MYSQL_OBJ = passdb/pdb_mysql.o @@ -1304,14 +1308,15 @@ clean: delheaders python_clean # afterwards. proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h \ nsswitch/winbindd_proto.h web/swat_proto.h \ - client/client_proto.h utils/net_proto.h smbd/build_options.c + client/client_proto.h utils/net_proto.h smbd/build_options.c \ + include/tdbsam2_parse_info.h delheaders: @echo Removing prototype headers @rm -f include/proto.h include/build_env.h include/wrepld_proto.h \ nsswitch/winbindd_proto.h web/swat_proto.h \ client/client_proto.h utils/net_proto.h \ - smbd/build_options.c + smbd/build_options.c include/tdbsam2_parse_info.h MKPROTO_SH = $(srcdir)/script/mkproto.sh @@ -1352,6 +1357,15 @@ utils/net_proto.h: -h _CLIENT_PROTO_H_ $(builddir)/utils/net_proto.h \ $(NET_OBJ1) +include/tdbsam2_parse_info.h: + @if test -n "$(PERL)"; then \ + cd $(srcdir) && @PERL@ -w script/genstruct.pl \ + -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \ + include/tdbsam2.h; \ + else \ + echo Unable to build $@, continuing; \ + fi + # "make headers" or "make proto" calls a subshell because we need to # make sure these commands are executed in sequence even for a # parallel make. @@ -1364,7 +1378,8 @@ headers: $(MAKE) nsswitch/winbindd_proto.h; \ $(MAKE) web/swat_proto.h; \ $(MAKE) client/client_proto.h; \ - $(MAKE) utils/net_proto.h + $(MAKE) utils/net_proto.h; \ + $(MAKE) include/tdbsam2_parse_info.h proto: headers diff --git a/source3/configure.in b/source3/configure.in index 1bb97460ac..5c5cfb2ee2 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -296,7 +296,7 @@ DYNEXP= dnl Add modules that have to be built by default here dnl These have to be built static: -default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin" +default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin pdb_gums gums_tdbsam2" dnl These are preferably build shared, and static if dlopen() is not available default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap charset_CP850 charset_CP437" @@ -4072,6 +4072,7 @@ MODULE_pdb_guest=STATIC MODULE_rpc_spoolss=STATIC MODULE_rpc_srv=STATIC MODULE_idmap_tdb=STATIC +MODULE_gums_tdbsam2=STATIC AC_ARG_WITH(static-modules, [ --with-static-modules=MODULES Comma-seperated list of names of modules to statically link in], @@ -4107,7 +4108,11 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, "bin/ldapsam.$SHLIBEXT", PDB, SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB) SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB) SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB) -SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o) +SMB_MODULE(pdb_gums, passdb/pdb_gums.o, "bin/gums.$SHLIBEXT", PDB) +SMB_SUBSYSTEM(PDB,passdb/pdb_interface.c) + +SMB_MODULE(gums_tdbsam2, sam/gums_tdbsam2.o, "bin/tdbsam2.$SHLIBEXT", GUMS) +SMB_SUBSYSTEM(GUMS) SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC) SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC) diff --git a/source3/include/genparser_samba.h b/source3/include/genparser_samba.h index 172ff2362c..213d51da87 100644 --- a/source3/include/genparser_samba.h +++ b/source3/include/genparser_samba.h @@ -55,4 +55,9 @@ const struct parse_struct pinfo_luid_attr_info[] = { {"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID}, {NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; +const struct parse_struct pinfo_data_blob_info[] = { +{"length", 0, sizeof(int), offsetof(DATA_BLOB, length), 0, NULL, 0, gen_dump_int, gen_parse_int}, +{"data", 1, sizeof(char), offsetof(DATA_BLOB, data), 0, "length", 0, gen_dump_char, gen_parse_char}, +{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; + #endif /* _GENPARSER_SAMBA_H */ diff --git a/source3/include/gums.h b/source3/include/gums.h index 789acc269f..9ce2ec4e56 100644 --- a/source3/include/gums.h +++ b/source3/include/gums.h @@ -24,14 +24,60 @@ #define GUMS_VERSION_MAJOR 0 #define GUMS_VERSION_MINOR 1 #define GUMS_OBJECT_VERSION 1 +#define GUMS_INTERFACE_VERSION 1 -#define GUMS_OBJ_DOMAIN 1 -#define GUMS_OBJ_NORMAL_USER 2 -#define GUMS_OBJ_GROUP 3 -#define GUMS_OBJ_ALIAS 4 -#define GUMS_OBJ_WORKSTATION_TRUST 5 -#define GUMS_OBJ_SERVER_TRUST 6 -#define GUMS_OBJ_DOMAIN_TRUST 7 +#define GUMS_OBJ_DOMAIN 0x10 +#define GUMS_OBJ_NORMAL_USER 0x20 +#define GUMS_OBJ_GROUP 0x30 +#define GUMS_OBJ_ALIAS 0x31 +#define GUMS_OBJ_PRIVILEGE 0x40 + +/* define value types */ +#define GUMS_SET_PRIMARY_GROUP 0x1 +#define GUMS_SET_SEC_DESC 0x2 + +#define GUMS_SET_NAME 0x10 +#define GUMS_SET_DESCRIPTION 0x11 +#define GUMS_SET_FULL_NAME 0x12 + +/* user specific type values */ +#define GUMS_SET_LOGON_TIME 0x20 +#define GUMS_SET_LOGOFF_TIME 0x21 +#define GUMS_SET_KICKOFF_TIME 0x23 +#define GUMS_SET_PASS_LAST_SET_TIME 0x24 +#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25 +#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26 + + +#define GUMS_SET_HOME_DIRECTORY 0x31 +#define GUMS_SET_DRIVE 0x32 +#define GUMS_SET_LOGON_SCRIPT 0x33 +#define GUMS_SET_PROFILE_PATH 0x34 +#define GUMS_SET_WORKSTATIONS 0x35 +#define GUMS_SET_UNKNOWN_STRING 0x36 +#define GUMS_SET_MUNGED_DIAL 0x37 + +#define GUMS_SET_LM_PASSWORD 0x40 +#define GUMS_SET_NT_PASSWORD 0x41 +#define GUMS_SET_PLAINTEXT_PASSWORD 0x42 +#define GUMS_SET_UNKNOWN_3 0x43 +#define GUMS_SET_LOGON_DIVS 0x44 +#define GUMS_SET_HOURS_LEN 0x45 +#define GUMS_SET_HOURS 0x46 +#define GUMS_SET_BAD_PASSWORD_COUNT 0x47 +#define GUMS_SET_LOGON_COUNT 0x48 +#define GUMS_SET_UNKNOWN_6 0x49 + +#define GUMS_SET_MUST_CHANGE_PASS 0x50 +#define GUMS_SET_CANNOT_CHANGE_PASS 0x51 +#define GUMS_SET_PASS_NEVER_EXPIRE 0x52 +#define GUMS_SET_ACCOUNT_DISABLED 0x53 +#define GUMS_SET_ACCOUNT_LOCKOUT 0x54 + +/*group specific type values */ +#define GUMS_ADD_SID_LIST 0x60 +#define GUMS_DEL_SID_LIST 0x61 +#define GUMS_SET_SID_LIST 0x62 typedef struct gums_user { @@ -52,17 +98,18 @@ typedef struct gums_user char *workstations; /* login from workstations string */ char *unknown_str; /* don't know what this is, yet. */ char *munged_dial; /* munged path name and dial-back tel number */ - + DATA_BLOB lm_pw; /* .data is Null if no password */ DATA_BLOB nt_pw; /* .data is Null if no password */ - - uint32 unknown_3; /* 0x00ff ffff */ - + + uint16 acct_ctrl; /* account type & status flags */ uint16 logon_divs; /* 168 - number of hours in a week */ uint32 hours_len; /* normally 21 bytes */ uint8 *hours; - - uint32 unknown_5; /* 0x0002 0000 */ + + uint16 bad_password_count; /* 0 */ + uint16 logon_count; /* 0 */ + uint32 unknown_3; /* 0x00ff ffff */ uint32 unknown_6; /* 0x0000 04ec */ } GUMS_USER; @@ -70,7 +117,7 @@ typedef struct gums_user typedef struct gums_group { uint32 count; /* Number of SIDs */ - DOM_SID **members; /* SID array */ + DOM_SID *members; /* SID array */ } GUMS_GROUP; @@ -80,10 +127,20 @@ typedef struct gums_domain } GUMS_DOMAIN; +typedef struct gums_privilege +{ + LUID_ATTR *privilege; /* Privilege Type */ + + uint32 count; + DOM_SID *members; + +} GUMS_PRIVILEGE; + union gums_obj_p { GUMS_USER *user; GUMS_GROUP *group; GUMS_DOMAIN *domain; + GUMS_PRIVILEGE *priv; }; typedef struct gums_object @@ -118,47 +175,47 @@ typedef struct gums_commit_set uint32 type; /* Object type */ DOM_SID sid; /* Object Sid */ uint32 count; /* number of changes */ - GUMS_DATA_SET **data; + GUMS_DATA_SET *data; } GUMS_COMMIT_SET; -typedef struct gums_privilege +typedef struct gums_priv_commit_set { TALLOC_CTX *mem_ctx; - uint32 type; /* Object Type */ - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - LUID_ATTR *privilege; /* Privilege Type */ - char *name; /* Object Name */ - char *description; /* Object Description */ + uint32 type; /* Object type */ + char *name; /* Object Sid */ + uint32 count; /* number of changes */ + GUMS_DATA_SET *data; - uint32 count; - DOM_SID **members; - -} GUMS_PRIVILEGE; +} GUMS_PRIV_COMMIT_SET; typedef struct gums_functions { + /* module data */ + TALLOC_CTX *mem_ctx; + char *name; + void *private_data; + void (*free_private_data)(void **); + /* Generic object functions */ - NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name); + NTSTATUS (*get_domain_sid) (DOM_SID *sid, const char* name); NTSTATUS (*set_domain_sid) (const DOM_SID *sid); NTSTATUS (*get_sequence_number) (void); - NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type); + NTSTATUS (*new_object) (DOM_SID *sid, const char *name, const int obj_type); NTSTATUS (*delete_object) (const DOM_SID *sid); NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type); - NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int onj_type); + NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int obj_type); /* This function is used to get the list of all objects changed since b_time, it is used to support PDC<->BDC synchronization */ NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type); + NTSTATUS (*enumerate_objects_start) (void **handle, const DOM_SID *sid, const int obj_type); NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle); NTSTATUS (*enumerate_objects_stop) (void *handle); @@ -167,7 +224,7 @@ typedef struct gums_functions NTSTATUS (*set_object) (const GUMS_OBJECT *object); /* set object values function */ - NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET **data_set); + NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); /* Group related functions */ NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members); @@ -191,50 +248,15 @@ typedef struct gums_functions } GUMS_FUNCTIONS; -/* define value types */ -#define GUMS_SET_PRIMARY_GROUP 0x1 -#define GUMS_SET_SEC_DESC 0x2 - -#define GUMS_SET_NAME 0x10 -#define GUMS_SET_DESCRIPTION 0x11 -#define GUMS_SET_FULL_NAME 0x12 +typedef NTSTATUS (*gums_init_function)( + struct gums_functions *, + const char *); -/* user specific type values */ -#define GUMS_SET_LOGON_TIME 0x20 -#define GUMS_SET_LOGOFF_TIME 0x21 -#define GUMS_SET_KICKOFF_TIME 0x23 -#define GUMS_SET_PASS_LAST_SET_TIME 0x24 -#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25 -#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26 +struct gums_init_function_entry { - -#define GUMS_SET_HOME_DIRECTORY 0x31 -#define GUMS_SET_DRIVE 0x32 -#define GUMS_SET_LOGON_SCRIPT 0x33 -#define GUMS_SET_PROFILE_PATH 0x34 -#define GUMS_SET_WORKSTATIONS 0x35 -#define GUMS_SET_UNKNOWN_STRING 0x36 -#define GUMS_SET_MUNGED_DIAL 0x37 - -#define GUMS_SET_LM_PASSWORD 0x40 -#define GUMS_SET_NT_PASSWORD 0x41 -#define GUMS_SET_PLAINTEXT_PASSWORD 0x42 -#define GUMS_SET_UNKNOWN_3 0x43 -#define GUMS_SET_LOGON_DIVS 0x44 -#define GUMS_SET_HOURS_LEN 0x45 -#define GUMS_SET_HOURS 0x46 -#define GUMS_SET_UNKNOWN_5 0x47 -#define GUMS_SET_UNKNOWN_6 0x48 - -#define GUMS_SET_MUST_CHANGE_PASS 0x50 -#define GUMS_SET_CANNOT_CHANGE_PASS 0x51 -#define GUMS_SET_PASS_NEVER_EXPIRE 0x52 -#define GUMS_SET_ACCOUNT_DISABLED 0x53 -#define GUMS_SET_ACCOUNT_LOCKOUT 0x54 - -/*group specific type values */ -#define GUMS_ADD_SID_LIST 0x60 -#define GUMS_DEL_SID_LIST 0x61 -#define GUMS_SET_SID_LIST 0x62 + const char *name; + gums_init_function init_fn; + struct gums_init_function_entry *prev, *next; +}; #endif /* _GUMS_H */ diff --git a/source3/include/includes.h b/source3/include/includes.h index 29bb53980f..452b489547 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -806,6 +806,10 @@ extern int errno; #include "rpc_secdes.h" +#include "genparser.h" + +#include "gums.h" + #include "nt_printing.h" #include "msdfs.h" diff --git a/source3/include/passdb.h b/source3/include/passdb.h index a4b2bcff3f..cd9c57a991 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -177,6 +177,15 @@ typedef struct sam_group { } SAM_GROUP; +typedef struct _GROUP_INFO { + struct pdb_methods *methods; + DOM_SID sid; + enum SID_NAME_USE sid_name_use; + fstring nt_name; + fstring comment; +} GROUP_INFO; + + /***************************************************************** Functions to be implemented by the new (v2) passdb API ****************************************************************/ @@ -192,26 +201,28 @@ typedef struct pdb_context { struct pdb_methods *pdb_methods; struct pdb_methods *pwent_methods; - + /* These functions are wrappers for the functions listed above. They may do extra things like re-reading a SAM_ACCOUNT on update */ NTSTATUS (*pdb_setsampwent)(struct pdb_context *, BOOL update); - + void (*pdb_endsampwent)(struct pdb_context *); - + NTSTATUS (*pdb_getsampwent)(struct pdb_context *, SAM_ACCOUNT *user); - + NTSTATUS (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); - + NTSTATUS (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid); NTSTATUS (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); - + NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); - + NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username); + /* group mapping functions: to be removed */ + NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid); @@ -232,6 +243,30 @@ typedef struct pdb_context GROUP_MAP **rmap, int *num_entries, BOOL unix_only); + /* group functions */ + + NTSTATUS (*pdb_get_group_info_by_sid)(struct pdb_context *context, GROUP_INFO *info, const DOM_SID *group); + + NTSTATUS (*pdb_get_group_list)(struct pdb_context *context, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); + + NTSTATUS (*pdb_get_group_sids)(struct pdb_context *context, const DOM_SID *group, DOM_SID **members, int *num_members); + + NTSTATUS (*pdb_add_group)(struct pdb_context *context, const SAM_GROUP *group); + + NTSTATUS (*pdb_update_group)(struct pdb_context *context, const SAM_GROUP *group); + + NTSTATUS (*pdb_delete_group)(struct pdb_context *context, const DOM_SID *group); + + NTSTATUS (*pdb_add_sid_to_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); + + NTSTATUS (*pdb_remove_sid_from_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); + + NTSTATUS (*pdb_get_group_info_by_name)(struct pdb_context *context, GROUP_INFO *info, const char *name); + + NTSTATUS (*pdb_get_group_info_by_nt_name)(struct pdb_context *context, GROUP_INFO *info, const char *nt_name); + + NTSTATUS (*pdb_get_group_uids)(struct pdb_context *context, const DOM_SID *group, uid_t **members, int *num_members); + void (*free_fn)(struct pdb_context **); TALLOC_CTX *mem_ctx; @@ -262,7 +297,9 @@ typedef struct pdb_methods NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username); - + + /* group mapping functions: to be removed */ + NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid); @@ -283,6 +320,30 @@ typedef struct pdb_methods GROUP_MAP **rmap, int *num_entries, BOOL unix_only); + /* group functions */ + + NTSTATUS (*get_group_info_by_sid)(struct pdb_methods *methods, GROUP_INFO *info, const DOM_SID *group); + + NTSTATUS (*get_group_list)(struct pdb_methods *methods, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); + + NTSTATUS (*get_group_sids)(struct pdb_methods *methods, const DOM_SID *group, DOM_SID **members, int *num_members); + + NTSTATUS (*add_group)(struct pdb_methods *methods, const SAM_GROUP *group); + + NTSTATUS (*update_group)(struct pdb_methods *methods, const SAM_GROUP *group); + + NTSTATUS (*delete_group)(struct pdb_methods *methods, const DOM_SID *group); + + NTSTATUS (*add_sid_to_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); + + NTSTATUS (*remove_sid_from_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); + + NTSTATUS (*get_group_info_by_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *name); + + NTSTATUS (*get_group_info_by_nt_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *nt_name); + + NTSTATUS (*get_group_uids)(struct pdb_methods *methods, const DOM_SID *group, uid_t **members, int *num_members); + void *private_data; /* Private data of some kind */ void (*free_private_data)(void **); diff --git a/source3/include/tdbsam2.h b/source3/include/tdbsam2.h index 047b4e7c90..b99e16586b 100644 --- a/source3/include/tdbsam2.h +++ b/source3/include/tdbsam2.h @@ -20,33 +20,46 @@ /* ALL strings assumes UTF8 as encoding */ -GENSTRUCT struct tdbsam2_domain_data { - uint32 xcounter; /* counter to be updated at any change */ +#ifndef TDBSAM2_H +#define TDBSAM2_H - SEC_DESC *sec_desc; /* Security Descriptor */ - DOM_SID *dom_sid; /* The Domain SID */ - char *name; _NULLTERM /* NT Domain Name */ - char *description; _NULLTERM /* Descritpion (Gecos) */ +/* IMPORTANT: these structures must follow closely the GUMS_OBJECTs + * structures as they will be casted over !! + * the GUMS_OBJECT union is unrolled here into four tdbsam2 + * objects cause genstruct is not able to follow arbitrary unions */ +GENSTRUCT struct domain_sub_structure +{ uint32 next_rid; /* The Next free RID */ }; -GENSTRUCT struct tdbsam2_user_data { +GENSTRUCT struct tdbsam2_domain_data +{ + TALLOC_CTX *mem_ctx; + + uint32 type; + uint32 version; uint32 xcounter; /* counter to be updated at any change */ SEC_DESC *sec_desc; /* Security Descriptor */ - DOM_SID *user_sid; /* The User SID */ - char *name; _NULLTERM /* NT User Name */ + + DOM_SID *dom_sid; /* The Domain SID */ + char *name; _NULLTERM /* NT Domain Name */ char *description; _NULLTERM /* Descritpion (Gecos) */ + struct domain_sub_structure *dss; +}; + +GENSTRUCT struct user_sub_structure +{ DOM_SID *group_sid; /* The Primary Group SID */ - NTTIME *logon_time; - NTTIME *logoff_time; - NTTIME *kickoff_time; - NTTIME *pass_last_set_time; - NTTIME *pass_can_change_time; - NTTIME *pass_must_change_time; + NTTIME logon_time; + NTTIME logoff_time; + NTTIME kickoff_time; + NTTIME pass_last_set_time; + NTTIME pass_can_change_time; + NTTIME pass_must_change_time; char *full_name; _NULLTERM /* The Full Name */ char *home_dir; _NULLTERM /* Home Directory */ @@ -57,39 +70,81 @@ GENSTRUCT struct tdbsam2_user_data { char *unknown_str; _NULLTERM /* Guess ... Unknown */ char *munged_dial; _NULLTERM /* Callback Number */ - /* passwords are 16 byte leght, pointer is null if no password */ - uint8 *lm_pw_ptr; _LEN(16) /* Lanman hashed password */ - uint8 *nt_pw_ptr; _LEN(16) /* NT hashed password */ + DATA_BLOB lm_pw; /* .data is Null if no password */ + DATA_BLOB nt_pw; /* .data is Null if no password */ + uint16 acct_ctrl; /* account flags */ uint16 logon_divs; /* 168 - num of hours in a week */ uint32 hours_len; /* normally 21 */ uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */ + uint16 bad_password_count; /* 0 */ + uint16 logon_count; /* 0 */ uint32 unknown_3; /* 0x00ff ffff */ - uint32 unknown_5; /* 0x0002 0000 */ uint32 unknown_6; /* 0x0000 04ec */ }; -GENSTRUCT struct tdbsam2_group_data { +GENSTRUCT struct tdbsam2_user_data +{ + TALLOC_CTX *mem_ctx; + + uint32 type; + uint32 version; uint32 xcounter; /* counter to be updated at any change */ SEC_DESC *sec_desc; /* Security Descriptor */ + + DOM_SID *user_sid; /* The User SID */ + char *name; _NULLTERM /* NT User Name */ + char *description; _NULLTERM /* Descritpion (Gecos) */ + + struct user_sub_structure *uss; +}; + +GENSTRUCT struct group_sub_structure +{ + uint32 count; /* number of sids */ + DOM_SID *members; _LEN(count) /* SID array */ +}; + +GENSTRUCT struct tdbsam2_group_data +{ + TALLOC_CTX *mem_ctx; + + uint32 type; + uint32 version; + uint32 xcounter; /* counter to be updated at any change */ + + SEC_DESC *sec_desc; /* Security Descriptor */ + DOM_SID *group_sid; /* The Group SID */ char *name; _NULLTERM /* NT Group Name */ char *description; _NULLTERM /* Descritpion (Gecos) */ + struct group_sub_structure *gss; +}; + +GENSTRUCT struct priv_sub_structure +{ + LUID_ATTR *privilege; /* Privilege */ + uint32 count; /* number of sids */ - DOM_SID **members; _LEN(count) /* SID array */ + DOM_SID *members; _LEN(count) /* SID array */ }; -GENSTRUCT struct tdbsam2_privilege_data { +GENSTRUCT struct tdbsam2_priv_data +{ + TALLOC_CTX *mem_ctx; + + uint32 type; + uint32 version; uint32 xcounter; /* counter to be updated at any change */ - LUID_ATTR *privilege; /* Privilege */ - char *name; _NULLTERM /* NT User Name */ + DOM_SID *null_sid; + char *name; _NULLTERM /* Privilege Name */ char *description; _NULLTERM /* Descritpion (Gecos) */ - uint32 count; /* number of sids */ - DOM_SID **members; _LEN(count) /* SID array */ + struct priv_sub_structure *pss; }; +#endif /* TDBSAM2_H */ diff --git a/source3/lib/genparser.c b/source3/lib/genparser.c index 233050b432..7476b5d0af 100644 --- a/source3/lib/genparser.c +++ b/source3/lib/genparser.c @@ -256,7 +256,6 @@ static int gen_dump_array(TALLOC_CTX *mem_ctx, addstr(mem_ctx, p, "}\n")) { return -1; } - free(s); return 0; } @@ -673,7 +672,7 @@ int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, { char *str, *s0; - s0 = strdup(s); + s0 = talloc_strdup(mem_ctx, s); str = s0; while (*str) { @@ -706,12 +705,10 @@ int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, *str++ = 0; if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) { - free(s0); return -1; } } - free(s0); return 0; } diff --git a/source3/lib/genparser_samba.c b/source3/lib/genparser_samba.c index bece587747..7eabf5a56e 100644 --- a/source3/lib/genparser_samba.c +++ b/source3/lib/genparser_samba.c @@ -118,7 +118,16 @@ int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) return 0; } +int gen_parse_DATA_BLOB(TALLOC_CTX *mem_ctx, char *ptr, const char *str) +{ + return gen_parse_struct(mem_ctx, pinfo_data_blob_info, ptr, str); +} +int gen_parse_TALLOC_CTX(TALLOC_CTX *mem_ctx, char *ptr, const char *str) +{ + (TALLOC_CTX *)ptr = NULL; + return 0; +} /* DUMP functions */ @@ -198,3 +207,12 @@ int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, return addshort(mem_ctx, p, "%u,%u", high, low); } +int gen_dump_DATA_BLOB(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) +{ + return gen_dump_struct(mem_ctx, pinfo_data_blob_info, p, ptr, indent); +} + +int gen_dump_TALLOC_CTX(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) +{ + return addshort(mem_ctx, p, "TALLOC_CTX"); +} diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 468b532cbe..79553e9e4f 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -191,8 +191,6 @@ static int winbind_named_pipe_sock(const char *dir) if (connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { - DEBUG(10, ("error connecting to pipe socket: %s\n", - strerror(errno))); close(fd); return -1; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 5a5ac4a2cc..e6705d8c7b 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -122,6 +122,7 @@ typedef struct char *szSMBPasswdFile; char *szPrivateDir; char **szPassdbBackend; + char *szGumsBackend; char **szPreloadModules; char *szPasswordServer; char *szSocketOptions; @@ -791,6 +792,7 @@ static struct parm_struct parm_table[] = { {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED}, {"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED}, {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, + {"gums backend", P_STRING, P_GLOBAL, &Globals.szGumsBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, @@ -1453,6 +1455,7 @@ static void init_globals(void) #else Globals.szPassdbBackend = str_list_make("smbpasswd", NULL); #endif /* WITH_LDAP_SAMCONFIG */ + string_set(&Globals.szGumsBackend, "tdbsam2"); string_set(&Globals.szLdapSuffix, ""); string_set(&Globals.szLdapFilter, "(uid=%u)"); @@ -1651,6 +1654,7 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases) FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend) +FN_GLOBAL_STRING(lp_gums_backend, &Globals.szGumsBackend) FN_GLOBAL_LIST(lp_preload_modules, &Globals.szPreloadModules) FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c index fa29657edc..3cd6efb38a 100644 --- a/source3/passdb/pdb_guest.c +++ b/source3/passdb/pdb_guest.c @@ -141,6 +141,21 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c (*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping; + /* we do not handle groups in guest backend */ +/* FIXME + (*pdb_method)->get_group_info_by_sid = pdb_nop_get_group_info_by_sid; + (*pdb_method)->get_group_list = pdb_nop_get_group_list; + (*pdb_method)->get_group_sids = pdb_nop_get_group_sids; + (*pdb_method)->add_group = pdb_nop_add_group; + (*pdb_method)->update_group = pdb_nop_update_group; + (*pdb_method)->delete_group = pdb_nop_delete_group; + (*pdb_method)->add_sid_to_group = pdb_nop_add_sid_to_group; + (*pdb_method)->remove_sid_from_group = pdb_nop_remove_sid_from_group; + (*pdb_method)->get_group_info_by_name = pdb_nop_get_group_info_by_name; + (*pdb_method)->get_group_info_by_nt_name = pdb_nop_get_group_info_by_nt_name; + (*pdb_method)->get_group_uids = pdb_nop_get_group_uids; +*/ + /* There's not very much to initialise here */ return NT_STATUS_OK; diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c index 29922bca4f..19998a6655 100644 --- a/source3/passdb/pdb_xml.c +++ b/source3/passdb/pdb_xml.c @@ -540,13 +540,17 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method (*pdb_method)->getsampwsid = NULL; (*pdb_method)->update_sam_account = NULL; (*pdb_method)->delete_sam_account = NULL; - (*pdb_method)->getgrsid = NULL; - (*pdb_method)->getgrgid = NULL; - (*pdb_method)->getgrnam = NULL; - (*pdb_method)->add_group_mapping_entry = NULL; - (*pdb_method)->update_group_mapping_entry = NULL; - (*pdb_method)->delete_group_mapping_entry = NULL; - (*pdb_method)->enum_group_mapping = NULL; + (*pdb_method)->get_group_info_by_sid = NULL; + (*pdb_method)->get_group_list = NULL; + (*pdb_method)->get_group_sids = NULL; + (*pdb_method)->add_group = NULL; + (*pdb_method)->update_group = NULL; + (*pdb_method)->delete_group = NULL; + (*pdb_method)->add_sid_to_group = NULL; + (*pdb_method)->remove_sid_from_group = NULL; + (*pdb_method)->get_group_info_by_name = NULL; + (*pdb_method)->get_group_info_by_nt_name = NULL; + (*pdb_method)->get_group_uids = NULL; data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml)); data->location = talloc_strdup(pdb_context->mem_ctx, (location ? location : "passdb.xml")); diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c index 5da2407faa..2623180afb 100644 --- a/source3/sam/gumm_tdb.c +++ b/source3/sam/gumm_tdb.c @@ -464,7 +464,7 @@ static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_us SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error); SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error); - SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error); + SET_OR_FAIL(gums_set_user_bad_password_count(*object, userdata->bad_password_count), error); SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error); SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error); @@ -750,7 +750,7 @@ static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj obj.data.user->hours = &defhours; obj.data.user->unknown_3 = 0x00ffffff; - obj.data.user->unknown_5 = 0x00020000; + obj.data.user->bad_password_count = 0x00020000; obj.data.user->unknown_6 = 0x000004ec; break; diff --git a/source3/sam/gums.c b/source3/sam/gums.c index a118740637..ab374b9342 100644 --- a/source3/sam/gums.c +++ b/source3/sam/gums.c @@ -20,8 +20,8 @@ #include "includes.h" -/*#undef DBGC_CLASS -#define DBGC_CLASS DBGC_GUMS*/ +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_SAM #define GMV_MAJOR 0 #define GMV_MINOR 1 @@ -56,8 +56,7 @@ #define PRIV_ALL 255 -GUMS_FUNCTIONS *gums_storage; -static void *dl_handle; +static GUMS_FUNCTIONS *gums_backend = NULL; static PRIVS gums_privs[] = { {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ @@ -90,72 +89,146 @@ static PRIVS gums_privs[] = { {PRIV_ALL, "SaAllPrivs", "All Privileges"} }; -NTSTATUS gums_init(const char *module_name) +static struct gums_init_function_entry *backends = NULL; + +static void lazy_initialize_gums(void) { - int (*module_version)(int); - NTSTATUS (*module_init)(); -/* gums_module_init module_init;*/ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + static BOOL initialized = False; + + if (initialized) + return; - DEBUG(5, ("Opening gums module %s\n", module_name)); - dl_handle = sys_dlopen(module_name, RTLD_NOW); - if (!dl_handle) { - DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror())); - return NT_STATUS_UNSUCCESSFUL; - } + static_init_gums; + initialized = True; +} - module_version = sys_dlsym(dl_handle, "gumm_version"); - if (!module_version) { - DEBUG(0, ("ERROR: Failed to find gums module version!\n")); - goto error; - } +static struct gums_init_function_entry *gums_find_backend_entry(const char *name); + +NTSTATUS gums_register_module(int version, const char *name, gums_init_function init_fn) +{ + struct gums_init_function_entry *entry = backends; + + if (version != GUMS_INTERFACE_VERSION) { + DEBUG(0,("Can't register gums backend!\n" + "You tried to register a gums module with" + "GUMS_INTERFACE_VERSION %d, while this version" + "of samba uses version %d\n", version, + GUMS_INTERFACE_VERSION)); - if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) { - DEBUG(0, ("ERROR: Module's major version does not match gums version!\n")); - goto error; + return NT_STATUS_OBJECT_TYPE_MISMATCH; } - if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) { - DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n")); + if (!name || !init_fn) { + return NT_STATUS_INVALID_PARAMETER; } - module_init = sys_dlsym(dl_handle, "gumm_init"); - if (!module_init) { - DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); - goto error; + DEBUG(5,("Attempting to register gums backend %s\n", name)); + + /* Check for duplicates */ + if (gums_find_backend_entry(name)) { + DEBUG(0,("There already is a gums backend registered" + "with the name %s!\n", name)); + return NT_STATUS_OBJECT_NAME_COLLISION; } - DEBUG(5, ("Initializing module %s\n", module_name)); + entry = smb_xmalloc(sizeof(struct gums_init_function_entry)); + entry->name = smb_xstrdup(name); + entry->init_fn = init_fn; - ret = module_init(&gums_storage); - goto done; + DLIST_ADD(backends, entry); + DEBUG(5,("Successfully added gums backend '%s'\n", name)); + return NT_STATUS_OK; +} -error: - ret = NT_STATUS_UNSUCCESSFUL; - sys_dlclose(dl_handle); +static struct gums_init_function_entry *gums_find_backend_entry(const char *name) +{ + struct gums_init_function_entry *entry = backends; -done: - return ret; + while (entry) { + if (strcmp(entry->name, name) == 0) + return entry; + entry = entry->next; + } + + return NULL; } -NTSTATUS gums_unload(void) +NTSTATUS gums_setup_backend(const char *backend) { - NTSTATUS ret; - NTSTATUS (*module_finalize)(); - if (!dl_handle) - return NT_STATUS_UNSUCCESSFUL; + TALLOC_CTX *mem_ctx; + char *module_name = smb_xstrdup(backend); + char *p, *module_data = NULL; + struct gums_init_function_entry *entry; + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + lazy_initialize_gums(); + + p = strchr(module_name, ':'); + if (p) { + *p = 0; + module_data = p+1; + trim_string(module_data, " ", " "); + } + + trim_string(module_name, " ", " "); - module_finalize = sys_dlsym(dl_handle, "gumm_finalize"); - if (!module_finalize) { - DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); - return NT_STATUS_UNSUCCESSFUL; + DEBUG(5,("Attempting to find a gums backend to match %s (%s)\n", backend, module_name)); + + entry = gums_find_backend_entry(module_name); + + /* Try to find a module that contains this module */ + if (!entry) { + DEBUG(2,("No builtin backend found, trying to load plugin\n")); + if(NT_STATUS_IS_OK(smb_probe_module("gums", module_name)) && !(entry = gums_find_backend_entry(module_name))) { + DEBUG(0,("Plugin is available, but doesn't register gums backend %s\n", module_name)); + SAFE_FREE(module_name); + return NT_STATUS_UNSUCCESSFUL; + } } - DEBUG(5, ("Finalizing module")); + /* No such backend found */ + if(!entry) { + DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name)); + SAFE_FREE(module_name); + return NT_STATUS_INVALID_PARAMETER; + } - ret = module_finalize(); - sys_dlclose(dl_handle); + DEBUG(5,("Found gums backend %s\n", module_name)); + /* free current functions structure if any */ + if (gums_backend) { + gums_backend->free_private_data(gums_backend->private_data); + talloc_destroy(gums_backend->mem_ctx); + gums_backend = NULL; + } + + /* allocate a new GUMS_FUNCTIONS structure and memory context */ + mem_ctx = talloc_init("gums_backend (%s)", module_name); + if (!mem_ctx) + return NT_STATUS_NO_MEMORY; + gums_backend = talloc(mem_ctx, sizeof(GUMS_FUNCTIONS)); + if (!gums_backend) + return NT_STATUS_NO_MEMORY; + gums_backend->mem_ctx = mem_ctx; + + /* init the requested backend module */ + if (NT_STATUS_IS_OK(ret = entry->init_fn(gums_backend, module_data))) { + DEBUG(5,("gums backend %s has a valid init\n", backend)); + } else { + DEBUG(0,("gums backend %s did not correctly init (error was %s)\n", backend, nt_errstr(ret))); + } + SAFE_FREE(module_name); return ret; } + +NTSTATUS get_gums_fns(GUMS_FUNCTIONS **fns) +{ + if (gums_backend != NULL) { + *fns = gums_backend; + return NT_STATUS_OK; + } + + DEBUG(2, ("get_gums_fns: unable to get gums functions! backend uninitialized?\n")); + return NT_STATUS_UNSUCCESSFUL; +} diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c index 2e5dcd143a..17f7d33baa 100644 --- a/source3/sam/gums_api.c +++ b/source3/sam/gums_api.c @@ -20,195 +20,8 @@ #include "includes.h" - -/******************************************************************* - Create a SEC_ACL structure. -********************************************************************/ - -static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list) -{ - SEC_ACL *dst; - int i; - - if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL) - return NULL; - - dst->revision = revision; - dst->num_aces = num_aces; - dst->size = SEC_ACL_HEADER_SIZE; - - /* Now we need to return a non-NULL address for the ace list even - if the number of aces required is zero. This is because there - is a distinct difference between a NULL ace and an ace with zero - entries in it. This is achieved by checking that num_aces is a - positive number. */ - - if ((num_aces) && - ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) - == NULL)) { - return NULL; - } - - for (i = 0; i < num_aces; i++) { - dst->ace[i] = ace_list[i]; /* Structure copy. */ - dst->size += ace_list[i].size; - } - - return dst; -} - - - -/******************************************************************* - Duplicate a SEC_ACL structure. -********************************************************************/ - -static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) -{ - if(src == NULL) - return NULL; - - return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); -} - - - -/******************************************************************* - Creates a SEC_DESC structure -********************************************************************/ - -static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, - DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) -{ - SEC_DESC *dst; - uint32 offset = 0; - uint32 offset_sid = SEC_DESC_HEADER_SIZE; - uint32 offset_acl = 0; - - *sd_size = 0; - - if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL) - return NULL; - - dst->revision = revision; - dst->type = SEC_DESC_SELF_RELATIVE; - - if (sacl) dst->type |= SEC_DESC_SACL_PRESENT; - if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; - - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; - - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) - goto error_exit; - - if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) - goto error_exit; - - if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) - goto error_exit; - - if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) - goto error_exit; - - offset = 0; - - /* - * Work out the linearization sizes. - */ - if (dst->owner_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->owner_sid); - } - - if (dst->grp_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->grp_sid); - } - - if (dst->sacl != NULL) { - - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_sacl = offset_acl; - offset_acl += dst->sacl->size; - offset += dst->sacl->size; - offset_sid += dst->sacl->size; - } - - if (dst->dacl != NULL) { - - if (offset_acl == 0) - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_dacl = offset_acl; - offset_acl += dst->dacl->size; - offset += dst->dacl->size; - offset_sid += dst->dacl->size; - } - - *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); - - if (dst->owner_sid != NULL) - dst->off_owner_sid = offset_sid; - - /* sid_size() returns 0 if the sid is NULL so this is ok */ - - if (dst->grp_sid != NULL) - dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); - - return dst; - -error_exit: - - *sd_size = 0; - return NULL; -} - -/******************************************************************* - Duplicate a SEC_DESC structure. -********************************************************************/ - -static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) -{ - size_t dummy; - - if(src == NULL) - return NULL; - - return make_sec_desc( ctx, src->revision, - src->owner_sid, src->grp_sid, src->sacl, - src->dacl, &dummy); -} - - - - - - - -extern GUMS_FUNCTIONS *gums_storage; - /* Functions to get/set info from a GUMS object */ -NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - *type = obj->type; - return NT_STATUS_OK; -} - NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) { TALLOC_CTX *mem_ctx = talloc_init("gums_create_object"); @@ -222,6 +35,7 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) switch(type) { case GUMS_OBJ_DOMAIN: + go->data.domain = (GUMS_DOMAIN *)talloc_zero(mem_ctx, sizeof(GUMS_DOMAIN)); break; /* @@ -238,6 +52,10 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); break; + case GUMS_OBJ_PRIVILEGE: + go->data.priv = (GUMS_PRIVILEGE *)talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE)); + break; + default: /* TODO: throw error */ ret = NT_STATUS_OBJECT_TYPE_MISMATCH; @@ -250,96 +68,170 @@ NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) goto error; } + switch(type) { + case GUMS_OBJ_NORMAL_USER: + gums_set_user_acct_ctrl(go, ACB_NORMAL); + gums_set_user_hours(go, 0, NULL); + } + *obj = go; return NT_STATUS_OK; - + error: talloc_destroy(go->mem_ctx); *obj = NULL; return ret; } -NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj) +NTSTATUS gums_destroy_object(GUMS_OBJECT **obj) { - if (!version || !obj) + if (!obj || !(*obj)) return NT_STATUS_INVALID_PARAMETER; - *version = obj->version; + if ((*obj)->mem_ctx) + talloc_destroy((*obj)->mem_ctx); + *obj = NULL; + return NT_STATUS_OK; } -NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version) +void gums_reset_object(GUMS_OBJECT *go) +{ + go->seq_num = 0; + go->sid = NULL; + go->name = NULL; + go->description = NULL; + + switch(go->type) { + case GUMS_OBJ_DOMAIN: + memset(go->data.domain, 0, sizeof(GUMS_DOMAIN)); + break; + +/* + case GUMS_OBJ_WORKSTATION_TRUST: + case GUMS_OBJ_SERVER_TRUST: + case GUMS_OBJ_DOMAIN_TRUST: +*/ + case GUMS_OBJ_NORMAL_USER: + memset(go->data.user, 0, sizeof(GUMS_USER)); + gums_set_user_acct_ctrl(go, ACB_NORMAL); + break; + + case GUMS_OBJ_GROUP: + case GUMS_OBJ_ALIAS: + memset(go->data.group, 0, sizeof(GUMS_GROUP)); + break; + + case GUMS_OBJ_PRIVILEGE: + memset(go->data.priv, 0, sizeof(GUMS_PRIVILEGE)); + break; + + default: + return; + } +} + +uint32 gums_get_object_type(const GUMS_OBJECT *obj) { if (!obj) - return NT_STATUS_INVALID_PARAMETER; + return 0; - obj->version = version; - return NT_STATUS_OK; + return obj->type; } -NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj) +uint32 gums_get_object_seq_num(const GUMS_OBJECT *obj) { - if (!sec_desc || !obj) - return NT_STATUS_INVALID_PARAMETER; + if (!obj) + return 0; - *sec_desc = obj->sec_desc; - return NT_STATUS_OK; + return obj->seq_num; } -NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc) +uint32 gums_get_object_version(const GUMS_OBJECT *obj) { - if (!obj || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; + if (!obj) + return 0; - obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc); - if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; + return obj->version; +} + +const SEC_DESC *gums_get_sec_desc(const GUMS_OBJECT *obj) +{ + if (!obj) + return NULL; + + return obj->sec_desc; } -NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj) +const DOM_SID *gums_get_object_sid(const GUMS_OBJECT *obj) { - if (!sid || !obj) + if (!obj) + return NULL; + + return obj->sid; +} + +const char *gums_get_object_name(const GUMS_OBJECT *obj) +{ + if (!obj) + return NULL; + + return obj->name; +} + +const char *gums_get_object_description(const GUMS_OBJECT *obj) +{ + if (!obj) + return NULL; + + return obj->description; +} + +NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 seq_num) +{ + if (!obj) return NT_STATUS_INVALID_PARAMETER; - *sid = obj->sid; + obj->seq_num = seq_num; return NT_STATUS_OK; } -NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid) +NTSTATUS gums_set_object_version(GUMS_OBJECT *obj, uint32 version) { - if (!obj || !sid) + if (!obj) return NT_STATUS_INVALID_PARAMETER; - obj->sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL; + obj->version = version; return NT_STATUS_OK; } -NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj) +NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc) { - if (!name || !obj) + if (!obj || !sec_desc) return NT_STATUS_INVALID_PARAMETER; - *name = obj->name; + obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc); + if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL; return NT_STATUS_OK; } -NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name) +NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid) { - if (!obj || !name) + if (!obj || !sid) return NT_STATUS_INVALID_PARAMETER; - obj->name = (char *)talloc_strdup(obj->mem_ctx, name); - if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL; + obj->sid = sid_dup_talloc(obj->mem_ctx, sid); + if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL; return NT_STATUS_OK; } -NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj) +NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name) { - if (!description || !obj) + if (!obj || !name) return NT_STATUS_INVALID_PARAMETER; - *description = obj->description; + obj->name = (char *)talloc_strdup(obj->mem_ctx, name); + if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL; return NT_STATUS_OK; } @@ -353,8 +245,6 @@ NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description) return NT_STATUS_OK; } -/* User specific functions */ - /* NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj) { @@ -366,16 +256,12 @@ NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT } */ -NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj) +uint32 gums_get_domain_next_rid(const GUMS_OBJECT *obj) { - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return -1; - *rid = obj->data.domain->next_rid; - return NT_STATUS_OK; + return obj->data.domain->next_rid; } NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) @@ -390,364 +276,406 @@ NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) return NT_STATUS_OK; } -NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj) -{ - if (!sid || !obj) - return NT_STATUS_INVALID_PARAMETER; +/* User specific functions */ - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; +const DOM_SID *gums_get_user_pri_group(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - *sid = obj->data.user->group_sid; - return NT_STATUS_OK; + return obj->data.user->group_sid; } -NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid) +const DATA_BLOB gums_get_user_nt_pwd(const GUMS_OBJECT *obj) { - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; + fstring p; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return data_blob(NULL, 0); - obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; + smbpasswd_sethexpwd(p, (unsigned char *)(obj->data.user->nt_pw.data), 0); + DEBUG(100, ("Reading NT Password=[%s]\n", p)); + + return obj->data.user->nt_pw; } -NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj) -{ - if (!nt_pwd || !obj) - return NT_STATUS_INVALID_PARAMETER; +const DATA_BLOB gums_get_user_lm_pwd(const GUMS_OBJECT *obj) +{ + fstring p; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return data_blob(NULL, 0); - *nt_pwd = &(obj->data.user->nt_pw); - return NT_STATUS_OK; + smbpasswd_sethexpwd(p, (unsigned char *)(obj->data.user->lm_pw.data), 0); + DEBUG(100, ("Reading LM Password=[%s]\n", p)); + + return obj->data.user->lm_pw; } -NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) +const char *gums_get_user_fullname(const GUMS_OBJECT *obj) { - if (!obj || nt_pwd.length != NT_HASH_LEN) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); - return NT_STATUS_OK; + return obj->data.user->full_name; } -NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj) -{ - if (!lm_pwd || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; +const char *gums_get_user_homedir(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - *lm_pwd = &(obj->data.user->lm_pw); - return NT_STATUS_OK; + return obj->data.user->home_dir; } -NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) +const char *gums_get_user_dir_drive(const GUMS_OBJECT *obj) { - if (!obj || lm_pwd.length != LM_HASH_LEN) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); - return NT_STATUS_OK; + return obj->data.user->dir_drive; } -NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj) +const char *gums_get_user_profile_path(const GUMS_OBJECT *obj) { - if (!fullname || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - *fullname = obj->data.user->full_name; - return NT_STATUS_OK; + return obj->data.user->profile_path; } -NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname) +const char *gums_get_user_logon_script(const GUMS_OBJECT *obj) { - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname); - if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; + return obj->data.user->logon_script; } -NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj) +const char *gums_get_user_workstations(const GUMS_OBJECT *obj) { - if (!homedir || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - *homedir = obj->data.user->home_dir; - return NT_STATUS_OK; + return obj->data.user->workstations; } -NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir) +const char *gums_get_user_unknown_str(const GUMS_OBJECT *obj) { - if (!obj || !homedir) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->unknown_str; +} - obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir); - if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; +const char *gums_get_user_munged_dial(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; + + return obj->data.user->munged_dial; } -NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj) +NTTIME gums_get_user_logon_time(const GUMS_OBJECT *obj) { - if (!dirdrive || !obj) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { + NTTIME null_time; + init_nt_time(&null_time); + return null_time; + } - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->logon_time; +} - *dirdrive = obj->data.user->dir_drive; - return NT_STATUS_OK; +NTTIME gums_get_user_logoff_time(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { + NTTIME null_time; + init_nt_time(&null_time); + return null_time; + } + + return obj->data.user->logoff_time; } -NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive) +NTTIME gums_get_user_kickoff_time(const GUMS_OBJECT *obj) { - if (!obj || !dir_drive) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { + NTTIME null_time; + init_nt_time(&null_time); + return null_time; + } - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->kickoff_time; +} - obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive); - if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; +NTTIME gums_get_user_pass_last_set_time(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { + NTTIME null_time; + init_nt_time(&null_time); + return null_time; + } + + return obj->data.user->pass_last_set_time; } -NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj) +NTTIME gums_get_user_pass_can_change_time(const GUMS_OBJECT *obj) { - if (!logon_script || !obj) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { + NTTIME null_time; + init_nt_time(&null_time); + return null_time; + } - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->pass_can_change_time; +} - *logon_script = obj->data.user->logon_script; - return NT_STATUS_OK; +NTTIME gums_get_user_pass_must_change_time(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { + NTTIME null_time; + init_nt_time(&null_time); + return null_time; + } + + return obj->data.user->pass_must_change_time; } -NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script) +uint16 gums_get_user_acct_ctrl(const GUMS_OBJECT *obj) { - if (!obj || !logon_script) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return 0; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->acct_ctrl; +} - obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script); - if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; +uint16 gums_get_user_logon_divs(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return 0; + + return obj->data.user->logon_divs; } -NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj) +uint32 gums_get_user_hours_len(const GUMS_OBJECT *obj) { - if (!profile_path || !obj) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return 0; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->hours_len; +} - *profile_path = obj->data.user->profile_path; - return NT_STATUS_OK; +const uint8 *gums_get_user_hours(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return NULL; + + return obj->data.user->hours; } -NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path) +uint32 gums_get_user_unknown_3(const GUMS_OBJECT *obj) { - if (!obj || !profile_path) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return 0; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->unknown_3; +} - obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path); - if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; +uint16 gums_get_user_bad_password_count(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return 0; + + return obj->data.user->bad_password_count; } -NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj) +uint16 gums_get_user_logon_count(const GUMS_OBJECT *obj) { - if (!workstations || !obj) - return NT_STATUS_INVALID_PARAMETER; + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return 0; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return obj->data.user->logon_count; +} - *workstations = obj->data.user->workstations; - return NT_STATUS_OK; +uint32 gums_get_user_unknown_6(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) + return 0; + + return obj->data.user->unknown_6; } -NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations) +NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid) { - if (!obj || !workstations) + if (!obj || !sid) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations); - if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY; + obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid); + if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) { - if (!unknown_str || !obj) + fstring p; + unsigned char r[16]; + + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *unknown_str = obj->data.user->unknown_str; + obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); + + memcpy(r, nt_pwd.data, 16); + smbpasswd_sethexpwd(p, r, 0); + DEBUG(100, ("Setting NT Password=[%s]\n", p)); + return NT_STATUS_OK; } -NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str) +NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) { - if (!obj || !unknown_str) + fstring p; + unsigned char r[16]; + + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str); - if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY; + obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); + + memcpy(r, lm_pwd.data, 16); + smbpasswd_sethexpwd(p, r, 0); + DEBUG(100, ("Setting LM Password=[%s]\n", p)); + return NT_STATUS_OK; } -NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname) { - if (!munged_dial || !obj) + if (!obj || !fullname) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *munged_dial = obj->data.user->munged_dial; + obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname); + if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial) +NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir) { - if (!obj || !munged_dial) + if (!obj || !homedir) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial); - if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY; + obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir); + if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive) { - if (!logon_time || !obj) + if (!obj || !dir_drive) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *logon_time = obj->data.user->logon_time; + obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive); + if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time) +NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script) { - if (!obj) + if (!obj || !logon_script) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->logon_time = logon_time; + obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script); + if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path) { - if (!logoff_time || !obj) + if (!obj || !profile_path) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *logoff_time = obj->data.user->logoff_time; + obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path); + if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time) +NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations) { - if (!obj) + if (!obj || !workstations) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->logoff_time = logoff_time; + obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations); + if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str) { - if (!kickoff_time || !obj) + if (!obj || !unknown_str) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *kickoff_time = obj->data.user->kickoff_time; + obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str); + if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time) +NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial) { - if (!obj) + if (!obj || !munged_dial) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->kickoff_time = kickoff_time; + obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial); + if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time) { - if (!pass_last_set_time || !obj) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *pass_last_set_time = obj->data.user->pass_last_set_time; + obj->data.user->logon_time = logon_time; return NT_STATUS_OK; } -NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time) +NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time) { if (!obj) return NT_STATUS_INVALID_PARAMETER; @@ -755,23 +683,23 @@ NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->pass_last_set_time = pass_last_set_time; + obj->data.user->logoff_time = logoff_time; return NT_STATUS_OK; } -NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time) { - if (!pass_can_change_time || !obj) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *pass_can_change_time = obj->data.user->pass_can_change_time; + obj->data.user->kickoff_time = kickoff_time; return NT_STATUS_OK; } -NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time) +NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time) { if (!obj) return NT_STATUS_INVALID_PARAMETER; @@ -779,19 +707,19 @@ NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_ch if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->pass_can_change_time = pass_can_change_time; + obj->data.user->pass_last_set_time = pass_last_set_time; return NT_STATUS_OK; } -NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time) { - if (!pass_must_change_time || !obj) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *pass_must_change_time = obj->data.user->pass_must_change_time; + obj->data.user->pass_can_change_time = pass_can_change_time; return NT_STATUS_OK; } @@ -807,21 +735,21 @@ NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_ return NT_STATUS_OK; } -NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_acct_ctrl(GUMS_OBJECT *obj, uint16 acct_ctrl) { - if (!logon_divs || !obj) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *logon_divs = obj->data.user->logon_divs; + obj->data.user->acct_ctrl = acct_ctrl; return NT_STATUS_OK; } NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs) { - if (!obj || !logon_divs) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) @@ -831,19 +759,28 @@ NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs) return NT_STATUS_OK; } -NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, uint32 hours_len, const uint8 *hours) { - if (!hours_len || !obj) + if (!obj || !hours) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *hours_len = obj->data.user->hours_len; + obj->data.user->hours_len = hours_len; + if (hours_len == 0) + DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n")); + + obj->data.user->hours = (uint8 *)talloc(obj->mem_ctx, MAX_HOURS_LEN); + if (!(obj->data.user->hours)) + return NT_STATUS_NO_MEMORY; + if (hours_len) + memcpy(obj->data.user->hours, hours, hours_len); + return NT_STATUS_OK; } -NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len) +NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3) { if (!obj) return NT_STATUS_INVALID_PARAMETER; @@ -851,196 +788,206 @@ NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len) if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->hours_len = hours_len; + obj->data.user->unknown_3 = unknown_3; return NT_STATUS_OK; } -NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_bad_password_count(GUMS_OBJECT *obj, uint16 bad_password_count) { - if (!hours || !obj) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *hours = obj->data.user->hours; + obj->data.user->bad_password_count = bad_password_count; return NT_STATUS_OK; } -/* WARNING: always set hours_len before hours */ -NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours) +NTSTATUS gums_set_user_logon_count(GUMS_OBJECT *obj, uint16 logon_count) { - if (!obj || !hours) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - if (obj->data.user->hours_len == 0) - DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n")); - - obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len); - if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY; + obj->data.user->logon_count = logon_count; return NT_STATUS_OK; } -NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj) +NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6) { - if (!unknown_3 || !obj) + if (!obj) return NT_STATUS_INVALID_PARAMETER; if (obj->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_OBJECT_TYPE_MISMATCH; - *unknown_3 = obj->data.user->unknown_3; + obj->data.user->unknown_6 = unknown_6; return NT_STATUS_OK; } -NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; +/* Group specific functions */ - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; +const DOM_SID *gums_get_group_members(int *count, const GUMS_OBJECT *obj) +{ + if (!count || !obj || !(obj->type == GUMS_OBJ_GROUP || obj->type == GUMS_OBJ_ALIAS)) { + *count = -1; + return NULL; + } - obj->data.user->unknown_3 = unknown_3; - return NT_STATUS_OK; + *count = obj->data.group->count; + return obj->data.group->members; } -NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj) +NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members) { - if (!unknown_5 || !obj) + uint32 n; + + if (!obj || ((count > 0) && !members)) return NT_STATUS_INVALID_PARAMETER; - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (obj->type != GUMS_OBJ_GROUP && + obj->type != GUMS_OBJ_ALIAS) + return NT_STATUS_OBJECT_TYPE_MISMATCH; - *unknown_5 = obj->data.user->unknown_5; - return NT_STATUS_OK; -} + obj->data.group->count = count; -NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; + if (count) { + obj->data.group->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID)); + if (!(obj->data.group->members)) { + return NT_STATUS_NO_MEMORY; + } - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - obj->data.user->unknown_5 = unknown_5; + n = 0; + do { + sid_copy(&(obj->data.group->members[n]), &(members[n])); + n++; + } while (n < count); + } else { + obj->data.group->members = 0; + } + return NT_STATUS_OK; } -NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj) -{ - if (!unknown_6 || !obj) - return NT_STATUS_INVALID_PARAMETER; +/* Privilege specific functions */ - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; +const LUID_ATTR *gums_get_priv_luid_attr(const GUMS_OBJECT *obj) +{ + if (!obj || obj->type != GUMS_OBJ_PRIVILEGE) + return NULL; - *unknown_6 = obj->data.user->unknown_6; - return NT_STATUS_OK; + return obj->data.priv->privilege; } -NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6) +const DOM_SID *gums_get_priv_members(int *count, const GUMS_OBJECT *obj) { - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (!count || !obj || obj->type != GUMS_OBJ_PRIVILEGE) { + *count = -1; + return NULL; + } - obj->data.user->unknown_6 = unknown_6; - return NT_STATUS_OK; + *count = obj->data.priv->count; + return obj->data.priv->members; } -/* Group specific functions */ - -NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj) +NTSTATUS gums_set_priv_luid_attr(GUMS_OBJECT *obj, LUID_ATTR *luid_attr) { - if (!count || !members || !obj) + if (!luid_attr || !obj) return NT_STATUS_INVALID_PARAMETER; - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (obj->type != GUMS_OBJ_PRIVILEGE) + return NT_STATUS_OBJECT_TYPE_MISMATCH; - *count = obj->data.group->count; - *members = *(obj->data.group->members); + obj->data.priv->privilege = (LUID_ATTR *)talloc_memdup(obj->mem_ctx, luid_attr, sizeof(LUID_ATTR)); + if (!(obj->data.priv->privilege)) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; } -NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members) +NTSTATUS gums_set_priv_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members) { uint32 n; if (!obj || !members || !members) return NT_STATUS_INVALID_PARAMETER; - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + if (obj->type != GUMS_OBJ_PRIVILEGE) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + obj->data.priv->count = count; + obj->data.priv->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID)); + if (!(obj->data.priv->members)) + return NT_STATUS_NO_MEMORY; - obj->data.group->count = count; n = 0; do { - obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]); - if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY; + sid_copy(&(obj->data.priv->members[n]), &(members[n])); n++; } while (n < count); + return NT_STATUS_OK; } /* data_store set functions */ -NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type) +NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, DOM_SID *sid, uint32 type) { TALLOC_CTX *mem_ctx; - GUMS_COMMIT_SET *set; mem_ctx = talloc_init("commit_set"); if (mem_ctx == NULL) return NT_STATUS_NO_MEMORY; - set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET)); - if (set == NULL) { + + *com_set = (GUMS_COMMIT_SET *)talloc_zero(mem_ctx, sizeof(GUMS_COMMIT_SET)); + if (*com_set == NULL) { talloc_destroy(mem_ctx); return NT_STATUS_NO_MEMORY; } - set->mem_ctx = mem_ctx; - set->type = type; - sid_copy(&(set->sid), sid); - set->count = 0; - set->data = NULL; - *com_set = set; + (*com_set)->mem_ctx = mem_ctx; + (*com_set)->type = type; + sid_copy(&((*com_set)->sid), sid); return NT_STATUS_OK; } -NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) +NTSTATUS gums_cs_grow_data_set(GUMS_COMMIT_SET *com_set, int size) { GUMS_DATA_SET *data_set; - SEC_DESC *new_sec_desc; - - if (!mem_ctx || !com_set || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); + com_set->count = com_set->count + size; + if (com_set->count == size) { /* data set is empty*/ + data_set = (GUMS_DATA_SET *)talloc_zero(com_set->mem_ctx, sizeof(GUMS_DATA_SET)); } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); + data_set = (GUMS_DATA_SET *)talloc_realloc(com_set->mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); } if (data_set == NULL) return NT_STATUS_NO_MEMORY; - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); + com_set->data = data_set; + + return NT_STATUS_OK; +} + +NTSTATUS gums_cs_set_sec_desc(GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) +{ + NTSTATUS ret; + GUMS_DATA_SET *data_set; + SEC_DESC *new_sec_desc; + + if (!com_set || !sec_desc) + return NT_STATUS_INVALID_PARAMETER; + + if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) + return ret; + + data_set = &((com_set->data)[com_set->count - 1]); data_set->type = GUMS_SET_SEC_DESC; - new_sec_desc = dup_sec_desc(mem_ctx, sec_desc); + new_sec_desc = dup_sec_desc(com_set->mem_ctx, sec_desc); if (new_sec_desc == NULL) return NT_STATUS_NO_MEMORY; @@ -1050,87 +997,72 @@ NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC } /* -NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) +NTSTATUS gums_cs_add_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) { + NTSTATUS ret; GUMS_DATA_SET *data_set; LUID_ATTR *new_priv; - if (!mem_ctx || !com_set) + if (!com_set) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_ADD_PRIVILEGE; - if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) + return ret; (SEC_DESC *)(data_set->data) = new_priv; return NT_STATUS_OK; } -NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) +NTSTATUS gums_cs_del_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) { + NTSTATUS ret; GUMS_DATA_SET *data_set; LUID_ATTR *new_priv; - if (!mem_ctx || !com_set) + if (!com_set) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_DEL_PRIVILEGE; - if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) + return ret; (SEC_DESC *)(data_set->data) = new_priv; return NT_STATUS_OK; } -NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) +NTSTATUS gums_cs_set_privilege_set(GUMS_PRIV_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) { + NTSTATUS ret; GUMS_DATA_SET *data_set; PRIVILEGE_SET *new_priv_set; - if (!mem_ctx || !com_set || !priv_set) + if (!com_set || !priv_set) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; data_set = ((com_set->data)[com_set->count - 1]); data_set->type = GUMS_SET_PRIVILEGE; - if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set))) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = init_priv_set_with_ctx(com_set->mem_ctx, &new_priv_set))) + return ret; + + if (!NT_STATUS_IS_OK(ret = dup_priv_set(new_priv_set, priv_set))) + return ret; (SEC_DESC *)(data_set->data) = new_priv_set; @@ -1138,28 +1070,22 @@ NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set } */ -NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str) +NTSTATUS gums_cs_set_string(GUMS_COMMIT_SET *com_set, uint32 type, char *str) { + NTSTATUS ret; GUMS_DATA_SET *data_set; char *new_str; - if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) + if (!com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); + data_set = &((com_set->data)[com_set->count - 1]); data_set->type = type; - new_str = talloc_strdup(mem_ctx, str); + new_str = talloc_strdup(com_set->mem_ctx, str); if (new_str == NULL) return NT_STATUS_NO_MEMORY; @@ -1168,102 +1094,96 @@ NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3 return NT_STATUS_OK; } -NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name) +NTSTATUS gums_cs_set_name(GUMS_COMMIT_SET *com_set, char *name) { - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name); + return gums_cs_set_string(com_set, GUMS_SET_NAME, name); } -NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc) +NTSTATUS gums_cs_set_description(GUMS_COMMIT_SET *com_set, char *desc) { - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc); + return gums_cs_set_string(com_set, GUMS_SET_DESCRIPTION, desc); } -NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name) +NTSTATUS gums_cs_set_full_name(GUMS_COMMIT_SET *com_set, char *full_name) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name); + return gums_cs_set_string(com_set, GUMS_SET_NAME, full_name); } -NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir) +NTSTATUS gums_cs_set_home_directory(GUMS_COMMIT_SET *com_set, char *home_dir) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir); + return gums_cs_set_string(com_set, GUMS_SET_NAME, home_dir); } -NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive) +NTSTATUS gums_cs_set_drive(GUMS_COMMIT_SET *com_set, char *drive) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive); + return gums_cs_set_string(com_set, GUMS_SET_NAME, drive); } -NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script) +NTSTATUS gums_cs_set_logon_script(GUMS_COMMIT_SET *com_set, char *logon_script) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script); + return gums_cs_set_string(com_set, GUMS_SET_NAME, logon_script); } -NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path) +NTSTATUS gums_cs_set_profile_path(GUMS_COMMIT_SET *com_set, char *prof_path) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path); + return gums_cs_set_string(com_set, GUMS_SET_NAME, prof_path); } -NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks) +NTSTATUS gums_cs_set_workstations(GUMS_COMMIT_SET *com_set, char *wks) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks); + return gums_cs_set_string(com_set, GUMS_SET_NAME, wks); } -NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str) +NTSTATUS gums_cs_set_unknown_string(GUMS_COMMIT_SET *com_set, char *unkn_str) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str); + return gums_cs_set_string(com_set, GUMS_SET_NAME, unkn_str); } -NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial) +NTSTATUS gums_cs_set_munged_dial(GUMS_COMMIT_SET *com_set, char *munged_dial) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial); + return gums_cs_set_string(com_set, GUMS_SET_NAME, munged_dial); } -NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) +NTSTATUS gums_cs_set_nttime(GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) { + NTSTATUS ret; GUMS_DATA_SET *data_set; NTTIME *new_time; - if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) + if (!com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); + data_set = &((com_set->data)[com_set->count - 1]); data_set->type = type; - new_time = talloc(mem_ctx, sizeof(NTTIME)); + new_time = talloc(com_set->mem_ctx, sizeof(NTTIME)); if (new_time == NULL) return NT_STATUS_NO_MEMORY; @@ -1274,81 +1194,75 @@ NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint3 return NT_STATUS_OK; } -NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time) +NTSTATUS gums_cs_set_logon_time(GUMS_COMMIT_SET *com_set, NTTIME *logon_time) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time); + return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, logon_time); } -NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) +NTSTATUS gums_cs_set_logoff_time(GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time); + return gums_cs_set_nttime(com_set, GUMS_SET_LOGOFF_TIME, logoff_time); } -NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) +NTSTATUS gums_cs_set_kickoff_time(GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); + return gums_cs_set_nttime(com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); } -NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time) +NTSTATUS gums_cs_set_pass_last_set_time(GUMS_COMMIT_SET *com_set, NTTIME *pls_time) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time); + return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pls_time); } -NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) +NTSTATUS gums_cs_set_pass_can_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time); + return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pcc_time); } -NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) +NTSTATUS gums_cs_set_pass_must_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) { if (com_set->type != GUMS_OBJ_NORMAL_USER) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time); + return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pmc_time); } -NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +NTSTATUS gums_cs_add_sids_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) { + NTSTATUS ret; GUMS_DATA_SET *data_set; DOM_SID **new_sids; int i; - if (!mem_ctx || !com_set || !sids) + if (!com_set || !sids) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); + data_set = &((com_set->data)[com_set->count - 1]); data_set->type = GUMS_ADD_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); + new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); if (new_sids == NULL) return NT_STATUS_NO_MEMORY; for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); + new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); if (new_sids[i] == NULL) return NT_STATUS_NO_MEMORY; } @@ -1358,55 +1272,49 @@ NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set return NT_STATUS_OK; } -NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +NTSTATUS gums_cs_add_users_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) { - if (!mem_ctx || !com_set || !sids) + if (!com_set || !sids) return NT_STATUS_INVALID_PARAMETER; if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); + return gums_cs_add_sids_to_group(com_set, sids, count); } -NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +NTSTATUS gums_cs_add_groups_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) { - if (!mem_ctx || !com_set || !sids) + if (!com_set || !sids) return NT_STATUS_INVALID_PARAMETER; if (com_set->type != GUMS_OBJ_ALIAS) return NT_STATUS_INVALID_PARAMETER; - return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); + return gums_cs_add_sids_to_group(com_set, sids, count); } -NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +NTSTATUS gums_cs_del_sids_from_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) { + NTSTATUS ret; GUMS_DATA_SET *data_set; DOM_SID **new_sids; int i; - if (!mem_ctx || !com_set || !sids) + if (!com_set || !sids) return NT_STATUS_INVALID_PARAMETER; if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); + data_set = &((com_set->data)[com_set->count - 1]); data_set->type = GUMS_DEL_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); + new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); if (new_sids == NULL) return NT_STATUS_NO_MEMORY; for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); + new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); if (new_sids[i] == NULL) return NT_STATUS_NO_MEMORY; } @@ -1416,35 +1324,29 @@ NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_s return NT_STATUS_OK; } -NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) +NTSTATUS gums_ds_set_sids_in_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) { + NTSTATUS ret; GUMS_DATA_SET *data_set; DOM_SID **new_sids; int i; - if (!mem_ctx || !com_set || !sids) + if (!com_set || !sids) return NT_STATUS_INVALID_PARAMETER; if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) return NT_STATUS_INVALID_PARAMETER; - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) + return ret; - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); + data_set = &((com_set->data)[com_set->count - 1]); data_set->type = GUMS_SET_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); + new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); if (new_sids == NULL) return NT_STATUS_NO_MEMORY; for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); + new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); if (new_sids[i] == NULL) return NT_STATUS_NO_MEMORY; } @@ -1454,10 +1356,16 @@ NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set return NT_STATUS_OK; } - NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) { - return gums_storage->set_object_values(&(set->sid), set->count, set->data); + NTSTATUS ret; + GUMS_FUNCTIONS *fns; + + if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) { + DEBUG(0, ("gums_commit_data: unable to get gums functions! backend uninitialized?\n")); + return ret; + } + return fns->set_object_values(&(set->sid), set->count, set->data); } NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set) diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c index c22e6cf7ff..15486d094c 100644 --- a/source3/sam/gums_helper.c +++ b/source3/sam/gums_helper.c @@ -20,9 +20,8 @@ #include "includes.h" -extern GUMS_FUNCTIONS *gums_storage; - extern DOM_SID global_sid_World; +extern DOM_SID global_sid_Builtin; extern DOM_SID global_sid_Builtin_Administrators; extern DOM_SID global_sid_Builtin_Power_Users; extern DOM_SID global_sid_Builtin_Account_Operators; @@ -37,7 +36,7 @@ extern DOM_SID global_sid_Builtin_Guests; /* defines */ #define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) +#define NTSTATUS_CHECK(err, label, str1, str2) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s\n", str1, str2)); } } while(0) /**************************************************************************** Check if a user is a mapped group. @@ -75,224 +74,6 @@ NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) } #endif -/**************************************************************************** - duplicate alloc luid_attr - ****************************************************************************/ -NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la) -{ - *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR)); - if (*new_la == NULL) { - DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n")); - return NT_STATUS_NO_MEMORY; - } - - (*new_la)->luid.high = old_la.luid.high; - (*new_la)->luid.low = old_la.luid.low; - (*new_la)->attr = old_la.attr; - - return NT_STATUS_OK; -} - -/**************************************************************************** - initialise a privilege list - ****************************************************************************/ -void gums_init_privilege(PRIVILEGE_SET *priv_set) -{ - priv_set->count=0; - priv_set->control=0; - priv_set->set=NULL; -} - -/**************************************************************************** - add a privilege to a privilege array - ****************************************************************************/ -NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) -{ - LUID_ATTR *new_set; - - /* check if the privilege is not already in the list */ - if (gums_check_priv_in_privilege(priv_set, set)) - return NT_STATUS_UNSUCCESSFUL; - - /* we can allocate memory to add the new privilege */ - - new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n")); - return NT_STATUS_NO_MEMORY; - } - - new_set[priv_set->count].luid.high=set.luid.high; - new_set[priv_set->count].luid.low=set.luid.low; - new_set[priv_set->count].attr=set.attr; - - priv_set->count++; - priv_set->set=new_set; - - return NT_STATUS_OK; -} - -/**************************************************************************** - add all the privileges to a privilege array - ****************************************************************************/ -NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx) -{ - NTSTATUS result = NT_STATUS_OK; - LUID_ATTR set; - - set.attr=0; - set.luid.high=0; - - set.luid.low=SE_PRIV_ADD_USERS; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - - set.luid.low=SE_PRIV_ADD_MACHINES; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - - set.luid.low=SE_PRIV_PRINT_OPERATOR; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - -done: - return result; -} - -/**************************************************************************** - check if the privilege list is empty - ****************************************************************************/ -BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set) -{ - return (priv_set->count == 0); -} - -/**************************************************************************** - check if the privilege is in the privilege list - ****************************************************************************/ -BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) -{ - int i; - - /* if the list is empty, obviously we can't have it */ - if (gums_check_empty_privilege(priv_set)) - return False; - - for (i=0; i<priv_set->count; i++) { - LUID_ATTR *cur_set; - - cur_set=&priv_set->set[i]; - /* check only the low and high part. Checking the attr field has no meaning */ - if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) ) - return True; - } - - return False; -} - -/**************************************************************************** - remove a privilege from a privilege array - ****************************************************************************/ -NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) -{ - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i,j; - - /* check if the privilege is in the list */ - if (!gums_check_priv_in_privilege(priv_set, set)) - return NT_STATUS_UNSUCCESSFUL; - - /* special case if it's the only privilege in the list */ - if (priv_set->count==1) { - gums_init_privilege(priv_set); - return NT_STATUS_OK; - } - - /* - * the privilege is there, create a new list, - * and copy the other privileges - */ - - old_set = priv_set->set; - - new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); - return NT_STATUS_NO_MEMORY; - } - - for (i=0, j=0; i<priv_set->count; i++) { - if ((old_set[i].luid.low == set.luid.low) && - (old_set[i].luid.high == set.luid.high)) { - continue; - } - - new_set[j].luid.low = old_set[i].luid.low; - new_set[j].luid.high = old_set[i].luid.high; - new_set[j].attr = old_set[i].attr; - - j++; - } - - if (j != priv_set->count - 1) { - DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); - DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); - return NT_STATUS_INTERNAL_ERROR; - } - - /* ok everything is fine */ - - priv_set->count--; - priv_set->set=new_set; - - return NT_STATUS_OK; -} - -/**************************************************************************** - duplicates a privilege array - ****************************************************************************/ -NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set) -{ - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i; - - *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET)); - gums_init_privilege(*new_priv_set); - - /* special case if there are no privileges in the list */ - if (priv_set->count == 0) { - return NT_STATUS_OK; - } - - /* - * create a new list, - * and copy the other privileges - */ - - old_set = priv_set->set; - - new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i < priv_set->count; i++) { - - new_set[i].luid.low = old_set[i].luid.low; - new_set[i].luid.high = old_set[i].luid.high; - new_set[i].attr = old_set[i].attr; - } - - (*new_priv_set)->count = priv_set->count; - (*new_priv_set)->control = priv_set->control; - (*new_priv_set)->set = new_set; - - return NT_STATUS_OK; -} - #define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013 #define ALIAS_DEFAULT_DACL_SA_RIGHTS \ (READ_CONTROL_ACCESS | \ @@ -302,7 +83,6 @@ NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PR #define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ -#if 0 NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) { DOM_SID *world = &global_sid_World; @@ -334,7 +114,7 @@ NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX * return NT_STATUS_NO_MEMORY; } - *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize); + *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, admins, admins, sacl, dacl, &psize); if (!(*sec_desc)) { DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); return NT_STATUS_NO_MEMORY; @@ -363,248 +143,243 @@ NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID * return result; } -NTSTATUS gums_init_builtin_groups(void) +NTSTATUS gums_make_domain(DOM_SID *sid, const char *name, const char *description) { - NTSTATUS result; - GUMS_OBJECT g_obj; - GUMS_GROUP *g_grp; - GUMS_PRIVILEGE g_priv; - - /* Build the well known Builtin Local Groups */ - g_obj.type = GUMS_OBJ_GROUP; - g_obj.version = 1; - g_obj.seq_num = 0; - g_obj.mem_ctx = talloc_init("gums_init_backend_acct"); - if (g_obj.mem_ctx == NULL) { - DEBUG(0, ("gums_init_backend: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } + NTSTATUS ret; + GUMS_OBJECT *go; + GUMS_FUNCTIONS *fns; - /* Administrators * / + if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) + return ret; - /* alloc group structure */ - g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP)); - ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done); + if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_DOMAIN))) + return ret; - /* make admins sid */ - g_grp = (GUMS_GROUP *)g_obj.data.group; - sid_copy(g_obj.sid, &global_sid_Builtin_Administrators); + ret = gums_set_object_sid(go, sid); + NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - /* make security descriptor */ - result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx); - NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done); + ret = gums_set_object_name(go, name); + NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - /* make privilege set */ - /* From BDC join trace: - SeSecurityPrivilege - SeBackupPrivilege - SeRestorePrivilege - SeSystemtimePrivilege - SeShutdownPrivilege - SeRemoteShutdownPrivilege - SeTakeOwnershipPrivilege - SeDebugPrivilege - SeSystemEnvironmentPrivilege - SeSystemProfilePrivilege - SeProfileSingleProcessPrivilege - SeIncreaseBasePriorityPrivilege - SeLocalDriverPrivilege - SeCreatePagefilePrivilege - SeIncreaseQuotaPrivilege - */ + if (description) { + ret = gums_set_object_description(go, description); + NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); + } - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + /* make security descriptor * / + ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); + NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); + */ - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + ret = fns->set_object(go); - /* numebr of group members */ - g_grp->count = 0; - g_grp->members = NULL; +done: + gums_destroy_object(&go); + return ret; +} - /* store Administrators group */ - result = gums_storage->set_object(&g_obj); +NTSTATUS gums_make_alias(DOM_SID *sid, const char *name, const char *description) +{ + NTSTATUS ret; + GUMS_OBJECT *go; + GUMS_FUNCTIONS *fns; - /* Power Users */ - /* Domain Controllers Does NOT have power Users */ + if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) + return ret; - sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users); + if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_ALIAS))) + return ret; - /* make privilege set */ - /* SE_PRIV_??? */ + ret = gums_set_object_sid(go, sid); + NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + ret = gums_set_object_name(go, name); + NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - /* set description */ -/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + if (description) { + ret = gums_set_object_description(go, description); + NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); + } - /* store Power Users group */ - result = gums_storage->set_object(&g_obj); + /* make security descriptor * / + ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); + NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); + */ - /* Account Operators */ + ret = fns->set_object(go); - sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators); +done: + gums_destroy_object(&go); + return ret; +} - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ +NTSTATUS gums_init_domain(DOM_SID *sid, const char *name) +{ + NTSTATUS ret; + + /* Add the weelknown Builtin Domain */ + if (!NT_STATUS_IS_OK(ret = gums_make_domain( + sid, + name, + NULL + ))) { + return ret; + } - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); + /* Add default users and groups */ + /* Administrator + Guest + Domain Administrators + Domain Users + Domain Guests + */ - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + return ret; +} - /* store Account Operators group */ - result = gums_storage->set_object(&g_obj); +NTSTATUS gums_init_builtin_domain(void) +{ + NTSTATUS ret; - /* Server Operators */ + generate_wellknown_sids(); - sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators); + /* Add the weelknown Builtin Domain */ + if (!NT_STATUS_IS_OK(ret = gums_make_domain( + &global_sid_Builtin, + "BUILTIN", + "Builtin Domain" + ))) { + return ret; + } - /* make privilege set */ + /* Add the well known Builtin Local Groups */ + + /* Administrators */ + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Administrators, + "Administrators", + "Members can fully administer the computer/domain" + ))) { + return ret; + } + /* Administrator privilege set */ /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeSystemtimePrivilege - SeShutdownPrivilege - SeRemoteShutdownPrivilege + SeSecurityPrivilege, SeBackupPrivilege, SeRestorePrivilege, + SeSystemtimePrivilege, SeShutdownPrivilege, + SeRemoteShutdownPrivilege, SeTakeOwnershipPrivilege, + SeDebugPrivilege, SeSystemEnvironmentPrivilege, + SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, + SeIncreaseBasePriorityPrivilege, SeLocalDriverPrivilege, + SeCreatePagefilePrivilege, SeIncreaseQuotaPrivilege */ - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Server Operators group */ - result = gums_storage->set_object(&g_obj); + /* Power Users */ + /* Domain Controllers Does NOT have Power Users (?) */ + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Power_Users, + "Power Users", + "Power Users" + ))) { + return ret; + } - /* Print Operators */ + /* Power Users privilege set */ + /* (?) */ - sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators); + /* Account Operators */ + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Account_Operators, + "Account Operators", + "Members can administer domain user and group accounts" + ))) { + return ret; + } /* make privilege set */ /* From BDC join trace: SeShutdownPrivilege */ - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Print Operators group */ - result = gums_storage->set_object(&g_obj); + /* Server Operators */ + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Server_Operators, + "Server Operators", + "Members can administer domain servers" + ))) { + return ret; + } - /* Backup Operators */ + /* make privilege set */ + /* From BDC join trace: + SeBackupPrivilege, SeRestorePrivilege, SeSystemtimePrivilege, + SeShutdownPrivilege, SeRemoteShutdownPrivilege + */ - sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators); + /* Print Operators */ + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Print_Operators, + "Print Operators", + "Members can administer domain printers" + ))) { + return ret; + } /* make privilege set */ /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege SeShutdownPrivilege */ - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); + /* Backup Operators */ + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Backup_Operators, + "Backup Operators", + "Members can bypass file security to backup files" + ))) { + return ret; + } - /* store Backup Operators group */ - result = gums_storage->set_object(&g_obj); + /* make privilege set */ + /* From BDC join trace: + SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege + */ /* Replicator */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Replicator); + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Replicator, + "Replicator", + "Supports file replication in a domain" + ))) { + return ret; + } /* make privilege set */ /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeShutdownPrivilege + SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege */ - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Replicator group */ - result = gums_storage->set_object(&g_obj); - /* Users */ + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Users, + "Users", + "Ordinary users" + ))) { + return ret; + } - sid_copy(g_obj.sid, &global_sid_Builtin_Users); - - /* add ACE to sec dsec dacl */ - sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); - sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Users group */ - result = gums_storage->set_object(&g_obj); + /* Users specific ACEs * / + sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); + sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); + */ /* Guests */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Guests); - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Guests group */ - result = gums_storage->set_object(&g_obj); - - /* set default privileges */ - g_priv.type = GUMS_OBJ_GROUP; - g_priv.version = 1; - g_priv.seq_num = 0; - g_priv.mem_ctx = talloc_init("gums_init_backend_priv"); - if (g_priv.mem_ctx == NULL) { - DEBUG(0, ("gums_init_backend: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(ret = gums_make_alias( + &global_sid_Builtin_Guests, + "Guests", + "Users granted guest access to the computer/domain" + ))) { + return ret; } - - -done: - talloc_destroy(g_obj.mem_ctx); - talloc_destroy(g_priv.mem_ctx); - return result; + return ret; } -#endif |