diff options
47 files changed, 3044 insertions, 2310 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 73931ef651..96ba7306d4 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -42,6 +42,9 @@ LMHOSTSFILE = $(LIBDIR)/lmhosts DRIVERFILE = $(LIBDIR)/printers.def PASSWD_PROGRAM = /bin/passwd SMB_PASSWD_FILE = $(BASEDIR)/private/smbpasswd +SMB_PASSGRP_FILE = $(BASEDIR)/private/smbpassgrp +SMB_GROUP_FILE = $(BASEDIR)/private/smbgroup +SMB_ALIAS_FILE = $(BASEDIR)/private/smbalias SMB_PASSWD_PROGRAM = $(BASEDIR)/bin/smbpasswd # This is where SWAT images and help files go @@ -64,7 +67,13 @@ CODEPAGELIST= 437 737 850 852 861 932 866 949 950 936 SMBRUN = $(BINDIR)/smbrun -PASSWD_FLAGS = -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DSMB_PASSWD_PROGRAM=\"$(SMB_PASSWD_PROGRAM)\" +PASSWD_FLAGS = \ + -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" \ + -DSMB_PASSWD_PROGRAM=\"$(SMB_PASSWD_PROGRAM)\" \ + -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \ + -DSMB_PASSGRP_FILE=\"$(SMB_PASSGRP_FILE)\" \ + -DSMB_GROUP_FILE=\"$(SMB_GROUP_FILE)\" \ + -DSMB_ALIAS_FILE=\"$(SMB_ALIAS_FILE)\" FLAGS1 = $(CFLAGS) -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper -DSMBLOGFILE=\"$(SMBLOGFILE)\" -DNMBLOGFILE=\"$(NMBLOGFILE)\" FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" FLAGS3 = -DSWATDIR=\"$(SWATDIR)\" -DSBINDIR=\"$(SBINDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" -DSMBRUN=\"$(SMBRUN)\" -DCODEPAGEDIR=\"$(CODEPAGEDIR)\" @@ -90,11 +99,11 @@ LIB_OBJ = lib/charcnv.o lib/charset.o lib/debug.o lib/fault.o \ lib/getsmbpass.o lib/interface.o lib/kanji.o lib/md4.o \ lib/membuffer.o lib/netmask.o lib/pidfile.o lib/replace.o \ lib/signal.o lib/slprintf.o lib/system.o lib/time.o lib/ufc.o \ - lib/genrand.o lib/username.o lib/access.o lib/smbrun.o \ - lib/bitmap.o lib/crc32.o lib/snprintf.o \ - lib/util_str.o lib/util_sid.o \ - lib/util_unistr.o lib/util_file.o \ - lib/util.o lib/util_sock.o + lib/util.o lib/genrand.o lib/username.o lib/access.o lib/smbrun.o \ + lib/bitmap.o lib/crc32.o lib/util_sid.o lib/snprintf.o \ + lib/util_str.o lib/util_unistr.o \ + lib/util_file.o mem_man/mem_man.o \ + lib/util_sock.o UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o ubiqx/debugparse.o @@ -106,12 +115,18 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/namequery.o libsmb/nmblib.o \ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/passchange.o -RPC_SERVER_OBJ = rpc_server/srv_lsa.o \ - rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o \ - rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o \ - rpc_server/srv_samr.o rpc_server/srv_srvsvc.o \ - rpc_server/srv_util.o rpc_server/srv_wkssvc.o \ - rpc_server/srv_pipe.o +RPC_SERVER_OBJ = \ + rpc_server/srv_sid.o \ + rpc_server/srv_lsa.o \ + rpc_server/srv_lsa_hnd.o \ + rpc_server/srv_netlog.o \ + rpc_server/srv_pipe_hnd.o \ + rpc_server/srv_reg.o \ + rpc_server/srv_samr.o \ + rpc_server/srv_srvsvc.o \ + rpc_server/srv_pipe.o \ + rpc_server/srv_lookup.o \ + rpc_server/srv_wkssvc.o RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_misc.o \ rpc_parse/parse_net.o rpc_parse/parse_prs.o \ @@ -122,19 +137,24 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_misc.o \ RPC_CLIENT_OBJ = \ rpc_client/cli_login.o \ rpc_client/cli_netlogon.o \ + rpc_client/cli_reg.o \ rpc_client/cli_pipe.o \ rpc_client/cli_lsarpc.o \ rpc_client/cli_wkssvc.o \ rpc_client/cli_srvsvc.o \ - rpc_client/cli_reg.o \ rpc_client/cli_samr.o LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \ locking/shmem.o locking/shmem_sysv.o +GROUPDB_OBJ = groupdb/groupdb.o groupdb/groupfile.o \ + groupdb/aliasdb.o groupdb/aliasfile.o + PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o \ - passdb/pass_check.o passdb/ldap.o passdb/nispass.o passdb/smbpasschange.o + passdb/pass_check.o passdb/ldap.o passdb/nispass.o \ + passdb/passgrp.o passdb/smbpassgroup.o \ + passdb/smbpasschange.o SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \ @@ -142,13 +162,15 @@ SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ smbd/message.o smbd/nttrans.o smbd/pipes.o smbd/predict.o \ smbd/$(QUOTAOBJS) smbd/reply.o smbd/ssl.o smbd/trans2.o smbd/uid.o \ smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o smbd/blocking.o \ - smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o + smbd/process.o smbd/oplock.o smbd/service.o smbd/error.o \ + smbd/groupname.o PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/printing.o SMBD_OBJ = $(SMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ - $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(LIB_OBJ) + $(LOCKING_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(PRINTING_OBJ) \ + $(LIB_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ @@ -192,7 +214,8 @@ TESTPARM_OBJ = utils/testparm.o \ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ $(LIB_OBJ) -SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ +SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ + $(PASSDB_OBJ) \ $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) RPCCLIENT_OBJ = rpcclient/rpcclient.o \ @@ -204,7 +227,8 @@ RPCCLIENT_OBJ = rpcclient/rpcclient.o \ rpcclient/cmd_srvsvc.o \ rpcclient/cmd_netlogon.o \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ - $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) + $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ + $(PASSDB_OBJ) SMBWRAPPER_OBJ = smbwrapper/smbw.o smbwrapper/wrapped.o \ smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \ @@ -238,7 +262,8 @@ RPCTORTURE_OBJ = utils/rpctorture.o \ rpcclient/cmd_srvsvc.o \ rpcclient/cmd_netlogon.o \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ - $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) + $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ + $(PASSDB_OBJ) DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o diff --git a/source3/configure b/source3/configure index 0cd5e39d74..0ec5ebb0b3 100755 --- a/source3/configure +++ b/source3/configure @@ -1532,7 +1532,7 @@ else fi done -for ac_hdr in compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h rpc/clnt.h +for ac_hdr in compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 diff --git a/source3/configure.in b/source3/configure.in index 5030c7ffe9..55fe56fe9e 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -30,7 +30,7 @@ AC_HEADER_TIME AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h) AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h) -AC_CHECK_HEADERS(compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h rpc/clnt.h) +AC_CHECK_HEADERS(compat.h rpc/rpc.h rpc/types.h rpc/xdr.h rpc/auth.h ) AC_CHECK_HEADERS(rpcsvc/yp_prot.h rpcsvc/ypclnt.h sys/param.h ctype.h ) AC_CHECK_HEADERS(sys/wait.h sys/resource.h sys/ioctl.h sys/mode.h) AC_CHECK_HEADERS(sys/filio.h string.h strings.h stdlib.h sys/socket.h) diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c index 4b8bbe3079..fc87b47c47 100644 --- a/source3/groupdb/aliasfile.c +++ b/source3/groupdb/aliasfile.c @@ -130,24 +130,36 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members { DOM_SID sid; uint8 type; + BOOL found = False; - if (lookup_sid(name, &sid, &type)) + if (strnequal(name, "S-", 2)) { - (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); - (*num_mem)++; + /* sid entered directly */ + string_to_sid(&sid, name); + found = lookup_name(&sid, name, &type) == 0x0; } else { + found = lookup_sid(name, &sid, &type) == 0x0; + } + + if (!found) + { DEBUG(0,("alias database: could not resolve alias named %s\n", name)); continue; } + + (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); + if ((*members) == NULL) { return NULL; } - fstrcpy((*members)[(*num_mem)-1].name, name); - (*members)[(*num_mem)-1].sid_use = type; - sid_copy(&(*members)[(*num_mem)-1].sid, &sid); + + fstrcpy((*members)[*num_mem].name, name); + (*members)[*num_mem].sid_use = type; + sid_copy(&(*members)[*num_mem].sid, &sid); + (*num_mem)++; } return p; } diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c index 88d362e7d4..8044071391 100644 --- a/source3/groupdb/groupfile.c +++ b/source3/groupdb/groupfile.c @@ -26,6 +26,9 @@ extern int DEBUGLEVEL; static char s_readbuf[1024]; +extern DOM_SID global_sam_sid; +extern fstring global_sam_name; + /*************************************************************** Start to enumerate the grppasswd list. Returns a void pointer to ensure no modification outside this module. @@ -128,11 +131,36 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member while (next_token(&p, name, ",", sizeof(fstring))) { + DOM_SID sid; + uint8 type; + BOOL found = False; + + if (isdigit(name)) + { + uint32 rid = get_number(name); + sid_copy(&sid, &global_sam_sid); + sid_append_rid(&sid, rid); + + found = lookup_name(&sid, name, &type) == 0x0; + } + else + { + found = lookup_sid(name, &sid, &type) == 0x0; + } + + if (!found) + { + DEBUG(0,("alias database: could not resolve name %s in domain %s\n", + name, global_sam_name)); + continue; + } + (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER)); if ((*members) == NULL) { return NULL; } + fstrcpy((*members)[(*num_mem)].name, name); (*members)[(*num_mem)].attr = 0x07; (*num_mem)++; diff --git a/source3/include/config.h.in b/source3/include/config.h.in index 01bc2ee0d8..49379cfe9c 100644 --- a/source3/include/config.h.in +++ b/source3/include/config.h.in @@ -633,9 +633,6 @@ /* Define if you have the <rpc/auth.h> header file. */ #undef HAVE_RPC_AUTH_H -/* Define if you have the <rpc/clnt.h> header file. */ -#undef HAVE_RPC_CLNT_H - /* Define if you have the <rpc/rpc.h> header file. */ #undef HAVE_RPC_RPC_H diff --git a/source3/include/proto.h b/source3/include/proto.h index d1aa8383c2..329903f787 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -17,6 +17,54 @@ void cmd_tar(void); int process_tar(void); int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); +/*The following definitions come from groupdb/aliasdb.c */ + +BOOL initialise_alias_db(void); +LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als); +BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss); +BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss); +void *startaliasent(BOOL update); +void endaliasent(void *vp); +LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL add_alias_entry(LOCAL_GRP *newals); +BOOL mod_alias_entry(LOCAL_GRP* als); +LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss); +void aldb_init_als(LOCAL_GRP *als); + +/*The following definitions come from groupdb/aliasfile.c */ + +struct aliasdb_ops *file_initialise_alias_db(void); + +/*The following definitions come from groupdb/groupdb.c */ + +BOOL initialise_group_db(void); +DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); +BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp); +BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps); +BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps); +void *startgroupent(BOOL update); +void endgroupent(void *vp); +DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem); +BOOL add_group_entry(DOMAIN_GRP *newgrp); +BOOL mod_group_entry(DOMAIN_GRP* grp); +DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem); +BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps); +void gpdb_init_grp(DOMAIN_GRP *grp); + +/*The following definitions come from groupdb/groupfile.c */ + +struct groupdb_ops *file_initialise_group_db(void); + /*The following definitions come from lib/access.c */ BOOL allow_access(char *deny_list,char *allow_list, @@ -49,6 +97,7 @@ uint32 crc32_calc_buffer( uint32 count, char *buffer); /*The following definitions come from lib/debug.c */ +BOOL dbg_interactive(void); void sig_usr2( int sig ); void sig_usr1( int sig ); void setup_logging( char *pname, BOOL interactive ); @@ -208,6 +257,7 @@ BOOL user_in_list(char *user,char *list); char *tmpdir(void); BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups); +int get_number(char *tmp); char *Atoic(char *p, int *n, char *c); char *get_numlist(char *p, uint32 **num, int *count); void putip(void *dest,void *src); @@ -454,6 +504,7 @@ BOOL cli_establish_connection(struct cli_state *cli, struct nmb_name *calling, struct nmb_name *called, char *service, char *service_type, BOOL do_shutdown, BOOL do_tcon); +BOOL cli_connect_serverlist(struct cli_state *cli, char *p); int cli_printjob_del(struct cli_state *cli, int job); int cli_print_queue(struct cli_state *cli, void (*fn)(struct print_job_info *)); @@ -487,7 +538,7 @@ BOOL name_status(int fd,char *name,int name_type,BOOL recurse, struct in_addr *name_query(int fd,const char *name,int name_type, BOOL bcast,BOOL recurse, struct in_addr to_ip, int *count, void (*fn)(struct packet_struct *)); FILE *startlmhosts(char *fname); -BOOL getlmhostsent( FILE *fp, char *name, int *name_type, struct in_addr *ipaddr); +BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr); void endlmhosts(FILE *fp); BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type); BOOL find_master_ip(char *group, struct in_addr *master_ip); @@ -595,6 +646,23 @@ struct shmem_ops *smb_shm_open(int ronly); struct shmem_ops *sysv_shm_open(int ronly); +/*The following definitions come from mem_man/mem_man.c */ + +void *smb_mem_malloc(size_t size,char *file,int line); +char *smb_mem_strdup(char *s, char *file, int line); +int smb_mem_free(void *ptr,char *file,int line); +void smb_mem_write_info(void *ptr,FILE *outfile); +size_t smb_mem_query_size(void *ptr); +size_t smb_mem_query_real_size(void *ptr); +char *smb_mem_query_file(void *ptr); +int smb_mem_query_line(void *ptr); +int smb_mem_test(void *ptr); +void smb_mem_write_status(FILE *outfile); +void smb_mem_write_verbose(FILE *outfile); +void smb_mem_write_errors(FILE *outfile); +void smb_mem_set_multiplier(int multiplier); +void *smb_mem_resize(void *ptr,size_t newsize); + /*The following definitions come from nmbd/asyncdns.c */ int asyncdns_fd(void); @@ -939,6 +1007,9 @@ char *lp_logfile(void); char *lp_smbrun(void); char *lp_configfile(void); char *lp_smb_passwd_file(void); +char *lp_smb_passgrp_file(void); +char *lp_smb_group_file(void); +char *lp_smb_alias_file(void); char *lp_serverstring(void); char *lp_printcapname(void); char *lp_lockdir(void); @@ -953,6 +1024,7 @@ char *lp_passwordserver(void); char *lp_name_resolve_order(void); char *lp_workgroup(void); char *lp_username_map(void); +char *lp_aliasname_map(void); char *lp_groupname_map(void); char *lp_logon_script(void); char *lp_logon_path(void); @@ -967,11 +1039,6 @@ char *lp_nis_home_map_name(void); char *lp_netbios_aliases(void); char *lp_driverfile(void); char *lp_panic_action(void); -char *lp_domain_groups(void); -char *lp_domain_admin_group(void); -char *lp_domain_guest_group(void); -char *lp_domain_admin_users(void); -char *lp_domain_guest_users(void); char *lp_ldap_server(void); char *lp_ldap_suffix(void); char *lp_ldap_filter(void); @@ -1174,7 +1241,7 @@ BOOL pass_check(char *user,char *password, int pwlen, struct passwd *pwd, /*The following definitions come from passdb/passdb.c */ -BOOL initialize_password_db(void); +BOOL initialise_password_db(void); struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid); struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid); struct smb_passwd *iterate_getsmbpwnam(char *name); @@ -1193,32 +1260,60 @@ struct sam_disp_info *getsamdisprid(uint32 rid); struct sam_passwd *getsam21pwent(void *vp); struct sam_passwd *getsam21pwnam(char *name); struct sam_passwd *getsam21pwrid(uint32 rid); -void pdb_init_smb(struct smb_passwd *user); -void pdb_init_sam(struct sam_passwd *user); -struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user); -struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user); -struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user); -char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); -uint16 pdb_decode_acct_ctrl(char *p); -time_t pdb_get_last_set_time(char *p); -void pdb_set_logon_time(char *p, int max_len, time_t t); -void pdb_set_logoff_time(char *p, int max_len, time_t t); -void pdb_set_kickoff_time(char *p, int max_len, time_t t); -void pdb_set_can_change_time(char *p, int max_len, time_t t); -void pdb_set_must_change_time(char *p, int max_len, time_t t); -void pdb_set_last_set_time(char *p, int max_len, time_t t); -void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl); -BOOL pdb_gethexpwd(char *p, char *pwd); -BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid); -BOOL pdb_generate_sam_sid(void); -uid_t pdb_user_rid_to_uid(uint32 user_rid); -uint32 pdb_uid_to_user_rid(uid_t uid); -uint32 pdb_gid_to_group_rid(gid_t gid); -BOOL pdb_rid_is_user(uint32 rid); +void pwdb_init_smb(struct smb_passwd *user); +void pwdb_init_sam(struct sam_passwd *user); +struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user); +struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user); +struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user); +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length); +uint16 pwdb_decode_acct_ctrl(char *p); +time_t pwdb_get_last_set_time(char *p); +void pwdb_set_logon_time(char *p, int max_len, time_t t); +void pwdb_set_logoff_time(char *p, int max_len, time_t t); +void pwdb_set_kickoff_time(char *p, int max_len, time_t t); +void pwdb_set_can_change_time(char *p, int max_len, time_t t); +void pwdb_set_must_change_time(char *p, int max_len, time_t t); +void pwdb_set_last_set_time(char *p, int max_len, time_t t); +void pwdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl); +BOOL pwdb_gethexpwd(char *p, char *pwd); +uid_t pwdb_user_rid_to_uid(uint32 user_rid); +uint32 pwdb_uid_to_user_rid(uid_t uid); +uint32 pwdb_gid_to_group_rid(gid_t gid); +gid_t pwdb_group_rid_to_gid(uint32 group_rid); +uint32 pwdb_gid_to_alias_rid(gid_t gid); +gid_t pwdb_alias_rid_to_gid(uint32 alias_rid); +BOOL pwdb_rid_is_user(uint32 rid); + +/*The following definitions come from passdb/passgrp.c */ + +BOOL initialise_passgrp_db(void); +struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *iterate_getsmbgrpnam(char *name, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +void *startsmbgrpent(BOOL update); +void endsmbgrpent(void *vp); +struct smb_passwd *getsmbgrpent(void *vp, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *getsmbgrpnam(char *name, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *getsmbgrprid(uint32 user_rid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); +struct smb_passwd *getsmbgrpuid(uid_t smb_userid, + uint32 **grps, int *num_grps, + uint32 **alss, int *num_alss); /*The following definitions come from passdb/smbpass.c */ -struct passdb_ops *file_initialize_password_db(void); +struct passdb_ops *file_initialise_password_db(void); /*The following definitions come from passdb/smbpasschange.c */ @@ -1230,8 +1325,6 @@ BOOL local_password_change(char *user_name, BOOL trust_account, BOOL add_user, /*The following definitions come from passdb/smbpassfile.c */ -BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth); -BOOL pw_file_unlock(int fd, int *plock_depth); BOOL trust_password_lock( char *domain, char *name, BOOL update); BOOL trust_password_unlock(void); BOOL trust_password_delete( char *domain, char *name ); @@ -1239,6 +1332,10 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t BOOL set_trust_account_password( unsigned char *md4_new_pwd); BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *myname); +/*The following definitions come from passdb/smbpassgroup.c */ + +struct passgrp_ops *file_initialise_password_grp(void); + /*The following definitions come from printing/pcap.c */ BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname); @@ -1808,7 +1905,7 @@ void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struc void make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol, uint32 size); void samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_struct *ps, int depth); void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, - uint32 num_sam_entries, SAM_USER_INFO_21 grps[MAX_SAM_ENTRIES], + uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status); void samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth); void make_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_e, POLICY_HND *pol, @@ -1828,7 +1925,7 @@ void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, void samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth); void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, uint32 start_idx, uint32 num_sam_entries, - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES], + DOMAIN_GRP *grp, uint32 status); void samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth); void make_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_e, @@ -1845,7 +1942,7 @@ void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u, void samr_io_r_lookup_ids(char *desc, SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, int depth); void samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth); void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, - uint32 num_rids, uint32 *rid, uint32 status); + uint32 num_rids, uint32 *rid, uint8 *type, uint32 status); void samr_io_r_lookup_names(char *desc, SAMR_R_LOOKUP_NAMES *r_u, prs_struct *ps, int depth); void samr_io_q_unknown_12(char *desc, SAMR_Q_UNKNOWN_12 *q_u, prs_struct *ps, int depth); void make_samr_r_unknown_12(SAMR_R_UNKNOWN_12 *r_u, @@ -2051,6 +2148,37 @@ void make_wks_r_query_info(WKS_R_QUERY_INFO *r_u, int status) ; void wks_io_r_query_info(char *desc, WKS_R_QUERY_INFO *r_u, prs_struct *ps, int depth); +/*The following definitions come from rpc_server/srv_lookup.c */ + +int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids); +int get_domain_user_groups(DOMAIN_GRP_MEMBER **grp_members, uint32 group_rid); +uint32 lookup_builtin_names(DOM_SID *sid, char *name, uint8 *type); +uint32 lookup_added_name(DOM_SID *sid, char *name, uint8 *type); +uint32 lookup_name(DOM_SID *sid, char *name, uint8 *type); +uint32 lookup_wk_group_name(DOM_SID *sid, char *group_name, uint8 *type); +uint32 lookup_group_name(DOM_SID *sid, char *group_name, uint8 *type); +uint32 lookup_wk_alias_name(DOM_SID *sid, char *alias_name, uint8 *type); +uint32 lookup_alias_name(DOM_SID *sid, char *alias_name, uint8 *type); +uint32 lookup_wk_user_name(DOM_SID *sid, char *user_name, uint8 *type); +uint32 lookup_user_name(DOM_SID *sid, char *user_name, uint8 *type); +uint32 lookup_group_rid(char *group_name, uint32 *rid, uint8 *type); +uint32 lookup_wk_group_rid(char *group_name, uint32 *rid, uint8 *type); +uint32 lookup_alias_sid(char *alias_name, DOM_SID *sid, uint8 *type); +uint32 lookup_alias_rid(char *alias_name, uint32 *rid, uint8 *type); +uint32 lookup_wk_alias_sid(char *alias_name, DOM_SID *sid, uint8 *type); +uint32 lookup_wk_alias_rid(char *alias_name, uint32 *rid, uint8 *type); +uint32 lookup_sid(char *name, DOM_SID *sid, uint8 *type); +uint32 lookup_added_user_rids(char *user_name, + uint32 *usr_rid, uint32 *grp_rid); +uint32 lookup_added_user_rid(char *user_name, uint32 *rid, uint8 *type); +uint32 lookup_wk_user_rid(char *user_name, uint32 *rid, uint8 *type); +uint32 lookup_added_grp_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_builtin_grp_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_grp_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_user_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_rid(char *name, uint32 *rid, uint8 *type); +uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid); + /*The following definitions come from rpc_server/srv_lsa.c */ BOOL api_ntlsa_rpc(pipes_struct *p, prs_struct *data); @@ -2103,20 +2231,18 @@ BOOL api_reg_rpc(pipes_struct *p, prs_struct *data); BOOL api_samr_rpc(pipes_struct *p, prs_struct *data); -/*The following definitions come from rpc_server/srv_srvsvc.c */ +/*The following definitions come from rpc_server/srv_sid.c */ -BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data); +BOOL get_member_domain_sid(void); +void generate_wellknown_sids(void); +BOOL generate_sam_sid(void); +BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain); +BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain); +BOOL split_domain_name(char *fullname, char *domain, char *name); -/*The following definitions come from rpc_server/srv_util.c */ +/*The following definitions come from rpc_server/srv_srvsvc.c */ -int make_dom_gids(char *gids_str, DOM_GID **ppgids); -void get_domain_user_groups(char *domain_groups, char *user); -uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type); -uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type); -uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type); -uint32 lookup_group_rid(char *group_name, uint32 *rid); -uint32 lookup_alias_rid(char *alias_name, uint32 *rid); -uint32 lookup_user_rid(char *user_name, uint32 *rid); +BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data); /*The following definitions come from rpc_server/srv_wkssvc.c */ @@ -2355,6 +2481,17 @@ void file_chain_reset(void); void file_chain_save(void); void file_chain_restore(void); +/*The following definitions come from smbd/groupname.c */ + +BOOL map_group_sid_to_name(DOM_SID *psid, char *group_name, char *nt_domain); +BOOL map_alias_sid_to_name(DOM_SID *psid, char *alias_name, char *nt_domain); +BOOL map_group_name_to_sid(char *group_name, DOM_SID *psid); +BOOL map_alias_name_to_sid(char *alias_name, DOM_SID *psid); +BOOL map_gid_to_alias_sid(gid_t gid, DOM_SID *psid); +BOOL map_gid_to_group_sid( gid_t gid, DOM_SID *psid); +BOOL map_group_sid_to_gid( DOM_SID *psid, gid_t *gid); +BOOL map_alias_sid_to_gid( DOM_SID *psid, gid_t *gid); + /*The following definitions come from smbd/ipc.c */ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize); @@ -2431,7 +2568,7 @@ BOOL set_challenge(unsigned char *challenge); user_struct *get_valid_user_struct(uint16 vuid); void invalidate_vuid(uint16 vuid); char *validated_username(uint16 vuid); -int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups); +int get_unixgroups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups); uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, BOOL guest); void add_session_user(char *user); BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8); diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index e984a4842b..aa1f100dfb 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -56,13 +56,14 @@ * NT RIDS. */ -/* Take the bottom bit. */ -#define RID_TYPE_MASK 1 -#define RID_MULTIPLIER 2 - -/* The two common types. */ -#define USER_RID_TYPE 0 -#define GROUP_RID_TYPE 1 +/* Take the bottom bits. */ +#define RID_TYPE_MASK 2 +#define RID_MULTIPLIER 4 + +/* The three common types. */ +#define RID_TYPE_USER 0 +#define RID_TYPE_GROUP 1 +#define RID_TYPE_ALIAS 2 /* ENUM_HND */ typedef struct enum_hnd_info diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index d45cb23388..ef7fefc72e 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -769,7 +769,7 @@ itself. the response to the lookup rids is relative to this SID. /* SAMR_Q_LOOKUP_IDS */ typedef struct q_samr_lookup_ids_info { - POLICY_HND pol; /* policy handle */ + POLICY_HND pol; /* policy handle */ uint32 num_sids1; /* number of rids being looked up */ uint32 ptr; /* buffer pointer */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 0ffbcded13..63aa7c098d 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -463,30 +463,31 @@ typedef struct local_grp_info { fstring name; fstring comment; + uint32 rid; /* alias rid */ } LOCAL_GRP; -/*** enumerate these to get list of domain groups ***/ +/*** query a domain group, get a list of these: shows who is in that group ***/ -/* domain group member info */ -typedef struct domain_grp_info +/* domain group info */ +typedef struct domain_grp_member_info { fstring name; - fstring comment; - uint32 rid; /* group rid */ uint8 attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */ -} DOMAIN_GRP; +} DOMAIN_GRP_MEMBER; -/*** query a domain group, get a list of these: shows who is in that group ***/ +/*** enumerate these to get list of domain groups ***/ -/* domain group info */ -typedef struct domain_grp_member_info +/* domain group member info */ +typedef struct domain_grp_info { fstring name; + fstring comment; + uint32 rid; /* group rid */ uint8 attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */ -} DOMAIN_GRP_MEMBER; +} DOMAIN_GRP; /* DOM_CHAL - challenge info */ typedef struct chal_info @@ -814,6 +815,110 @@ struct passdb_ops { #endif }; +/* + * Each implementation of the passgrp database code needs + * to support the following operations. + */ + +struct passgrp_ops { + /* + * Password database ops. + */ + void *(*startsmbgrpent)(BOOL); + void (*endsmbgrpent)(void *); + SMB_BIG_UINT (*getsmbgrppos)(void *); + BOOL (*setsmbgrppos)(void *, SMB_BIG_UINT); + + /* + * smb passgrp database query functions. + */ + struct smb_passwd *(*getsmbgrpnam)(char *, uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrpuid)(uid_t , uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrprid)(uint32, uint32**, int*, uint32**, int*); + struct smb_passwd *(*getsmbgrpent)(void *, uint32**, int*, uint32**, int*); + +}; + +/* + * Each implementation of the group database code needs + * to support the following operations. + * + * This allows enumeration, modification and addition of groups. there + * is _no_ deletion of groups: you can only modify them to a status of + * "deleted" (this by the way is a requirement of c2 rating) + */ + +struct groupdb_ops +{ + /* + * Group database ops. + */ + void *(*startgroupent)(BOOL); + void (*endgroupent)(void *); + SMB_BIG_UINT (*getgrouppos)(void *); + BOOL (*setgrouppos)(void *, SMB_BIG_UINT); + + /* + * group database query functions. set the BOOL to Tru + * if you want the members in the group as well. + */ + DOMAIN_GRP *(*getgroupnam)(char *, DOMAIN_GRP_MEMBER **, int *); + DOMAIN_GRP *(*getgroupgid)(gid_t , DOMAIN_GRP_MEMBER **, int *); + DOMAIN_GRP *(*getgrouprid)(uint32, DOMAIN_GRP_MEMBER **, int *); + DOMAIN_GRP *(*getgroupent)(void *, DOMAIN_GRP_MEMBER **, int *); + + /* + * group database modification functions. + */ + BOOL (*add_group_entry)(DOMAIN_GRP *); + BOOL (*mod_group_entry)(DOMAIN_GRP *); + + /* + * user group functions + */ + BOOL (*getusergroupsnam)(char *, DOMAIN_GRP **, int *); +}; + +/* + * Each implementation of the alias database code needs + * to support the following operations. + * + * This allows enumeration, modification and addition of aliases. there + * is _no_ deletion of aliases: you can only modify them to a status of + * "deleted" (this by the way is a requirement of c2 rating) + */ + +struct aliasdb_ops +{ + /* + * Alias database ops. + */ + void *(*startaliasent)(BOOL); + void (*endaliasent)(void *); + SMB_BIG_UINT (*getaliaspos)(void *); + BOOL (*setaliaspos)(void *, SMB_BIG_UINT); + + /* + * alias database query functions. set the BOOL to Tru + * if you want the members in the alias as well. + */ + LOCAL_GRP *(*getaliasnam)(char *, LOCAL_GRP_MEMBER **, int *); + LOCAL_GRP *(*getaliasgid)(gid_t , LOCAL_GRP_MEMBER **, int *); + LOCAL_GRP *(*getaliasrid)(uint32, LOCAL_GRP_MEMBER **, int *); + LOCAL_GRP *(*getaliasent)(void *, LOCAL_GRP_MEMBER **, int *); + + /* + * alias database modification functions. + */ + BOOL (*add_alias_entry)(LOCAL_GRP *); + BOOL (*mod_alias_entry)(LOCAL_GRP *); + + /* + * user alias functions + */ + BOOL (*getuseraliasnam)(char *, LOCAL_GRP **, int *); +}; + /* this is used for smbstatus */ struct connect_record @@ -1650,11 +1755,8 @@ extern int unix_ERR_code; /* zero a structure */ #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) -/* zero a structure given a pointer to the structure - no zero check */ -#define ZERO_STRUCTPN(x) memset((char *)(x), 0, sizeof(*(x))) - /* zero a structure given a pointer to the structure */ -#define ZERO_STRUCTP(x) { if ((x) != NULL) ZERO_STRUCTPN(x); } +#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } /* zero an array - note that sizeof(array) must work - ie. it must not be a pointer */ diff --git a/source3/lib/debug.c b/source3/lib/debug.c index 6b7b9341a3..619a917747 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -75,6 +75,7 @@ * debugf - Debug file name. * append_log - If True, then the output file will be opened in append * mode. + * timestamp_log - * DEBUGLEVEL - System-wide debug message limit. Messages with message- * levels higher than DEBUGLEVEL will not be processed. */ @@ -82,6 +83,7 @@ FILE *dbf = NULL; pstring debugf = ""; BOOL append_log = False; +BOOL timestamp_log = True; int DEBUGLEVEL = 1; @@ -119,7 +121,17 @@ static int format_pos = 0; * Functions... */ -#if defined(SIGUSR2) +/* ************************************************************************** ** + * tells us if interactive logging was requested + * ************************************************************************** ** + */ + +BOOL dbg_interactive(void) +{ + return stdout_logging; +} + +#if defined(SIGUSR2) && !defined(MEM_MAN) /* ************************************************************************** ** * catch a sigusr2 - decrease the debug log level. * ************************************************************************** ** @@ -140,7 +152,7 @@ void sig_usr2( int sig ) } /* sig_usr2 */ #endif /* SIGUSR2 */ -#if defined(SIGUSR1) +#if defined(SIGUSR1) && !defined(MEM_MAN) /* ************************************************************************** ** * catch a sigusr1 - increase the debug log level. * ************************************************************************** ** @@ -429,7 +441,7 @@ static void bufr_print( void ) static void format_debug_text( char *msg ) { int i; - BOOL timestamp = (!stdout_logging && (lp_timestamp_logs() || + BOOL timestamp = (timestamp_log && !stdout_logging && (lp_timestamp_logs() || !(lp_loaded()))); for( i = 0; msg[i]; i++ ) @@ -527,7 +539,7 @@ BOOL dbghdr( int level, char *file, char *func, int line ) /* Print the header if timestamps are turned on. If parameters are * not yet loaded, then default to timestamps on. */ - if( lp_timestamp_logs() || !(lp_loaded()) ) + if( timestamp_log && (lp_timestamp_logs() || !(lp_loaded()) )) { /* Print it all out at once to prevent split syslog output. */ (void)Debug1( "[%s, %d] %s:%s(%d)\n", diff --git a/source3/lib/util.c b/source3/lib/util.c index 1710205f3c..df3faa569a 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -143,6 +143,21 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups) /**************************************************************************** +gets either a hex number (0xNNN) or decimal integer (NNN). +****************************************************************************/ +int get_number(char *tmp) +{ + if (strnequal(tmp, "0x", 2)) + { + return strtol(tmp, (char**)NULL, 16); + } + else + { + return strtol(tmp, (char**)NULL, 10); + } +} + +/**************************************************************************** like atoi but gets the value up to the separater character ****************************************************************************/ char *Atoic(char *p, int *n, char *c) @@ -153,7 +168,12 @@ char *Atoic(char *p, int *n, char *c) return NULL; } - (*n) = atoi(p); + (*n) = get_number(p); + + if (strnequal(p, "0x", 2)) + { + p += 2; + } while ((*p) && isdigit(*p)) { diff --git a/source3/lib/util_hnd.c b/source3/lib/util_hnd.c index b807c40604..dabc5520ff 100644 --- a/source3/lib/util_hnd.c +++ b/source3/lib/util_hnd.c @@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) { struct policy *p = find_lsa_policy(hnd); - if (!p) { + if (!p) + { DEBUG(3,("Error closing policy\n")); return False; } @@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) bitmap_clear(bmap, p->pnum); ZERO_STRUCTP(p); + ZERO_STRUCTP(hnd); free(p); diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 550f7cc391..bb792b7e2b 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -39,18 +39,27 @@ static BOOL cli_receive_smb(struct cli_state *cli) /**************************************************************************** send an smb to a fd and re-establish if necessary ****************************************************************************/ -static BOOL cli_send_smb(struct cli_state *cli) +static BOOL cli_send_smb(struct cli_state *cli, BOOL show) { size_t len; size_t nwritten=0; ssize_t ret; BOOL reestablished=False; + if (show) + { + show_msg(cli->outbuf); + } + len = smb_len(cli->outbuf) + 4; while (nwritten < len) { ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten); - if (ret <= 0 && errno == EPIPE && !reestablished) { + if (ret <= 0 && errno == EPIPE && !reestablished) + { + DEBUG(5,("cli_send_smb: write error (%s) - reconnecting\n", + strerror(errno))); + if (cli_reestablish_connection(cli)) { reestablished = True; nwritten=0; @@ -60,8 +69,7 @@ static BOOL cli_send_smb(struct cli_state *cli) if (ret <= 0) { DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n", len,ret)); - close_sockets(); - exit(1); + return False; } nwritten += ret; } @@ -259,8 +267,7 @@ static BOOL cli_send_trans(struct cli_state *cli, int trans, set_message(cli->outbuf,14+lsetup, /* wcnt, bcc */ PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False); - show_msg(cli->outbuf); - cli_send_smb(cli); + cli_send_smb(cli, True); if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ @@ -300,8 +307,7 @@ static BOOL cli_send_trans(struct cli_state *cli, int trans, set_message(cli->outbuf,trans==SMBtrans?8:9, /* wcnt, bcc */ PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False); - show_msg(cli->outbuf); - cli_send_smb(cli); + cli_send_smb(cli, True); tot_data += this_ldata; tot_param += this_lparam; @@ -328,8 +334,6 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans, if (!cli_receive_smb(cli)) return False; - show_msg(cli->inbuf); - /* sanity check */ if (CVAL(cli->inbuf,smb_com) != trans) { DEBUG(0,("Expected %s response, got command 0x%02x\n", @@ -382,8 +386,6 @@ static BOOL cli_receive_trans(struct cli_state *cli,int trans, if (!cli_receive_smb(cli)) return False; - show_msg(cli->inbuf); - /* sanity check */ if (CVAL(cli->inbuf,smb_com) != trans) { DEBUG(0,("Expected %s response, got command 0x%02x\n", @@ -759,11 +761,12 @@ BOOL cli_session_setup(struct cli_state *cli, set_message(cli->outbuf,13,PTR_DIFF(p,smb_buf(cli->outbuf)),False); } - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) + { + DEBUG(10,("cli_session_setup: receive smb failed\n")); return False; - - show_msg(cli->inbuf); + } if (CVAL(cli->inbuf,smb_rcls) != 0) { return False; @@ -804,7 +807,7 @@ BOOL cli_ulogoff(struct cli_state *cli) SSVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,0); /* no additional info */ - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) return False; @@ -858,7 +861,7 @@ BOOL cli_send_tconX(struct cli_state *cli, SCVAL(cli->inbuf,smb_rcls, 1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) return False; @@ -899,7 +902,7 @@ BOOL cli_tdis(struct cli_state *cli) SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) return False; @@ -931,7 +934,7 @@ BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst) *p++ = 4; pstrcpy(p,fname_dst); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -965,7 +968,7 @@ BOOL cli_unlink(struct cli_state *cli, char *fname) *p++ = 4; pstrcpy(p,fname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -997,7 +1000,7 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname) *p++ = 4; pstrcpy(p,dname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1029,7 +1032,7 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname) *p++ = 4; pstrcpy(p,dname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1074,7 +1077,7 @@ int cli_nt_create(struct cli_state *cli, char *fname) pstrcpy(p,fname); p = skip_string(p,1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return -1; } @@ -1145,7 +1148,7 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode) pstrcpy(p,fname); p = skip_string(p,1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return -1; } @@ -1177,7 +1180,7 @@ BOOL cli_close(struct cli_state *cli, int fnum) SSVAL(cli->outbuf,smb_vwv0,fnum); SIVALS(cli->outbuf,smb_vwv1,-1); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1218,7 +1221,7 @@ BOOL cli_lock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int ti SSVAL(p, 0, cli->pid); SIVAL(p, 2, offset); SIVAL(p, 6, len); - cli_send_smb(cli); + cli_send_smb(cli, True); cli->timeout = (timeout == -1) ? 0x7FFFFFFF : timeout; @@ -1264,7 +1267,7 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len, int SIVAL(p, 2, offset); SIVAL(p, 6, len); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1300,7 +1303,7 @@ static void cli_issue_read(struct cli_state *cli, int fnum, off_t offset, SSVAL(cli->outbuf,smb_vwv6,size); SSVAL(cli->outbuf,smb_mid,cli->mid + i); - cli_send_smb(cli); + cli_send_smb(cli, True); } /**************************************************************************** @@ -1406,8 +1409,7 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint1 SSVAL(cli->outbuf,smb_mid,cli->mid + i); - show_msg(cli->outbuf); - cli_send_smb(cli); + cli_send_smb(cli, True); } /**************************************************************************** @@ -1495,7 +1497,7 @@ BOOL cli_getattrE(struct cli_state *cli, int fd, SSVAL(cli->outbuf,smb_vwv0,fd); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1549,7 +1551,7 @@ BOOL cli_getatr(struct cli_state *cli, char *fname, *p = 4; pstrcpy(p+1, fname); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -1600,7 +1602,7 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t) p = skip_string(p,1); *p = 4; - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -2163,13 +2165,14 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char data_len = 532; - if (cli_send_trans(cli,SMBtrans, + if (!cli_send_trans(cli,SMBtrans, PIPE_LANMAN,strlen(PIPE_LANMAN), /* name, length */ 0,0, /* fid, flags */ NULL,0,0, /* setup, length, max */ param,param_len,2, /* param, length, max */ data,data_len,0 /* data, length, max */ - ) == False) { + )) + { DEBUG(0,("cli_oem_change_password: Failed to send password change for user %s\n", user )); return False; @@ -2223,11 +2226,11 @@ BOOL cli_negprot(struct cli_state *cli) CVAL(smb_buf(cli->outbuf),0) = 2; - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) + { return False; - - show_msg(cli->inbuf); + } if (CVAL(cli->inbuf,smb_rcls) != 0 || ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) { @@ -2305,7 +2308,7 @@ BOOL cli_session_request(struct cli_state *cli, retry: #endif /* WITH_SSL */ - cli_send_smb(cli); + cli_send_smb(cli, False); DEBUG(5,("Sent session request\n")); if (!cli_receive_smb(cli)) @@ -2401,6 +2404,7 @@ shutdown a client structure ****************************************************************************/ void cli_shutdown(struct cli_state *cli) { + DEBUG(10,("cli_shutdown\n")); if (cli->outbuf) { free(cli->outbuf); @@ -2414,7 +2418,9 @@ void cli_shutdown(struct cli_state *cli) sslutil_disconnect(cli->fd); #endif /* WITH_SSL */ if (cli->fd != -1) - close(cli->fd); + { + close(cli->fd); + } memset(cli, 0, sizeof(*cli)); } @@ -2429,10 +2435,18 @@ void cli_shutdown(struct cli_state *cli) ****************************************************************************/ int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num) { - int flgs2 = SVAL(cli->inbuf,smb_flg2); + int flgs2; char rcls; int code; + if (!cli->initialised) + { + DEBUG(0,("cli_error: client state uninitialised!\n")); + return EINVAL; + } + + flgs2 = SVAL(cli->inbuf,smb_flg2); + if (eclass) *eclass = 0; if (num ) *num = 0; @@ -2671,7 +2685,9 @@ BOOL cli_establish_connection(struct cli_state *cli, { DEBUG(1,("failed session setup\n")); if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return False; } @@ -2682,20 +2698,105 @@ BOOL cli_establish_connection(struct cli_state *cli, { DEBUG(1,("failed tcon_X\n")); if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return False; } } } if (do_shutdown) - cli_shutdown(cli); + { + cli_shutdown(cli); + } return True; } /**************************************************************************** + connect to one of multiple servers: don't care which +****************************************************************************/ +BOOL cli_connect_serverlist(struct cli_state *cli, char *p) +{ + extern pstring global_myname; + extern pstring scope; + fstring remote_machine; + struct in_addr dest_ip; + struct nmb_name calling, called; + BOOL connected_ok = True; + + ZERO_STRUCT(cli); + + if (!cli_initialise(cli)) + { + DEBUG(0,("cli_connect_serverlist: unable to initialize client connection.\n")); + return False; + } + + /* + * Treat each name in the 'password server =' line as a potential + * PDC/BDC. Contact each in turn and try and authenticate. + */ + + while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) + { + standard_sub_basic(remote_machine); + strupper(remote_machine); + + if (!resolve_name( remote_machine, &dest_ip, 0x20)) + { + DEBUG(1,("cli_connect_serverlist: Can't resolve address for %s\n", remote_machine)); + continue; + } + + if (ismyip(dest_ip)) + { + DEBUG(1,("cli_connect_serverlist: Password server loop - not using password server %s\n", remote_machine)); + continue; + } + + make_nmb_name(&calling, global_myname , 0x0 , scope); + make_nmb_name(&called , remote_machine, 0x20, scope); + + pwd_set_nullpwd(&cli->pwd); + + if (!cli_establish_connection(cli, remote_machine, &dest_ip, + &calling, &called, + "IPC$", "IPC", + False, True)) + { + cli_shutdown(cli); + continue; + } + + if (!IS_BITS_SET_ALL(cli->sec_mode, 1)) + { + DEBUG(1,("cli_connect_serverlist: machine %s isn't in user level security mode\n", + remote_machine)); + cli_shutdown(cli); + continue; + } + + /* + * We have an anonymous connection to IPC$. + */ + + connected_ok = True; + break; + } + + if (!connected_ok) + { + DEBUG(0,("cli_connect_serverlist: Domain password server not available.\n")); + cli_shutdown(cli); + } + + return connected_ok; +} + +/**************************************************************************** cancel a print job ****************************************************************************/ int cli_printjob_del(struct cli_state *cli, int job) @@ -2826,7 +2927,7 @@ BOOL cli_chkpath(struct cli_state *cli, char *path) *p++ = 4; fstrcpy(p,path2); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } @@ -2862,7 +2963,7 @@ BOOL cli_message_start(struct cli_state *cli, char *host, char *username, set_message(cli->outbuf,0,PTR_DIFF(p,smb_buf(cli->outbuf)),False); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; @@ -2895,7 +2996,7 @@ BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp) *p = 1; SSVAL(p,1,len); memcpy(p+3,msg,len); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; @@ -2920,7 +3021,7 @@ BOOL cli_message_end(struct cli_state *cli, int grp) cli_setup_packet(cli); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; @@ -2943,7 +3044,7 @@ BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail) SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); - cli_send_smb(cli); + cli_send_smb(cli, True); if (!cli_receive_smb(cli)) { return False; } diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index 5e6e101883..51b6e8d25b 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -29,6 +29,12 @@ extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; +extern fstring global_sam_name; +extern DOM_SID global_member_sid; +extern fstring global_myworkgroup; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_3; +extern DOM_SID global_sid_S_1_5; /*************************************************************************** lsa_reply_open_policy2 @@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; - d_q->buffer_dom_name = 4; /* domain buffer pointer */ - d_q->buffer_dom_sid = 2; /* domain sid pointer */ + d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */ /* this string is supposed to be character short */ make_unistr2(&(d_q->uni_domain_name), dom_name, domlen); @@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, /*************************************************************************** -make_dom_ref +make_dom_ref - adds a domain if it's not already in, returns the index ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, int num_domains, - char **dom_names, DOM_SID **dom_sids) +static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) { - int i; + int num = 0; + int len; - if (num_domains > MAX_REF_DOMAINS) + if (dom_name != NULL) { - num_domains = MAX_REF_DOMAINS; + for (num = 0; num < ref->num_ref_doms_1; num++) + { + fstring domname; + fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name)); + if (strequal(domname, dom_name)) + { + return num; + } + } + + } + else + { + num = ref->num_ref_doms_1; + } + + if (num >= MAX_REF_DOMAINS) + { + /* index not found, already at maximum domain limit */ + return -1; } ref->undoc_buffer = 1; - ref->num_ref_doms_1 = num_domains; + ref->num_ref_doms_1 = num+1; ref->undoc_buffer2 = 1; ref->max_entries = MAX_REF_DOMAINS; - ref->num_ref_doms_2 = num_domains; + ref->num_ref_doms_2 = num+1; - for (i = 0; i < num_domains; i++) - { - int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0; + len = dom_name != NULL ? strlen(dom_name) : 0; - make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0); - ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0; + make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0); + ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0; - make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len); - make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]); - } + make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len); + make_dom_sid2(&(ref->ref_dom[num].ref_dom ), dom_sid ); + return num; } /*************************************************************************** make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { int i; - make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids); + r_l->num_entries = 0; + r_l->undoc_buffer = 0; + r_l->num_entries2 = 0; +#if 0 r_l->num_entries = num_entries; r_l->undoc_buffer = 1; r_l->num_entries2 = num_entries; @@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, for (i = 0; i < num_entries; i++) { - make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01); + make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid); + make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]); } r_l->num_entries3 = num_entries; +#endif } /*************************************************************************** make_lsa_trans_names ***************************************************************************/ -static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, +static void make_lsa_trans_names(DOM_R_REF *ref, + LSA_TRANS_NAME_ENUM *trn, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - uint32 *total) + uint32 *mapped_count) { - uint32 status = 0x0; int i; - (*total) = 0; + int total = 0; + (*mapped_count) = 0; SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); for (i = 0; i < num_entries; i++) { + uint32 status = 0x0; + DOM_SID find_sid = sid[i].sid; + DOM_SID tmp = sid[i].sid; uint32 rid = 0xffffffff; - uint8 num_auths = sid[i].sid.num_auths; + int dom_idx = -1; fstring name; - uint32 type; + fstring dom_name; + uint8 sid_name_use = 0; - SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths); + memset(dom_name, 0, sizeof(dom_name)); + memset(name , 0, sizeof(name )); - /* find the rid to look up */ - if (num_auths != 0) + if (map_domain_sid_to_name(&find_sid, dom_name)) + { + sid_name_use = SID_NAME_DOMAIN; + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + } + else if (sid_split_rid (&find_sid, &rid) && + map_domain_sid_to_name(&find_sid, dom_name)) + { + if (sid_equal(&find_sid, &global_sam_sid)) + { + status = lookup_name(&tmp, name, &sid_name_use); + } + else + { + status = 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + } + else { - rid = sid[i].sid.sub_auths[num_auths-1]; - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status; - status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status; - status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status; } + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + if (status == 0x0) { - make_lsa_trans_name(&(trn->name [(*total)]), - &(trn->uni_name[(*total)]), - type, name, (*total)); - (*total)++; + (*mapped_count)++; + } + else + { + snprintf(name, sizeof(name), "%08x", rid); + sid_name_use = SID_NAME_UNKNOWN; + } + make_lsa_trans_name(&(trn->name [total]), + &(trn->uni_name[total]), + sid_name_use, name, dom_idx); + total++; } - trn->num_entries = (*total); + trn->num_entries = total; trn->ptr_trans_names = 1; - trn->num_entries2 = (*total); + trn->num_entries2 = total; } /*************************************************************************** @@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, - int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + DOM_SID2 *sid, int num_entries) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, ZERO_STRUCT(names); /* set up the LSA Lookup SIDs response */ - make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids); - make_lsa_trans_names(&names, num_entries, sid, &mapped_count); + make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); /* store the response in the SMB stream */ @@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { LSA_R_LOOKUP_RIDS r_l; ZERO_STRUCT(r_l); /* set up the LSA Lookup RIDs response */ - make_reply_lookup_rids(&r_l, num_entries, dom_rids, - num_ref_doms, dom_names, dom_sids); + make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types); + r_l.status = 0x0; /* store the response in the SMB stream */ @@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_QUERY_INFO q_i; - pstring dom_name; + fstring name; + DOM_SID *sid = NULL; + memset(name, 0, sizeof(name)); ZERO_STRUCT(q_i); /* grab the info class and policy handle */ lsa_io_q_query("", &q_i, data, 0); - pstrcpy(dom_name, lp_workgroup()); + switch (q_i.info_class) + { + case 0x03: + { + fstrcpy(name, global_myworkgroup); + sid = &global_member_sid; + break; + } + case 0x05: + { + fstrcpy(name, global_sam_name); + sid = &global_sam_sid; + break; + } + default: + { + DEBUG(5,("unknown info level in Lsa Query: %d\n", + q_i.info_class)); + break; + } + } /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); + lsa_reply_query_info(&q_i, rdata, name, sid); } /*************************************************************************** @@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_LOOKUP_SIDS q_l; - pstring dom_name; - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; - ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); /* grab the info class and policy handle */ lsa_io_q_lookup_sids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - /* construct reply. return status is always 0x0 */ - lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - 4, dom_names, sid_array); + lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries); } /*************************************************************************** @@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, { int i; LSA_Q_LOOKUP_RIDS q_l; - pstring dom_name; uint32 dom_rids[MAX_LOOKUP_SIDS]; - uint32 dummy_g_rid; - - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; + uint8 dom_types[MAX_LOOKUP_SIDS]; ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); ZERO_ARRAY(dom_rids); /* grab the info class and policy handle */ lsa_io_q_lookup_rids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - fstring user_name; - fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); - - /* - * Map to the UNIX username. - */ - map_username(user_name); - - /* - * Do any case conversions. - */ - (void)Get_Pwnam(user_name, True); + fstring name; + fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer)); - if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) + if (lookup_rid(name, &dom_rids[i], &dom_types[i])) { /* WHOOPS! we should really do something about this... */ dom_rids[i] = 0; @@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, - q_l.num_entries, dom_rids, /* text-converted SIDs */ - 4, dom_names, sid_array); + q_l.num_entries, + dom_rids, /* text-converted SIDs */ + dom_types); /* SID_NAME_USE types */ } /*************************************************************************** diff --git a/source3/mem_man/mem_man.c b/source3/mem_man/mem_man.c index 758fac4386..34ae6fd43c 100644 --- a/source3/mem_man/mem_man.c +++ b/source3/mem_man/mem_man.c @@ -501,8 +501,9 @@ int smb_mem_free(void *ptr,char *file,int line) static void mem_write_Index_info(int Index,FILE *outfile) { if (memory_blocks[Index].status != S_UNALLOCATED) - fprintf(outfile,"block %d file %s(%d) : size %d, alloc size %d, status %s\n", + fprintf(outfile,"block %d file %s(%d) : ptr: %p size %d, alloc size %d, status %s\n", Index,memory_blocks[Index].file,memory_blocks[Index].line, + memory_blocks[Index].pointer, memory_blocks[Index].present_size, memory_blocks[Index].allocated_size, status_to_str(memory_blocks[Index].status)); diff --git a/source3/mem_man/mem_man.h b/source3/mem_man/mem_man.h index 60e31e6d44..eef281b2f9 100644 --- a/source3/mem_man/mem_man.h +++ b/source3/mem_man/mem_man.h @@ -1,4 +1,4 @@ -#if (defined(NOMEMMAN) && !defined(MEM_MAN_MAIN)) +#if (defined(NOMEMMAN) && !defined(MEM_MAN_MAIN) && defined(HAVE_MALLOC_H)) #include <malloc.h> #else diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index d7ce42dae2..2c9dd13274 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -567,7 +567,7 @@ static void usage(char *pname) charset_initialise(); - if(!initialize_password_db()) + if(!initialise_password_db()) exit(1); #ifdef LMHOSTSFILE @@ -593,11 +593,11 @@ static void usage(char *pname) SIGUSR1 and SIGUSR2 to do debug level changes. */ #ifndef MEM_MAN #if defined(SIGUSR1) - CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); + CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 ); #endif /* SIGUSR1 */ #if defined(SIGUSR2) - CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); + CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 ); #endif /* SIGUSR2 */ #endif /* MEM_MAN */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8b35116858..7a28d3418f 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -116,20 +116,16 @@ typedef struct char *szLogFile; char *szConfigFile; char *szSMBPasswdFile; + char *szSMBPassGroupFile; + char *szSMBGroupFile; + char *szSMBAliasFile; char *szPasswordServer; char *szSocketOptions; char *szValidChars; char *szWorkGroup; - char *szDomainAdminGroup; - char *szDomainGuestGroup; - char *szDomainAdminUsers; - char *szDomainGuestUsers; - char *szDomainHostsallow; - char *szDomainHostsdeny; char *szUsernameMap; -#ifdef USING_GROUPNAME_MAP + char *szAliasnameMap; char *szGroupnameMap; -#endif /* USING_GROUPNAME_MAP */ char *szCharacterSet; char *szLogonScript; char *szLogonPath; @@ -146,7 +142,6 @@ typedef struct char *szAnnounceVersion; /* This is initialised in init_globals */ char *szNetbiosAliases; char *szDomainOtherSIDs; - char *szDomainGroups; char *szDriverFile; char *szNameResolveOrder; char *szLdapServer; @@ -501,6 +496,7 @@ static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, static struct parm_struct parm_table[] = { {"Base Options", P_SEP, P_SEPARATOR}, + {"comment", P_STRING, P_LOCAL, &sDefault.comment, NULL, NULL, FLAG_BASIC|FLAG_PRINT}, {"path", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_BASIC|FLAG_PRINT}, {"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, 0}, @@ -512,6 +508,7 @@ static struct parm_struct parm_table[] = {"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL, NULL, 0}, {"Security Options", P_SEP, P_SEPARATOR}, + {"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC}, {"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC}, {"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC}, @@ -520,6 +517,9 @@ static struct parm_struct parm_table[] = {"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0}, {"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0}, {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0}, + {"smb passgrp file", P_STRING, P_GLOBAL, &Globals.szSMBPassGroupFile, NULL, NULL, 0}, + {"smb group file", P_STRING, P_GLOBAL, &Globals.szSMBGroupFile, NULL, NULL, 0}, + {"smb alias file", P_STRING, P_GLOBAL, &Globals.szSMBAliasFile, NULL, NULL, 0}, {"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, @@ -567,6 +567,7 @@ static struct parm_struct parm_table[] = #ifdef WITH_SSL {"Secure Socket Layer Options", P_SEP, P_SEPARATOR}, + {"ssl", P_BOOL, P_GLOBAL, &Globals.sslEnabled, NULL, NULL, 0 }, {"ssl hosts", P_STRING, P_GLOBAL, &Globals.sslHostsRequire, NULL, NULL, 0 }, {"ssl hosts resign", P_STRING, P_GLOBAL, &Globals.sslHostsResign, NULL, NULL, 0} , @@ -584,6 +585,7 @@ static struct parm_struct parm_table[] = #endif /* WITH_SSL */ {"Logging Options", P_SEP, P_SEPARATOR}, + {"log level", P_INTEGER, P_GLOBAL, &DEBUGLEVEL, NULL, NULL, FLAG_BASIC}, {"debuglevel", P_INTEGER, P_GLOBAL, &DEBUGLEVEL, NULL, NULL, 0}, {"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, 0}, @@ -595,6 +597,7 @@ static struct parm_struct parm_table[] = {"status", P_BOOL, P_LOCAL, &sDefault.status, NULL, NULL, FLAG_GLOBAL}, {"Protocol Options", P_SEP, P_SEPARATOR}, + {"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0}, {"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0}, {"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, 0}, @@ -614,6 +617,7 @@ static struct parm_struct parm_table[] = {"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0}, {"Tuning Options", P_SEP, P_SEPARATOR}, + {"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, 0}, {"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, 0}, {"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, 0}, @@ -632,6 +636,7 @@ static struct parm_struct parm_table[] = {"sync always", P_BOOL, P_LOCAL, &sDefault.bSyncAlways, NULL, NULL, 0}, {"Printing Options", P_SEP, P_SEPARATOR}, + {"load printers", P_BOOL, P_GLOBAL, &Globals.bLoadPrinters, NULL, NULL, 0}, {"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0}, {"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0}, @@ -653,7 +658,6 @@ static struct parm_struct parm_table[] = {"printer driver", P_STRING, P_LOCAL, &sDefault.szPrinterDriver, NULL, NULL, 0}, {"printer driver location", P_STRING, P_LOCAL, &sDefault.szPrinterDriverLocation, NULL, NULL, FLAG_GLOBAL}, - {"Filename Handling", P_SEP, P_SEPARATOR}, {"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, 0}, {"character set", P_STRING, P_GLOBAL, &Globals.szCharacterSet, handle_character_set, NULL, 0}, @@ -680,17 +684,13 @@ static struct parm_struct parm_table[] = {"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, 0}, {"Domain Options", P_SEP, P_SEPARATOR}, - {"domain groups", P_STRING, P_GLOBAL, &Globals.szDomainGroups, NULL, NULL, 0}, - {"domain admin group",P_STRING, P_GLOBAL, &Globals.szDomainAdminGroup, NULL, NULL, 0}, - {"domain guest group",P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0}, - {"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL, NULL, 0}, - {"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL, NULL, 0}, -#ifdef USING_GROUPNAME_MAP - {"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0}, -#endif /* USING_GROUPNAME_MAP */ + + {"local group map", P_STRING, P_GLOBAL, &Globals.szAliasnameMap, NULL, NULL, 0}, + {"domain group map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0}, {"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0}, {"Logon Options", P_SEP, P_SEPARATOR}, + {"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, 0}, {"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, 0}, {"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0}, @@ -698,6 +698,7 @@ static struct parm_struct parm_table[] = {"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, 0}, {"Browse Options", P_SEP, P_SEPARATOR}, + {"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC}, {"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_lm_announce, 0}, {"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, 0}, @@ -710,12 +711,14 @@ static struct parm_struct parm_table[] = {"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, 0}, {"WINS Options", P_SEP, P_SEPARATOR}, + {"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0}, {"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, 0}, {"wins server", P_STRING, P_GLOBAL, &Globals.szWINSserver, NULL, NULL, FLAG_BASIC}, {"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC}, {"Locking Options", P_SEP, P_SEPARATOR}, + {"blocking locks", P_BOOL, P_LOCAL, &sDefault.bBlockingLocks, NULL, NULL, 0}, {"fake oplocks", P_BOOL, P_LOCAL, &sDefault.bFakeOplocks, NULL, NULL, 0}, {"kernel oplocks", P_BOOL, P_GLOBAL, &Globals.bKernelOplocks, NULL, NULL, FLAG_GLOBAL}, @@ -727,6 +730,7 @@ static struct parm_struct parm_table[] = #ifdef WITH_LDAP {"Ldap Options", P_SEP, P_SEPARATOR}, + {"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0}, {"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0}, {"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, 0}, @@ -737,6 +741,7 @@ static struct parm_struct parm_table[] = {"Miscellaneous Options", P_SEP, P_SEPARATOR}, + {"smbrun", P_STRING, P_GLOBAL, &Globals.szSmbrun, NULL, NULL, 0}, {"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE}, {"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0}, @@ -814,6 +819,9 @@ static void init_globals(void) DEBUG(3,("Initialising global parameters\n")); string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE); + string_set(&Globals.szSMBPassGroupFile, SMB_PASSGRP_FILE); + string_set(&Globals.szSMBGroupFile, SMB_GROUP_FILE); + string_set(&Globals.szSMBAliasFile, SMB_ALIAS_FILE); string_set(&Globals.szPasswdChat,"*old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed*"); string_set(&Globals.szWorkGroup, WORKGROUP); string_set(&Globals.szPasswdProgram, PASSWD_PROGRAM); @@ -1093,6 +1101,9 @@ FN_GLOBAL_STRING(lp_logfile,&Globals.szLogFile) FN_GLOBAL_STRING(lp_smbrun,&Globals.szSmbrun) FN_GLOBAL_STRING(lp_configfile,&Globals.szConfigFile) FN_GLOBAL_STRING(lp_smb_passwd_file,&Globals.szSMBPasswdFile) +FN_GLOBAL_STRING(lp_smb_passgrp_file,&Globals.szSMBPassGroupFile) +FN_GLOBAL_STRING(lp_smb_group_file,&Globals.szSMBGroupFile) +FN_GLOBAL_STRING(lp_smb_alias_file,&Globals.szSMBAliasFile) FN_GLOBAL_STRING(lp_serverstring,&Globals.szServerString) FN_GLOBAL_STRING(lp_printcapname,&Globals.szPrintcapname) FN_GLOBAL_STRING(lp_lockdir,&Globals.szLockDir) @@ -1107,9 +1118,8 @@ FN_GLOBAL_STRING(lp_passwordserver,&Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order,&Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup) FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap) -#ifdef USING_GROUPNAME_MAP +FN_GLOBAL_STRING(lp_aliasname_map,&Globals.szAliasnameMap) FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap) -#endif /* USING_GROUPNAME_MAP */ FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript) FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath) FN_GLOBAL_STRING(lp_logon_drive,&Globals.szLogonDrive) @@ -1125,12 +1135,6 @@ FN_GLOBAL_STRING(lp_netbios_aliases,&Globals.szNetbiosAliases) FN_GLOBAL_STRING(lp_driverfile,&Globals.szDriverFile) FN_GLOBAL_STRING(lp_panic_action,&Globals.szPanicAction) -FN_GLOBAL_STRING(lp_domain_groups,&Globals.szDomainGroups) -FN_GLOBAL_STRING(lp_domain_admin_group,&Globals.szDomainAdminGroup) -FN_GLOBAL_STRING(lp_domain_guest_group,&Globals.szDomainGuestGroup) -FN_GLOBAL_STRING(lp_domain_admin_users,&Globals.szDomainAdminUsers) -FN_GLOBAL_STRING(lp_domain_guest_users,&Globals.szDomainGuestUsers) - #ifdef WITH_LDAP FN_GLOBAL_STRING(lp_ldap_server,&Globals.szLdapServer); FN_GLOBAL_STRING(lp_ldap_suffix,&Globals.szLdapSuffix); diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index ed275c4a88..af48ebbdc0 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -223,7 +223,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, static unsigned char smblmpwd[16]; static unsigned char smbntpwd[16]; - pdb_init_smb(user); + pwdb_init_smb(user); bzero(smblmpwd, sizeof(smblmpwd)); bzero(smbntpwd, sizeof(smbntpwd)); @@ -237,16 +237,16 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #else get_single_attribute(ldap_struct, entry, "unicodePwd", temp); - pdb_gethexpwd(temp, smbntpwd); + pwdb_gethexpwd(temp, smbntpwd); bzero(temp, sizeof(temp)); /* destroy local copy of the password */ get_single_attribute(ldap_struct, entry, "dBCSPwd", temp); - pdb_gethexpwd(temp, smblmpwd); + pwdb_gethexpwd(temp, smblmpwd); bzero(temp, sizeof(temp)); /* destroy local copy of the password */ #endif get_single_attribute(ldap_struct, entry, "userAccountControl", temp); - user->acct_ctrl = pdb_decode_acct_ctrl(temp); + user->acct_ctrl = pwdb_decode_acct_ctrl(temp); get_single_attribute(ldap_struct, entry, "pwdLastSet", temp); user->pass_last_set_time = (time_t)strtol(temp, NULL, 16); @@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, get_single_attribute(ldap_struct, entry, "rid", temp); /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pdb_user_rid_to_uid (atoi(temp)); + user->smb_userid = pwdb_user_rid_to_uid (atoi(temp)); if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) ) { @@ -288,7 +288,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, static pstring temp; static struct smb_passwd pw_buf; - pdb_init_sam(user); + pwdb_init_sam(user); ldap_get_smb_passwd(ldap_struct, entry, &pw_buf); @@ -576,7 +576,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag) make_a_mod(&mods, ldap_state, "rid", rid); make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); switch(flag) { @@ -708,7 +708,7 @@ static BOOL modadd_ldap21pwd_entry(struct sam_passwd *newpwd, int flag) make_a_mod(&mods, ldap_state, "rid", rid); make_a_mod(&mods, ldap_state, "pwdLastSet", lst); - make_a_mod(&mods, ldap_state, "userAccountControl", pdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN)); + make_a_mod(&mods, ldap_state, "userAccountControl", pwdb_encode_acct_ctrl(newpwd->acct_ctrl,NEW_PW_FORMAT_SPACE_PADDED_LEN)); ldap_modify_s(ldap_struct, dn, mods); @@ -922,52 +922,52 @@ static BOOL setldappwpos(void *vp, SMB_BIG_UINT tok) static struct smb_passwd *getldappwnam(char *name) { - return pdb_sam_to_smb(iterate_getsam21pwnam(name)); + return pwdb_sam_to_smb(iterate_getsam21pwnam(name)); } static struct smb_passwd *getldappwuid(uid_t smb_userid) { - return pdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); + return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); } static struct smb_passwd *getldappwrid(uint32 user_rid) { - return pdb_sam_to_smb(iterate_getsam21pwuid(pdb_user_rid_to_uid(user_rid))); + return pwdb_sam_to_smb(iterate_getsam21pwuid(pwdb_user_rid_to_uid(user_rid))); } static struct smb_passwd *getldappwent(void *vp) { - return pdb_sam_to_smb(getldap21pwent(vp)); + return pwdb_sam_to_smb(getldap21pwent(vp)); } static BOOL add_ldappwd_entry(struct smb_passwd *newpwd) { - return add_ldap21pwd_entry(pdb_smb_to_sam(newpwd)); + return add_ldap21pwd_entry(pwdb_smb_to_sam(newpwd)); } static BOOL mod_ldappwd_entry(struct smb_passwd* pwd, BOOL override) { - return mod_ldap21pwd_entry(pdb_smb_to_sam(pwd), override); + return mod_ldap21pwd_entry(pwdb_smb_to_sam(pwd), override); } static struct sam_disp_info *getldapdispnam(char *name) { - return pdb_sam_to_dispinfo(getldap21pwnam(name)); + return pwdb_sam_to_dispinfo(getldap21pwnam(name)); } static struct sam_disp_info *getldapdisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getldap21pwrid(rid)); + return pwdb_sam_to_dispinfo(getldap21pwrid(rid)); } static struct sam_disp_info *getldapdispent(void *vp) { - return pdb_sam_to_dispinfo(getldap21pwent(vp)); + return pwdb_sam_to_dispinfo(getldap21pwent(vp)); } static struct sam_passwd *getldap21pwuid(uid_t uid) { - return pdb_smb_to_sam(iterate_getsam21pwuid(pdb_uid_to_user_rid(uid))); + return pwdb_smb_to_sam(iterate_getsam21pwuid(pwdb_uid_to_user_rid(uid))); } static struct passdb_ops ldap_ops = diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index e750fec1a1..489ccbf25f 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -361,22 +361,22 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len = NIS_RES_OBJECT(tblresult)->zo_data.objdata_u.ta_data.ta_maxcol; new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_val = calloc(new_obj.zo_data.objdata_u.en_data.en_cols.en_cols_len, sizeof(entry_col)); - pdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); - pdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); + pwdb_sethexpwd(smb_passwd , newpwd->smb_passwd , newpwd->acct_ctrl); + pwdb_sethexpwd(smb_nt_passwd, newpwd->smb_nt_passwd, newpwd->acct_ctrl); - pdb_set_logon_time (logon_t , sizeof(logon_t ), newpwd->logon_time ); - pdb_set_logoff_time (logoff_t , sizeof(logoff_t ), newpwd->logoff_time ); - pdb_set_kickoff_time (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time ); - pdb_set_last_set_time (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time ); - pdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); - pdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); + pwdb_set_logon_time (logon_t , sizeof(logon_t ), newpwd->logon_time ); + pwdb_set_logoff_time (logoff_t , sizeof(logoff_t ), newpwd->logoff_time ); + pwdb_set_kickoff_time (kickoff_t, sizeof(kickoff_t), newpwd->kickoff_time ); + pwdb_set_last_set_time (pwdlset_t, sizeof(pwdlset_t), newpwd->pass_last_set_time ); + pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); + pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid); slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid); slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid); slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid); - safe_strcpy(acb, pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); + safe_strcpy(acb, pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), sizeof(acb)); set_single_attribute(&new_obj, NPF_NAME , newpwd->smb_name , strlen(newpwd->smb_name) , 0); set_single_attribute(&new_obj, NPF_UID , uid , strlen(uid) , 0); @@ -456,7 +456,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) if (pw_buf == NULL || result == NULL) return False; - pdb_init_sam(pw_buf); + pwdb_init_sam(pw_buf); if (result->status != NIS_SUCCESS) { @@ -482,7 +482,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) /* Check the lanman password column. */ p = (uchar *)ENTRY_VAL(obj, NPF_LMPWD); - if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbpwd)) + if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed LM pwd entry.\n")); return False; @@ -490,7 +490,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) /* Check the NT password column. */ p = (uchar *)ENTRY_VAL(obj, NPF_NTPWD); - if (strlen((char *)p) != 32 || !pdb_gethexpwd((char *)p, (char *)smbntpwd)) + if (strlen((char *)p) != 32 || !pwdb_gethexpwd((char *)p, (char *)smbntpwd)) { DEBUG(0, ("make_smb_from_nisp: malformed NT pwd entry\n")); return False; @@ -603,52 +603,52 @@ static struct sam_passwd *getnisp21pwrid(uint32 rid) static struct smb_passwd *getnisppwent(void *vp) { - return pdb_sam_to_smb(getnisp21pwent(vp)); + return pwdb_sam_to_smb(getnisp21pwent(vp)); } static BOOL add_nisppwd_entry(struct smb_passwd *newpwd) { - return add_nisp21pwd_entry(pdb_smb_to_sam(newpwd)); + return add_nisp21pwd_entry(pwdb_smb_to_sam(newpwd)); } static BOOL mod_nisppwd_entry(struct smb_passwd* pwd, BOOL override) { - return mod_nisp21pwd_entry(pdb_smb_to_sam(pwd), override); + return mod_nisp21pwd_entry(pwdb_smb_to_sam(pwd), override); } static struct smb_passwd *getnisppwnam(char *name) { - return pdb_sam_to_smb(getnisp21pwnam(name)); + return pwdb_sam_to_smb(getnisp21pwnam(name)); } static struct sam_passwd *getnisp21pwuid(uid_t smb_userid) { - return getnisp21pwrid(pdb_uid_to_user_rid(smb_userid)); + return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid)); } static struct smb_passwd *getnisppwrid(uid_t user_rid) { - return pdb_sam_to_smb(getnisp21pwuid(pdb_user_rid_to_uid(user_rid))); + return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid))); } static struct smb_passwd *getnisppwuid(uid_t smb_userid) { - return pdb_sam_to_smb(getnisp21pwuid(smb_userid)); + return pwdb_sam_to_smb(getnisp21pwuid(smb_userid)); } static struct sam_disp_info *getnispdispnam(char *name) { - return pdb_sam_to_dispinfo(getnisp21pwnam(name)); + return pwdb_sam_to_dispinfo(getnisp21pwnam(name)); } static struct sam_disp_info *getnispdisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getnisp21pwrid(rid)); + return pwdb_sam_to_dispinfo(getnisp21pwrid(rid)); } static struct sam_disp_info *getnispdispent(void *vp) { - return pdb_sam_to_dispinfo(getnisp21pwent(vp)); + return pwdb_sam_to_dispinfo(getnisp21pwent(vp)); } static struct passdb_ops nispasswd_ops = { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index f29a9ff570..a4c663e388 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -26,14 +26,6 @@ extern int DEBUGLEVEL; /* - * This is set on startup - it defines the SID for this - * machine, and therefore the SAM database for which it is - * responsible. - */ - -DOM_SID global_sam_sid; - -/* * NOTE. All these functions are abstracted into a structure * that points to the correct function for the selected database. JRA. * @@ -49,36 +41,39 @@ DOM_SID global_sam_sid; * functions in a first pass, as struct sam_passwd contains more * information, needed by the NT Domain support. * - * a full example set of derivative functions are listed below. an API - * writer is expected to cut/paste these into their module, replace - * either one set (struct smb_passwd) or the other (struct sam_passwd) - * OR both, and optionally also to write display info routines - * (struct sam_disp_info). lkcl + * an API writer is expected to create either one set (struct smb_passwd) or + * the other (struct sam_passwd) OR both, and optionally also to write display + * info routines * (struct sam_disp_info). functions which the API writer + * chooses NOT to write must be wrapped in conversion functions (pwdb_x_to_y) + * such that API users can call any function and still get valid results. + * + * the password API does NOT fill in the gaps if you set an API function + * to NULL: it will deliberately attempt to call the NULL function. * */ -static struct passdb_ops *pdb_ops; +static struct passdb_ops *pwdb_ops; /*************************************************************** - Initialize the password db operations. + Initialise the password db operations. ***************************************************************/ -BOOL initialize_password_db(void) +BOOL initialise_password_db(void) { - if (pdb_ops) + if (pwdb_ops) { return True; } #ifdef WITH_NISPLUS - pdb_ops = nisplus_initialize_password_db(); + pwdb_ops = nisplus_initialise_password_db(); #elif defined(WITH_LDAP) - pdb_ops = ldap_initialize_password_db(); + pwdb_ops = ldap_initialise_password_db(); #else - pdb_ops = file_initialize_password_db(); + pwdb_ops = file_initialise_password_db(); #endif - return (pdb_ops != NULL); + return (pwdb_ops != NULL); } /* @@ -91,7 +86,7 @@ BOOL initialize_password_db(void) struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid) { - return iterate_getsmbpwuid(pdb_user_rid_to_uid(user_rid)); + return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid)); } /************************************************************************ @@ -173,7 +168,7 @@ struct smb_passwd *iterate_getsmbpwnam(char *name) void *startsmbpwent(BOOL update) { - return pdb_ops->startsmbpwent(update); + return pwdb_ops->startsmbpwent(update); } /*************************************************************** @@ -188,7 +183,7 @@ void *startsmbpwent(BOOL update) void endsmbpwent(void *vp) { - pdb_ops->endsmbpwent(vp); + pwdb_ops->endsmbpwent(vp); } /************************************************************************* @@ -197,7 +192,7 @@ void endsmbpwent(void *vp) struct smb_passwd *getsmbpwent(void *vp) { - return pdb_ops->getsmbpwent(vp); + return pwdb_ops->getsmbpwent(vp); } /************************************************************************ @@ -206,7 +201,7 @@ struct smb_passwd *getsmbpwent(void *vp) BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { - return pdb_ops->add_smbpwd_entry(newpwd); + return pwdb_ops->add_smbpwd_entry(newpwd); } /************************************************************************ @@ -220,7 +215,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) { - return pdb_ops->mod_smbpwd_entry(pwd, override); + return pwdb_ops->mod_smbpwd_entry(pwd, override); } /************************************************************************ @@ -229,7 +224,7 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) struct smb_passwd *getsmbpwnam(char *name) { - return pdb_ops->getsmbpwnam(name); + return pwdb_ops->getsmbpwnam(name); } /************************************************************************ @@ -238,7 +233,7 @@ struct smb_passwd *getsmbpwnam(char *name) struct smb_passwd *getsmbpwrid(uint32 user_rid) { - return pdb_ops->getsmbpwrid(user_rid); + return pwdb_ops->getsmbpwrid(user_rid); } /************************************************************************ @@ -247,7 +242,7 @@ struct smb_passwd *getsmbpwrid(uint32 user_rid) struct smb_passwd *getsmbpwuid(uid_t smb_userid) { - return pdb_ops->getsmbpwuid(smb_userid); + return pwdb_ops->getsmbpwuid(smb_userid); } /* @@ -370,7 +365,7 @@ struct sam_passwd *iterate_getsam21pwuid(uid_t uid) *************************************************************************/ struct sam_disp_info *getsamdisprid(uint32 rid) { - return pdb_ops->getsamdisprid(rid); + return pwdb_ops->getsamdisprid(rid); } /************************************************************************* @@ -379,7 +374,7 @@ struct sam_disp_info *getsamdisprid(uint32 rid) struct sam_passwd *getsam21pwent(void *vp) { - return pdb_ops->getsam21pwent(vp); + return pwdb_ops->getsam21pwent(vp); } @@ -389,7 +384,7 @@ struct sam_passwd *getsam21pwent(void *vp) struct sam_passwd *getsam21pwnam(char *name) { - return pdb_ops->getsam21pwnam(name); + return pwdb_ops->getsam21pwnam(name); } /************************************************************************ @@ -398,7 +393,7 @@ struct sam_passwd *getsam21pwnam(char *name) struct sam_passwd *getsam21pwrid(uint32 rid) { - return pdb_ops->getsam21pwrid(rid); + return pwdb_ops->getsam21pwrid(rid); } @@ -415,7 +410,7 @@ struct sam_passwd *getsam21pwrid(uint32 rid) initialises a struct sam_disp_info. **************************************************************/ -static void pdb_init_dispinfo(struct sam_disp_info *user) +static void pwdb_init_dispinfo(struct sam_disp_info *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -425,7 +420,7 @@ static void pdb_init_dispinfo(struct sam_disp_info *user) initialises a struct smb_passwd. **************************************************************/ -void pdb_init_smb(struct smb_passwd *user) +void pwdb_init_smb(struct smb_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -435,7 +430,7 @@ void pdb_init_smb(struct smb_passwd *user) /************************************************************* initialises a struct sam_passwd. **************************************************************/ -void pdb_init_sam(struct sam_passwd *user) +void pwdb_init_sam(struct sam_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); @@ -451,13 +446,13 @@ void pdb_init_sam(struct sam_passwd *user) Routine to return the next entry in the sam passwd list. *************************************************************************/ -struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user) +struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user) { static struct sam_disp_info disp_info; if (user == NULL) return NULL; - pdb_init_dispinfo(&disp_info); + pwdb_init_dispinfo(&disp_info); disp_info.smb_name = user->smb_name; disp_info.full_name = user->full_name; @@ -470,13 +465,13 @@ struct sam_disp_info *pdb_sam_to_dispinfo(struct sam_passwd *user) converts a sam_passwd structure to a smb_passwd structure. **************************************************************/ -struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user) +struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user) { static struct smb_passwd pw_buf; if (user == NULL) return NULL; - pdb_init_smb(&pw_buf); + pwdb_init_smb(&pw_buf); pw_buf.smb_userid = user->smb_userid; pw_buf.smb_name = user->smb_name; @@ -493,13 +488,13 @@ struct smb_passwd *pdb_sam_to_smb(struct sam_passwd *user) converts a smb_passwd structure to a sam_passwd structure. **************************************************************/ -struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user) +struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user) { static struct sam_passwd pw_buf; if (user == NULL) return NULL; - pdb_init_sam(&pw_buf); + pwdb_init_sam(&pw_buf); pw_buf.smb_userid = user->smb_userid; pw_buf.smb_name = user->smb_name; @@ -517,7 +512,7 @@ struct sam_passwd *pdb_smb_to_sam(struct smb_passwd *user) null). length *MUST BE MORE THAN 2* ! **********************************************************/ -char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) +char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) { static fstring acct_str; size_t i = 0; @@ -553,7 +548,7 @@ char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) 15 lines, which is more important. **********************************************************/ -uint16 pdb_decode_acct_ctrl(char *p) +uint16 pwdb_decode_acct_ctrl(char *p) { uint16 acct_ctrl = 0; BOOL finished = False; @@ -603,7 +598,9 @@ static time_t get_time_from_string(char *p) for (i = 0; i < 8; i++) { if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - break; + { + break; + } } if (i == 8) { @@ -621,7 +618,7 @@ static time_t get_time_from_string(char *p) gets password last set time ********************************************************************/ -time_t pdb_get_last_set_time(char *p) +time_t pwdb_get_last_set_time(char *p) { if (*p && StrnCaseCmp((char *)p, "LCT-", 4)) { @@ -642,7 +639,7 @@ static void set_time_in_string(char *p, int max_len, char *type, time_t t) /******************************************************************* sets logon time ********************************************************************/ -void pdb_set_logon_time(char *p, int max_len, time_t t) +void pwdb_set_logon_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LNT", t); } @@ -650,7 +647,7 @@ void pdb_set_logon_time(char *p, int max_len, time_t t) /******************************************************************* sets logoff time ********************************************************************/ -void pdb_set_logoff_time(char *p, int max_len, time_t t) +void pwdb_set_logoff_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LOT", t); } @@ -658,7 +655,7 @@ void pdb_set_logoff_time(char *p, int max_len, time_t t) /******************************************************************* sets kickoff time ********************************************************************/ -void pdb_set_kickoff_time(char *p, int max_len, time_t t) +void pwdb_set_kickoff_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "KOT", t); } @@ -666,7 +663,7 @@ void pdb_set_kickoff_time(char *p, int max_len, time_t t) /******************************************************************* sets password can change time ********************************************************************/ -void pdb_set_can_change_time(char *p, int max_len, time_t t) +void pwdb_set_can_change_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "CCT", t); } @@ -674,7 +671,7 @@ void pdb_set_can_change_time(char *p, int max_len, time_t t) /******************************************************************* sets password last set time ********************************************************************/ -void pdb_set_must_change_time(char *p, int max_len, time_t t) +void pwdb_set_must_change_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "MCT", t); } @@ -682,7 +679,7 @@ void pdb_set_must_change_time(char *p, int max_len, time_t t) /******************************************************************* sets password last set time ********************************************************************/ -void pdb_set_last_set_time(char *p, int max_len, time_t t) +void pwdb_set_last_set_time(char *p, int max_len, time_t t) { set_time_in_string(p, max_len, "LCT", t); } @@ -691,7 +688,7 @@ void pdb_set_last_set_time(char *p, int max_len, time_t t) /************************************************************* Routine to set 32 hex password characters from a 16 byte array. **************************************************************/ -void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) +void pwdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) { if (pwd != NULL) { @@ -713,327 +710,114 @@ void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl) } } } + /************************************************************* Routine to get the 32 hex characters and turn them into a 16 byte array. **************************************************************/ -BOOL pdb_gethexpwd(char *p, char *pwd) +BOOL pwdb_gethexpwd(char *p, char *pwd) { - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - for (i = 0; i < 32; i += 2) - { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - { - return (False); - } - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); + return strhex_to_str(pwd, 32, p) == 16; } /******************************************************************* - Group and User RID username mapping function + converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid) +uid_t pwdb_user_rid_to_uid(uint32 user_rid) { - struct passwd *pw = Get_Pwnam(user_name, False); - - if (u_rid == NULL || g_rid == NULL || user_name == NULL) - { - return False; - } - - if (!pw) - { - DEBUG(1,("Username %s is invalid on this system\n", user_name)); - return False; - } - - if (user_in_list(user_name, lp_domain_guest_users())) - { - *u_rid = DOMAIN_USER_RID_GUEST; - } - else if (user_in_list(user_name, lp_domain_admin_users())) - { - *u_rid = DOMAIN_USER_RID_ADMIN; - } - else - { - /* turn the unix UID into a Domain RID. this is what the posix - sub-system does (adds 1000 to the uid) */ - *u_rid = pdb_uid_to_user_rid(pw->pw_uid); - } - - /* absolutely no idea what to do about the unix GID to Domain RID mapping */ - *g_rid = pdb_gid_to_group_rid(pw->pw_gid); - - return True; + uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER); + return uid; } -/**************************************************************************** - Read the machine SID from a file. -****************************************************************************/ - -static BOOL read_sid_from_file(int fd, char *sid_file) -{ - fstring fline; - - memset(fline, '\0', sizeof(fline)); - - if(read(fd, fline, sizeof(fline) -1 ) < 0) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Convert to the machine SID. - */ - - fline[sizeof(fline)-1] = '\0'; - if(!string_to_sid( &global_sam_sid, fline)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - return True; +/******************************************************************* + converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +uint32 pwdb_uid_to_user_rid(uid_t uid) +{ + uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); + return user_rid; } -/**************************************************************************** - Generate the global machine sid. Look for the MACHINE.SID file first, if - not found then look in smb.conf and use it to create the MACHINE.SID file. -****************************************************************************/ -BOOL pdb_generate_sam_sid(void) +/******************************************************************* + converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +uint32 pwdb_gid_to_group_rid(gid_t gid) { - int fd; - char *p; - pstring sid_file; - fstring sid_string; - SMB_STRUCT_STAT st; - uchar raw_sid_data[12]; - - pstrcpy(sid_file, lp_smb_passwd_file()); - p = strrchr(sid_file, '/'); - if(p != NULL) { - *++p = '\0'; - } - - if (!directory_exist(sid_file, NULL)) { - if (dos_mkdir(sid_file, 0700) != 0) { - DEBUG(0,("can't create private directory %s : %s\n", - sid_file, strerror(errno))); - return False; - } - } - - pstrcat(sid_file, "MACHINE.SID"); - - if((fd = open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) { - DEBUG(0,("unable to open or create file %s. Error was %s\n", - sid_file, strerror(errno) )); - return False; - } - - /* - * Check if the file contains data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * We have a valid SID - read it. - */ - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - close(fd); - return True; - } - - /* - * The file contains no data - we need to generate our - * own sid. - */ - - { - /* - * Generate the new sid data & turn it into a string. - */ - int i; - generate_random_buffer( raw_sid_data, 12, True); - - fstrcpy( sid_string, "S-1-5-21"); - for( i = 0; i < 3; i++) { - fstring tmp_string; - slprintf( tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4)); - fstrcat( sid_string, tmp_string); - } - } - - fstrcat(sid_string, "\n"); - - /* - * Ensure our new SID is valid. - */ - - if(!string_to_sid( &global_sam_sid, sid_string)) { - DEBUG(0,("unable to generate machine SID.\n")); - return False; - } - - /* - * Do an exclusive blocking lock on the file. - */ - - if(!do_file_lock( fd, 60, F_WRLCK)) { - DEBUG(0,("unable to lock file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - /* - * At this point we have a blocking lock on the SID - * file - check if in the meantime someone else wrote - * SID data into the file. If so - they were here first, - * use their data. - */ - - if(sys_fstat( fd, &st) < 0) { - DEBUG(0,("unable to stat file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(st.st_size > 0) { - /* - * Unlock as soon as possible to reduce - * contention on the exclusive lock. - */ - do_file_lock( fd, 60, F_UNLCK); - - /* - * We have a valid SID - read it. - */ - - if(!read_sid_from_file( fd, sid_file)) { - DEBUG(0,("unable to read file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - close(fd); - return True; - } - - /* - * The file is still empty and we have an exlusive lock on it. - * Write out out SID data into the file. - */ - - if(fchmod(fd, 0644) < 0) { - DEBUG(0,("unable to set correct permissions on file %s. \ -Error was %s\n", sid_file, strerror(errno) )); - close(fd); - return False; - } - - if(write( fd, sid_string, strlen(sid_string)) != strlen(sid_string)) { - DEBUG(0,("unable to write file %s. Error was %s\n", - sid_file, strerror(errno) )); - close(fd); - return False; - } - - /* - * Unlock & exit. - */ - - do_file_lock( fd, 60, F_UNLCK); - close(fd); - return True; -} + uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); + return grp_rid; +} /******************************************************************* - converts UNIX uid to an NT User RID. + converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uid_t pdb_user_rid_to_uid(uint32 user_rid) +gid_t pwdb_group_rid_to_gid(uint32 group_rid) { - return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER); + gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER); + return gid; } /******************************************************************* - converts UNIX uid to an NT User RID. + converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uint32 pdb_uid_to_user_rid(uid_t uid) +uint32 pwdb_gid_to_alias_rid(gid_t gid) { - return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE); + uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); + return alias_rid; } /******************************************************************* - converts NT Group RID to a UNIX uid. + converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -uint32 pdb_gid_to_group_rid(gid_t gid) +gid_t pwdb_alias_rid_to_gid(uint32 alias_rid) { - return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE); + gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER); + return gid; } /******************************************************************* Decides if a RID is a well known RID. ********************************************************************/ +static BOOL pwdb_rid_is_well_known(uint32 rid) +{ + return (rid < 1000); +} -static BOOL pdb_rid_is_well_known(uint32 rid) +/******************************************************************* + determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA + ********************************************************************/ +static uint32 pwdb_rid_type(uint32 rid) { - return (rid < 1000); + /* lkcl i understand that NT attaches an enumeration to a RID + * such that it can be identified as either a user, group etc + * type: SID_ENUM_TYPE. + */ + if (pwdb_rid_is_well_known(rid)) + { + /* + * The only well known user RIDs are DOMAIN_USER_RID_ADMIN + * and DOMAIN_USER_RID_GUEST. + */ + if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) + { + return RID_TYPE_USER; + } + if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) + { + return RID_TYPE_GROUP; + } + if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) + { + return RID_TYPE_ALIAS; + } + } + return (rid & RID_TYPE_MASK); } /******************************************************************* - Decides if a RID is a user or group RID. + checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA ********************************************************************/ - -BOOL pdb_rid_is_user(uint32 rid) +BOOL pwdb_rid_is_user(uint32 rid) { - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type. there are 5 such categories, and they are documented. - */ - if(pdb_rid_is_well_known(rid)) { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - return True; - } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) { - return True; - } - return False; + return pwdb_rid_type(rid) == RID_TYPE_USER; } + diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index c8d817dc40..bdf01ee6a8 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -21,7 +21,7 @@ #ifdef USE_SMBPASS_DB -extern int pw_file_lock_depth; +static int pw_file_lock_depth = 0; extern int DEBUGLEVEL; extern pstring samlogon_user; extern BOOL sam_logon_in_ssb; @@ -35,37 +35,8 @@ static char s_readbuf[1024]; static void *startsmbfilepwent(BOOL update) { - FILE *fp = NULL; - char *pfile = lp_smb_passwd_file(); - - if (!*pfile) { - DEBUG(0, ("startsmbfilepwent: No SMB password file set\n")); - return (NULL); - } - DEBUG(10, ("startsmbfilepwent: opening file %s\n", pfile)); - - fp = fopen(pfile, update ? "r+b" : "rb"); - - if (fp == NULL) { - DEBUG(0, ("startsmbfilepwent: unable to open file %s\n", pfile)); - return NULL; - } - - /* Set a buffer to do more efficient reads */ - setvbuf(fp, s_readbuf, _IOFBF, sizeof(s_readbuf)); - - if (!pw_file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, &pw_file_lock_depth)) - { - DEBUG(0, ("startsmbfilepwent: unable to lock file %s\n", pfile)); - fclose(fp); - return NULL; - } - - /* Make sure it is only rw by the owner */ - chmod(pfile, 0600); - - /* We have a lock on the file. */ - return (void *)fp; + return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf), + &pw_file_lock_depth, update); } /*************************************************************** @@ -74,11 +45,27 @@ static void *startsmbfilepwent(BOOL update) static void endsmbfilepwent(void *vp) { - FILE *fp = (FILE *)vp; + endfilepwent(vp, &pw_file_lock_depth); +} - pw_file_unlock(fileno(fp), &pw_file_lock_depth); - fclose(fp); - DEBUG(7, ("endsmbfilepwent: closed password file.\n")); +/************************************************************************* + Return the current position in the smbpasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static SMB_BIG_UINT getsmbfilepwpos(void *vp) +{ + return getfilepwpos(vp); +} + +/************************************************************************* + Set the current position in the smbpasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ + +static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) +{ + return setfilepwpos(vp, tok); } /************************************************************************* @@ -86,219 +73,182 @@ static void endsmbfilepwent(void *vp) *************************************************************************/ static struct smb_passwd *getsmbfilepwent(void *vp) { - /* Static buffers we will return. */ - static struct smb_passwd pw_buf; - static pstring user_name; - static unsigned char smbpwd[16]; - static unsigned char smbntpwd[16]; - FILE *fp = (FILE *)vp; - char linebuf[256]; - unsigned char c; - unsigned char *p; - long uidval; - size_t linebuf_len; - - if(fp == NULL) { - DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n")); - return NULL; - } - - pdb_init_smb(&pw_buf); - - pw_buf.acct_ctrl = ACB_NORMAL; - - /* - * Scan the file, a line at a time and check if the name matches. - */ - while (!feof(fp)) { - linebuf[0] = '\0'; - - fgets(linebuf, 256, fp); - if (ferror(fp)) { - return NULL; - } - - /* - * Check if the string is terminated with a newline - if not - * then we must keep reading and discard until we get one. - */ - linebuf_len = strlen(linebuf); - if (linebuf[linebuf_len - 1] != '\n') { - c = '\0'; - while (!ferror(fp) && !feof(fp)) { - c = fgetc(fp); - if (c == '\n') - break; - } - } else - linebuf[linebuf_len - 1] = '\0'; - -#ifdef DEBUG_PASSWORD - DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf)); -#endif - if ((linebuf[0] == 0) && feof(fp)) { - DEBUG(4, ("getsmbfilepwent: end of file reached\n")); - break; - } - /* - * The line we have should be of the form :- - * - * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently - * ignored.... - * - * or, - * - * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored.... - * - * if Windows NT compatible passwords are also present. - * [Account type] is an ascii encoding of the type of account. - * LCT-(8 hex digits) is the time_t value of the last change time. - */ - - if (linebuf[0] == '#' || linebuf[0] == '\0') { - DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n")); - continue; - } - p = (unsigned char *) strchr(linebuf, ':'); - if (p == NULL) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n")); - continue; - } - /* - * As 256 is shorter than a pstring we don't need to check - * length here - if this ever changes.... - */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - - /* Get smb uid. */ - - p++; /* Go past ':' */ - if (!isdigit(*p)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n")); - continue; - } - - uidval = atoi((char *) p); - - while (*p && isdigit(*p)) - p++; - - if (*p != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n")); - continue; - } - - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; - - /* - * Now get the password value - this should be 32 hex digits - * which are the ascii representations of a 16 byte string. - * Get two at a time and put them into the password. - */ - - /* Skip the ':' */ - p++; - - if (*p == '*' || *p == 'X') { - /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); - pw_buf.smb_nt_passwd = NULL; - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_DISABLED; - return &pw_buf; - } - - if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { - DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); - continue; - } - - if (p[32] != ':') { - DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n")); - continue; - } + /* Static buffers we will return. */ + static struct smb_passwd pw_buf; + static pstring user_name; + static unsigned char smbpwd[16]; + static unsigned char smbntpwd[16]; + struct passwd *pwfile; + char linebuf[256]; + unsigned char *p; + int uidval; + size_t linebuf_len; - if (!strncasecmp((char *) p, "NO PASSWORD", 11)) { - pw_buf.smb_passwd = NULL; - pw_buf.acct_ctrl |= ACB_PWNOTREQ; - } else { - if (!pdb_gethexpwd((char *)p, (char *)smbpwd)) { - DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); - continue; - } - pw_buf.smb_passwd = smbpwd; - } + if (vp == NULL) + { + DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n")); + return NULL; + } - /* - * Now check if the NT compatible password is - * available. - */ - pw_buf.smb_nt_passwd = NULL; - - p += 33; /* Move to the first character of the line after - the lanman password. */ - if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) { - if (*p != '*' && *p != 'X') { - if(pdb_gethexpwd((char *)p,(char *)smbntpwd)) - pw_buf.smb_nt_passwd = smbntpwd; - } - p += 33; /* Move to the first character of the line after - the NT password. */ - } + pwdb_init_smb(&pw_buf); - DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n", - user_name, uidval)); + pw_buf.acct_ctrl = ACB_NORMAL; - if (*p == '[') + /* + * Scan the file, a line at a time. + */ + while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0) { - pw_buf.acct_ctrl = pdb_decode_acct_ctrl((char*)p); - - /* Must have some account type set. */ - if(pw_buf.acct_ctrl == 0) - pw_buf.acct_ctrl = ACB_NORMAL; - - /* Now try and get the last change time. */ - if(*p == ']') - p++; - if(*p == ':') { - p++; - if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) { - int i; - p += 4; - for(i = 0; i < 8; i++) { - if(p[i] == '\0' || !isxdigit(p[i])) - break; - } - if(i == 8) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - pw_buf.pass_last_set_time = (time_t)strtol((char *)p, NULL, 16); - } - } - } - } else { - /* 'Old' style file. Fake up based on user name. */ - /* - * Currently trust accounts are kept in the same - * password file as 'normal accounts'. If this changes - * we will have to fix this code. JRA. - */ - if(pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') { - pw_buf.acct_ctrl &= ~ACB_NORMAL; - pw_buf.acct_ctrl |= ACB_WSTRUST; - } - } - - return &pw_buf; - } + /* + * The line we have should be of the form :- + * + * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently + * ignored.... + * + * or, + * + * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored.... + * + * if Windows NT compatible passwords are also present. + * [Account type] is an ascii encoding of the type of account. + * LCT-(8 hex digits) is the time_t value of the last change time. + */ + + /* + * As 256 is shorter than a pstring we don't need to check + * length here - if this ever changes.... + */ + p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); + + /* Go past ':' */ + p++; + + /* Get smb uid. */ + + p = Atoic((char *) p, &uidval, ":"); + + pw_buf.smb_name = user_name; + pw_buf.smb_userid = uidval; + + /* + * Now get the password value - this should be 32 hex digits + * which are the ascii representations of a 16 byte string. + * Get two at a time and put them into the password. + */ + + /* Skip the ':' */ + p++; + + if (*p == '*' || *p == 'X') + { + /* Password deliberately invalid - end here. */ + DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); + pw_buf.smb_nt_passwd = NULL; + pw_buf.smb_passwd = NULL; + pw_buf.acct_ctrl |= ACB_DISABLED; + return &pw_buf; + } + + if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) + { + DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n")); + continue; + } + + if (p[32] != ':') + { + DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n")); + continue; + } + + if (!strncasecmp((char *) p, "NO PASSWORD", 11)) + { + pw_buf.smb_passwd = NULL; + pw_buf.acct_ctrl |= ACB_PWNOTREQ; + } + else + { + if (!pwdb_gethexpwd((char *)p, (char *)smbpwd)) + { + DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n")); + continue; + } + pw_buf.smb_passwd = smbpwd; + } + + /* + * Now check if the NT compatible password is + * available. + */ + pw_buf.smb_nt_passwd = NULL; + + /* Move to the first character of the line after the lanman password. */ + p += 33; + if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) + { + if (*p != '*' && *p != 'X') + { + if(pwdb_gethexpwd((char *)p,(char *)smbntpwd)) + { + pw_buf.smb_nt_passwd = smbntpwd; + } + } + /* Move to the first character of the line after the NT password. */ + p += 33; + } + + DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n", + user_name, uidval)); + + if (*p == '[') + { + pw_buf.acct_ctrl = pwdb_decode_acct_ctrl((char*)p); + + /* Must have some account type set. */ + if (pw_buf.acct_ctrl == 0) + { + pw_buf.acct_ctrl = ACB_NORMAL; + } + + /* Now try and get the last change time. */ + if (*p == ']') + { + p++; + } + if (*p == ':') + { + p++; + pw_buf.pass_last_set_time = pwdb_get_last_set_time(p); + } + } + else + { + /* 'Old' style file. Fake up based on user name. */ + /* + * Currently trust accounts are kept in the same + * password file as 'normal accounts'. If this changes + * we will have to fix this code. JRA. + */ + if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') + { + pw_buf.acct_ctrl &= ~ACB_NORMAL; + pw_buf.acct_ctrl |= ACB_WSTRUST; + } + } + + pwfile = Get_Pwnam(pw_buf.smb_name, False); + if (pwfile == NULL) + { + DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n")); + DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name)); + return NULL; + } + + return &pw_buf; + } - DEBUG(5,("getsmbfilepwent: end of file reached.\n")); - return NULL; + DEBUG(5,("getsmbfilepwent: end of file reached.\n")); + return NULL; } /************************************************************************* @@ -327,7 +277,9 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) if (pw_buf == NULL) return NULL; - pwfile = getpwnam(pw_buf->smb_name); + pwdb_init_sam(&user); + + pwfile = Get_Pwnam(pw_buf->smb_name, False); if (pwfile == NULL) { DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); @@ -335,8 +287,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) return NULL; } - pdb_init_sam(&user); - pstrcpy(samlogon_user, pw_buf->smb_name); if (samlogon_user[strlen(samlogon_user)-1] != '$') @@ -348,8 +298,8 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) user.smb_userid = pw_buf->smb_userid; user.smb_grpid = pwfile->pw_gid; - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pdb_gid_to_group_rid(user.smb_grpid ); + user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); + user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid ); pstrcpy(full_name , pwfile->pw_gecos ); pstrcpy(logon_script , lp_logon_script ()); @@ -366,7 +316,7 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) user.smb_userid = pw_buf->smb_userid; user.smb_grpid = pwfile->pw_gid; - user.user_rid = pdb_uid_to_user_rid (user.smb_userid); + user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ pstrcpy(full_name , ""); @@ -405,26 +355,6 @@ static struct sam_passwd *getsmbfile21pwent(void *vp) return &user; } -/************************************************************************* - Return the current position in the smbpasswd list as an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static SMB_BIG_UINT getsmbfilepwpos(void *vp) -{ - return (SMB_BIG_UINT)sys_ftell((FILE *)vp); -} - -/************************************************************************* - Set the current position in the smbpasswd list from an SMB_BIG_UINT. - This must be treated as an opaque token. -*************************************************************************/ - -static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) -{ - return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET); -} - /************************************************************************ Routine to add an entry to the smbpasswd file. *************************************************************************/ @@ -525,7 +455,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); /* Add the account encoding and the last change time. */ slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", - pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL)); + pwdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), (uint32)time(NULL)); #ifdef DEBUG_PASSWORD DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d entry_len %d made line |%s|", @@ -603,7 +533,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) lockfd = fileno(fp); - if (!pw_file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) { + if (!file_lock(lockfd, F_WRLCK, 5, &pw_file_lock_depth)) { DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile)); fclose(fp); return False; @@ -623,7 +553,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) fgets(linebuf, sizeof(linebuf), fp); if (ferror(fp)) { - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -692,7 +622,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) } if (!found_entry) { - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -704,7 +634,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!isdigit(*p)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -713,7 +643,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) p++; if (*p != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n")); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } @@ -731,27 +661,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!override && (*p == '*' || *p == 'X')) { /* Password deliberately invalid - end here. */ DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name)); - pw_file_unlock(lockfd, &pw_file_lock_depth); + file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; } if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } if (p[32] != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (!override && (*p == '*' || *p == 'X')) { - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -762,14 +692,14 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) the lanman password. */ if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } if (p[32] != ':') { DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n")); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -807,7 +737,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) * acct ctrl field. Encode the given acct ctrl * bits into it. */ - fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + fstrcpy(encode_bits, pwdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } else { /* * If using the old format and the ACB_DISABLED or @@ -897,7 +827,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if(wr_len > sizeof(linebuf)) { DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return (False); } @@ -915,7 +845,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) { DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } @@ -923,33 +853,33 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) /* Sanity check - ensure the areas we are writing are framed by ':' */ if (read(fd, linebuf, wr_len+1) != wr_len+1) { DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if ((linebuf[0] != ':') || (linebuf[wr_len] != ':')) { DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) { DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } if (write(fd, ascii_p16, wr_len) != wr_len) { DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile)); - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return False; } - pw_file_unlock(lockfd,&pw_file_lock_depth); + file_unlock(lockfd,&pw_file_lock_depth); fclose(fp); return True; } @@ -960,27 +890,27 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) { - return mod_smbfilepwd_entry(pdb_sam_to_smb(pwd), override); + return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override); } static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) { - return add_smbfilepwd_entry(pdb_sam_to_smb(newpwd)); + return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd)); } static struct sam_disp_info *getsmbfiledispnam(char *name) { - return pdb_sam_to_dispinfo(getsam21pwnam(name)); + return pwdb_sam_to_dispinfo(getsam21pwnam(name)); } static struct sam_disp_info *getsmbfiledisprid(uint32 rid) { - return pdb_sam_to_dispinfo(getsam21pwrid(rid)); + return pwdb_sam_to_dispinfo(getsam21pwrid(rid)); } static struct sam_disp_info *getsmbfiledispent(void *vp) { - return pdb_sam_to_dispinfo(getsam21pwent(vp)); + return pwdb_sam_to_dispinfo(getsam21pwent(vp)); } static struct passdb_ops file_ops = { @@ -1005,7 +935,7 @@ static struct passdb_ops file_ops = { getsmbfiledispent }; -struct passdb_ops *file_initialize_password_db(void) +struct passdb_ops *file_initialise_password_db(void) { return &file_ops; } diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c index 0d4f9d3203..a50bc93eac 100644 --- a/source3/passdb/smbpassfile.c +++ b/source3/passdb/smbpassfile.c @@ -21,52 +21,7 @@ extern int DEBUGLEVEL; -int pw_file_lock_depth = 0; - BOOL global_machine_password_needs_changing = False; - - -/*************************************************************** - Lock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth) -{ - if (fd < 0) - return False; - - (*plock_depth)++; - - if(pw_file_lock_depth == 0) { - if (!do_file_lock(fd, secs, type)) { - DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n", - strerror(errno))); - return False; - } - } - - return True; -} - -/*************************************************************** - Unlock an fd. Abandon after waitsecs seconds. -****************************************************************/ - -BOOL pw_file_unlock(int fd, int *plock_depth) -{ - BOOL ret=True; - - if(*plock_depth == 1) - ret = do_file_lock(fd, 5, F_UNLCK); - - (*plock_depth)--; - - if(!ret) - DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n", - strerror(errno))); - return ret; -} - static int mach_passwd_lock_depth; static FILE *mach_passwd_fp; @@ -125,7 +80,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update) chmod(mac_file, 0600); - if(!pw_file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), + if(!file_lock(fileno(mach_passwd_fp), (update ? F_WRLCK : F_RDLCK), 60, &mach_passwd_lock_depth)) { DEBUG(0,("trust_password_lock: cannot lock file %s\n", mac_file)); @@ -144,7 +99,7 @@ BOOL trust_password_lock( char *domain, char *name, BOOL update) BOOL trust_password_unlock(void) { - BOOL ret = pw_file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); + BOOL ret = file_unlock(fileno(mach_passwd_fp), &mach_passwd_lock_depth); if(mach_passwd_lock_depth == 0) fclose(mach_passwd_fp); return ret; @@ -212,7 +167,7 @@ BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_t * Get the hex password. */ - if (!pdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || + if (!pwdb_gethexpwd((char *)linebuf, (char *)ret_pwd) || linebuf[32] != ':' || strncmp(&linebuf[33], "TLC-", 4)) { DEBUG(0,("get_trust_account_password: Malformed trust password file (incorrect format).\n")); #ifdef DEBUG_PASSWORD diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index e18062220b..3ce22fd854 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -24,8 +24,6 @@ #include "nterr.h" extern int DEBUGLEVEL; -extern fstring global_myworkgroup; -extern pstring global_myname; /**************************************************************************** Initialize domain session credentials. diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 5255732c5d..a43b65ad64 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -193,7 +193,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); - slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", + slprintf(full_name, sizeof(full_name), "\\%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index d75ad6947f..ed2f391256 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -32,7 +32,6 @@ extern int DEBUGLEVEL; extern pstring scope; extern pstring global_myname; -extern fstring global_myworkgroup; /**************************************************************************** Generate the next creds to use. diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 579eeebdac..712e608847 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -31,7 +31,6 @@ extern int DEBUGLEVEL; extern struct pipe_id_info pipe_names[]; -extern fstring global_myworkgroup; extern pstring global_myname; /******************************************************************** diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index a5c523fdb6..818e7a0baf 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -37,7 +37,7 @@ void make_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name, int len_name = strlen(name); trn->sid_name_use = sid_name_use; - make_uni_hdr(&(trn->hdr_name), len_name, len_name, len_name != 0); + make_uni_hdr(&(trn->hdr_name), len_name, len_name, 1); make_unistr2(uni_name, name, len_name); trn->domain_idx = idx; } @@ -692,7 +692,7 @@ void lsa_io_q_lookup_rids(char *desc, LSA_Q_LOOKUP_RIDS *q_r, prs_struct *ps, i for (i = 0; i < q_r->num_entries; i++) { - smb_io_unistr3("", &(q_r->lookup_name[i]), ps, depth); /* names to be looked up */ + smb_io_unistr3("dom_name", &(q_r->lookup_name[i]), ps, depth); /* names to be looked up */ } prs_uint8s (False, "undoc ", ps, depth, q_r->undoc, UNKNOWN_LEN); diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 57fc73e516..ce573c7bf2 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -665,8 +665,8 @@ void make_id_info2(NET_ID_INFO_2 *id, char *domain_name, int len_domain_name = strlen(domain_name); int len_user_name = strlen(user_name ); int len_wksta_name = strlen(wksta_name ); - int nt_chal_resp_len = ((nt_chal_resp != NULL) ? 24 : 0); - int lm_chal_resp_len = ((lm_chal_resp != NULL) ? 24 : 0); + int nt_chal_resp_len = ((nt_chal_resp != NULL) ? 24 : 0); + int lm_chal_resp_len = ((lm_chal_resp != NULL) ? 24 : 0); unsigned char lm_owf[24]; unsigned char nt_owf[24]; diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c index 3bf017d25e..5059ca222b 100644 --- a/source3/rpc_parse/parse_rpc.c +++ b/source3/rpc_parse/parse_rpc.c @@ -122,17 +122,6 @@ interface/version dce/rpc pipe identification }, 0x00 \ } \ -/* pipe string names */ -#define PIPE_SRVSVC "\\PIPE\\srvsvc" -#define PIPE_SAMR "\\PIPE\\samr" -#define PIPE_WINREG "\\PIPE\\winreg" -#define PIPE_WKSSVC "\\PIPE\\wkssvc" -#define PIPE_NETLOGON "\\PIPE\\NETLOGON" -#define PIPE_NTLSA "\\PIPE\\ntlsa" -#define PIPE_NTSVCS "\\PIPE\\ntsvcs" -#define PIPE_LSASS "\\PIPE\\lsass" -#define PIPE_LSARPC "\\PIPE\\lsarpc" - struct pipe_id_info pipe_names [] = { /* client pipe , abstract syntax , server pipe , transfer syntax */ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index ec4411b783..e7f4f0547c 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -993,7 +993,7 @@ void samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_s makes a SAMR_R_ENUM_DOM_ALIASES structure. ********************************************************************/ void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, - uint32 num_sam_entries, SAM_USER_INFO_21 grps[MAX_SAM_ENTRIES], + uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status) { int i; @@ -1022,11 +1022,13 @@ void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, for (i = 0; i < num_sam_entries; i++) { + int acct_name_len = strlen(alss[i].name); + make_sam_entry(&(r_u->sam[i]), - grps[i].uni_user_name.uni_str_len, - grps[i].user_rid); + acct_name_len, + alss[i].rid); - copy_unistr2(&(r_u->uni_grp_name[i]), &(grps[i].uni_user_name)); + make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name , acct_name_len); } r_u->num_entries4 = num_sam_entries; @@ -1415,7 +1417,7 @@ makes a SAMR_R_ENUM_DOM_GROUPS structure. ********************************************************************/ void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, uint32 start_idx, uint32 num_sam_entries, - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES], + DOMAIN_GRP *grp, uint32 status) { int i; @@ -1436,14 +1438,17 @@ void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, { for (i = start_idx, entries_added = 0; i < num_sam_entries; i++) { + int acct_name_len = strlen(grp[i].name); + int acct_desc_len = strlen(grp[i].comment); + make_sam_entry3(&(r_u->sam[entries_added]), start_idx + entries_added + 1, - pass[i].uni_user_name.uni_str_len, - pass[i].uni_acct_desc.uni_str_len, - pass[i].user_rid); + acct_name_len, + acct_desc_len, + grp[i].rid); - copy_unistr2(&(r_u->str[entries_added].uni_grp_name), &(pass[i].uni_user_name)); - copy_unistr2(&(r_u->str[entries_added].uni_grp_desc), &(pass[i].uni_acct_desc)); + make_unistr2(&(r_u->str[entries_added].uni_grp_name), grp[i].name , acct_name_len); + make_unistr2(&(r_u->str[entries_added].uni_grp_desc), grp[i].comment, acct_desc_len); entries_added++; } @@ -1793,7 +1798,7 @@ void samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *p makes a SAMR_R_LOOKUP_NAMES structure. ********************************************************************/ void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, - uint32 num_rids, uint32 *rid, uint32 status) + uint32 num_rids, uint32 *rid, uint8 *type, uint32 status) { int i; if (r_u == NULL) return; @@ -1810,7 +1815,7 @@ void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, for (i = 0; i < num_rids; i++) { - make_dom_rid3(&(r_u->dom_rid[i]), rid[i], 0x01); + make_dom_rid3(&(r_u->dom_rid[i]), rid[i], type[i]); } r_u->num_entries3 = num_rids; @@ -2100,7 +2105,7 @@ void make_samr_r_query_usergroups(SAMR_R_QUERY_USERGROUPS *r_u, { r_u->ptr_0 = 1; r_u->num_entries = num_gids; - r_u->ptr_1 = 1; + r_u->ptr_1 = (num_gids != 0) ? 1 : 0; r_u->num_entries2 = num_gids; r_u->gid = gid; diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 5e6e101883..51b6e8d25b 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -29,6 +29,12 @@ extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; +extern fstring global_sam_name; +extern DOM_SID global_member_sid; +extern fstring global_myworkgroup; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_3; +extern DOM_SID global_sid_S_1_5; /*************************************************************************** lsa_reply_open_policy2 @@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; - d_q->buffer_dom_name = 4; /* domain buffer pointer */ - d_q->buffer_dom_sid = 2; /* domain sid pointer */ + d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */ /* this string is supposed to be character short */ make_unistr2(&(d_q->uni_domain_name), dom_name, domlen); @@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, /*************************************************************************** -make_dom_ref +make_dom_ref - adds a domain if it's not already in, returns the index ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, int num_domains, - char **dom_names, DOM_SID **dom_sids) +static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) { - int i; + int num = 0; + int len; - if (num_domains > MAX_REF_DOMAINS) + if (dom_name != NULL) { - num_domains = MAX_REF_DOMAINS; + for (num = 0; num < ref->num_ref_doms_1; num++) + { + fstring domname; + fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name)); + if (strequal(domname, dom_name)) + { + return num; + } + } + + } + else + { + num = ref->num_ref_doms_1; + } + + if (num >= MAX_REF_DOMAINS) + { + /* index not found, already at maximum domain limit */ + return -1; } ref->undoc_buffer = 1; - ref->num_ref_doms_1 = num_domains; + ref->num_ref_doms_1 = num+1; ref->undoc_buffer2 = 1; ref->max_entries = MAX_REF_DOMAINS; - ref->num_ref_doms_2 = num_domains; + ref->num_ref_doms_2 = num+1; - for (i = 0; i < num_domains; i++) - { - int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0; + len = dom_name != NULL ? strlen(dom_name) : 0; - make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0); - ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0; + make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0); + ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0; - make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len); - make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]); - } + make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len); + make_dom_sid2(&(ref->ref_dom[num].ref_dom ), dom_sid ); + return num; } /*************************************************************************** make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { int i; - make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids); + r_l->num_entries = 0; + r_l->undoc_buffer = 0; + r_l->num_entries2 = 0; +#if 0 r_l->num_entries = num_entries; r_l->undoc_buffer = 1; r_l->num_entries2 = num_entries; @@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, for (i = 0; i < num_entries; i++) { - make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01); + make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid); + make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]); } r_l->num_entries3 = num_entries; +#endif } /*************************************************************************** make_lsa_trans_names ***************************************************************************/ -static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, +static void make_lsa_trans_names(DOM_R_REF *ref, + LSA_TRANS_NAME_ENUM *trn, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - uint32 *total) + uint32 *mapped_count) { - uint32 status = 0x0; int i; - (*total) = 0; + int total = 0; + (*mapped_count) = 0; SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); for (i = 0; i < num_entries; i++) { + uint32 status = 0x0; + DOM_SID find_sid = sid[i].sid; + DOM_SID tmp = sid[i].sid; uint32 rid = 0xffffffff; - uint8 num_auths = sid[i].sid.num_auths; + int dom_idx = -1; fstring name; - uint32 type; + fstring dom_name; + uint8 sid_name_use = 0; - SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths); + memset(dom_name, 0, sizeof(dom_name)); + memset(name , 0, sizeof(name )); - /* find the rid to look up */ - if (num_auths != 0) + if (map_domain_sid_to_name(&find_sid, dom_name)) + { + sid_name_use = SID_NAME_DOMAIN; + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + } + else if (sid_split_rid (&find_sid, &rid) && + map_domain_sid_to_name(&find_sid, dom_name)) + { + if (sid_equal(&find_sid, &global_sam_sid)) + { + status = lookup_name(&tmp, name, &sid_name_use); + } + else + { + status = 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + } + else { - rid = sid[i].sid.sub_auths[num_auths-1]; - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status; - status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status; - status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status; } + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + if (status == 0x0) { - make_lsa_trans_name(&(trn->name [(*total)]), - &(trn->uni_name[(*total)]), - type, name, (*total)); - (*total)++; + (*mapped_count)++; + } + else + { + snprintf(name, sizeof(name), "%08x", rid); + sid_name_use = SID_NAME_UNKNOWN; + } + make_lsa_trans_name(&(trn->name [total]), + &(trn->uni_name[total]), + sid_name_use, name, dom_idx); + total++; } - trn->num_entries = (*total); + trn->num_entries = total; trn->ptr_trans_names = 1; - trn->num_entries2 = (*total); + trn->num_entries2 = total; } /*************************************************************************** @@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, - int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + DOM_SID2 *sid, int num_entries) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, ZERO_STRUCT(names); /* set up the LSA Lookup SIDs response */ - make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids); - make_lsa_trans_names(&names, num_entries, sid, &mapped_count); + make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); /* store the response in the SMB stream */ @@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { LSA_R_LOOKUP_RIDS r_l; ZERO_STRUCT(r_l); /* set up the LSA Lookup RIDs response */ - make_reply_lookup_rids(&r_l, num_entries, dom_rids, - num_ref_doms, dom_names, dom_sids); + make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types); + r_l.status = 0x0; /* store the response in the SMB stream */ @@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_QUERY_INFO q_i; - pstring dom_name; + fstring name; + DOM_SID *sid = NULL; + memset(name, 0, sizeof(name)); ZERO_STRUCT(q_i); /* grab the info class and policy handle */ lsa_io_q_query("", &q_i, data, 0); - pstrcpy(dom_name, lp_workgroup()); + switch (q_i.info_class) + { + case 0x03: + { + fstrcpy(name, global_myworkgroup); + sid = &global_member_sid; + break; + } + case 0x05: + { + fstrcpy(name, global_sam_name); + sid = &global_sam_sid; + break; + } + default: + { + DEBUG(5,("unknown info level in Lsa Query: %d\n", + q_i.info_class)); + break; + } + } /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); + lsa_reply_query_info(&q_i, rdata, name, sid); } /*************************************************************************** @@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_LOOKUP_SIDS q_l; - pstring dom_name; - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; - ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); /* grab the info class and policy handle */ lsa_io_q_lookup_sids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - /* construct reply. return status is always 0x0 */ - lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - 4, dom_names, sid_array); + lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries); } /*************************************************************************** @@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, { int i; LSA_Q_LOOKUP_RIDS q_l; - pstring dom_name; uint32 dom_rids[MAX_LOOKUP_SIDS]; - uint32 dummy_g_rid; - - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; + uint8 dom_types[MAX_LOOKUP_SIDS]; ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); ZERO_ARRAY(dom_rids); /* grab the info class and policy handle */ lsa_io_q_lookup_rids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - fstring user_name; - fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); - - /* - * Map to the UNIX username. - */ - map_username(user_name); - - /* - * Do any case conversions. - */ - (void)Get_Pwnam(user_name, True); + fstring name; + fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer)); - if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) + if (lookup_rid(name, &dom_rids[i], &dom_types[i])) { /* WHOOPS! we should really do something about this... */ dom_rids[i] = 0; @@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, - q_l.num_entries, dom_rids, /* text-converted SIDs */ - 4, dom_names, sid_array); + q_l.num_entries, + dom_rids, /* text-converted SIDs */ + dom_types); /* SID_NAME_USE types */ } /*************************************************************************** diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index b807c40604..dabc5520ff 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) { struct policy *p = find_lsa_policy(hnd); - if (!p) { + if (!p) + { DEBUG(3,("Error closing policy\n")); return False; } @@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) bitmap_clear(bmap, p->pnum); ZERO_STRUCTP(p); + ZERO_STRUCTP(hnd); free(p); diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 04118800e2..77b17dca2f 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -1,4 +1,3 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -544,7 +543,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, net_login_network: *************************************************************************/ static uint32 net_login_network(NET_ID_INFO_2 *id2, - struct smb_passwd *smb_pass) + struct smb_passwd *smb_pass, + user_struct *vuser) { DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", id2->hdr_lm_chal_resp.str_str_len, @@ -593,221 +593,213 @@ static void api_net_sam_logon( uint16 vuid, prs_struct *data, prs_struct *rdata) { - NET_Q_SAM_LOGON q_l; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 usr_info; - uint32 status = 0x0; - DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; - UNISTR2 *uni_samlogon_user = NULL; - - user_struct *vuser = NULL; - - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return; - - q_l.sam_id.ctr = &ctr; - - net_io_q_sam_logon("", &q_l, data, 0); - - /* checks and updates credentials. creates reply credentials */ - if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), - &(q_l.sam_id.client.cred), &srv_cred)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - else - { - memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); - } - - /* find the username */ - - if (status == 0) - { - switch (q_l.sam_id.logon_level) - { - case INTERACTIVE_LOGON_TYPE: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); - - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); - break; - } - case NET_LOGON_TYPE: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); - - DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); - break; - } - default: - { - DEBUG(2,("SAM Logon: unsupported switch value\n")); - status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; - break; - } - } /* end switch */ - } /* end if status == 0 */ - - /* check username exists */ - - if (status == 0) - { - pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, - uni_samlogon_user->uni_str_len)); - - DEBUG(3,("User:[%s]\n", samlogon_user)); + NET_Q_SAM_LOGON q_l; + NET_ID_INFO_CTR ctr; + NET_USER_INFO_3 usr_info; + uint32 status = 0x0; + DOM_CRED srv_cred; + struct smb_passwd *smb_pass = NULL; + UNISTR2 *uni_samlogon_user = NULL; - /* - * Convert to a UNIX username. - */ - map_username(samlogon_user); + user_struct *vuser = NULL; - /* - * Do any case conversions. - */ - (void)Get_Pwnam(samlogon_user, True); - - become_root(True); - smb_pass = getsmbpwnam(samlogon_user); - unbecome_root(True); - - if (smb_pass == NULL) - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - else if (smb_pass->acct_ctrl & ACB_PWNOTREQ) - status = 0; - else if (smb_pass->acct_ctrl & ACB_DISABLED) - status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; - } - - /* Validate password - if required. */ - - if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) - { - switch (q_l.sam_id.logon_level) - { - case INTERACTIVE_LOGON_TYPE: - { - /* interactive login. */ - status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); - break; - } - case NET_LOGON_TYPE: - { - /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass); - break; - } - } - } - - /* lkclXXXX this is the point at which, if the login was - successful, that the SAM Local Security Authority should - record that the user is logged in to the domain. - */ - - /* return the profile plus other bits :-) */ - - if (status == 0) - { - DOM_GID *gids = NULL; - int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; - pstring my_name; - pstring my_workgroup; - pstring domain_groups; - uint32 r_uid; - uint32 r_gid; - - /* set up pointer indicating user/password failed to be found */ - usr_info.ptr_user_info = 0; - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - pstrcpy(logon_script, lp_logon_script()); - pstrcpy(profile_path, lp_logon_path()); - - pstrcpy(my_workgroup, lp_workgroup()); - - pstrcpy(home_drive, lp_logon_drive()); - pstrcpy(home_dir, lp_logon_home()); - - pstrcpy(my_name, global_myname); - strupper(my_name); + if ((vuser = get_valid_user_struct(vuid)) == NULL) + return; - /* - * This is the point at which we get the group - * database - we should be getting the gid_t list - * from /etc/group and then turning the uids into - * rids and then into machine sids for this user. - * JRA. - */ + q_l.sam_id.ctr = &ctr; - get_domain_user_groups(domain_groups, samlogon_user); + net_io_q_sam_logon("", &q_l, data, 0); - /* - * make_dom_gids allocates the gids array. JRA. - */ - gids = NULL; - num_gids = make_dom_gids(domain_groups, &gids); - - sam_logon_in_ssb = False; - - if (pdb_name_to_rid(samlogon_user, &r_uid, &r_gid)) - { - make_net_user_info3(&usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - samlogon_user , /* user_name */ - vuser->real_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - - 0, /* logon_count */ - 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ - num_gids, /* uint32 num_groups */ - gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ - - NULL, /* char sess_key[16] */ - - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - &global_sam_sid, /* DOM_SID *dom_sid */ - NULL); /* char *other_sids */ - } - else - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - } - - /* Free any allocated groups array. */ - if(gids) - free((char *)gids); - } - - net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); + /* checks and updates credentials. creates reply credentials */ + if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), + &(q_l.sam_id.client.cred), &srv_cred)) + { + status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + } + else + { + memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); + } + + /* find the username */ + + if (status == 0) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); + + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); + break; + } + case NET_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); + + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); + break; + } + default: + { + DEBUG(2,("SAM Logon: unsupported switch value\n")); + status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; + break; + } + } /* end switch */ + } /* end if status == 0 */ + + /* check username exists */ + + if (status == 0) + { + pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, + uni_samlogon_user->uni_str_len)); + + DEBUG(3,("User:[%s]\n", samlogon_user)); + + /* + * Convert to a UNIX username. + */ + map_username(samlogon_user); + + /* + * Do any case conversions. + */ + (void)Get_Pwnam(samlogon_user, True); + + become_root(True); + smb_pass = getsmbpwnam(samlogon_user); + unbecome_root(True); + + if (smb_pass == NULL) + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) && + IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)) + { + status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; + } + } + + /* validate password - if required */ + + if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + /* interactive login. */ + status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); + break; + } + case NET_LOGON_TYPE: + { + /* network login. lm challenge and 24 byte responses */ + status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser); + break; + } + } + } + + /* lkclXXXX this is the point at which, if the login was + successful, that the SAM Local Security Authority should + record that the user is logged in to the domain. + */ + + /* return the profile plus other bits :-) */ + + if (status == 0) + { + DOM_GID *gids = NULL; + int num_gids = 0; + NTTIME dummy_time; + pstring logon_script; + pstring profile_path; + pstring home_dir; + pstring home_drive; + pstring my_name; + pstring my_workgroup; + DOMAIN_GRP *grp_mem; + uint32 r_uid; + uint32 r_gid; + + /* set up pointer indicating user/password failed to be found */ + usr_info.ptr_user_info = 0; + + dummy_time.low = 0xffffffff; + dummy_time.high = 0x7fffffff; + + /* XXXX hack to get standard_sub_basic() to use sam logon username */ + /* possibly a better way would be to do a become_user() call */ + sam_logon_in_ssb = True; + + pstrcpy(logon_script, lp_logon_script()); + pstrcpy(profile_path, lp_logon_path()); + + pstrcpy(my_workgroup, lp_workgroup()); + + pstrcpy(home_drive, lp_logon_drive()); + pstrcpy(home_dir, lp_logon_home()); + pstrcpy(my_name, global_myname); + strupper(my_name); + + status = lookup_user_rids(samlogon_user, &r_uid, &r_gid); + status = status == 0 ? getusergroupsnam(samlogon_user, &grp_mem, &num_gids) : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP; + + if (status == 0x0) + { + gids = NULL; + num_gids = make_dom_gids(grp_mem, num_gids, &gids); + + make_net_user_info3(&usr_info, + &dummy_time, /* logon_time */ + &dummy_time, /* logoff_time */ + &dummy_time, /* kickoff_time */ + &dummy_time, /* pass_last_set_time */ + &dummy_time, /* pass_can_change_time */ + &dummy_time, /* pass_must_change_time */ + + samlogon_user , /* user_name */ + vuser->real_name, /* full_name */ + logon_script , /* logon_script */ + profile_path , /* profile_path */ + home_dir , /* home_dir */ + home_drive , /* dir_drive */ + + 0, /* logon_count */ + 0, /* bad_pw_count */ + + r_uid , /* RID user_id */ + r_gid , /* RID group_id */ + num_gids, /* uint32 num_groups */ + gids , /* DOM_GID *gids */ + 0x20 , /* uint32 user_flgs (?) */ + + NULL, /* char sess_key[16] */ + + my_name , /* char *logon_srv */ + my_workgroup, /* char *logon_dom */ + + &global_sam_sid, /* DOM_SID *dom_sid */ + NULL); /* char *other_sids */ + } + else + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + + /* Free any allocated groups array. */ + if (gids) + { + free((char *)gids); + } + } + + net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 323298ef7a..b70a71b5c0 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -30,9 +30,11 @@ extern int DEBUGLEVEL; extern BOOL sam_logon_in_ssb; extern pstring samlogon_user; -extern fstring global_myworkgroup; +extern fstring global_sam_name; extern pstring global_myname; extern DOM_SID global_sam_sid; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_5_20; extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; @@ -79,8 +81,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, user_name_len = strlen(pwd->smb_name); make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); - make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, - user_name_len, 1); + make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1, + user_name_len-1, 1); pw_buf[(*num_entries)].user_rid = pwd->user_rid; bzero( pw_buf[(*num_entries)].nt_pwd , 16); @@ -292,24 +294,21 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, if (status == 0x0) { - DOM_SID user_sid; - DOM_SID everyone_sid; + DOM_SID usr_sid; - user_sid = global_sam_sid; + usr_sid = global_sam_sid; - SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1); + SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1); /* * Add the user RID. */ - user_sid.sub_auths[user_sid.num_auths++] = rid; + sid_append_rid(&usr_sid, rid); - string_to_sid(&everyone_sid, "S-1-1"); - - /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */ - /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ - make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &everyone_sid); - make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid); + /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */ + /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ + make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1); + make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid); } make_samr_r_unknown_3(&r_u, @@ -400,37 +399,92 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, prs_struct *rdata) { SAMR_R_ENUM_DOM_GROUPS r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries; + DOMAIN_GRP *grps = NULL; + int num_entries = 0; BOOL got_grps; - char *dummy_group = "Domain Admins"; + DOM_SID sid; + fstring sid_str; r_e.status = 0x0; r_e.num_entries = 0; /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) + if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid)) { r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; } - DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); + sid_to_string(sid_str, &sid); + + DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str)); + + /* well-known groups */ + if (sid_equal(&sid, &global_sid_S_1_5_20)) + { + char *name; + got_grps = True; + + while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) + { + DOMAIN_GRP tmp_grp; + + fstrcpy(tmp_grp.name , name); + fstrcpy(tmp_grp.comment, ""); + tmp_grp.rid = domain_group_rids[num_entries].rid; + tmp_grp.attr = 0x7; + + if (!add_domain_group(&grps, &num_entries, &tmp_grp)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } + } + } + else if (sid_equal(&sid, &global_sam_sid)) + { + BOOL ret; + char *name; + got_grps = True; + + while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) + { + DOMAIN_GRP tmp_grp; + + fstrcpy(tmp_grp.name , name); + fstrcpy(tmp_grp.comment, ""); + tmp_grp.rid = domain_group_rids[num_entries].rid; + tmp_grp.attr = 0x7; - got_grps = True; - num_entries = 1; - make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)); - pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS; + if (!add_domain_group(&grps, &num_entries, &tmp_grp)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } + } + + become_root(True); + ret = enumdomgroups(&grps, &num_entries); + unbecome_root(True); + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + } + } if (r_e.status == 0 && got_grps) { - make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status); + make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status); } /* store the response in the SMB stream */ samr_io_r_enum_dom_groups("", &r_e, rdata, 0); - DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); + if (grps != NULL) + { + free(grps); + } + DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); } /******************************************************************* @@ -455,11 +509,10 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, prs_struct *rdata) { SAMR_R_ENUM_DOM_ALIASES r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; + LOCAL_GRP *alss = NULL; int num_entries = 0; DOM_SID sid; fstring sid_str; - fstring sam_sid_str; r_e.status = 0x0; r_e.num_entries = 0; @@ -471,34 +524,57 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, } sid_to_string(sid_str, &sid); - sid_to_string(sam_sid_str, &global_sam_sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); /* well-known aliases */ - if (strequal(sid_str, "S-1-5-32")) + if (sid_equal(&sid, &global_sid_S_1_5_20)) { char *name; - while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) + + while ((name = builtin_alias_rids[num_entries].name) != NULL) { - make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); - pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; - num_entries++; + LOCAL_GRP tmp_als; + + fstrcpy(tmp_als.name , name); + fstrcpy(tmp_als.comment, ""); + tmp_als.rid = builtin_alias_rids[num_entries].rid; + + if (!add_domain_alias(&alss, &num_entries, &tmp_als)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } } } - else if (strequal(sid_str, sam_sid_str)) + else if (sid_equal(&sid, &global_sam_sid)) { + BOOL ret; /* local aliases */ - /* oops! there's no code to deal with this */ - DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n")); num_entries = 0; + + become_root(True); + ret = enumdomaliases(&alss, &num_entries); + unbecome_root(True); + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + } } - make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); + if (r_e.status == 0x0) + { + make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status); + } /* store the response in the SMB stream */ samr_io_r_enum_dom_aliases("", &r_e, rdata, 0); + if (alss != NULL) + { + free(alss); + } + DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__)); } @@ -669,50 +745,92 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, { uint32 rid[MAX_SAM_ENTRIES]; uint32 status = 0; - int num_rids = q_u->num_sids1; + int num_rids = 0; + int i; + struct sam_passwd *sam_pass; + DOM_SID usr_sid; + DOM_SID dom_sid; + uint32 user_rid; + fstring sam_sid_str; + fstring dom_sid_str; + fstring usr_sid_str; SAMR_R_LOOKUP_IDS r_u; DEBUG(5,("samr_lookup_ids: %d\n", __LINE__)); + /* find the policy handle. open a policy on it. */ + if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid)) + { + status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + } + else + { + sid_to_string(dom_sid_str, &dom_sid ); + sid_to_string(sam_sid_str, &global_sam_sid); + } + if (num_rids > MAX_SAM_ENTRIES) { num_rids = MAX_SAM_ENTRIES; DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids)); } -#if 0 - int i; - SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids); - - for (i = 0; i < num_rids && status == 0; i++) + if (status == 0x0) { - struct sam_passwd *sam_pass; - fstring user_name; - + usr_sid = q_u->sid[0].sid; + sid_split_rid(&usr_sid, &user_rid); + sid_to_string(usr_sid_str, &usr_sid); - fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer, - q_u->uni_user_name[i].uni_str_len)); + } + if (status == 0x0) + { /* find the user account */ become_root(True); - sam_pass = get_smb21pwd_entry(user_name, 0); + sam_pass = getsam21pwrid(user_rid); unbecome_root(True); if (sam_pass == NULL) { status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - rid[i] = 0; + num_rids = 0; + } + } + + if (status == 0x0) + { + if (sid_equal(&dom_sid, &global_sid_S_1_5_20)) + { + DEBUG(5,("lookup on S-1-5-20\n")); + } + else if (sid_equal(&dom_sid, &usr_sid)) + { + DOMAIN_GRP *mem_grp = NULL; + BOOL ret; + + DEBUG(5,("lookup on Domain SID\n")); + + become_root(True); + ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids); + unbecome_root(True); + + num_rids = MIN(num_rids, MAX_SAM_ENTRIES); + + if (mem_grp != NULL) + { + for (i = 0; i < num_rids; i++) + { + rid[i] = mem_grp[i].rid; + } + free(mem_grp); + } } else { - rid[i] = sam_pass->user_rid; + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; } } -#endif - - num_rids = 1; - rid[0] = BUILTIN_ALIAS_RID_USERS; make_samr_r_lookup_ids(&r_u, num_rids, rid, status); @@ -743,7 +861,8 @@ static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdat static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *rdata) { - uint32 rid[MAX_SAM_ENTRIES]; + uint32 rid [MAX_SAM_ENTRIES]; + uint8 type[MAX_SAM_ENTRIES]; uint32 status = 0; int i; int num_rids = q_u->num_rids1; @@ -763,17 +882,12 @@ static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, for (i = 0; i < num_rids && status == 0; i++) { fstring name; - - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len)); - status = (status != 0x0) ? lookup_user_rid (name, &(rid[i])) : status; - status = (status != 0x0) ? lookup_group_rid(name, &(rid[i])) : status; - status = (status != 0x0) ? lookup_alias_rid(name, &(rid[i])) : status; + status = lookup_rid(name, &(rid[i]), &(type[i])); } - make_samr_r_lookup_names(&r_u, num_rids, rid, status); + make_samr_r_lookup_names(&r_u, num_rids, rid, type, status); /* store the response in the SMB stream */ samr_io_r_lookup_names("", &r_u, rdata, 0); @@ -1017,7 +1131,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { struct smb_passwd *smb_pass; - if (!pdb_rid_is_user(user_rid)) + if (!pwdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); return False; @@ -1050,7 +1164,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) LOGON_HRS hrs; int i; - if (!pdb_rid_is_user(user_rid)) + if (!pwdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); return False; @@ -1255,10 +1369,20 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, if (status == 0x0) { - pstring groups; - get_domain_user_groups(groups, sam_pass->smb_name); + DOMAIN_GRP *mem_grp = NULL; + BOOL ret; + + become_root(True); + ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups); + unbecome_root(True); + gids = NULL; - num_groups = make_dom_gids(groups, &gids); + num_groups = make_dom_gids(mem_grp, num_groups, &gids); + + if (mem_grp != NULL) + { + free(mem_grp); + } } /* construct the response. lkclXXXX: gids are not copied! */ @@ -1322,7 +1446,7 @@ static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, case 0x02: { switch_value = 0x2; - make_unk_info2(&ctr.info.inf2, global_myworkgroup, global_myname); + make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname); break; } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 097ab92d76..25dceb41a0 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -22,325 +22,4 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* this module apparently provides an implementation of DCE/RPC over a - * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC - * documentation are available (in on-line form) from the X-Open group. - * - * this module should provide a level of abstraction between SMB - * and DCE/RPC, while minimising the amount of mallocs, unnecessary - * data copies, and network traffic. - * - * in this version, which takes a "let's learn what's going on and - * get something running" approach, there is additional network - * traffic generated, but the code should be easier to understand... - * - * ... if you read the docs. or stare at packets for weeks on end. - * - */ - -#include "includes.h" -#include "nterr.h" - -extern int DEBUGLEVEL; - -/* - * A list of the rids of well known BUILTIN and Domain users - * and groups. - */ - -rid_name builtin_alias_rids[] = -{ - { BUILTIN_ALIAS_RID_ADMINS , "Administrators" }, - { BUILTIN_ALIAS_RID_USERS , "Users" }, - { BUILTIN_ALIAS_RID_GUESTS , "Guests" }, - { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" }, - - { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" }, - { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" }, - { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" }, - { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" }, - { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID users. */ -rid_name domain_user_rids[] = -{ - { DOMAIN_USER_RID_ADMIN , "Administrator" }, - { DOMAIN_USER_RID_GUEST , "Guest" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID groups. */ -rid_name domain_group_rids[] = -{ - { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" }, - { DOMAIN_GROUP_RID_USERS , "Domain Users" }, - { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" }, - { 0 , NULL } -}; - -int make_dom_gids(char *gids_str, DOM_GID **ppgids) -{ - char *ptr; - pstring s2; - int count; - DOM_GID *gids; - - *ppgids = NULL; - - DEBUG(4,("make_dom_gids: %s\n", gids_str)); - - if (gids_str == NULL || *gids_str == 0) - return 0; - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)); - count++) - ; - - gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count ); - if(!gids) - { - DEBUG(0,("make_dom_gids: malloc fail !\n")); - return 0; - } - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)) && - count < LSA_MAX_GROUPS; - count++) - { - /* the entries are of the form GID/ATTR, ATTR being optional.*/ - char *attr; - uint32 rid = 0; - int i; - - attr = strchr(s2,'/'); - if (attr) - *attr++ = 0; - - if (!attr || !*attr) - attr = "7"; /* default value for attribute is 7 */ - - /* look up the RID string and see if we can turn it into a rid number */ - for (i = 0; builtin_alias_rids[i].name != NULL; i++) - { - if (strequal(builtin_alias_rids[i].name, s2)) - { - rid = builtin_alias_rids[i].rid; - break; - } - } - - if (rid == 0) - rid = atoi(s2); - - if (rid == 0) - { - DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr)); - count--; - } - else - { - gids[count].g_rid = rid; - gids[count].attr = atoi(attr); - - DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr)); - } - } - - *ppgids = gids; - return count; -} - - -/******************************************************************* - gets a domain user's groups - ********************************************************************/ -void get_domain_user_groups(char *domain_groups, char *user) -{ - pstring tmp; - - if (domain_groups == NULL || user == NULL) return; - - /* any additional groups this user is in. e.g power users */ - pstrcpy(domain_groups, lp_domain_groups()); - - /* can only be a user or a guest. cannot be guest _and_ admin */ - if (user_in_list(user, lp_domain_guest_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain guest group access %s granted\n", tmp)); - } - else - { - slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain group access %s granted\n", tmp)); - - if (user_in_list(user, lp_domain_admin_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain admin group access %s granted\n", tmp)); - } - } -} - - -/******************************************************************* - lookup_group_name - ********************************************************************/ -uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type) -{ - int i = 0; - (*type) = SID_NAME_DOM_GRP; - - DEBUG(5,("lookup_group_name: rid: %d", rid)); - - while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0) - { - i++; - } - - if (domain_group_rids[i].rid != 0) - { - fstrcpy(group_name, domain_group_rids[i].name); - DEBUG(5,(" = %s\n", group_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_name - ********************************************************************/ -uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) -{ - int i = 0; - (*type) = SID_NAME_WKN_GRP; - - DEBUG(5,("lookup_alias_name: rid: %d", rid)); - - while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0) - { - i++; - } - - if (builtin_alias_rids[i].rid != 0) - { - fstrcpy(alias_name, builtin_alias_rids[i].name); - DEBUG(5,(" = %s\n", alias_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_user_name - ********************************************************************/ -uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) -{ - struct sam_disp_info *disp_info; - int i = 0; - (*type) = SID_NAME_USER; - - DEBUG(5,("lookup_user_name: rid: %d", rid)); - - /* look up the well-known domain user rids first */ - while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0) - { - i++; - } - - if (domain_user_rids[i].rid != 0) - { - fstrcpy(user_name, domain_user_rids[i].name); - DEBUG(5,(" = %s\n", user_name)); - return 0x0; - } - - /* ok, it's a user. find the user account */ - become_root(True); - disp_info = getsamdisprid(rid); - unbecome_root(True); - - if (disp_info != NULL) - { - fstrcpy(user_name, disp_info->smb_name); - DEBUG(5,(" = %s\n", user_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_group_rid - ********************************************************************/ -uint32 lookup_group_rid(char *group_name, uint32 *rid) -{ - char *grp_name; - int i = -1; /* start do loop at -1 */ - - do /* find, if it exists, a group rid for the group name*/ - { - i++; - (*rid) = domain_group_rids[i].rid; - grp_name = domain_group_rids[i].name; - - } while (grp_name != NULL && !strequal(grp_name, group_name)); - - return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_rid - ********************************************************************/ -uint32 lookup_alias_rid(char *alias_name, uint32 *rid) -{ - char *als_name; - int i = -1; /* start do loop at -1 */ - - do /* find, if it exists, a alias rid for the alias name*/ - { - i++; - (*rid) = builtin_alias_rids[i].rid; - als_name = builtin_alias_rids[i].name; - - } while (als_name != NULL && !strequal(als_name, alias_name)); - - return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_user_rid - ********************************************************************/ -uint32 lookup_user_rid(char *user_name, uint32 *rid) -{ - struct sam_passwd *sam_pass; - (*rid) = 0; - - /* find the user account */ - become_root(True); - sam_pass = getsam21pwnam(user_name); - unbecome_root(True); - - if (sam_pass != NULL) - { - (*rid) = sam_pass->user_rid; - return 0x0; - } - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} +/* retired module */ diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c index 4afa9ece88..2b87cad330 100644 --- a/source3/smbd/groupname.c +++ b/source3/smbd/groupname.c @@ -19,12 +19,43 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#ifdef USING_GROUPNAME_MAP +/* + * UNIX gid and Local or Domain SID resolution. This module resolves + * only those entries in the map files, it is *NOT* responsible for + * resolving UNIX groups not listed: that is an entirely different + * matter, altogether... + */ + +/* + * + * + + format of the file is: + + unixname NT Group name + unixname Domain Admins (well-known Domain Group) + unixname DOMAIN_NAME\NT Group name + unixname OTHER_DOMAIN_NAME\NT Group name + unixname DOMAIN_NAME\Domain Admins (well-known Domain Group) + .... + + if the DOMAIN_NAME\ component is left off, then your own domain is assumed. + + * + * + */ + #include "includes.h" extern int DEBUGLEVEL; -extern DOM_SID global_sam_sid; +/* we can map either local aliases or domain groups */ +typedef enum +{ + GROUP_LOCAL, + GROUP_DOMAIN + +} GROUP_TYPE; /************************************************************************** Groupname map functionality. The code loads a groupname map file and @@ -33,211 +64,543 @@ extern DOM_SID global_sam_sid; if the demands on it become excessive. ***************************************************************************/ -typedef struct groupname_map { - ubi_slNode next; - - char *windows_name; - DOM_SID windows_sid; +typedef struct group_name_info +{ + char *nt_name; + char *nt_domain; char *unix_name; - gid_t unix_gid; -} groupname_map_entry; + + DOM_SID sid; + gid_t unix_gid; + +} GROUP_NAME_INFO; + +typedef struct name_map +{ + ubi_slNode next; + GROUP_NAME_INFO grp; + +} name_map_entry; static ubi_slList groupname_map_list; +static ubi_slList aliasname_map_list; + +static void delete_name_entry(name_map_entry *gmep) +{ + if (gmep->grp.nt_name) + { + free(gmep->grp.nt_name); + } + if (gmep->grp.nt_domain) + { + free(gmep->grp.nt_domain); + } + if (gmep->grp.unix_name) + { + free(gmep->grp.unix_name); + } + free((char*)gmep); +} + +/************************************************************************** + Delete all the entries in the name map list. +***************************************************************************/ + +static void delete_map_list(ubi_slList *map_list) +{ + name_map_entry *gmep; + + while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL) + { + delete_name_entry(gmep); + } +} + /************************************************************************** - Delete all the entries in the groupname map list. + makes a group sid out of a domain sid and a _unix_ gid. ***************************************************************************/ +static BOOL make_mydomain_sid(GROUP_NAME_INFO *grp, GROUP_TYPE type) +{ + uint32 tmp_rid; + uint8 tmp_type; + + DEBUG(10,("make_mydomain_sid\n")); + + if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) + { + DEBUG(0,("make_mydomain_sid: unknown domain %s\n", + grp->nt_domain)); + return False; + } + else if (lookup_wk_group_rid(grp->nt_name, &tmp_rid, &tmp_type)) + { + return sid_append_rid(&grp->sid, tmp_rid); + } + else + { + if (type == GROUP_DOMAIN) + { + tmp_rid = pwdb_gid_to_group_rid(grp->unix_gid); + } + else + { + tmp_rid = pwdb_gid_to_alias_rid(grp->unix_gid); + } + return sid_append_rid(&(grp->sid), tmp_rid); + } +} -static void delete_groupname_map_list(void) +/************************************************************************** + makes a group sid out of an nt domain, nt group name or a unix group name. +***************************************************************************/ +static BOOL unix_name_to_group_info(GROUP_NAME_INFO *grp, GROUP_TYPE type) { - groupname_map_entry *gmep; + extern fstring global_sam_name; + struct group *gptr = NULL; + + /* + * Attempt to get the unix gid_t for this name. + */ + + DEBUG(5,("unix_name_to_group_info: unix_name:%s\n", grp->unix_name)); + + gptr = (struct group *)getgrnam(grp->unix_name); + if (gptr == NULL) + { + DEBUG(0,("unix_name_to_group_info: getgrnam for group %s\ +failed. Error was %s.\n", grp->unix_name, strerror(errno) )); + return False; + } + + grp->unix_gid = (gid_t)gptr->gr_gid; + + DEBUG(5,("unix_name_to_group_info: unix gid:%d\n", grp->unix_gid)); + + /* + * Now map the name to an NT SID+RID. + */ + + if (grp->nt_domain != NULL && !strequal(grp->nt_domain, global_sam_name)) + { + /* Must add client-call lookup code here, to + * resolve remote domain's sid and the group's rid, + * in that domain. + * + * NOTE: it is _incorrect_ to put code here that assumes + * that we can call pwdb_gid_to_group_rid() or _alias_rid(): + * it is a totally different domain for which we are *NOT* + * responsible. + * for foriegn domains for which we are *NOT* the PDC, all + * we can be responsible for is the unix * gid_t to which + * the foriegn SID+rid maps to, on this _local_ machine. + */ + + if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) + { + DEBUG(0,("unix_name_to_group_info: no known sid for %s\n", + grp->nt_domain)); + return False; + } + + DEBUG(0,("unix_name_to_group_info: cannot resolve domain %s\n", + grp->nt_domain)); + + return False; + } + else + { + return make_mydomain_sid(grp, type); + } +} - while((gmep = (groupname_map_entry *)ubi_slRemHead( &groupname_map_list )) != NULL) { - if(gmep->windows_name) - free(gmep->windows_name); - if(gmep->unix_name) - free(gmep->unix_name); - free((char *)gmep); - } +static BOOL make_name_entry(name_map_entry **new_ep, + char *nt_domain, char *nt_group, char *unix_group, + GROUP_TYPE type) +{ + /* + * Create the list entry and add it onto the list. + */ + + DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group)); + + (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry)); + if ((*new_ep) == NULL) + { + DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n")); + return False; + } + + ZERO_STRUCTP(*new_ep); + + (*new_ep)->grp.nt_name = strdup(nt_group ); + (*new_ep)->grp.nt_domain = strdup(nt_domain ); + (*new_ep)->grp.unix_name = strdup(unix_group); + + if ((*new_ep)->grp.nt_name == NULL || + (*new_ep)->grp.unix_name == NULL) + { + DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n")); + delete_name_entry((*new_ep)); + return False; + } + + /* + * look up the group names, make the Group-SID and unix gid + */ + + if (!unix_name_to_group_info(&(*new_ep)->grp, type)) + { + delete_name_entry((*new_ep)); + return False; + } + + return True; } /************************************************************************** - Load a groupname map file. Sets last accessed timestamp. + Load a name map file. Sets last accessed timestamp. ***************************************************************************/ +static void load_name_map(GROUP_TYPE type) +{ + static time_t groupmap_file_last_modified = (time_t)0; + static time_t aliasmap_file_last_modified = (time_t)0; + static BOOL initialised_group = False; + static BOOL initialised_alias = False; + char *groupname_map_file = lp_groupname_map(); + char *aliasname_map_file = lp_aliasname_map(); + + SMB_STRUCT_STAT st; + FILE *fp; + char *s; + pstring buf; + name_map_entry *new_ep; + + time_t *file_last_modified; + int *initialised; + char *map_file; + ubi_slList *map_list; + + if (type == GROUP_DOMAIN) + { + file_last_modified = &groupmap_file_last_modified; + initialised = &initialised_group; + map_file = groupname_map_file; + map_list = &groupname_map_list; + } + else + { + file_last_modified = &aliasmap_file_last_modified; + initialised = &initialised_alias; + map_file = aliasname_map_file; + map_list = &aliasname_map_list; + } + + DEBUG(10,("load_name_map : %s\n", map_file)); + + if (!(*initialised)) + { + ubi_slInitList(map_list); + (*initialised) = True; + } + + if (!*map_file) + { + return; + } + + if (sys_stat(map_file, &st) != 0) + { + DEBUG(0, ("load_name_map: Unable to stat file %s. Error was %s\n", + map_file, strerror(errno) )); + return; + } + + /* + * Check if file has changed. + */ + if (st.st_mtime <= (*file_last_modified)) + { + return; + } + + (*file_last_modified) = st.st_mtime; + + /* + * Load the file. + */ + + fp = fopen(map_file,"r"); + if (!fp) + { + DEBUG(0,("load_name_map: can't open name map %s. Error was %s\n", + map_file, strerror(errno))); + return; + } + + /* + * Throw away any previous list. + */ + delete_map_list(map_list); + + DEBUG(4,("load_name_map: Scanning name map %s\n",map_file)); + + while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL) + { + pstring unixname; + pstring nt_name; + fstring nt_domain; + fstring nt_group; + char *p; + + DEBUG(10,("Read line |%s|\n", s)); + + memset(nt_name, 0, sizeof(nt_name)); + + if (!*s || strchr("#;",*s)) + continue; + + if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) + continue; + + if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name))) + continue; + + trim_string(unixname, " ", " "); + trim_string(nt_name, " ", " "); + + if (!*nt_name) + continue; + + if (!*unixname) + continue; + + DEBUG(5,("unixname = %s, ntname = %s.\n", + unixname, nt_name)); + + p = strchr(nt_name, '\\'); + + if (p == NULL) + { + memset(nt_domain, 0, sizeof(nt_domain)); + fstrcpy(nt_group, nt_name); + } + else + { + *p = 0; + p++; + fstrcpy(nt_domain, nt_name); + fstrcpy(nt_group , p); + } + + if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type)) + { + ubi_slAddHead(map_list, (ubi_slNode *)new_ep); + } + } + + DEBUG(10,("load_name_map: Added %ld entries to name map.\n", + ubi_slCount(map_list))); + + fclose(fp); +} + +/*********************************************************** + Lookup a gid_t by SID +************************************************************/ +static BOOL map_sid_to_gid(GROUP_TYPE type, ubi_slList *map_list, + DOM_SID *psid, gid_t *gid) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (sid_equal(&gmep->grp.sid, psid)) + { + *gid = gmep->grp.unix_gid; + DEBUG(7,("map_sid_to_gid: Mapping unix group %s to nt group %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name )); + return True; + } + } + + return False; +} + +/*********************************************************** + Lookup a SID entry by nt name. +************************************************************/ +static BOOL map_sid_to_ntname(GROUP_TYPE type, ubi_slList *map_list, + DOM_SID *psid, char *ntname, char *ntdomain) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(&map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (sid_equal(&gmep->grp.sid, psid)) + { + if (ntname != NULL) + { + fstrcpy(ntname, gmep->grp.nt_name); + } + if (ntdomain != NULL) + { + fstrcpy(ntname, gmep->grp.nt_domain); + } + DEBUG(7,("map_sid_to_ntname: Mapping unix group %s to nt group \%s\%s\n", + gmep->grp.unix_name, + gmep->grp.nt_domain, gmep->grp.nt_name )); + return True; + } + } + + return False; +} -void load_groupname_map(void) -{ - static time_t groupmap_file_last_modified = (time_t)0; - static BOOL initialized = False; - char *groupname_map_file = lp_groupname_map(); - SMB_STRUCT_STAT st; - FILE *fp; - char *s; - pstring buf; - groupname_map_entry *new_ep; - - if(!initialized) { - ubi_slInitList( &groupname_map_list ); - initialized = True; - } - - if (!*groupname_map_file) - return; - - if(sys_stat(groupname_map_file, &st) != 0) { - DEBUG(0, ("load_groupname_map: Unable to stat file %s. Error was %s\n", - groupname_map_file, strerror(errno) )); - return; - } - - /* - * Check if file has changed. - */ - if( st.st_mtime <= groupmap_file_last_modified) - return; - - groupmap_file_last_modified = st.st_mtime; - - /* - * Load the file. - */ - - fp = fopen(groupname_map_file,"r"); - if (!fp) { - DEBUG(0,("load_groupname_map: can't open groupname map %s. Error was %s\n", - groupname_map_file, strerror(errno))); - return; - } - - /* - * Throw away any previous list. - */ - delete_groupname_map_list(); - - DEBUG(4,("load_groupname_map: Scanning groupname map %s\n",groupname_map_file)); - - while((s=fgets_slash(buf,sizeof(buf),fp))!=NULL) { - pstring unixname; - pstring windows_name; - struct group *gptr; - DOM_SID tmp_sid; - - DEBUG(10,("load_groupname_map: Read line |%s|\n", s)); - - if (!*s || strchr("#;",*s)) - continue; - - if(!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) - continue; - - if(!next_token(&s,windows_name, "\t\n\r=", sizeof(windows_name))) - continue; - - trim_string(unixname, " ", " "); - trim_string(windows_name, " ", " "); - - if (!*windows_name) - continue; - - if(!*unixname) - continue; - - DEBUG(5,("load_groupname_map: unixname = %s, windowsname = %s.\n", - unixname, windows_name)); - - /* - * Attempt to get the unix gid_t for this name. - */ - - if((gptr = (struct group *)getgrnam(unixname)) == NULL) { - DEBUG(0,("load_groupname_map: getgrnam for group %s failed.\ -Error was %s.\n", unixname, strerror(errno) )); - continue; - } - - /* - * Now map to an NT SID. - */ - - if(!lookup_wellknown_sid_from_name(windows_name, &tmp_sid)) { - /* - * It's not a well known name, convert the UNIX gid_t - * to a rid within this domain SID. - */ - tmp_sid = global_sam_sid; - tmp_sid.sub_auths[tmp_sid.num_auths++] = - pdb_gid_to_group_rid((gid_t)gptr->gr_gid); - } - - /* - * Create the list entry and add it onto the list. - */ - - if((new_ep = (groupname_map_entry *)malloc( sizeof(groupname_map_entry) ))== NULL) { - DEBUG(0,("load_groupname_map: malloc fail for groupname_map_entry.\n")); - fclose(fp); - return; - } - - new_ep->unix_gid = gptr->gr_gid; - new_ep->windows_sid = tmp_sid; - new_ep->windows_name = strdup( windows_name ); - new_ep->unix_name = strdup( unixname ); - - if(new_ep->windows_name == NULL || new_ep->unix_name == NULL) { - DEBUG(0,("load_groupname_map: malloc fail for names in groupname_map_entry.\n")); - fclose(fp); - if(new_ep->windows_name != NULL) - free(new_ep->windows_name); - if(new_ep->unix_name != NULL) - free(new_ep->unix_name); - free((char *)new_ep); - return; - } - memset((char *)&new_ep->next, '\0', sizeof(new_ep->next) ); - - ubi_slAddHead( &groupname_map_list, (ubi_slNode *)new_ep); - } - - DEBUG(10,("load_groupname_map: Added %ld entries to groupname map.\n", - ubi_slCount(&groupname_map_list))); - - fclose(fp); +/*********************************************************** + Lookup a SID entry by nt name. +************************************************************/ +static BOOL map_ntname_to_sid(GROUP_TYPE type, ubi_slList *map_list, + char * ntname, DOM_SID *psid) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(&map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (strequal(gmep->grp.nt_name, ntname)) + { + *psid = gmep->grp.sid; + DEBUG(7,("map_ntname_to_sid: Mapping unix group %s to nt group %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name )); + return True; + } + } + + return False; } /*********************************************************** Lookup a SID entry by gid_t. ************************************************************/ +static BOOL map_gid_to_sid(GROUP_TYPE type, ubi_slList *map_list, + gid_t gid, DOM_SID *psid) +{ + name_map_entry *gmep; + + /* + * Initialize and load if not already loaded. + */ + load_name_map(type); + + for (gmep = (name_map_entry *)ubi_slFirst(&map_list); + gmep != NULL; + gmep = (name_map_entry *)ubi_slNext(gmep )) + { + if (gmep->grp.unix_gid == gid) + { + *psid = gmep->grp.sid; + DEBUG(7,("map_gid_to_sid: Mapping unix group %s to nt group %s.\n", + gmep->grp.unix_name, gmep->grp.nt_name )); + return True; + } + } + + return False; +} + +/* + * Call these four functions to resolve unix group ids and either + * local group SIDs or domain group SIDs listed in the local group + * or domain group map files. + * + * Note that it is *NOT* the responsibility of these functions to + * resolve entries that are not in the map files. + * + * Any SID can be in the map files (i.e from any Domain). + */ -void map_gid_to_sid( gid_t gid, DOM_SID *psid) +/*********************************************************** + Lookup a Group entry by sid. +************************************************************/ +BOOL map_group_sid_to_name(DOM_SID *psid, char *group_name, char *nt_domain) +{ + return map_sid_to_ntname(GROUP_DOMAIN, &groupname_map_list, psid, group_name, nt_domain); +} + +/*********************************************************** + Lookup an Alias SID entry by name. +************************************************************/ +BOOL map_alias_sid_to_name(DOM_SID *psid, char *alias_name, char *nt_domain) +{ + return map_sid_to_ntname(GROUP_LOCAL, &aliasname_map_list, psid, alias_name, nt_domain); +} + +/*********************************************************** + Lookup a Group SID entry by name. +************************************************************/ +BOOL map_group_name_to_sid(char *group_name, DOM_SID *psid) { - groupname_map_entry *gmep; + return map_ntname_to_sid(GROUP_DOMAIN, &groupname_map_list, group_name, psid); +} - /* - * Initialize and load if not already loaded. - */ - load_groupname_map(); +/*********************************************************** + Lookup an Alias SID entry by name. +************************************************************/ +BOOL map_alias_name_to_sid(char *alias_name, DOM_SID *psid) +{ + return map_ntname_to_sid(GROUP_LOCAL, &aliasname_map_list, alias_name, psid); +} - for( gmep = (groupname_map_entry *)ubi_slFirst( &groupname_map_list); - gmep; gmep = (groupname_map_entry *)ubi_slNext( gmep )) { +/*********************************************************** + Lookup an Alias SID entry by gid_t. +************************************************************/ +BOOL map_gid_to_alias_sid(gid_t gid, DOM_SID *psid) +{ + return map_gid_to_sid(GROUP_LOCAL, &aliasname_map_list, gid, psid); +} - if( gmep->unix_gid == gid) { - *psid = gmep->windows_sid; - DEBUG(7,("map_gid_to_sid: Mapping unix group %s to windows group %s.\n", - gmep->unix_name, gmep->windows_name )); - return; - } - } +/*********************************************************** + Lookup a Group SID entry by gid_t. +************************************************************/ +BOOL map_gid_to_group_sid( gid_t gid, DOM_SID *psid) +{ + return map_gid_to_sid(GROUP_DOMAIN, &groupname_map_list, gid, psid); +} - /* - * If there's no map, convert the UNIX gid_t - * to a rid within this domain SID. - */ - *psid = global_sam_sid; - psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid); +/*********************************************************** + Lookup a Group gid_t by SID +************************************************************/ +BOOL map_group_sid_to_gid( DOM_SID *psid, gid_t *gid) +{ + return map_sid_to_gid(GROUP_DOMAIN, &groupname_map_list, psid, gid); +} - return; +/*********************************************************** + Lookup an Alias gid_t by SID +************************************************************/ +BOOL map_alias_sid_to_gid( DOM_SID *psid, gid_t *gid) +{ + return map_sid_to_gid(GROUP_LOCAL, &aliasname_map_list, psid, gid); } -#else /* USING_GROUPNAME_MAP */ - void load_groupname_map(void) {;} -#endif /* USING_GROUPNAME_MAP */ + diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 8b4049cd96..e4f0d2e2ec 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -562,8 +562,8 @@ int reply_ntcreate_and_X(connection_struct *conn, /* If it's an IPC, use the pipe handler. */ - if (IS_IPC(conn) && lp_nt_pipe_support()) { - + if (IS_IPC(conn) && lp_nt_pipe_support() && lp_security() != SEC_SHARE) + { int ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum); if(ret != 0) return ret; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index fb5acf156f..0c8eb124ff 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -153,7 +153,7 @@ char *validated_username(uint16 vuid) /**************************************************************************** Setup the groups a user belongs to. ****************************************************************************/ -int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups) +int get_unixgroups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups) { int i,ngroups; gid_t grp = 0; @@ -180,7 +180,7 @@ int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_gro if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) { - DEBUG(0,("setup_groups malloc fail !\n")); + DEBUG(0,("get_unixgroups malloc fail !\n")); return -1; } @@ -263,7 +263,7 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(unix_name,uid,gid, + get_unixgroups(unix_name,uid,gid, &vuser->n_groups, &vuser->groups); @@ -1142,15 +1142,10 @@ BOOL domain_client_validate( char *user, char *domain, unsigned char local_lm_response[24]; unsigned char local_nt_reponse[24]; unsigned char trust_passwd[16]; - fstring remote_machine; - char *p; - struct in_addr dest_ip; NET_ID_INFO_CTR ctr; NET_USER_INFO_3 info3; struct cli_state cli; uint32 smb_uid_low; - BOOL connected_ok = False; - struct nmb_name calling, called; /* * Check that the requested domain is not our own machine name. @@ -1211,102 +1206,9 @@ BOOL domain_client_validate( char *user, char *domain, * see if they were valid. */ - ZERO_STRUCT(cli); - - if(cli_initialise(&cli) == False) { - DEBUG(0,("domain_client_validate: unable to initialize client connection.\n")); - return False; - } - - /* - * Treat each name in the 'password server =' line as a potential - * PDC/BDC. Contact each in turn and try and authenticate. - */ - - p = lp_passwordserver(); - while(p && next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) { - - standard_sub_basic(remote_machine); - strupper(remote_machine); - - if(!resolve_name( remote_machine, &dest_ip, 0x20)) { - DEBUG(1,("domain_client_validate: Can't resolve address for %s\n", remote_machine)); - continue; - } - - if (ismyip(dest_ip)) { - DEBUG(1,("domain_client_validate: Password server loop - not using password server %s\n",remote_machine)); - continue; - } - - if (!cli_connect(&cli, remote_machine, &dest_ip)) { - DEBUG(0,("domain_client_validate: unable to connect to SMB server on \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - continue; - } - - make_nmb_name(&calling, global_myname , 0x0 , scope); - make_nmb_name(&called , remote_machine, 0x20, scope); - - if (!cli_session_request(&cli, &calling, &called)) + if (!cli_connect_serverlist(&cli, lp_passwordserver())) { - DEBUG(0,("domain_client_validate: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - cli.protocol = PROTOCOL_NT1; - - if (!cli_negprot(&cli)) { - DEBUG(0,("domain_client_validate: machine %s rejected the negotiate protocol. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - if (cli.protocol != PROTOCOL_NT1) { - DEBUG(0,("domain_client_validate: machine %s didn't negotiate NT protocol.\n", - remote_machine)); - cli_shutdown(&cli); - continue; - } - - /* - * Do an anonymous session setup. - */ - - if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) { - DEBUG(0,("domain_client_validate: machine %s rejected the session setup. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - if (!(cli.sec_mode & 1)) { - DEBUG(1,("domain_client_validate: machine %s isn't in user level security mode\n", - remote_machine)); - cli_shutdown(&cli); - continue; - } - - if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) { - DEBUG(0,("domain_client_validate: machine %s rejected the tconX on the IPC$ share. \ -Error was : %s.\n", remote_machine, cli_errstr(&cli) )); - cli_shutdown(&cli); - continue; - } - - /* - * We have an anonymous connection to IPC$. - */ - connected_ok = True; - break; - } - - if (!connected_ok) { DEBUG(0,("domain_client_validate: Domain password server not available.\n")); - cli_shutdown(&cli); return False; } @@ -1317,7 +1219,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) { DEBUG(0,("domain_client_validate: unable to open the domain client session to \ -machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); +machine %s. Error was : %s.\n", cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -1326,7 +1228,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); if(cli_nt_setup_creds(&cli, trust_passwd) == False) { DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \ -%s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); +%s. Error was : %s.\n", cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -1341,7 +1243,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL), &ctr, &info3) == False) { DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \ -%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli))); +%s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); @@ -1361,7 +1263,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); if(cli_nt_logoff(&cli, &ctr) == False) { DEBUG(0,("domain_client_validate: unable to log off user %s in domain \ -%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli))); +%s to Domain controller %s. Error was %s.\n", user, domain, cli.desthost, cli_errstr(&cli))); cli_nt_session_close(&cli); cli_ulogoff(&cli); cli_shutdown(&cli); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index ee0053aed0..78a09e46e7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1403,8 +1403,10 @@ int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt files_struct *fsp; /* If it's an IPC, pass off the pipe handler. */ - if (IS_IPC(conn) && lp_nt_pipe_support()) + if (IS_IPC(conn) && lp_nt_pipe_support() && lp_security() != SEC_SHARE) + { return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize); + } /* XXXX we need to handle passed times, sattr and flags */ diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 68f722ff51..49816e5d47 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -25,6 +25,7 @@ pstring servicesf = CONFIGFILE; extern pstring debugf; extern fstring global_myworkgroup; +extern fstring global_sam_name; extern pstring global_myname; int am_parent = 1; @@ -428,6 +429,13 @@ void exit_server(char *reason) locking_end(); DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); +#ifdef MEM_MAN + { + extern FILE *dbf; + smb_mem_write_verbose(dbf); + dbgflush(); + } +#endif exit(0); } @@ -644,12 +652,42 @@ static void usage(char *pname) codepage_initialise(lp_client_code_page()); fstrcpy(global_myworkgroup, lp_workgroup()); + memset(global_sam_name, 0, sizeof(global_sam_name)); + + if (lp_domain_logons()) + { + if (lp_security() == SEC_USER) + { + /* we are PDC (or BDC) for a Domain */ + fstrcpy(global_sam_name, lp_workgroup()); + } + else if (lp_security() == SEC_DOMAIN) + { + /* we are a "PDC", but FOR LOCAL SAM DATABASE ONLY */ + fstrcpy(global_sam_name, global_myname); + } + else if (lp_security() == SEC_SHARE) + { + DEBUG(0,("ERROR: no Domain functionality in security = share\n")); + exit(1); + } + } + + generate_wellknown_sids(); - if(!pdb_generate_sam_sid()) { + if (!generate_sam_sid()) + { DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); exit(1); } + if (lp_security() == SEC_DOMAIN && !get_member_domain_sid()) + { + DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", + lp_passwordserver())); + exit(1); + } + CatchSignal(SIGHUP,SIGNAL_CAST sig_hup); /* Setup the signals that allow the debug log level @@ -696,7 +734,16 @@ static void usage(char *pname) if (!locking_init(0)) exit(1); - if(!initialize_password_db()) + if(!initialise_passgrp_db()) + exit(1); + + if(!initialise_password_db()) + exit(1); + + if(!initialise_group_db()) + exit(1); + + if(!initialise_alias_db()) exit(1); /* possibly reload the services file. */ diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ee195e12ec..cedac1c76f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -387,7 +387,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int if (!IS_IPC(conn)) { /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(conn->user,conn->uid,conn->gid, + get_unixgroups(conn->user,conn->uid,conn->gid, &conn->ngroups,&conn->groups); /* check number of connections */ diff --git a/source3/utils/rpctorture.c b/source3/utils/rpctorture.c index 96d1181ca0..dac64a22e3 100644 --- a/source3/utils/rpctorture.c +++ b/source3/utils/rpctorture.c @@ -49,7 +49,36 @@ struct cli_state *smb_cli = &smbcli; FILE *out_hnd; +static pstring user_name; /* local copy only, if one is entered */ static pstring password; /* local copy only, if one is entered */ +static pstring domain; /* local copy only, if one is entered */ +BOOL got_pass = False; + +static struct nmb_name calling; +static struct nmb_name called; + +static void get_passwd(void) +{ + /* set the password cache info */ + if (got_pass) + { + if (password[0] == 0) + { + pwd_set_nullpwd(&(smb_cli->pwd)); + } + else + { + pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ + } + } + else + { + char *pwd = getpass("Enter Password:"); + safe_strcpy(password, pwd, sizeof(password)); + pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ + got_pass = True; + } +} /**************************************************************************** initialise smb client structure @@ -59,6 +88,23 @@ void rpcclient_init(void) bzero(smb_cli, sizeof(smb_cli)); cli_initialise(smb_cli); smb_cli->capabilities |= CAP_NT_SMBS; + smb_cli->capabilities |= CAP_STATUS32; + + pstrcpy(smb_cli->user_name, user_name); + smb_cli->nt_pipe_fnum = 0xffff; + + get_passwd(); + + if (*domain == 0) + { + pstrcpy(smb_cli->domain,lp_workgroup()); + } + else + { + pstrcpy(smb_cli->domain, domain); + } + + strupper(smb_cli->domain); } /**************************************************************************** @@ -66,11 +112,7 @@ make smb client connection ****************************************************************************/ static BOOL rpcclient_connect(struct client_info *info) { - struct nmb_name calling; - struct nmb_name called; - - make_nmb_name(&called , dns_to_netbios_name(info->dest_host ), info->name_type, scope); - make_nmb_name(&calling, dns_to_netbios_name(info->myhostname), 0x0 , scope); + rpcclient_init(); if (!cli_establish_connection(smb_cli, info->dest_host, &info->dest_ip, @@ -97,7 +139,7 @@ static void rpcclient_stop(void) /**************************************************************************** log in as an nt user, log out again. ****************************************************************************/ -void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state *cli) +void run_enums_test(int num_ops, struct client_info *cli_info) { pstring cmd; int i; @@ -105,8 +147,8 @@ void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state /* establish connections. nothing to stop these being re-established. */ rpcclient_connect(cli_info); - DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd)); - if (cli->fd <= 0) + DEBUG(5,("rpcclient_connect: smb_cli->fd:%d\n", smb_cli->fd)); + if (smb_cli->fd <= 0) { fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n", cli_info->dest_host, cli_info->name_type); @@ -141,7 +183,7 @@ void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state /**************************************************************************** log in as an nt user, log out again. ****************************************************************************/ -void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_state *cli) +void run_ntlogin_test(int num_ops, struct client_info *cli_info) { pstring cmd; int i; @@ -149,8 +191,8 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat /* establish connections. nothing to stop these being re-established. */ rpcclient_connect(cli_info); - DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd)); - if (cli->fd <= 0) + DEBUG(5,("rpcclient_connect: smb_cli->fd:%d\n", smb_cli->fd)); + if (smb_cli->fd <= 0) { fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n", cli_info->dest_host, cli_info->name_type); @@ -159,7 +201,7 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat for (i = 0; i < num_ops; i++) { - slprintf(cmd, sizeof(cmd)-1, "%s %s", cli->user_name, password); + slprintf(cmd, sizeof(cmd)-1, "%s %s", smb_cli->user_name, password); set_first_token(cmd); cmd_netlogon_login_test(cli_info); @@ -169,12 +211,387 @@ void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_stat } +/* generate a random buffer */ +static void rand_buf(char *buf, int len) +{ + while (len--) { + *buf = sys_random(); + buf++; + } +} + +/**************************************************************************** +do a random rpc command +****************************************************************************/ +BOOL do_random_rpc(struct cli_state *cli, int max_len) +{ + prs_struct rbuf; + prs_struct buf; + uint8 opcode; + int param_len; + BOOL response = False; + + if ((sys_random() % 20) == 0) + { + param_len = (sys_random() % 256) + 4; + } + else + { + param_len = (sys_random() % max_len) + 4; + } + + prs_init(&buf , param_len, 4, SAFETY_MARGIN, False); + prs_init(&rbuf, 0 , 4, SAFETY_MARGIN, True ); + + opcode = sys_random() % 256; + + /* turn parameters into data stream */ + rand_buf(mem_data(&buf.data, 0), param_len); + buf.offset = param_len; + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, opcode, &buf, &rbuf)) + { + response = rbuf.offset != 0; + + if (response) + { + DEBUG(0,("response! opcode: 0x%x\n", opcode)); + DEBUG(0,("request: length %d\n", param_len)); + dump_data(0, mem_data(&buf.data , 0), MIN(param_len, 128)); + DEBUG(0,("response: length %d\n", rbuf.data->offset.end)); + dump_data(0, mem_data(&rbuf.data, 0), rbuf.data->offset.end); + } + } + + prs_mem_free(&rbuf); + prs_mem_free(&buf ); + + return response; +} + + +/* send random IPC commands */ +static void random_rpc_pipe_enc(char *pipe_name, struct client_info *cli_info, + int numops) +{ + int i; + + DEBUG(0,("starting random rpc test on %s (encryped)\n", pipe_name)); + + /* establish connections. nothing to stop these being re-established. */ + if (!rpcclient_connect(cli_info)) + { + DEBUG(0,("random rpc test: connection failed\n")); + return; + } + + cli_nt_set_ntlmssp_flgs(smb_cli, + NTLMSSP_NEGOTIATE_UNICODE | + NTLMSSP_NEGOTIATE_OEM | + NTLMSSP_NEGOTIATE_SIGN | + NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_LM_KEY | + NTLMSSP_NEGOTIATE_NTLM | + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | + NTLMSSP_NEGOTIATE_00001000 | + NTLMSSP_NEGOTIATE_00002000); + + for (i = 1; i <= numops * 100; i++) + { + /* open session. */ + cli_nt_session_open(smb_cli, pipe_name); + + do_random_rpc(smb_cli, 1024); + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + + /* close the session */ + cli_nt_session_close(smb_cli); + } + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished random rpc test on %s\n", pipe_name)); +} + +/* send random IPC commands */ +static void random_rpc_pipe(char *pipe_name, struct client_info *cli_info, + int numops) +{ + int i; + + DEBUG(0,("starting random rpc test on %s\n", pipe_name)); + + /* establish connections. nothing to stop these being re-established. */ + if (!rpcclient_connect(cli_info)) + { + DEBUG(0,("random rpc test: connection failed\n")); + return; + } + + /* open session. */ + if (!cli_nt_session_open(smb_cli, pipe_name)) + { + DEBUG(0,("random rpc test: session open failed\n")); + return; + } + + for (i = 1; i <= numops * 100; i++) + { + do_random_rpc(smb_cli, 8192); + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + } + + /* close the session */ + cli_nt_session_close(smb_cli); + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished random rpc test on %s\n", pipe_name)); +} + +static void run_randomrpc(int numops, struct client_info *cli_info) +{ + char *pipes[] = + { + PIPE_SAMR , + PIPE_WINREG , + PIPE_SRVSVC , + PIPE_WKSSVC , + PIPE_NETLOGON , + PIPE_NTSVCS , + PIPE_LSARPC , + NULL + }; + + int i = 0; + + while (pipes[i] != NULL) + { + random_rpc_pipe(pipes[i], cli_info, numops); +#if 0 + random_rpc_pipe_enc(pipes[i], cli_info, numops); +#endif + + i++; + } +} + + +static void run_samhandles(int numops, struct client_info *cli_info) +{ + int i; + int count = 0; + int failed = 0; + int retry = 500; + fstring srv_name; + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli_info->dest_host); + strupper(srv_name); + + DEBUG(0,("starting sam handle test\n")); + + /* establish connections. nothing to stop these being re-established. */ + while (retry > 0 && !rpcclient_connect(cli_info)) + { + retry--; + } + + if (retry == 0) + { + DEBUG(0,("samhandle test: connection failed\n")); + return; + } + + /* open session. */ + if (!cli_nt_session_open(smb_cli, PIPE_SAMR)) + { + DEBUG(0,("samhandle test: session open failed\n")); + return; + } + + for (i = 1; i <= numops * 100; i++) + { + POLICY_HND pol; + POLICY_HND dom; + if (!do_samr_connect(smb_cli, srv_name, 0x20, &pol)) + { + failed++; + } +/* + if (!do_samr_open_domain(smb_cli, srv_name, 0x00000020, &pol)) + { + DEBUG(0,("samhandle domain open test (%i): failed\n", i)); + } + */ + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + count++; + } + + /* close the session */ + cli_nt_session_close(smb_cli); + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished samhandle test. count: %d failed: %d\n", count, failed)); +} + + +static void run_lsahandles(int numops, struct client_info *cli_info) +{ + int i; + int count = 0; + int failed = 0; + int retry = 500; + fstring srv_name; + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli_info->myhostname); + strupper(srv_name); + + DEBUG(0,("starting lsa handle test\n")); + + /* establish connections. nothing to stop these being re-established. */ + while (retry > 0 && !rpcclient_connect(cli_info)) + { + retry--; + } + + if (retry == 0) + { + DEBUG(0,("lsahandle test: connection failed\n")); + return; + } + /* open session. */ + if (!cli_nt_session_open(smb_cli, PIPE_LSARPC)) + { + DEBUG(0,("lsahandle test: session open failed\n")); + return; + } + + for (i = 1; i <= numops * 100; i++) + { + POLICY_HND pol; + if (!do_lsa_open_policy(smb_cli, srv_name, &pol, False)) + { + failed++; + } + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + count++; + } + + /* close the session */ + cli_nt_session_close(smb_cli); + + /* close the rpc pipe */ + rpcclient_stop(); + + DEBUG(0,("finished lsahandle test. count: %d failed: %d\n", count, failed)); +} + + +static void run_pipegobble(int numops, struct client_info *cli_info, char *pipe_name) +{ + int i; + int count = 0; + int failed = 0; + int retry = 500; + fstring srv_name; + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, cli_info->myhostname); + strupper(srv_name); + + DEBUG(0,("starting pipe gobble test (%s)\n", pipe_name)); + + /* establish connections. nothing to stop these being re-established. */ + while (retry > 0 && !rpcclient_connect(cli_info)) + { + retry--; + } + + if (retry == 0) + { + DEBUG(0,("pipe gobble test: connection failed\n")); + return; + } + for (i = 1; i <= numops * 100; i++) + { + /* open session. */ + if (!cli_nt_session_open(smb_cli, pipe_name)) + { + DEBUG(0,("pipe gobble test: session open failed\n")); + } + + if (i % 500 == 0) + { + DEBUG(0,("calls: %i\n", i)); + } + count++; + } + + rpcclient_stop(); + + DEBUG(0,("finished pipe gobble test (%s). count: %d failed: %d\n", + pipe_name, count, failed)); +} + + +static void run_handles(int numops, struct client_info *cli_info) +{ + run_samhandles(numops, cli_info); + run_lsahandles(numops, cli_info); +} + +static void run_pipegobbler(int numops, struct client_info *cli_info) +{ +/* + run_pipegobble(numops, cli_info, PIPE_SAMR); +*/ + run_pipegobble(numops, cli_info, PIPE_LSARPC); +} + +/**************************************************************************** +make tcp connection +****************************************************************************/ +static void run_tcpconnect(int numops, struct client_info *info) +{ + int i; + int failed = 0; + + for (i = 0; i < numops; i++) + { + rpcclient_init(); + + if (!cli_connect(smb_cli, info->dest_host, &info->dest_ip)) + { + failed++; + } + cli_shutdown(smb_cli); + } + + DEBUG(0,("tcp connections: count: %d failed: %d\n", numops, failed)); +} + /**************************************************************************** runs n simultaneous functions. ****************************************************************************/ static void create_procs(int nprocs, int numops, - struct client_info *cli_info, struct cli_state *cli, - void (*fn)(int, struct client_info *, struct cli_state *)) + struct client_info *cli_info, + void (*fn)(int, struct client_info *)) { int i, status; @@ -184,8 +601,8 @@ static void create_procs(int nprocs, int numops, { int mypid = getpid(); sys_srandom(mypid ^ time(NULL)); - fn(numops, cli_info, cli); - fflush(out_hnd); + fn(numops, cli_info); + dbgflush(); _exit(0); } } @@ -195,6 +612,8 @@ static void create_procs(int nprocs, int numops, waitpid(0, &status, 0); } } + + /**************************************************************************** usage on the program - OUT OF DATE! ****************************************************************************/ @@ -235,7 +654,6 @@ enum client_action extern int optind; static pstring servicesf = CONFIGFILE; pstring term_code; - BOOL got_pass = False; char *cmd_str=""; mode_t myumask = 0755; enum client_action cli_action = CLIENT_NONE; @@ -246,8 +664,6 @@ enum client_action out_hnd = stdout; - rpcclient_init(); - #ifdef KANJI pstrcpy(term_code, KANJI); #else /* KANJI */ @@ -285,8 +701,6 @@ enum client_action pstrcpy(cli_info.cur_dir , "\\"); pstrcpy(cli_info.file_sel, ""); pstrcpy(cli_info.base_dir, ""); - pstrcpy(smb_cli->domain, ""); - pstrcpy(smb_cli->user_name, ""); pstrcpy(cli_info.myhostname, ""); pstrcpy(cli_info.dest_host, ""); @@ -299,7 +713,6 @@ enum client_action ZERO_STRUCT(cli_info.dom.level5_sid); pstrcpy(cli_info.dom.level5_dom, ""); - smb_cli->nt_pipe_fnum = 0xffff; setup_logging(pname, True); @@ -403,8 +816,8 @@ enum client_action case 'U': { char *lp; - pstrcpy(smb_cli->user_name,optarg); - if ((lp=strchr(smb_cli->user_name,'%'))) + pstrcpy(user_name,optarg); + if ((lp=strchr(user_name,'%'))) { *lp = 0; pstrcpy(password,lp+1); @@ -416,7 +829,7 @@ enum client_action case 'W': { - pstrcpy(smb_cli->domain,optarg); + pstrcpy(domain,optarg); break; } @@ -516,12 +929,6 @@ enum client_action DEBUG(3,("%s client started (version %s)\n",timestring(),VERSION)); - if (*smb_cli->domain == 0) - { - pstrcpy(smb_cli->domain,lp_workgroup()); - } - strupper(smb_cli->domain); - load_interfaces(); if (cli_action == CLIENT_IPC) @@ -534,31 +941,25 @@ enum client_action strupper(cli_info.mach_acct); fstrcat(cli_info.mach_acct, "$"); - /* set the password cache info */ - if (got_pass) - { - if (password[0] == 0) - { - pwd_set_nullpwd(&(smb_cli->pwd)); - } - else - { - pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ - } - } - else - { - char *pwd = getpass("Enter Password:"); - safe_strcpy(password, pwd, sizeof(password)); - pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */ - } + make_nmb_name(&called , dns_to_netbios_name(cli_info.dest_host ), cli_info.name_type, scope); + make_nmb_name(&calling, dns_to_netbios_name(cli_info.myhostname), 0x0 , scope); - create_procs(nprocs, numops, &cli_info, smb_cli, run_enums_test); + get_passwd(); +/* + create_procs(nprocs, numops, &cli_info, run_enums_test); if (password[0] != 0) { - create_procs(nprocs, numops, &cli_info, smb_cli, run_ntlogin_test); + create_procs(nprocs, numops, &cli_info, run_ntlogin_test); } +*/ + + create_procs(nprocs, numops, &cli_info, run_tcpconnect); +/* + create_procs(nprocs, numops, &cli_info, run_pipegobbler); + create_procs(nprocs, numops, &cli_info, run_handles); + create_procs(nprocs, numops, &cli_info, run_randomrpc); +*/ fflush(out_hnd); diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 902f59b245..3249103a27 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -554,7 +554,7 @@ int main(int argc, char **argv) charset_initialise(); - if(!initialize_password_db()) { + if(!initialise_password_db()) { fprintf(stderr, "Can't setup password database vectors.\n"); exit(1); } diff --git a/source3/utils/torture.c b/source3/utils/torture.c index 81fa33fc75..fb09f515cf 100644 --- a/source3/utils/torture.c +++ b/source3/utils/torture.c @@ -23,6 +23,9 @@ #include "includes.h" +extern int DEBUGLEVEL; +extern pstring debugf; + static fstring host, workgroup, share, password, username, myname; static int max_protocol = PROTOCOL_NT1; static char *sockops=""; @@ -42,8 +45,27 @@ static double end_timer(void) (tp2.tv_usec - tp1.tv_usec)*1.0e-6); } +#define FAILED_NO_ERROR 0 +#define FAILED_TCP_CONNECT 1 +#define FAILED_SESSION_REQ 2 +#define FAILED_SMB_SESS_SETUP 3 +#define FAILED_SMB_TCON 4 +#define FAILED_SMB_NEGPROT 5 +#define FAILED_CLI_STATE_INIT 6 +#define NUM_ERR_STATES 7 -static BOOL open_connection(struct cli_state *c) +static char *smb_messages[] = +{ + "No errors in connection", + "TCP connection ", + "NetBIOS Session Request", + "SMB Session Setup ", + "SMB Tcon ", + "SMB Negprot ", + "Client initialisation " +}; + +static int open_connection(struct cli_state *c) { struct nmb_name called, calling; @@ -52,48 +74,53 @@ static BOOL open_connection(struct cli_state *c) make_nmb_name(&calling, myname, 0x0, ""); make_nmb_name(&called , host, 0x20, ""); - if (!cli_initialise(c) || !cli_connect(c, host, NULL)) { - printf("Failed to connect with %s\n", host); - return False; + if (!cli_initialise(c)) + { + DEBUG(0,("Failed to connect with %s\n", host)); + return FAILED_CLI_STATE_INIT; + } + + if (!cli_connect(c, host, NULL)) { + DEBUG(0,("Failed to connect with %s\n", host)); + return FAILED_TCP_CONNECT; } if (!cli_session_request(c, &calling, &called)) { cli_shutdown(c); - printf("%s rejected the session\n",host); - return False; + DEBUG(0,("%s rejected the session\n",host)); + return FAILED_SESSION_REQ; } if (!cli_negprot(c)) { - printf("%s rejected the negprot (%s)\n",host, cli_errstr(c)); + DEBUG(0,("%s rejected the negprot (%s)\n",host, cli_errstr(c))); cli_shutdown(c); - return False; + return FAILED_SMB_NEGPROT; } if (!cli_session_setup(c, username, password, strlen(password), password, strlen(password), workgroup)) { + DEBUG(0,("%s rejected the sessionsetup (%s)\n", host, cli_errstr(c))); cli_shutdown(c); - printf("%s rejected the sessionsetup (%s)\n", host, cli_errstr(c)); - return False; + return FAILED_SMB_SESS_SETUP; } if (!cli_send_tconX(c, share, "?????", password, strlen(password)+1)) { - printf("%s refused tree connect (%s)\n", host, cli_errstr(c)); + DEBUG(0,("%s refused tree connect (%s)\n", host, cli_errstr(c))); cli_shutdown(c); - return False; + return FAILED_SMB_TCON; } - return True; + return FAILED_NO_ERROR; } - static void close_connection(struct cli_state *c) { if (!cli_tdis(c)) { - printf("tdis failed (%s)\n", cli_errstr(c)); + DEBUG(0,("tdis failed (%s)\n", cli_errstr(c))); } cli_shutdown(c); @@ -110,10 +137,10 @@ static BOOL check_error(struct cli_state *c, eno = cli_error(c, &class, &num); if ((eclass != class || ecode != num) && num != (nterr&0xFFFFFF)) { - printf("unexpected error code class=%d code=%d\n", - (int)class, (int)num); - printf(" expected %d/%d %d\n", - (int)eclass, (int)ecode, (int)nterr); + DEBUG(0,("unexpected error code class=%d code=%d\n", + (int)class, (int)num)); + DEBUG(0,(" expected %d/%d %d\n", + (int)eclass, (int)ecode, (int)nterr)); return False; } return True; @@ -144,7 +171,7 @@ static BOOL rw_torture(struct cli_state *c, int numops) if (fnum2 == -1) fnum2 = cli_open(c, lockfname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open of %s failed (%s)\n", lockfname, cli_errstr(c)); + DEBUG(0,("open of %s failed (%s)\n", lockfname, cli_errstr(c))); return False; } @@ -152,7 +179,7 @@ static BOOL rw_torture(struct cli_state *c, int numops) for (i=0;i<numops;i++) { unsigned n = (unsigned)sys_random()%10; if (i % 10 == 0) { - printf("%d\r", i); fflush(stdout); + DEBUG(0,("%d\r", i)); } slprintf(fname, sizeof(fstring) - 1, "\\torture.%u", n); @@ -162,49 +189,49 @@ static BOOL rw_torture(struct cli_state *c, int numops) fnum = cli_open(c, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_ALL); if (fnum == -1) { - printf("open failed (%s)\n", cli_errstr(c)); + DEBUG(0,("open failed (%s)\n", cli_errstr(c))); break; } if (cli_write(c, fnum, 0, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) { - printf("write failed (%s)\n", cli_errstr(c)); + DEBUG(0,("write failed (%s)\n", cli_errstr(c))); } for (j=0;j<50;j++) { if (cli_write(c, fnum, 0, (char *)buf, sizeof(pid)+(j*sizeof(buf)), sizeof(buf)) != sizeof(buf)) { - printf("write failed (%s)\n", cli_errstr(c)); + DEBUG(0,("write failed (%s)\n", cli_errstr(c))); } } pid2 = 0; if (cli_read(c, fnum, (char *)&pid2, 0, sizeof(pid)) != sizeof(pid)) { - printf("read failed (%s)\n", cli_errstr(c)); + DEBUG(0,("read failed (%s)\n", cli_errstr(c))); } if (pid2 != pid) { - printf("data corruption!\n"); + DEBUG(0,("data corruption!\n")); } if (!cli_close(c, fnum)) { - printf("close failed (%s)\n", cli_errstr(c)); + DEBUG(0,("close failed (%s)\n", cli_errstr(c))); } if (!cli_unlink(c, fname)) { - printf("unlink failed (%s)\n", cli_errstr(c)); + DEBUG(0,("unlink failed (%s)\n", cli_errstr(c))); } if (!cli_unlock(c, fnum2, n*sizeof(int), sizeof(int), -1)) { - printf("unlock failed (%s)\n", cli_errstr(c)); + DEBUG(0,("unlock failed (%s)\n", cli_errstr(c))); } } cli_close(c, fnum2); cli_unlink(c, lockfname); - printf("%d\n", i); + DEBUG(0,("%d\n", i)); return True; } @@ -231,15 +258,21 @@ static void run_torture(int numops) { static struct cli_state cli; - if (open_connection(&cli)) { + if (open_connection(&cli) == 0) + { cli_sockopt(&cli, sockops); - printf("pid %d OK\n", getpid()); + DEBUG(0,("pid %d OK\n", getpid())); rw_torture(&cli, numops); close_connection(&cli); } + else + { + DEBUG(0,("pid %d failed\n", getpid())); + } + } /* @@ -256,50 +289,50 @@ static void run_locktest1(void) int fnum1, fnum2, fnum3; time_t t1, t2; - if (!open_connection(&cli1) || !open_connection(&cli2)) { + if (open_connection(&cli1) != 0 || open_connection(&cli2) != 0) { return; } cli_sockopt(&cli1, sockops); cli_sockopt(&cli2, sockops); - printf("starting locktest1\n"); + DEBUG(0,("starting locktest1\n")); cli_unlink(&cli1, fname); fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open2 of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } fnum3 = cli_open(&cli2, fname, O_RDWR, DENY_NONE); if (fnum3 == -1) { - printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli2)); + DEBUG(0,("open3 of %s failed (%s)\n", fname, cli_errstr(&cli2))); return; } if (!cli_lock(&cli1, fnum1, 0, 4, 0)) { - printf("lock1 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("lock1 failed (%s)\n", cli_errstr(&cli1))); return; } if (cli_lock(&cli2, fnum3, 0, 4, 0)) { - printf("lock2 succeeded! This is a locking bug\n"); + DEBUG(0,("lock2 succeeded! This is a locking bug\n")); return; } else { if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return; } - printf("Testing lock timeouts\n"); + DEBUG(0,("Testing lock timeouts\n")); t1 = time(NULL); if (cli_lock(&cli2, fnum3, 0, 4, 10*1000)) { - printf("lock3 succeeded! This is a locking bug\n"); + DEBUG(0,("lock3 succeeded! This is a locking bug\n")); return; } else { if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return; @@ -307,33 +340,33 @@ static void run_locktest1(void) t2 = time(NULL); if (t2 - t1 < 5) { - printf("error: This server appears not to support timed lock requests\n"); + DEBUG(0,("error: This server appears not to support timed lock requests\n")); } if (!cli_close(&cli1, fnum2)) { - printf("close1 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("close1 failed (%s)\n", cli_errstr(&cli1))); return; } if (cli_lock(&cli2, fnum3, 0, 4, 0)) { - printf("lock4 succeeded! This is a locking bug\n"); + DEBUG(0,("lock4 succeeded! This is a locking bug\n")); return; } else { if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return; } if (!cli_close(&cli1, fnum1)) { - printf("close2 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("close2 failed (%s)\n", cli_errstr(&cli1))); return; } if (!cli_close(&cli2, fnum3)) { - printf("close3 failed (%s)\n", cli_errstr(&cli2)); + DEBUG(0,("close3 failed (%s)\n", cli_errstr(&cli2))); return; } if (!cli_unlink(&cli1, fname)) { - printf("unlink failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("unlink failed (%s)\n", cli_errstr(&cli1))); return; } @@ -341,7 +374,7 @@ static void run_locktest1(void) close_connection(&cli1); close_connection(&cli2); - printf("Passed locktest1\n"); + DEBUG(0,("Passed locktest1\n")); } @@ -362,13 +395,13 @@ static void run_locktest2(void) char *fname = "\\lockt2.lck"; int fnum1, fnum2, fnum3; - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } cli_sockopt(&cli, sockops); - printf("starting locktest2\n"); + DEBUG(0,("starting locktest2\n")); cli_unlink(&cli, fname); @@ -376,13 +409,13 @@ static void run_locktest2(void) fnum1 = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } fnum2 = cli_open(&cli, fname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open2 of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } @@ -390,19 +423,19 @@ static void run_locktest2(void) fnum3 = cli_open(&cli, fname, O_RDWR, DENY_NONE); if (fnum3 == -1) { - printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open3 of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } cli_setpid(&cli, 1); if (!cli_lock(&cli, fnum1, 0, 4, 0)) { - printf("lock1 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("lock1 failed (%s)\n", cli_errstr(&cli))); return; } if (cli_lock(&cli, fnum2, 0, 4, 0)) { - printf("lock2 succeeded! This is a locking bug\n"); + DEBUG(0,("lock2 succeeded! This is a locking bug\n")); } else { if (!check_error(&cli, ERRDOS, ERRlock, 0)) return; } @@ -410,11 +443,11 @@ static void run_locktest2(void) cli_setpid(&cli, 2); if (cli_unlock(&cli, fnum1, 0, 4, 0)) { - printf("unlock1 succeeded! This is a locking bug\n"); + DEBUG(0,("unlock1 succeeded! This is a locking bug\n")); } if (cli_lock(&cli, fnum3, 0, 4, 0)) { - printf("lock3 succeeded! This is a locking bug\n"); + DEBUG(0,("lock3 succeeded! This is a locking bug\n")); } else { if (!check_error(&cli, ERRDOS, ERRlock, 0)) return; } @@ -422,23 +455,23 @@ static void run_locktest2(void) cli_setpid(&cli, 1); if (!cli_close(&cli, fnum1)) { - printf("close1 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("close1 failed (%s)\n", cli_errstr(&cli))); return; } if (!cli_close(&cli, fnum2)) { - printf("close2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("close2 failed (%s)\n", cli_errstr(&cli))); return; } if (!cli_close(&cli, fnum3)) { - printf("close3 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("close3 failed (%s)\n", cli_errstr(&cli))); return; } close_connection(&cli); - printf("locktest2 finished\n"); + DEBUG(0,("locktest2 finished\n")); } @@ -456,40 +489,40 @@ static void run_locktest3(int numops) #define NEXT_OFFSET offset += (~(uint32)0) / numops - if (!open_connection(&cli1) || !open_connection(&cli2)) { + if (open_connection(&cli1) != 0 || open_connection(&cli2) != 0) { return; } cli_sockopt(&cli1, sockops); cli_sockopt(&cli2, sockops); - printf("starting locktest3\n"); + DEBUG(0,("starting locktest3\n")); cli_unlink(&cli1, fname); fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE); if (fnum2 == -1) { - printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli2)); + DEBUG(0,("open2 of %s failed (%s)\n", fname, cli_errstr(&cli2))); return; } for (offset=i=0;i<numops;i++) { NEXT_OFFSET; if (!cli_lock(&cli1, fnum1, offset-1, 1, 0)) { - printf("lock1 %d failed (%s)\n", + DEBUG(0,("lock1 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } if (!cli_lock(&cli2, fnum2, offset-2, 1, 0)) { - printf("lock2 %d failed (%s)\n", + DEBUG(0,("lock2 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } } @@ -498,22 +531,22 @@ static void run_locktest3(int numops) NEXT_OFFSET; if (cli_lock(&cli1, fnum1, offset-2, 1, 0)) { - printf("error: lock1 %d succeeded!\n", i); + DEBUG(0,("error: lock1 %d succeeded!\n", i)); return; } if (cli_lock(&cli2, fnum2, offset-1, 1, 0)) { - printf("error: lock2 %d succeeded!\n", i); + DEBUG(0,("error: lock2 %d succeeded!\n", i)); return; } if (cli_lock(&cli1, fnum1, offset-1, 1, 0)) { - printf("error: lock3 %d succeeded!\n", i); + DEBUG(0,("error: lock3 %d succeeded!\n", i)); return; } if (cli_lock(&cli2, fnum2, offset-2, 1, 0)) { - printf("error: lock4 %d succeeded!\n", i); + DEBUG(0,("error: lock4 %d succeeded!\n", i)); return; } } @@ -522,37 +555,37 @@ static void run_locktest3(int numops) NEXT_OFFSET; if (!cli_unlock(&cli1, fnum1, offset-1, 1, 0)) { - printf("unlock1 %d failed (%s)\n", + DEBUG(0,("unlock1 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } if (!cli_unlock(&cli2, fnum2, offset-2, 1, 0)) { - printf("unlock2 %d failed (%s)\n", + DEBUG(0,("unlock2 %d failed (%s)\n", i, - cli_errstr(&cli1)); + cli_errstr(&cli1))); return; } } if (!cli_close(&cli1, fnum1)) { - printf("close1 failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("close1 failed (%s)\n", cli_errstr(&cli1))); } if (!cli_close(&cli2, fnum2)) { - printf("close2 failed (%s)\n", cli_errstr(&cli2)); + DEBUG(0,("close2 failed (%s)\n", cli_errstr(&cli2))); } if (!cli_unlink(&cli1, fname)) { - printf("unlink failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("unlink failed (%s)\n", cli_errstr(&cli1))); return; } close_connection(&cli1); close_connection(&cli2); - printf("finished locktest3\n"); + DEBUG(0,("finished locktest3\n")); } @@ -567,24 +600,24 @@ static void run_fdpasstest(void) int fnum1; pstring buf; - if (!open_connection(&cli1) || !open_connection(&cli2)) { + if (open_connection(&cli1) != 0 || open_connection(&cli2) != 0) { return; } cli_sockopt(&cli1, sockops); cli_sockopt(&cli2, sockops); - printf("starting fdpasstest\n"); + DEBUG(0,("starting fdpasstest\n")); cli_unlink(&cli1, fname); fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum1 == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli1))); return; } if (cli_write(&cli1, fnum1, 0, "hello world\n", 0, 13) != 13) { - printf("write failed (%s)\n", cli_errstr(&cli1)); + DEBUG(0,("write failed (%s)\n", cli_errstr(&cli1))); return; } @@ -594,8 +627,8 @@ static void run_fdpasstest(void) if (cli_read(&cli2, fnum1, buf, 0, 13) == 13) { - printf("read succeeded! nasty security hole [%s]\n", - buf); + DEBUG(0,("read succeeded! nasty security hole [%s]\n", + buf)); return; } @@ -605,7 +638,7 @@ static void run_fdpasstest(void) close_connection(&cli1); close_connection(&cli2); - printf("finished fdpasstest\n"); + DEBUG(0,("finished fdpasstest\n")); } @@ -620,13 +653,13 @@ static void run_unlinktest(void) char *fname = "\\unlink.tst"; int fnum; - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } cli_sockopt(&cli, sockops); - printf("starting unlink test\n"); + DEBUG(0,("starting unlink test\n")); cli_unlink(&cli, fname); @@ -634,12 +667,12 @@ static void run_unlinktest(void) fnum = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE); if (fnum == -1) { - printf("open of %s failed (%s)\n", fname, cli_errstr(&cli)); + DEBUG(0,("open of %s failed (%s)\n", fname, cli_errstr(&cli))); return; } if (cli_unlink(&cli, fname)) { - printf("error: server allowed unlink on an open file\n"); + DEBUG(0,("error: server allowed unlink on an open file\n")); } cli_close(&cli, fnum); @@ -647,7 +680,7 @@ static void run_unlinktest(void) close_connection(&cli); - printf("unlink test finished\n"); + DEBUG(0,("unlink test finished\n")); } @@ -664,16 +697,16 @@ static void run_maxfidtest(int n) srandom(getpid()); - while (!open_connection(&cli) && retries--) msleep(random() % 2000); + while (open_connection(&cli) != 0 && retries--) msleep(random() % 2000); if (retries <= 0) { - printf("failed to connect\n"); + DEBUG(0,("failed to connect\n")); return; } cli_sockopt(&cli, sockops); - printf("starting maxfid test\n"); + DEBUG(0,("starting maxfid test\n")); fnum = 0; while (1) { @@ -681,25 +714,25 @@ static void run_maxfidtest(int n) if (cli_open(&cli, fname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE) == -1) { - printf("open of %s failed (%s)\n", - fname, cli_errstr(&cli)); - printf("maximum fnum is %d\n", fnum); + DEBUG(0,("open of %s failed (%s)\n", + fname, cli_errstr(&cli))); + DEBUG(0,("maximum fnum is %d\n", fnum)); break; } fnum++; } - printf("cleaning up\n"); + DEBUG(0,("cleaning up\n")); while (fnum > n) { fnum--; slprintf(fname,sizeof(fname)-1,template, fnum,getpid()); if (cli_unlink(&cli, fname)) { - printf("unlink of %s failed (%s)\n", - fname, cli_errstr(&cli)); + DEBUG(0,("unlink of %s failed (%s)\n", + fname, cli_errstr(&cli))); } } - printf("maxfid test finished\n"); + DEBUG(0,("maxfid test finished\n")); close_connection(&cli); } @@ -713,24 +746,41 @@ static void rand_buf(char *buf, int len) } /* send random IPC commands */ -static void run_randomipc(void) +static void run_randomipc(int numops) { char *rparam = NULL; char *rdata = NULL; int rdrcnt,rprcnt; - pstring param; + char param[BUFFER_SIZE]; int api, param_len, i; + int reconnect_count = 50; static struct cli_state cli; - printf("starting random ipc test\n"); + DEBUG(0,("starting random ipc test\n")); + + while (reconnect_count > 0 && open_connection(&cli) != 0) + { + DEBUG(0,("connection failed: retrying %d\n", reconnect_count)); + msleep(sys_random() % 1000); + reconnect_count--; + } - if (!open_connection(&cli)) { + if (reconnect_count == 0) + { return; } - for (i=0;i<50000;i++) { + for (i=0;i<numops * 100;i++) + { api = sys_random() % 500; - param_len = (sys_random() % 64); + if ((sys_random() % 10) == 0) + { + param_len = (sys_random() % BUFFER_SIZE); + } + else + { + param_len = (sys_random() % 64); + } rand_buf(param, param_len); @@ -745,7 +795,7 @@ static void run_randomipc(void) close_connection(&cli); - printf("finished random ipc test\n"); + DEBUG(0,("finished random ipc test\n")); } @@ -753,7 +803,7 @@ static void run_randomipc(void) static void browse_callback(const char *sname, uint32 stype, const char *comment) { - printf("\t%20.20s %08x %s\n", sname, stype, comment); + DEBUG(0,("\t%20.20s %08x %s\n", sname, stype, comment)); } @@ -766,25 +816,25 @@ static void run_browsetest(void) { static struct cli_state cli; - printf("starting browse test\n"); + DEBUG(0,("starting browse test\n")); - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } - printf("domain list:\n"); + DEBUG(0,("domain list:\n")); cli_NetServerEnum(&cli, workgroup, SV_TYPE_DOMAIN_ENUM, browse_callback); - printf("machine list:\n"); + DEBUG(0,("machine list:\n")); cli_NetServerEnum(&cli, workgroup, SV_TYPE_ALL, browse_callback); close_connection(&cli); - printf("browse test finished\n"); + DEBUG(0,("browse test finished\n")); } @@ -798,9 +848,9 @@ static void run_attrtest(void) time_t t, t2; char *fname = "\\attrib.tst"; - printf("starting attrib test\n"); + DEBUG(0,("starting attrib test\n")); - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } @@ -809,36 +859,36 @@ static void run_attrtest(void) O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); cli_close(&cli, fnum); if (!cli_getatr(&cli, fname, NULL, NULL, &t)) { - printf("getatr failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("getatr failed (%s)\n", cli_errstr(&cli))); } if (abs(t - time(NULL)) > 2) { - printf("ERROR: SMBgetatr bug. time is %s", - ctime(&t)); + DEBUG(0,("ERROR: SMBgetatr bug. time is %s", + ctime(&t))); t = time(NULL); } t2 = t-60*60*24; /* 1 day ago */ if (!cli_setatr(&cli, fname, 0, t2)) { - printf("setatr failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("setatr failed (%s)\n", cli_errstr(&cli))); } if (!cli_getatr(&cli, fname, NULL, NULL, &t)) { - printf("getatr failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("getatr failed (%s)\n", cli_errstr(&cli))); } if (t != t2) { - printf("ERROR: getatr/setatr bug. times are\n%s", - ctime(&t)); - printf("%s", ctime(&t2)); + DEBUG(0,("ERROR: getatr/setatr bug. times are\n%s", + ctime(&t))); + DEBUG(0,("%s", ctime(&t2))); } cli_unlink(&cli, fname); close_connection(&cli); - printf("attrib test finished\n"); + DEBUG(0,("attrib test finished\n")); } @@ -855,9 +905,9 @@ static void run_trans2test(void) char *dname = "\\trans2"; char *fname2 = "\\trans2\\trans2.tst"; - printf("starting trans2 test\n"); + DEBUG(0,("starting trans2 test\n")); - if (!open_connection(&cli)) { + if (open_connection(&cli) != 0) { return; } @@ -866,7 +916,7 @@ static void run_trans2test(void) O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); if (!cli_qfileinfo(&cli, fnum, NULL, &size, &c_time, &a_time, &m_time, NULL, NULL)) { - printf("ERROR: qfileinfo failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qfileinfo failed (%s)\n", cli_errstr(&cli))); } cli_close(&cli, fnum); @@ -878,20 +928,20 @@ static void run_trans2test(void) cli_close(&cli, fnum); if (!cli_qpathinfo(&cli, fname, &c_time, &a_time, &m_time, &size, NULL)) { - printf("ERROR: qpathinfo failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo failed (%s)\n", cli_errstr(&cli))); } else { if (c_time != m_time) { - printf("create time=%s", ctime(&c_time)); - printf("modify time=%s", ctime(&m_time)); - printf("This system appears to have sticky create times\n"); + DEBUG(0,("create time=%s", ctime(&c_time))); + DEBUG(0,("modify time=%s", ctime(&m_time))); + DEBUG(0,("This system appears to have sticky create times\n")); } if (a_time % (60*60) == 0) { - printf("access time=%s", ctime(&a_time)); - printf("This system appears to set a midnight access time\n"); + DEBUG(0,("access time=%s", ctime(&a_time))); + DEBUG(0,("This system appears to set a midnight access time\n")); } if (abs(m_time - time(NULL)) > 60*60*24*7) { - printf("ERROR: totally incorrect times - maybe word reversed?\n"); + DEBUG(0,("ERROR: totally incorrect times - maybe word reversed?\n")); } } @@ -902,11 +952,11 @@ static void run_trans2test(void) cli_close(&cli, fnum); if (!cli_qpathinfo2(&cli, fname, &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL)) { - printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli))); } else { if (w_time < 60*60*24*2) { - printf("write time=%s", ctime(&w_time)); - printf("This system appears to set a initial 0 write time\n"); + DEBUG(0,("write time=%s", ctime(&w_time))); + DEBUG(0,("This system appears to set a initial 0 write time\n")); } } @@ -916,12 +966,12 @@ static void run_trans2test(void) /* check if the server updates the directory modification time when creating a new file */ if (!cli_mkdir(&cli, dname)) { - printf("ERROR: mkdir failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: mkdir failed (%s)\n", cli_errstr(&cli))); } sleep(3); if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL)) { - printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli))); } fnum = cli_open(&cli, fname2, @@ -930,10 +980,10 @@ static void run_trans2test(void) cli_close(&cli, fnum); if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2, &w_time, &size, NULL, NULL)) { - printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli)); + DEBUG(0,("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli))); } else { if (m_time2 == m_time) - printf("This system does not update directory modification times\n"); + DEBUG(0,("This system does not update directory modification times\n")); } cli_unlink(&cli, fname2); cli_rmdir(&cli, dname); @@ -941,29 +991,83 @@ static void run_trans2test(void) close_connection(&cli); - printf("trans2 test finished\n"); + DEBUG(0,("trans2 test finished\n")); } +static void run_connection(int numops) +{ + struct cli_state c; + int count = 0; + int failed[NUM_ERR_STATES]; + int i; + + DEBUG(0,("Connection test starts:\n")); + + for (i = 0; i < NUM_ERR_STATES; i++) + { + failed[i] = 0; + } + + for (i = 0; i < numops; i++) + { + int err; + DEBUG(0,("Connection test %d %d\n", i, numops)); + if ((err = open_connection(&c))) + { + failed[err]++; + } + count++; + } + + { + int failtotal = 0; + + for (i = 0, failtotal = 0; i < NUM_ERR_STATES; i++) + { + failtotal += failed[i]; + } + DEBUG(0,("Connection test results: count %d success %d\n", count, count-failtotal)); + } + for (i = 0; i < NUM_ERR_STATES; i++) + { + DEBUG(0,("%s: failed: %d\n", smb_messages[i], failed[i])); + } +} + static void create_procs(int nprocs, int numops, void (*fn)(int )) { int i, status; - for (i=0;i<nprocs;i++) { - if (fork() == 0) { + for (i=0;i<nprocs;i++) + { + if (fork() == 0) + { int mypid = getpid(); sys_srandom(mypid ^ time(NULL)); + + if (!dbg_interactive()) + { + slprintf(debugf, sizeof(debugf), "./log.torture.%d", mypid); + reopen_logs(); + } + fn(numops); + dbgflush(); _exit(0); } } for (i=0;i<nprocs;i++) + { waitpid(0, &status, 0); + } } +#define DEBUG_INTERACTIVE True + /**************************************************************************** main program ****************************************************************************/ @@ -975,9 +1079,14 @@ static void create_procs(int nprocs, int numops, void (*fn)(int )) int gotpass = 0; extern char *optarg; extern int optind; - extern FILE *dbf; + extern BOOL append_log; + extern BOOL timestamp_log; - dbf = stdout; + DEBUGLEVEL = 0; + pstrcpy(debugf,"./log.torture"); + setup_logging(argv[0], DEBUG_INTERACTIVE); + append_log = True; + timestamp_log = False; charset_initialise(); @@ -1055,8 +1164,12 @@ static void create_procs(int nprocs, int numops, void (*fn)(int )) } } - printf("host=%s share=%s user=%s myname=%s\n", - host, share, username, myname); + printf("host=%s share=%s user=%s myname=%s procs=%d ops=%d\n", + host, share, username, myname, nprocs, numops); + + create_procs(nprocs, numops, run_connection); +/* + create_procs(nprocs, numops, run_randomipc); run_fdpasstest(); run_locktest1(); @@ -1069,11 +1182,13 @@ static void create_procs(int nprocs, int numops, void (*fn)(int )) create_procs(nprocs, numops, run_maxfidtest); + + start_timer(); create_procs(nprocs, numops, run_torture); printf("rw_torture: %g secs\n", end_timer()); - - run_randomipc(); +*/ + dbgflush(); return(0); } diff --git a/source3/web/swat.c b/source3/web/swat.c index 8f47ced52d..cdbd1f8c8c 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -603,7 +603,7 @@ static BOOL change_password(const char *remote_machine, char *user_name, return ret; } - if(!initialize_password_db()) { + if(!initialise_password_db()) { printf("Can't setup password database vectors.\n<p>"); return False; } |