summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/secrets.h22
-rw-r--r--source4/lib/genparser.c775
-rw-r--r--source4/lib/genparser_samba.c200
-rw-r--r--source4/lib/tdb/tdbutil.c62
-rw-r--r--source4/lib/util_seaccess.c490
-rw-r--r--source4/lib/util_sid.c2
-rw-r--r--source4/passdb/secrets.c369
7 files changed, 2 insertions, 1918 deletions
diff --git a/source4/include/secrets.h b/source4/include/secrets.h
index 183b29d7a8..ae881c7cb9 100644
--- a/source4/include/secrets.h
+++ b/source4/include/secrets.h
@@ -54,26 +54,4 @@ struct machine_acct_pass {
time_t mod_time;
};
-/*
- * storage structure for trusted domain
- */
-struct trusted_dom_pass {
- size_t uni_name_len;
- smb_ucs2_t uni_name[32]; /* unicode domain name */
- size_t pass_len;
- fstring pass; /* trust relationship's password */
- time_t mod_time;
- DOM_SID domain_sid; /* remote domain's sid */
-};
-
-/*
- * trusted domain entry/entries returned by secrets_get_trusted_domains
- * (used in _lsa_enum_trust_dom call)
- */
-typedef struct trustdom {
- smb_ucs2_t *name;
- DOM_SID sid;
-} TRUSTDOM;
-
-
#endif /* _SECRETS_H */
diff --git a/source4/lib/genparser.c b/source4/lib/genparser.c
deleted file mode 100644
index 0f5d26620b..0000000000
--- a/source4/lib/genparser.c
+++ /dev/null
@@ -1,775 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-#include "includes.h"
-
-/* encode a buffer of bytes into a escaped string */
-static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len)
-{
- const char *hexdig = "0123456789abcdef";
- char *ret, *p;
- unsigned i;
- ret = talloc(mem_ctx, len*3 + 1); /* worst case size */
- if (!ret) return NULL;
- for (p=ret,i=0;i<len;i++) {
- if (isalnum(ptr[i]) || isspace(ptr[i]) ||
- (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) {
- *p++ = ptr[i];
- } else {
- unsigned char c = *(const unsigned char *)(ptr+i);
- if (c == 0 && all_zero(ptr+i, len-i)) break;
- p[0] = '\\';
- p[1] = hexdig[c>>4];
- p[2] = hexdig[c&0xF];
- p += 3;
- }
- }
-
- *p = 0;
-
- return ret;
-}
-
-/* decode an escaped string from encode_bytes() into a buffer */
-static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len)
-{
- char *ret, *p;
- unsigned i;
- int slen = strlen(s) + 1;
-
- ret = talloc(mem_ctx, slen); /* worst case length */
- if (!ret)
- return NULL;
- memset(ret, 0, slen);
-
- if (*s == '{') s++;
-
- for (p=ret,i=0;s[i];i++) {
- if (s[i] == '}') {
- break;
- } else if (s[i] == '\\') {
- unsigned v;
- if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) {
- return NULL;
- }
- *(unsigned char *)p = v;
- p++;
- i += 2;
- } else {
- *p++ = s[i];
- }
- }
- *p = 0;
-
- (*len) = (unsigned)(p - ret);
-
- return ret;
-}
-
-/* the add*() functions deal with adding things to a struct
- parse_string */
-
-/* allocate more space if needed */
-static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n)
-{
- if (p->length + n <= p->allocated) return 0;
- p->allocated = p->length + n + 200;
- p->s = talloc_realloc(mem_ctx, p->s, p->allocated);
- if (!p->s) {
- errno = ENOMEM;
- return -1;
- }
- return 0;
-}
-
-/* add a character to the buffer */
-static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c)
-{
- if (addgen_alloc(mem_ctx, p, 2) != 0) {
- return -1;
- }
- p->s[p->length++] = c;
- p->s[p->length] = 0;
- return 0;
-}
-
-/* add a string to the buffer */
-int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, len+1) != 0) {
- return -1;
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* add a string to the buffer with a tab prefix */
-static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) {
- return -1;
- }
- while (indent--) {
- p->s[p->length++] = '\t';
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* note! this can only be used for results up to 60 chars wide! */
-int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char buf[60];
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vsnprintf(buf, sizeof(buf), fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- return 0;
-}
-
-/*
- this is here to make it easier for people to write dump functions
- for their own types
- */
-int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char *buf = NULL;
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vasprintf(&buf, fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- if (buf) free(buf);
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- if (buf) free(buf);
- return 0;
-}
-
-/* dump a enumerated type */
-int gen_dump_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- unsigned v = *(const unsigned *)ptr;
- int i;
- for (i=0;einfo[i].name;i++) {
- if (v == einfo[i].value) {
- addstr(mem_ctx, p, einfo[i].name);
- return 0;
- }
- }
- /* hmm, maybe we should just fail? */
- return gen_dump_unsigned(mem_ctx, p, ptr, indent);
-}
-
-/* dump a single non-array element, hanlding struct and enum */
-static int gen_dump_one(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- unsigned indent)
-{
- if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) {
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addchar(mem_ctx, p,'{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}")) {
- return -1;
- }
- return 0;
- }
-
- return pinfo->dump_fn(mem_ctx, p, ptr, indent);
-}
-
-/* handle dumping of an array of arbitrary type */
-static int gen_dump_array(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- int array_len,
- int indent)
-{
- int i, count=0;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- char *s = encode_bytes(mem_ctx, ptr, array_len);
- if (!s) return -1;
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = {") ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- free(s);
- return 0;
- }
-
- for (i=0;i<array_len;i++) {
- const char *p2 = ptr;
- unsigned size = pinfo->size;
-
- /* generic pointer dereference */
- if (pinfo->ptr_count) {
- p2 = *(const char **)ptr;
- size = sizeof(void *);
- }
-
- if ((count || pinfo->ptr_count) &&
- !(pinfo->flags & FLAG_ALWAYS) &&
- all_zero(ptr, size)) {
- ptr += size;
- continue;
- }
- if (count == 0) {
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addshort(mem_ctx, p, " = %u:", i)) {
- return -1;
- }
- } else {
- if (addshort(mem_ctx, p, ", %u:", i) != 0) {
- return -1;
- }
- }
- if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) {
- return -1;
- }
- ptr += size;
- count++;
- }
- if (count) {
- return addstr(mem_ctx, p, "\n");
- }
- return 0;
-}
-
-/* find a variable by name in a loaded structure and return its value
- as an integer. Used to support dynamic arrays */
-static int find_var(const struct parse_struct *pinfo,
- const char *data,
- const char *var)
-{
- int i;
- const char *ptr;
-
- /* this allows for constant lengths */
- if (isdigit(*var)) {
- return atoi(var);
- }
-
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, var) == 0) break;
- }
- if (!pinfo[i].name) return -1;
-
- ptr = data + pinfo[i].offset;
-
- switch (pinfo[i].size) {
- case sizeof(int):
- return *(const int *)ptr;
- case sizeof(char):
- return *(const char *)ptr;
- }
-
- return -1;
-}
-
-
-int gen_dump_struct(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1);
- if (!s) return -1;
- if (addstr(mem_ctx, p, "{\n") ||
- addstr(mem_ctx, p, s) ||
- addtabbed(mem_ctx, p, "}", indent)) {
- return -1;
- }
- return 0;
-}
-
-static int gen_dump_string(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- const char *ptr = *(const char **)data;
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = ") ||
- addchar(mem_ctx, p, '{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- return 0;
-}
-
-/*
- find the length of a nullterm array
-*/
-static int len_nullterm(const char *ptr, int size, int array_len)
-{
- int len;
-
- if (size == 1) {
- len = strnlen(ptr, array_len);
- } else {
- for (len=0; len < array_len; len++) {
- if (all_zero(ptr+len*size, size)) break;
- }
- }
-
- if (len == 0) len = 1;
-
- return len;
-}
-
-
-/* the generic dump routine. Scans the parse information for this structure
- and processes it recursively */
-char *gen_dump(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- struct parse_string p;
- int i;
-
- p.length = 0;
- p.allocated = 0;
- p.s = NULL;
-
- if (addstr(mem_ctx, &p, "") != 0) {
- return NULL;
- }
-
- for (i=0;pinfo[i].name;i++) {
- const char *ptr = data + pinfo[i].offset;
- unsigned size = pinfo[i].size;
-
- if (pinfo[i].ptr_count) {
- size = sizeof(void *);
- }
-
- /* special handling for array types */
- if (pinfo[i].array_len) {
- unsigned len = pinfo[i].array_len;
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(ptr, size, len);
- }
- if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr,
- len, indent)) {
- goto failed;
- }
- continue;
- }
-
- /* and dynamically sized arrays */
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- struct parse_struct p2 = pinfo[i];
- if (len < 0) {
- goto failed;
- }
- if (len > 0) {
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(*(const char **)ptr,
- pinfo[i].size, len);
- }
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- if (gen_dump_array(mem_ctx, &p, &p2,
- *(const char **)ptr,
- len, indent) != 0) {
- goto failed;
- }
- }
- continue;
- }
-
- /* don't dump zero elements */
- if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue;
-
- /* assume char* is a null terminated string */
- if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 &&
- pinfo[i].dump_fn == gen_dump_char) {
- if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) {
- goto failed;
- }
- continue;
- }
-
- /* generic pointer dereference */
- if (pinfo[i].ptr_count) {
- ptr = *(const char **)ptr;
- }
-
- if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) ||
- addstr(mem_ctx, &p, " = ") ||
- gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) ||
- addstr(mem_ctx, &p, "\n")) {
- goto failed;
- }
- }
- return p.s;
-
-failed:
- return NULL;
-}
-
-/* search for a character in a string, skipping over sections within
- matching braces */
-static char *match_braces(char *s, char c)
-{
- int depth = 0;
- while (*s) {
- switch (*s) {
- case '}':
- depth--;
- break;
- case '{':
- depth++;
- break;
- }
- if (depth == 0 && *s == c) {
- return s;
- }
- s++;
- }
- return s;
-}
-
-/* parse routine for enumerated types */
-int gen_parse_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- char *ptr,
- const char *str)
-{
- unsigned v;
- int i;
-
- if (isdigit(*str)) {
- if (sscanf(str, "%u", &v) != 1) {
- errno = EINVAL;
- return -1;
- }
- *(unsigned *)ptr = v;
- return 0;
- }
-
- for (i=0;einfo[i].name;i++) {
- if (strcmp(einfo[i].name, str) == 0) {
- *(unsigned *)ptr = einfo[i].value;
- return 0;
- }
- }
-
- /* unknown enum value?? */
- return -1;
-}
-
-
-/* parse all base types */
-static int gen_parse_base(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str)
-{
- if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) {
- unsigned len;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s) return -1;
- *(char **)ptr = s;
- return 0;
- }
-
- if (pinfo->ptr_count) {
- unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size;
- struct parse_struct p2 = *pinfo;
- *(void **)ptr = talloc(mem_ctx, size);
- if (! *(void **)ptr) {
- return -1;
- }
- memset(*(void **)ptr, 0, size);
- ptr = *(char **)ptr;
- p2.ptr_count--;
- return gen_parse_base(mem_ctx, &p2, ptr, str);
- }
-
- return pinfo->parse_fn(mem_ctx, ptr, str);
-}
-
-/* parse a generic array */
-static int gen_parse_array(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str,
- int array_len)
-{
- char *p, *p2;
- unsigned size = pinfo->size;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- unsigned len = 0;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s || (len > array_len)) return -1;
- memset(ptr, 0, array_len);
- memcpy(ptr, s, len);
- return 0;
- }
-
- if (pinfo->ptr_count) {
- size = sizeof(void *);
- }
-
- while (*str) {
- unsigned idx;
- int done;
-
- idx = atoi(str);
- p = strchr(str,':');
- if (!p) break;
- p++;
- p2 = match_braces(p, ',');
- done = (*p2 != ',');
- *p2 = 0;
-
- if (*p == '{') {
- p++;
- p[strlen(p)-1] = 0;
- }
-
- if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) {
- return -1;
- }
-
- if (done) break;
- str = p2+1;
- }
-
- return 0;
-}
-
-/* parse one element, hanlding dynamic and static arrays */
-static int gen_parse_one(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *name,
- char *data,
- const char *str)
-{
- int i;
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, name) == 0) {
- break;
- }
- }
- if (pinfo[i].name == NULL) {
- return 0;
- }
-
- if (pinfo[i].array_len) {
- return gen_parse_array(mem_ctx, &pinfo[i],
- data+pinfo[i].offset,
- str, pinfo[i].array_len);
- }
-
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- if (len < 0) {
- errno = EINVAL;
- return -1;
- }
- if (len > 0) {
- struct parse_struct p2 = pinfo[i];
- char *ptr;
- unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size;
- ptr = talloc(mem_ctx, len*size);
- if (!ptr) {
- errno = ENOMEM;
- return -1;
- }
- memset(ptr, 0, len*size);
- *((char **)(data + pinfo[i].offset)) = ptr;
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- return gen_parse_array(mem_ctx, &p2, ptr, str, len);
- }
- return 0;
- }
-
- return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str);
-}
-
-int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str)
-{
- return gen_parse(mem_ctx, pinfo, ptr, str);
-}
-
-/* the main parse routine */
-int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s)
-{
- char *str, *s0;
-
- s0 = strdup(s);
- str = s0;
-
- while (*str) {
- char *p;
- char *name;
- char *value;
-
- /* skip leading whitespace */
- while (isspace(*str)) str++;
-
- p = strchr(str, '=');
- if (!p) break;
- value = p+1;
- while (p > str && isspace(*(p-1))) {
- p--;
- }
-
- *p = 0;
- name = str;
-
- while (isspace(*value)) value++;
-
- if (*value == '{') {
- str = match_braces(value, '}');
- value++;
- } else {
- str = match_braces(value, '\n');
- }
-
- *str++ = 0;
-
- if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) {
- free(s0);
- return -1;
- }
- }
-
- free(s0);
- return 0;
-}
-
-
-
-/* for convenience supply some standard dumpers and parsers here */
-
-int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned char *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(int *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(time_t *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(double *)ptr = atof(str);
- return 0;
-}
-
-int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(float *)ptr = atof(str);
- return 0;
-}
-
-int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr));
-}
-
-int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%d", *(int *)(ptr));
-}
-
-int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr));
-}
-
-int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(time_t *)(ptr));
-}
-
-int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%lg", *(double *)(ptr));
-}
-
-int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%g", *(float *)(ptr));
-}
diff --git a/source4/lib/genparser_samba.c b/source4/lib/genparser_samba.c
deleted file mode 100644
index bece587747..0000000000
--- a/source4/lib/genparser_samba.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "genparser_samba.h"
-
-/* PARSE functions */
-
-int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint8 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint16 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint32 *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(!string_to_sid((DOM_SID *)ptr, str)) return -1;
- return 0;
-}
-
-int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- int info[GUID_SIZE];
- int i;
- char *sc;
- char *p;
- char *m;
-
- m = strdup(str);
- if (!m) return -1;
- sc = m;
-
- memset(info, 0, sizeof(info));
- for (i = 0; i < GUID_SIZE; i++) {
- p = strchr(sc, ',');
- if (p != NULL) p = '\0';
- info[i] = atoi(sc);
- if (p != NULL) sc = p + 1;
- }
- free(m);
-
- for (i = 0; i < GUID_SIZE; i++) {
- ((GUID *)ptr)->info[i] = info[i];
- }
-
- return 0;
-}
-
-int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str);
-}
-
-int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str);
-}
-
-int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str);
-}
-
-int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str);
-}
-
-int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-
-
-/* DUMP functions */
-
-int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr));
-}
-
-int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr));
-}
-
-int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr));
-}
-
-int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((NTTIME *)(ptr))->high;
- low = ((NTTIME *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
-int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- fstring sidstr;
-
- sid_to_string(sidstr, (DOM_SID *)ptr);
- return addstr(mem_ctx, p, sidstr);
-}
-
-int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask);
-}
-
-int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- int i, r;
-
- for (i = 0; i < (GUID_SIZE - 1); i++) {
- if (!(r = addshort(mem_ctx, p, "%d,", ((GUID *)ptr)->info[i]))) return r;
- }
- return addshort(mem_ctx, p, "%d", ((GUID *)ptr)->info[i]);
-}
-
-int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent);
-}
-
-int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent);
-}
-
-int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((LUID *)(ptr))->high;
- low = ((LUID *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
diff --git a/source4/lib/tdb/tdbutil.c b/source4/lib/tdb/tdbutil.c
index f0fa048bb6..62841ddfc2 100644
--- a/source4/lib/tdb/tdbutil.c
+++ b/source4/lib/tdb/tdbutil.c
@@ -621,68 +621,6 @@ int tdb_unpack(TDB_CONTEXT *tdb, char *buf, int bufsize, const char *fmt, ...)
return -1;
}
-
-/**
- * Pack SID passed by pointer
- *
- * @param pack_buf pointer to buffer which is to be filled with packed data
- * @param bufsize size of packing buffer
- * @param sid pointer to sid to be packed
- *
- * @return length of the packed representation of the whole structure
- **/
-size_t tdb_sid_pack(TDB_CONTEXT *tdb, char* pack_buf, int bufsize, DOM_SID* sid)
-{
- int idx;
- size_t len = 0;
-
- if (!sid || !pack_buf) return -1;
-
- len += tdb_pack(tdb, pack_buf + len, bufsize - len, "bb", sid->sid_rev_num,
- sid->num_auths);
-
- for (idx = 0; idx < 6; idx++) {
- len += tdb_pack(tdb, pack_buf + len, bufsize - len, "b", sid->id_auth[idx]);
- }
-
- for (idx = 0; idx < MAXSUBAUTHS; idx++) {
- len += tdb_pack(tdb, pack_buf + len, bufsize - len, "d", sid->sub_auths[idx]);
- }
-
- return len;
-}
-
-
-/**
- * Unpack SID into a pointer
- *
- * @param pack_buf pointer to buffer with packed representation
- * @param bufsize size of the buffer
- * @param sid pointer to sid structure to be filled with unpacked data
- *
- * @return size of structure unpacked from buffer
- **/
-size_t tdb_sid_unpack(TDB_CONTEXT *tdb, char* pack_buf, int bufsize, DOM_SID* sid)
-{
- int idx, len = 0;
-
- if (!sid || !pack_buf) return -1;
-
- len += tdb_unpack(tdb, pack_buf + len, bufsize - len, "bb",
- &sid->sid_rev_num, &sid->num_auths);
-
- for (idx = 0; idx < 6; idx++) {
- len += tdb_unpack(tdb, pack_buf + len, bufsize - len, "b", &sid->id_auth[idx]);
- }
-
- for (idx = 0; idx < MAXSUBAUTHS; idx++) {
- len += tdb_unpack(tdb, pack_buf + len, bufsize - len, "d", &sid->sub_auths[idx]);
- }
-
- return len;
-}
-
-
/****************************************************************************
Print out debug messages.
****************************************************************************/
diff --git a/source4/lib/util_seaccess.c b/source4/lib/util_seaccess.c
deleted file mode 100644
index 9d56a0d850..0000000000
--- a/source4/lib/util_seaccess.c
+++ /dev/null
@@ -1,490 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Copyright (C) Luke Kenneth Casson Leighton 1996-2000.
- Copyright (C) Tim Potter 2000.
- Copyright (C) Re-written by Jeremy Allison 2000.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#error SAMBA4 clean up
-#error this file should be (re)moved
-#error and all unused stuff should go
-
-#include "includes.h"
-
-extern DOM_SID global_sid_Builtin;
-
-/**********************************************************************************
- Check if this ACE has a SID in common with the token.
-**********************************************************************************/
-
-static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
-{
- size_t i;
-
- for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->trustee, &token->user_sids[i]))
- return True;
- }
-
- return False;
-}
-
-/*********************************************************************************
- Check an ACE against a SID. We return the remaining needed permission
- bits not yet granted. Zero means permission allowed (no more needed bits).
-**********************************************************************************/
-
-static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired,
- NTSTATUS *status)
-{
- uint32 mask = ace->info.mask;
-
- /*
- * Inherit only is ignored.
- */
-
- if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
- return acc_desired;
- }
-
- /*
- * If this ACE has no SID in common with the token,
- * ignore it as it cannot be used to make an access
- * determination.
- */
-
- if (!token_sid_in_ace( token, ace))
- return acc_desired;
-
- switch (ace->type) {
- case SEC_ACE_TYPE_ACCESS_ALLOWED:
- /*
- * This is explicitly allowed.
- * Remove the bits from the remaining
- * access required. Return the remaining
- * bits needed.
- */
- acc_desired &= ~mask;
- break;
- case SEC_ACE_TYPE_ACCESS_DENIED:
- /*
- * This is explicitly denied.
- * If any bits match terminate here,
- * we are denied.
- */
- if (acc_desired & mask) {
- *status = NT_STATUS_ACCESS_DENIED;
- return 0xFFFFFFFF;
- }
- break;
- case SEC_ACE_TYPE_SYSTEM_ALARM:
- case SEC_ACE_TYPE_SYSTEM_AUDIT:
- *status = NT_STATUS_NOT_IMPLEMENTED;
- return 0xFFFFFFFF;
- default:
- *status = NT_STATUS_INVALID_PARAMETER;
- return 0xFFFFFFFF;
- }
-
- return acc_desired;
-}
-
-/*********************************************************************************
- Maximum access was requested. Calculate the max possible. Fail if it doesn't
- include other bits requested.
-**********************************************************************************/
-
-static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted,
- uint32 desired,
- NTSTATUS *status)
-{
- uint32 acc_denied = 0;
- uint32 acc_granted = 0;
- size_t i;
-
- for ( i = 0 ; i < the_acl->num_aces; i++) {
- SEC_ACE *ace = &the_acl->ace[i];
- uint32 mask = ace->info.mask;
-
- if (!token_sid_in_ace( token, ace))
- continue;
-
- switch (ace->type) {
- case SEC_ACE_TYPE_ACCESS_ALLOWED:
- acc_granted |= (mask & ~acc_denied);
- break;
- case SEC_ACE_TYPE_ACCESS_DENIED:
- acc_denied |= (mask & ~acc_granted);
- break;
- case SEC_ACE_TYPE_SYSTEM_ALARM:
- case SEC_ACE_TYPE_SYSTEM_AUDIT:
- *status = NT_STATUS_NOT_IMPLEMENTED;
- *granted = 0;
- return False;
- default:
- *status = NT_STATUS_INVALID_PARAMETER;
- *granted = 0;
- return False;
- }
- }
-
- /*
- * If we were granted no access, or we desired bits that we
- * didn't get, then deny.
- */
-
- if ((acc_granted == 0) || ((acc_granted & desired) != desired)) {
- *status = NT_STATUS_ACCESS_DENIED;
- *granted = 0;
- return False;
- }
-
- /*
- * Return the access we did get.
- */
-
- *granted = acc_granted;
- *status = NT_STATUS_OK;
- return True;
-}
-
-/* Map generic access rights to object specific rights. This technique is
- used to give meaning to assigning read, write, execute and all access to
- objects. Each type of object has its own mapping of generic to object
- specific access rights. */
-
-void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping)
-{
- uint32 old_mask = *access_mask;
-
- if (*access_mask & GENERIC_READ_ACCESS) {
- *access_mask &= ~GENERIC_READ_ACCESS;
- *access_mask |= mapping->generic_read;
- }
-
- if (*access_mask & GENERIC_WRITE_ACCESS) {
- *access_mask &= ~GENERIC_WRITE_ACCESS;
- *access_mask |= mapping->generic_write;
- }
-
- if (*access_mask & GENERIC_EXECUTE_ACCESS) {
- *access_mask &= ~GENERIC_EXECUTE_ACCESS;
- *access_mask |= mapping->generic_execute;
- }
-
- if (*access_mask & GENERIC_ALL_ACCESS) {
- *access_mask &= ~GENERIC_ALL_ACCESS;
- *access_mask |= mapping->generic_all;
- }
-
- if (old_mask != *access_mask) {
- DEBUG(10, ("se_map_generic(): mapped mask 0x%08x to 0x%08x\n",
- old_mask, *access_mask));
- }
-}
-
-/* Map standard access rights to object specific rights. This technique is
- used to give meaning to assigning read, write, execute and all access to
- objects. Each type of object has its own mapping of standard to object
- specific access rights. */
-
-void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping)
-{
- uint32 old_mask = *access_mask;
-
- if (*access_mask & READ_CONTROL_ACCESS) {
- *access_mask &= ~READ_CONTROL_ACCESS;
- *access_mask |= mapping->std_read;
- }
-
- if (*access_mask & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)) {
- *access_mask &= ~(DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS);
- *access_mask |= mapping->std_all;
- }
-
- if (old_mask != *access_mask) {
- DEBUG(10, ("se_map_standard(): mapped mask 0x%08x to 0x%08x\n",
- old_mask, *access_mask));
- }
-}
-
-/*****************************************************************************
- Check access rights of a user against a security descriptor. Look at
- each ACE in the security descriptor until an access denied ACE denies
- any of the desired rights to the user or any of the users groups, or one
- or more ACEs explicitly grant all requested access rights. See
- "Access-Checking" document in MSDN.
-*****************************************************************************/
-
-BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token,
- uint32 acc_desired, uint32 *acc_granted,
- NTSTATUS *status)
-{
- extern NT_USER_TOKEN anonymous_token;
- size_t i;
- SEC_ACL *the_acl;
- fstring sid_str;
- uint32 tmp_acc_desired = acc_desired;
-
- if (!status || !acc_granted)
- return False;
-
- if (!token)
- token = &anonymous_token;
-
- *status = NT_STATUS_OK;
- *acc_granted = 0;
-
- DEBUG(10,("se_access_check: requested access 0x%08x, for NT token with %u entries and first sid %s.\n",
- (unsigned int)acc_desired, (unsigned int)token->num_sids,
- sid_to_string(sid_str, &token->user_sids[0])));
-
- /*
- * No security descriptor or security descriptor with no DACL
- * present allows all access.
- */
-
- /* ACL must have something in it */
-
- if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) {
- *status = NT_STATUS_OK;
- *acc_granted = acc_desired;
- DEBUG(5, ("se_access_check: no sd or blank DACL, access allowed\n"));
- return True;
- }
-
- /* The user sid is the first in the token */
- if (DEBUGLVL(3)) {
- DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) ));
-
- for (i = 1; i < token->num_sids; i++) {
- DEBUGADD(3, ("se_access_check: also %s\n",
- sid_to_string(sid_str, &token->user_sids[i])));
- }
- }
-
- /* Is the token the owner of the SID ? */
-
- if (sd->owner_sid) {
- for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&token->user_sids[i], sd->owner_sid)) {
- /*
- * The owner always has SEC_RIGHTS_WRITE_DAC & READ_CONTROL.
- */
- if (tmp_acc_desired & WRITE_DAC_ACCESS)
- tmp_acc_desired &= ~WRITE_DAC_ACCESS;
- if (tmp_acc_desired & READ_CONTROL_ACCESS)
- tmp_acc_desired &= ~READ_CONTROL_ACCESS;
- }
- }
- }
-
- the_acl = sd->dacl;
-
- if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) {
- tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS;
- return get_max_access( the_acl, token, acc_granted, tmp_acc_desired,
- status);
- }
-
- for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) {
- SEC_ACE *ace = &the_acl->ace[i];
-
- DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
- (unsigned int)i, ace->type, ace->flags,
- sid_to_string(sid_str, &ace->trustee),
- (unsigned int) ace->info.mask,
- (unsigned int)tmp_acc_desired ));
-
- tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status);
- if (NT_STATUS_V(*status)) {
- *acc_granted = 0;
- DEBUG(5,("se_access_check: ACE %u denied with status %s.\n", (unsigned int)i, nt_errstr(*status)));
- return False;
- }
- }
-
- /*
- * If there are no more desired permissions left then
- * access was allowed.
- */
-
- if (tmp_acc_desired == 0) {
- *acc_granted = acc_desired;
- *status = NT_STATUS_OK;
- DEBUG(5,("se_access_check: access (%x) granted.\n", (unsigned int)acc_desired ));
- return True;
- }
-
- *acc_granted = 0;
- *status = NT_STATUS_ACCESS_DENIED;
- DEBUG(5,("se_access_check: access (%x) denied.\n", (unsigned int)acc_desired ));
- return False;
-}
-
-/* Create a child security descriptor using another security descriptor as
- the parent container. This child object can either be a container or
- non-container object. */
-
-SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
- BOOL child_container)
-{
- SEC_DESC_BUF *sdb;
- SEC_DESC *sd;
- SEC_ACL *new_dacl, *the_acl;
- SEC_ACE *new_ace_list = NULL;
- unsigned int new_ace_list_ndx = 0, i;
- size_t size;
-
- /* Currently we only process the dacl when creating the child. The
- sacl should also be processed but this is left out as sacls are
- not implemented in Samba at the moment.*/
-
- the_acl = parent_ctr->dacl;
-
- if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces)))
- return NULL;
-
- for (i = 0; the_acl && i < the_acl->num_aces; i++) {
- SEC_ACE *ace = &the_acl->ace[i];
- SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx];
- uint8 new_flags = 0;
- BOOL inherit = False;
- fstring sid_str;
-
- /* The OBJECT_INHERIT_ACE flag causes the ACE to be
- inherited by non-container children objects. Container
- children objects will inherit it as an INHERIT_ONLY
- ACE. */
-
- if (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
-
- if (!child_container) {
- new_flags |= SEC_ACE_FLAG_OBJECT_INHERIT;
- } else {
- new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
- }
-
- inherit = True;
- }
-
- /* The CONAINER_INHERIT_ACE flag means all child container
- objects will inherit and use the ACE. */
-
- if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
- if (!child_container) {
- inherit = False;
- } else {
- new_flags |= SEC_ACE_FLAG_CONTAINER_INHERIT;
- }
- }
-
- /* The INHERIT_ONLY_ACE is not used by the se_access_check()
- function for the parent container, but is inherited by
- all child objects as a normal ACE. */
-
- if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
- /* Move along, nothing to see here */
- }
-
- /* The SEC_ACE_FLAG_NO_PROPAGATE_INHERIT flag means the ACE
- is inherited by child objects but not grandchildren
- objects. We clear the object inherit and container
- inherit flags in the inherited ACE. */
-
- if (ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
- new_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT |
- SEC_ACE_FLAG_CONTAINER_INHERIT);
- }
-
- /* Add ACE to ACE list */
-
- if (!inherit)
- continue;
-
- init_sec_access(&new_ace->info, ace->info.mask);
- init_sec_ace(new_ace, &ace->trustee, ace->type,
- new_ace->info, new_flags);
-
- sid_to_string(sid_str, &ace->trustee);
-
- DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
- " inherited as %s:%d/0x%02x/0x%08x\n", sid_str,
- ace->type, ace->flags, ace->info.mask,
- sid_str, new_ace->type, new_ace->flags,
- new_ace->info.mask));
-
- new_ace_list_ndx++;
- }
-
- /* Create child security descriptor to return */
-
- new_dacl = make_sec_acl(ctx, ACL_REVISION, new_ace_list_ndx, new_ace_list);
-
- /* Use the existing user and group sids. I don't think this is
- correct. Perhaps the user and group should be passed in as
- parameters by the caller? */
-
- sd = make_sec_desc(ctx, SEC_DESC_REVISION,
- parent_ctr->owner_sid,
- parent_ctr->grp_sid,
- parent_ctr->sacl,
- new_dacl, &size);
-
- sdb = make_sec_desc_buf(ctx, size, sd);
-
- return sdb;
-}
-
-/*******************************************************************
- samr_make_sam_obj_sd
- ********************************************************************/
-
-NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
-{
- extern DOM_SID global_sid_World;
- DOM_SID adm_sid;
- DOM_SID act_sid;
-
- SEC_ACE ace[3];
- SEC_ACCESS mask;
-
- SEC_ACL *psa = NULL;
-
- sid_copy(&adm_sid, &global_sid_Builtin);
- sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-
- sid_copy(&act_sid, &global_sid_Builtin);
- sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
-
- /*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
- /*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
- init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
- if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
- return NT_STATUS_NO_MEMORY;
-
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
- return NT_STATUS_NO_MEMORY;
-
- return NT_STATUS_OK;
-}
diff --git a/source4/lib/util_sid.c b/source4/lib/util_sid.c
index 5ce72a6f51..56f5abd611 100644
--- a/source4/lib/util_sid.c
+++ b/source4/lib/util_sid.c
@@ -289,7 +289,7 @@ size_t sid_size(const struct dom_sid *sid)
}
/*****************************************************************
- Return the binary string representation of a DOM_SID.
+ Return the binary string representation of a struct dom_sid.
Caller must free.
*****************************************************************/
diff --git a/source4/passdb/secrets.c b/source4/passdb/secrets.c
index c400caaaa4..8d66572acd 100644
--- a/source4/passdb/secrets.c
+++ b/source4/passdb/secrets.c
@@ -52,7 +52,7 @@ BOOL secrets_init(void)
/* read a entry from the secrets database - the caller must free the result
if size is non-null then the size of the entry is put in there
*/
-void *secrets_fetch(const char *key, size_t *size)
+static void *secrets_fetch(const char *key, size_t *size)
{
TDB_DATA kbuf, dbuf;
secrets_init();
@@ -67,338 +67,6 @@ void *secrets_fetch(const char *key, size_t *size)
return dbuf.dptr;
}
-/* store a secrets entry
- */
-BOOL secrets_store(const char *key, const void *data, size_t size)
-{
- TDB_DATA kbuf, dbuf;
- int ret;
-
- secrets_init();
- if (!tdb)
- return False;
- kbuf.dptr = strdup(key);
- kbuf.dsize = strlen(key);
- dbuf.dptr = memdup(data, size);
- dbuf.dsize = size;
-
- ret = tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
-
- free(kbuf.dptr);
- free(dbuf.dptr);
-
- return ret == 0;
-}
-
-
-/* delete a secets database entry
- */
-BOOL secrets_delete(const char *key)
-{
- TDB_DATA kbuf;
- int ret;
-
- secrets_init();
- if (!tdb)
- return False;
- kbuf.dptr = strdup(key);
- kbuf.dsize = strlen(key);
- ret = tdb_delete(tdb, kbuf);
- free(kbuf.dptr);
- return ret == 0;
-}
-
-BOOL secrets_store_domain_sid(const char *domain, const DOM_SID *sid)
-{
- fstring key;
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
- strupper(key);
- return secrets_store(key, sid, sizeof(DOM_SID));
-}
-
-BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid)
-{
- DOM_SID *dyn_sid;
- fstring key;
- size_t size;
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
- strupper(key);
- dyn_sid = (DOM_SID *)secrets_fetch(key, &size);
-
- if (dyn_sid == NULL)
- return False;
-
- if (size != sizeof(DOM_SID))
- {
- SAFE_FREE(dyn_sid);
- return False;
- }
-
- *sid = *dyn_sid;
- SAFE_FREE(dyn_sid);
- return True;
-}
-
-BOOL secrets_store_domain_guid(const char *domain, struct GUID *guid)
-{
- const char *s;
- fstring key;
- TALLOC_CTX *mem_ctx;
- BOOL ret;
-
- mem_ctx = talloc_init("secrets_store_domain_guid");
- if (!mem_ctx) {
- return False;
- }
-
- s = GUID_string(mem_ctx, guid);
- if (!s) {
- talloc_destroy(mem_ctx);
- return False;
- }
-
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);
- strupper(key);
- ret = secrets_store(key, s, strlen(s)+1);
-
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-BOOL secrets_fetch_domain_guid(const char *domain, struct GUID *guid)
-{
- char *dyn_guid;
- fstring key;
- size_t size;
- struct GUID new_guid;
- NTSTATUS status;
-
- slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);
- strupper(key);
- dyn_guid = secrets_fetch(key, &size);
-
- DEBUG(6,("key is %s, size is %d\n", key, (int)size));
-
- if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) {
- uuid_generate_random(&new_guid);
- if (!secrets_store_domain_guid(domain, &new_guid))
- return False;
- dyn_guid = secrets_fetch(key, &size);
- if (dyn_guid == NULL)
- return False;
- }
-
- status = GUID_from_string(dyn_guid, guid);
- SAFE_FREE(dyn_guid);
-
- if (!NT_STATUS_IS_OK(status)) {
- return False;
- }
-
- return True;
-}
-
-/**
- * Form a key for fetching the machine trust account password
- *
- * @param domain domain name
- *
- * @return stored password's key
- **/
-const char *trust_keystr(const char *domain)
-{
- static fstring keystr;
-
- slprintf(keystr,sizeof(keystr)-1,"%s/%s",
- SECRETS_MACHINE_ACCT_PASS, domain);
- strupper(keystr);
-
- return keystr;
-}
-
-/**
- * Form a key for fetching a trusted domain password
- *
- * @param domain trusted domain name
- *
- * @return stored password's key
- **/
-char *trustdom_keystr(const char *domain)
-{
- static char* keystr;
-
- asprintf(&keystr, "%s/%s", SECRETS_DOMTRUST_ACCT_PASS, domain);
- strupper(keystr);
-
- return keystr;
-}
-
-/************************************************************************
- Lock the trust password entry.
-************************************************************************/
-
-BOOL secrets_lock_trust_account_password(const char *domain, BOOL dolock)
-{
- if (!tdb)
- return False;
-
- if (dolock)
- return (tdb_lock_bystring(tdb, trust_keystr(domain),0) == 0);
- else
- tdb_unlock_bystring(tdb, trust_keystr(domain));
- return True;
-}
-
-/************************************************************************
- Routine to get the trust account password for a domain.
- The user of this function must have locked the trust password file using
- the above call.
-************************************************************************/
-
-BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
- time_t *pass_last_set_time)
-{
- struct machine_acct_pass *pass;
- char *plaintext;
- size_t size;
-
- plaintext = secrets_fetch_machine_password();
- if (plaintext) {
- /* we have an ADS password - use that */
- DEBUG(4,("Using ADS machine password\n"));
- E_md4hash(plaintext, ret_pwd);
- SAFE_FREE(plaintext);
- pass_last_set_time = 0;
- return True;
- }
-
- if (!(pass = secrets_fetch(trust_keystr(domain), &size))) {
- DEBUG(5, ("secrets_fetch failed!\n"));
- return False;
- }
-
- if (size != sizeof(*pass)) {
- DEBUG(0, ("secrets were of incorrect size!\n"));
- return False;
- }
-
- if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
- memcpy(ret_pwd, pass->hash, 16);
- SAFE_FREE(pass);
- return True;
-}
-
-/************************************************************************
- Routine to get account password to trusted domain
-************************************************************************/
-
-BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
- DOM_SID *sid, time_t *pass_last_set_time)
-{
- struct trusted_dom_pass *pass;
- size_t size;
-
- /* fetching trusted domain password structure */
- if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) {
- DEBUG(5, ("secrets_fetch failed!\n"));
- return False;
- }
-
- if (size != sizeof(*pass)) {
- DEBUG(0, ("secrets were of incorrect size!\n"));
- return False;
- }
-
- /* the trust's password */
- if (pwd) {
- *pwd = strdup(pass->pass);
- if (!*pwd) {
- return False;
- }
- }
-
- /* last change time */
- if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
-
- /* domain sid */
- memcpy(&sid, &(pass->domain_sid), sizeof(sid));
-
- SAFE_FREE(pass);
-
- return True;
-}
-
-/************************************************************************
- Routine to set the trust account password for a domain.
-************************************************************************/
-
-BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
-{
- struct machine_acct_pass pass;
-
- pass.mod_time = time(NULL);
- memcpy(pass.hash, new_pwd, 16);
-
- return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
-}
-
-/**
- * Routine to set the password for trusted domain
- *
- * @param domain remote domain name
- * @param pwd plain text password of trust relationship
- * @param sid remote domain sid
- *
- * @return true if succeeded
- **/
-
-BOOL secrets_store_trusted_domain_password(const char* domain, smb_ucs2_t *uni_dom_name,
- size_t uni_name_len, const char* pwd,
- DOM_SID sid)
-{
- struct trusted_dom_pass pass;
- ZERO_STRUCT(pass);
-
- /* unicode domain name and its length */
- if (!uni_dom_name)
- return False;
-
- strncpy_w(pass.uni_name, uni_dom_name, sizeof(pass.uni_name) - 1);
- pass.uni_name_len = uni_name_len;
-
- /* last change time */
- pass.mod_time = time(NULL);
-
- /* password of the trust */
- pass.pass_len = strlen(pwd);
- fstrcpy(pass.pass, pwd);
-
- /* domain sid */
- memcpy(&(pass.domain_sid), &sid, sizeof(sid));
-
- return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass));
-}
-
-/************************************************************************
- Routine to set the plaintext machine account password for a realm
-the password is assumed to be a null terminated ascii string
-************************************************************************/
-
-BOOL secrets_store_machine_password(const char *pass)
-{
- char *key;
- BOOL ret;
- asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, lp_workgroup());
- strupper(key);
- ret = secrets_store(key, pass, strlen(pass)+1);
- free(key);
- return ret;
-}
-
-
/************************************************************************
Routine to fetch the plaintext machine account password for a realm
the password is assumed to be a null terminated ascii string
@@ -416,41 +84,6 @@ char *secrets_fetch_machine_password(void)
-/************************************************************************
- Routine to delete the machine trust account password file for a domain.
-************************************************************************/
-
-BOOL trust_password_delete(const char *domain)
-{
- return secrets_delete(trust_keystr(domain));
-}
-
-/************************************************************************
- Routine to delete the password for trusted domain
-************************************************************************/
-
-BOOL trusted_domain_password_delete(const char *domain)
-{
- return secrets_delete(trustdom_keystr(domain));
-}
-
-
-BOOL secrets_store_ldap_pw(const char* dn, char* pw)
-{
- char *key = NULL;
- BOOL ret;
-
- if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, dn) < 0) {
- DEBUG(0, ("secrets_store_ldap_pw: asprintf failed!\n"));
- return False;
- }
-
- ret = secrets_store(key, pw, strlen(pw)+1);
-
- SAFE_FREE(key);
- return ret;
-}
-
/*******************************************************************************
Lock the secrets tdb based on a string - this is used as a primitive form of mutex
between smbd instances.