summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/login_cache.c2
-rw-r--r--source3/passdb/lookup_sid.c184
-rw-r--r--source3/passdb/passdb.c20
-rw-r--r--source3/passdb/pdb_get_set.c21
-rw-r--r--source3/passdb/pdb_interface.c16
-rw-r--r--source3/passdb/pdb_ldap.c58
-rw-r--r--source3/passdb/pdb_nds.c11
-rw-r--r--source3/passdb/pdb_smbpasswd.c27
-rw-r--r--source3/passdb/pdb_tdb.c43
-rw-r--r--source3/passdb/secrets.c193
10 files changed, 402 insertions, 173 deletions
diff --git a/source3/passdb/login_cache.c b/source3/passdb/login_cache.c
index 9a19dcf437..7fd3b47826 100644
--- a/source3/passdb/login_cache.c
+++ b/source3/passdb/login_cache.c
@@ -140,7 +140,7 @@ BOOL login_cache_write(const struct samu *sampass, LOGIN_CACHE entry)
entry.acct_ctrl,
entry.bad_password_count,
entry.bad_password_time);
- databuf.dptr = SMB_MALLOC(databuf.dsize);
+ databuf.dptr = SMB_MALLOC_ARRAY(char, databuf.dsize);
if (!databuf.dptr) {
SAFE_FREE(keybuf.dptr);
return False;
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index dba43ed6c4..a7a3fdc94d 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -63,6 +63,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
if ((domain == NULL) || (name == NULL)) {
DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(tmp_ctx);
return False;
}
@@ -74,7 +75,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
sid_append_rid(&sid, rid);
goto ok;
}
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
if (strequal(domain, builtin_domain_name())) {
@@ -86,7 +88,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
type = SID_NAME_ALIAS;
goto ok;
}
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
/* Try the explicit winbind lookup first, don't let it guess the
@@ -102,7 +105,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
type = SID_NAME_USER;
goto ok;
}
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
if (strequal(domain, unix_groups_domain_name())) {
@@ -110,11 +114,13 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
type = SID_NAME_DOM_GRP;
goto ok;
}
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) {
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
/*
@@ -201,7 +207,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
if (strequal(name, get_global_sam_name())) {
if (!secrets_fetch_domain_sid(name, &sid)) {
DEBUG(3, ("Could not fetch my SID\n"));
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
@@ -214,7 +221,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
if (!IS_DC && strequal(name, lp_workgroup())) {
if (!secrets_fetch_domain_sid(name, &sid)) {
DEBUG(3, ("Could not fetch the domain SID\n"));
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
/* Swap domain and name */
tmp = name; name = domain; domain = tmp;
@@ -258,7 +266,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
/* Now our local possibilities are exhausted. */
if (!(flags & LOOKUP_NAME_REMOTE)) {
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
/* If we are not a DC, we have to ask in our primary domain. Let
@@ -298,7 +307,8 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
(domain_type != SID_NAME_DOMAIN)) {
DEBUG(2, ("winbind could not find the domain's name "
"it just looked up for us\n"));
- goto failed;
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
goto ok;
}
@@ -320,7 +330,10 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
goto ok;
}
- failed:
+ /*
+ * Ok, all possibilities tried. Fail.
+ */
+
TALLOC_FREE(tmp_ctx);
return False;
@@ -331,14 +344,26 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
return False;
}
- if (ret_name != NULL) {
- *ret_name = talloc_steal(mem_ctx, name);
+ /*
+ * Hand over the results to the talloc context we've been given.
+ */
+
+ if ((ret_name != NULL) &&
+ !(*ret_name = talloc_strdup(mem_ctx, name))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(tmp_ctx);
+ return False;
}
if (ret_domain != NULL) {
- char *tmp_dom = talloc_strdup(tmp_ctx, domain);
+ char *tmp_dom;
+ if (!(tmp_dom = talloc_strdup(tmp_ctx, domain))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(tmp_ctx);
+ return False;
+ }
strupper_m(tmp_dom);
- *ret_domain = talloc_steal(mem_ctx, tmp_dom);
+ *ret_domain = tmp_dom;
}
if (ret_sid != NULL) {
@@ -353,34 +378,46 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx,
return True;
}
-static BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
- int num_rids, uint32 *rids,
- const char **domain_name,
- const char **names, enum SID_NAME_USE *types)
+static BOOL wb_lookup_rids(TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ int num_rids, uint32 *rids,
+ const char **domain_name,
+ const char **names, enum SID_NAME_USE *types)
{
- /* Unless the winbind interface is upgraded, fall back to ask for
- * individual sids. I imagine introducing a lookuprids operation that
- * directly proxies to lsa_lookupsids to the correct DC. -- vl */
-
int i;
- for (i=0; i<num_rids; i++) {
- DOM_SID sid;
+ const char **my_names;
+ enum SID_NAME_USE *my_types;
+ TALLOC_CTX *tmp_ctx;
- sid_copy(&sid, domain_sid);
- sid_append_rid(&sid, rids[i]);
+ if (!(tmp_ctx = talloc_init("wb_lookup_rids"))) {
+ return False;
+ }
- if (winbind_lookup_sid(mem_ctx, &sid,
- *domain_name == NULL ?
- domain_name : NULL,
- &names[i], &types[i])) {
- if ((names[i] == NULL) || ((*domain_name) == NULL)) {
- return False;
- }
- } else {
+ if (!winbind_lookup_rids(tmp_ctx, domain_sid, num_rids, rids,
+ domain_name, &my_names, &my_types)) {
+ for (i=0; i<num_rids; i++) {
types[i] = SID_NAME_UNKNOWN;
}
+ return True;
}
+
+ /*
+ * winbind_lookup_rids allocates its own array. We've been given the
+ * array, so copy it over
+ */
+
+ for (i=0; i<num_rids; i++) {
+ if (my_names[i] == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return False;
+ }
+ if (!(names[i] = talloc_strdup(names, my_names[i]))) {
+ TALLOC_FREE(tmp_ctx);
+ return False;
+ }
+ types[i] = my_types[i];
+ }
+ TALLOC_FREE(tmp_ctx);
return True;
}
@@ -489,8 +526,8 @@ static BOOL lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
return True;
}
- return winbind_lookup_rids(mem_ctx, domain_sid, num_rids, rids,
- domain_name, *names, *types);
+ return wb_lookup_rids(mem_ctx, domain_sid, num_rids, rids,
+ domain_name, *names, *types);
}
/*
@@ -627,18 +664,17 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
int i, j;
- tmp_ctx = talloc_new(mem_ctx);
- if (tmp_ctx == NULL) {
+ if (!(tmp_ctx = talloc_new(mem_ctx))) {
DEBUG(0, ("talloc_new failed\n"));
return NT_STATUS_NO_MEMORY;
}
- name_infos = TALLOC_ARRAY(tmp_ctx, struct lsa_name_info, num_sids);
- dom_infos = TALLOC_ZERO_ARRAY(tmp_ctx, struct lsa_dom_info,
+ name_infos = TALLOC_ARRAY(mem_ctx, struct lsa_name_info, num_sids);
+ dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
MAX_REF_DOMAINS);
if ((name_infos == NULL) || (dom_infos == NULL)) {
result = NT_STATUS_NO_MEMORY;
- goto done;
+ goto fail;
}
/* First build up the data structures:
@@ -673,7 +709,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
*/
if (domain_name == NULL) {
result = NT_STATUS_NO_MEMORY;
- goto done;
+ goto fail;
}
name_infos[i].rid = 0;
@@ -687,14 +723,14 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
name_infos, builtin_domain_name());
if (name_infos[i].name == NULL) {
result = NT_STATUS_NO_MEMORY;
- goto done;
+ goto fail;
}
}
} else {
/* This is a normal SID with rid component */
if (!sid_split_rid(&sid, &rid)) {
result = NT_STATUS_INVALID_PARAMETER;
- goto done;
+ goto fail;
}
}
@@ -717,7 +753,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
if (j == MAX_REF_DOMAINS) {
/* TODO: What's the right error message here? */
result = NT_STATUS_NONE_MAPPED;
- goto done;
+ goto fail;
}
if (!dom_infos[j].valid) {
@@ -730,7 +766,11 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
/* This name was being found above in the case
* when we found a domain SID */
dom_infos[j].name =
- talloc_steal(dom_infos, domain_name);
+ talloc_strdup(dom_infos, domain_name);
+ if (dom_infos[j].name == NULL) {
+ result = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
} else {
/* lookup_rids will take care of this */
dom_infos[j].name = NULL;
@@ -747,7 +787,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
if (dom_infos[j].idxs == NULL) {
result = NT_STATUS_NO_MEMORY;
- goto done;
+ goto fail;
}
}
}
@@ -756,6 +796,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
for (i=0; i<MAX_REF_DOMAINS; i++) {
uint32_t *rids;
+ const char *domain_name = NULL;
const char **names;
enum SID_NAME_USE *types;
struct lsa_dom_info *dom = &dom_infos[i];
@@ -765,11 +806,9 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
break;
}
- rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs);
-
- if (rids == NULL) {
+ if (!(rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs))) {
result = NT_STATUS_NO_MEMORY;
- goto done;
+ goto fail;
}
for (j=0; j<dom->num_idxs; j++) {
@@ -777,31 +816,40 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
}
if (!lookup_rids(tmp_ctx, &dom->sid,
- dom->num_idxs, rids, &dom->name,
+ dom->num_idxs, rids, &domain_name,
&names, &types)) {
result = NT_STATUS_NO_MEMORY;
- goto done;
+ goto fail;
}
- talloc_steal(dom_infos, dom->name);
-
+ if (!(dom->name = talloc_strdup(dom_infos, domain_name))) {
+ result = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
for (j=0; j<dom->num_idxs; j++) {
int idx = dom->idxs[j];
name_infos[idx].type = types[j];
if (types[j] != SID_NAME_UNKNOWN) {
name_infos[idx].name =
- talloc_steal(name_infos, names[j]);
+ talloc_strdup(name_infos, names[j]);
+ if (name_infos[idx].name == NULL) {
+ result = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
} else {
name_infos[idx].name = NULL;
}
}
}
- *ret_domains = talloc_steal(mem_ctx, dom_infos);
- *ret_names = talloc_steal(mem_ctx, name_infos);
- result = NT_STATUS_OK;
+ *ret_domains = dom_infos;
+ *ret_names = name_infos;
+ return NT_STATUS_OK;
- done:
+ fail:
+ TALLOC_FREE(dom_infos);
+ TALLOC_FREE(name_infos);
TALLOC_FREE(tmp_ctx);
return result;
}
@@ -819,9 +867,7 @@ BOOL lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
TALLOC_CTX *tmp_ctx;
BOOL ret = False;
- tmp_ctx = talloc_new(mem_ctx);
-
- if (tmp_ctx == NULL) {
+ if (!(tmp_ctx = talloc_new(mem_ctx))) {
DEBUG(0, ("talloc_new failed\n"));
return False;
}
@@ -835,12 +881,14 @@ BOOL lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
goto done;
}
- if (ret_domain != NULL) {
- *ret_domain = talloc_steal(mem_ctx, domain->name);
+ if ((ret_domain != NULL) &&
+ !(*ret_domain = talloc_strdup(mem_ctx, domain->name))) {
+ goto done;
}
- if (ret_name != NULL) {
- *ret_name = talloc_steal(mem_ctx, name->name);
+ if ((ret_name != NULL) &&
+ !(*ret_name = talloc_strdup(mem_ctx, name->name))) {
+ goto done;
}
if (ret_type != NULL) {
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index cbb30ead02..f74b1fbe3b 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -52,7 +52,7 @@ const char *my_sam_name(void)
static int samu_destroy(void *p)
{
- struct samu *user = p;
+ struct samu *user = (struct samu *)p;
data_blob_clear_free( &user->lm_pw );
data_blob_clear_free( &user->nt_pw );
@@ -111,7 +111,7 @@ struct samu *samu_new( TALLOC_CTX *ctx )
user->profile_path = "";
user->acct_desc = "";
user->workstations = "";
- user->unknown_str = "";
+ user->comment = "";
user->munged_dial = "";
user->plaintext_pw = NULL;
@@ -926,14 +926,15 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen)
if (homedir) {
fstrcpy( tmpstring, homedir );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_homedir(sampass, tmpstring, PDB_SET);
}
else {
pdb_set_homedir(sampass,
- talloc_sub_basic(sampass, username, lp_logon_home()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_home()),
PDB_DEFAULT);
}
@@ -945,28 +946,29 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen)
if (logon_script) {
fstrcpy( tmpstring, logon_script );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_logon_script(sampass, tmpstring, PDB_SET);
}
else {
pdb_set_logon_script(sampass,
- talloc_sub_basic(sampass, username, lp_logon_script()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_script()),
PDB_DEFAULT);
}
if (profile_path) {
fstrcpy( tmpstring, profile_path );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_profile_path(sampass, tmpstring, PDB_SET);
}
else {
pdb_set_profile_path(sampass,
- talloc_sub_basic(sampass, username, lp_logon_path()),
+ talloc_sub_basic(sampass, username, domain, lp_logon_path()),
PDB_DEFAULT);
}
@@ -990,7 +992,7 @@ BOOL init_sam_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32 buflen)
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
- uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
+ uint8 *pw_hist = (uint8 *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
ret = False;
goto done;
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 2e69240b1a..3b774b510b 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -288,9 +288,9 @@ const char *pdb_get_workstations(const struct samu *sampass)
return sampass->workstations;
}
-const char *pdb_get_unknown_str(const struct samu *sampass)
+const char *pdb_get_comment(const struct samu *sampass)
{
- return sampass->unknown_str;
+ return sampass->comment;
}
const char *pdb_get_munged_dial(const struct samu *sampass)
@@ -752,23 +752,22 @@ BOOL pdb_set_workstations(struct samu *sampass, const char *workstations, enum p
}
/*********************************************************************
- Set the user's 'unknown_str', whatever the heck this actually is...
********************************************************************/
-BOOL pdb_set_unknown_str(struct samu *sampass, const char *unknown_str, enum pdb_value_state flag)
+BOOL pdb_set_comment(struct samu *sampass, const char *comment, enum pdb_value_state flag)
{
- if (unknown_str) {
- sampass->unknown_str = talloc_strdup(sampass, unknown_str);
+ if (comment) {
+ sampass->comment = talloc_strdup(sampass, comment);
- if (!sampass->unknown_str) {
- DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
+ if (!sampass->comment) {
+ DEBUG(0, ("pdb_set_comment: talloc_strdup() failed!\n"));
return False;
}
} else {
- sampass->unknown_str = PDB_NOT_QUITE_NULL;
+ sampass->comment = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_UNKNOWNSTR, flag);
+ return pdb_set_init_flags(sampass, PDB_COMMENT, flag);
}
/*********************************************************************
@@ -1021,7 +1020,7 @@ BOOL pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
if (current_history_len < pwHistLen) {
/* Ensure we have space for the needed history. */
- uchar *new_history = TALLOC(sampass,
+ uchar *new_history = (uchar *)TALLOC(sampass,
pwHistLen*PW_HISTORY_ENTRY_LEN);
if (!new_history) {
return False;
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index a0310d0c71..20aa72d24e 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -361,6 +361,15 @@ static NTSTATUS pdb_default_create_user(struct pdb_methods *methods,
add_ret = smbrun(add_script,NULL);
DEBUG(add_ret ? 0 : 3, ("_samr_create_user: Running the command `%s' gave %d\n",
add_script, add_ret));
+
+#ifdef ENABLE_BUILD_FARM_HACKS
+ if (add_ret != 0) {
+ DEBUG(1, ("Creating a faked user %s for build farm "
+ "purposes", name));
+ faked_create_user(name);
+ }
+#endif
+
flush_pwnam_cache();
pwd = Get_Pwnam_alloc(tmp_ctx, name);
@@ -1711,7 +1720,7 @@ struct user_search {
static BOOL next_entry_users(struct pdb_search *s,
struct samr_displayentry *entry)
{
- struct user_search *state = s->private_data;
+ struct user_search *state = (struct user_search *)s->private_data;
struct samu *user = NULL;
next:
@@ -1786,7 +1795,7 @@ struct group_search {
static BOOL next_entry_groups(struct pdb_search *s,
struct samr_displayentry *entry)
{
- struct group_search *state = s->private_data;
+ struct group_search *state = (struct group_search *)s->private_data;
uint32 rid;
GROUP_MAP *map = &state->groups[state->current_group];
@@ -1804,7 +1813,8 @@ static BOOL next_entry_groups(struct pdb_search *s,
static void search_end_groups(struct pdb_search *search)
{
- struct group_search *state = search->private_data;
+ struct group_search *state =
+ (struct group_search *)search->private_data;
SAFE_FREE(state->groups);
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 4d0c84b543..83f8d7183c 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -650,12 +650,13 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), homedir))
{
pdb_set_homedir( sampass,
- talloc_sub_basic(sampass, username, lp_logon_home()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_home()),
PDB_DEFAULT );
} else {
pstrcpy( tmpstring, homedir );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_homedir(sampass, tmpstring, PDB_SET);
@@ -665,12 +666,13 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), logon_script))
{
pdb_set_logon_script( sampass,
- talloc_sub_basic(sampass, username, lp_logon_script()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_script()),
PDB_DEFAULT );
} else {
pstrcpy( tmpstring, logon_script );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_logon_script(sampass, tmpstring, PDB_SET);
@@ -680,12 +682,13 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), profile_path))
{
pdb_set_profile_path( sampass,
- talloc_sub_basic( sampass, username, lp_logon_path()),
+ talloc_sub_basic( sampass, username, domain,
+ lp_logon_path()),
PDB_DEFAULT );
} else {
pstrcpy( tmpstring, profile_path );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_profile_path(sampass, tmpstring, PDB_SET);
@@ -787,7 +790,7 @@ static BOOL init_sam_from_ldap(struct ldapsam_privates *ldap_state,
pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
- if ((pwhist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
+ if ((pwhist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
return False;
}
@@ -967,15 +970,14 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
/* only update the RID if we actually need to */
if (need_update(sampass, PDB_USERSID)) {
fstring sid_string;
- fstring dom_sid_string;
const DOM_SID *user_sid = pdb_get_user_sid(sampass);
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) {
DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_to_string(sid_string, user_sid),
- sid_to_string(dom_sid_string, &ldap_state->domain_sid)));
+ sid_string_static(user_sid),
+ sid_string_static(&ldap_state->domain_sid)));
return False;
}
slprintf(temp, sizeof(temp) - 1, "%i", rid);
@@ -1001,15 +1003,14 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
if (need_update(sampass, PDB_GROUPSID)) {
fstring sid_string;
- fstring dom_sid_string;
const DOM_SID *group_sid = pdb_get_group_sid(sampass);
switch ( ldap_state->schema_ver ) {
case SCHEMAVER_SAMBAACCOUNT:
if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) {
DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_to_string(sid_string, group_sid),
- sid_to_string(dom_sid_string, &ldap_state->domain_sid)));
+ sid_string_static(group_sid),
+ sid_string_static(&ldap_state->domain_sid)));
return False;
}
@@ -1747,7 +1748,7 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, struc
LDAPMod **mods = NULL;
const char **attr_list;
- result = pdb_get_backend_private_data(newpwd, my_methods);
+ result = (LDAPMessage *)pdb_get_backend_private_data(newpwd, my_methods);
if (!result) {
attr_list = get_userattr_list(NULL, ldap_state->schema_ver);
if (pdb_get_username(newpwd) == NULL) {
@@ -3923,7 +3924,8 @@ struct ldap_search_state {
static BOOL ldapsam_search_firstpage(struct pdb_search *search)
{
- struct ldap_search_state *state = search->private_data;
+ struct ldap_search_state *state =
+ (struct ldap_search_state *)search->private_data;
LDAP *ld;
int rc = LDAP_OPERATIONS_ERROR;
@@ -3975,7 +3977,8 @@ static BOOL ldapsam_search_firstpage(struct pdb_search *search)
static BOOL ldapsam_search_nextpage(struct pdb_search *search)
{
- struct ldap_search_state *state = search->private_data;
+ struct ldap_search_state *state =
+ (struct ldap_search_state *)search->private_data;
int rc;
if (!state->connection->paged_results) {
@@ -4005,7 +4008,8 @@ static BOOL ldapsam_search_nextpage(struct pdb_search *search)
static BOOL ldapsam_search_next_entry(struct pdb_search *search,
struct samr_displayentry *entry)
{
- struct ldap_search_state *state = search->private_data;
+ struct ldap_search_state *state =
+ (struct ldap_search_state *)search->private_data;
BOOL result;
retry:
@@ -4040,7 +4044,8 @@ static BOOL ldapsam_search_next_entry(struct pdb_search *search,
static void ldapsam_search_end(struct pdb_search *search)
{
- struct ldap_search_state *state = search->private_data;
+ struct ldap_search_state *state =
+ (struct ldap_search_state *)search->private_data;
int rc;
if (state->pagedresults_cookie == NULL)
@@ -4156,7 +4161,8 @@ static BOOL ldapsam_search_users(struct pdb_methods *methods,
struct pdb_search *search,
uint32 acct_flags)
{
- struct ldapsam_privates *ldap_state = methods->private_data;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
@@ -4314,7 +4320,8 @@ static BOOL ldapsam_search_grouptype(struct pdb_methods *methods,
const DOM_SID *sid,
enum SID_NAME_USE type)
{
- struct ldapsam_privates *ldap_state = methods->private_data;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)methods->private_data;
struct ldap_search_state *state;
state = TALLOC_P(search->mem_ctx, struct ldap_search_state);
@@ -4473,8 +4480,8 @@ static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32 *ri
int i;
for (i=0; i<10; i++) {
- NTSTATUS result = ldapsam_get_new_rid(methods->private_data,
- rid);
+ NTSTATUS result = ldapsam_get_new_rid(
+ (struct ldapsam_privates *)methods->private_data, rid);
if (NT_STATUS_IS_OK(result)) {
return result;
}
@@ -4500,7 +4507,8 @@ static BOOL ldapsam_sid_to_id(struct pdb_methods *methods,
const DOM_SID *sid,
union unid_t *id, enum SID_NAME_USE *type)
{
- struct ldapsam_privates *priv = methods->private_data;
+ struct ldapsam_privates *priv =
+ (struct ldapsam_privates *)methods->private_data;
char *filter;
const char *attrs[] = { "sambaGroupType", "gidNumber", "uidNumber",
NULL };
@@ -5487,7 +5495,7 @@ NTSTATUS pdb_init_ldapsam_compat(struct pdb_methods **pdb_method, const char *lo
(*pdb_method)->name = "ldapsam_compat";
- ldap_state = (*pdb_method)->private_data;
+ ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data);
ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT;
sid_copy(&ldap_state->domain_sid, get_global_sam_sid());
@@ -5545,7 +5553,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
}
}
- ldap_state = (*pdb_method)->private_data;
+ ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data);
ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT;
/* Try to setup the Domain Name, Domain SID, algorithmic rid base */
diff --git a/source3/passdb/pdb_nds.c b/source3/passdb/pdb_nds.c
index 08ad96efa4..ab4a1a7f20 100644
--- a/source3/passdb/pdb_nds.c
+++ b/source3/passdb/pdb_nds.c
@@ -241,7 +241,7 @@ static int berDecodeLoginData(
if(retData)
{
retOctStrLen = *retDataLen + 1;
- retOctStr = SMB_MALLOC(retOctStrLen);
+ retOctStr = SMB_MALLOC_ARRAY(char, retOctStrLen);
if(!retOctStr)
{
err = LDAP_OPERATIONS_ERROR;
@@ -404,7 +404,7 @@ static int nmasldap_get_simple_pwd(
size_t pwdBufLen, bufferLen;
bufferLen = pwdBufLen = pwdLen+2;
- pwdBuf = SMB_MALLOC(pwdBufLen); /* digest and null */
+ pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen); /* digest and null */
if(pwdBuf == NULL)
{
return LDAP_NO_MEMORY;
@@ -568,7 +568,7 @@ static int nmasldap_get_password(
}
bufferLen = pwdBufLen = *pwdSize;
- pwdBuf = SMB_MALLOC(pwdBufLen+2);
+ pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen+2);
if(pwdBuf == NULL)
{
return LDAP_NO_MEMORY;
@@ -769,7 +769,7 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
DEBUG(5,("pdb_nds_update_login_attempts: %s login for %s\n",
success ? "Successful" : "Failed", username));
- result = pdb_get_backend_private_data(sam_acct, methods);
+ result = (LDAPMessage *)pdb_get_backend_private_data(sam_acct, methods);
if (!result) {
attr_list = get_userattr_list(NULL,
ldap_state->schema_ver);
@@ -854,7 +854,8 @@ static NTSTATUS pdb_nds_update_login_attempts(struct pdb_methods *methods,
static NTSTATUS pdb_init_NDS_ldapsam_common(struct pdb_methods **pdb_method, const char *location)
{
- struct ldapsam_privates *ldap_state = (*pdb_method)->private_data;
+ struct ldapsam_privates *ldap_state =
+ (struct ldapsam_privates *)((*pdb_method)->private_data);
/* Mark this as eDirectory ldap */
ldap_state->is_nds_ldap = True;
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index a8a42196d4..aec1db48b5 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -584,7 +584,8 @@ static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd)
Routine to add an entry to the smbpasswd file.
*************************************************************************/
-static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, struct smb_passwd *newpwd)
+static NTSTATUS add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state,
+ struct smb_passwd *newpwd)
{
const char *pfile = smbpasswd_state->smbpasswd_file;
struct smb_passwd *pwd = NULL;
@@ -605,7 +606,7 @@ static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, str
if (fp == NULL) {
DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
- return False;
+ return map_nt_error_from_unix(errno);
}
/*
@@ -616,7 +617,7 @@ static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, str
if (strequal(newpwd->smb_name, pwd->smb_name)) {
DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
- return False;
+ return NT_STATUS_USER_EXISTS;
}
}
@@ -630,17 +631,18 @@ static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, str
fd = fileno(fp);
if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
+ NTSTATUS result = map_nt_error_from_unix(errno);
DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
- return False;
+ return result;
}
if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) {
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
new_entry_length = strlen(new_entry);
@@ -651,6 +653,7 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
#endif
if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) {
+ NTSTATUS result = map_nt_error_from_unix(errno);
DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
@@ -663,12 +666,12 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
free(new_entry);
- return False;
+ return result;
}
free(new_entry);
endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth);
- return True;
+ return NT_STATUS_OK;
}
/************************************************************************
@@ -1308,7 +1311,7 @@ static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods,
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd *smb_pw;
- void *fp = NULL;
+ FILE *fp = NULL;
DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username));
@@ -1352,7 +1355,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data;
struct smb_passwd *smb_pw;
- void *fp = NULL;
+ FILE *fp = NULL;
fstring sid_str;
uint32 rid;
@@ -1423,11 +1426,7 @@ static NTSTATUS smbpasswd_add_sam_account(struct pdb_methods *my_methods, struct
}
/* add the entry */
- if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
+ return add_smbfilepwd_entry(smbpasswd_state, &smb_pw);
}
static NTSTATUS smbpasswd_update_sam_account(struct pdb_methods *my_methods, struct samu *sampass)
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index f3ae4b7b02..ac8cbbe91a 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -169,7 +169,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf
}
else {
pdb_set_homedir(sampass,
- talloc_sub_basic(sampass, username, lp_logon_home()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_home()),
PDB_DEFAULT);
}
@@ -177,7 +178,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf
pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
else {
pdb_set_dir_drive(sampass,
- talloc_sub_basic(sampass, username, lp_logon_drive()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_drive()),
PDB_DEFAULT);
}
@@ -185,7 +187,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf
pdb_set_logon_script(sampass, logon_script, PDB_SET);
else {
pdb_set_logon_script(sampass,
- talloc_sub_basic(sampass, username, lp_logon_script()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_script()),
PDB_DEFAULT);
}
@@ -193,7 +196,8 @@ static BOOL init_sam_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32 buf
pdb_set_profile_path(sampass, profile_path, PDB_SET);
} else {
pdb_set_profile_path(sampass,
- talloc_sub_basic(sampass, username, lp_logon_path()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_path()),
PDB_DEFAULT);
}
@@ -356,7 +360,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf
}
else {
pdb_set_homedir(sampass,
- talloc_sub_basic(sampass, username, lp_logon_home()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_home()),
PDB_DEFAULT);
}
@@ -364,7 +369,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf
pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
else {
pdb_set_dir_drive(sampass,
- talloc_sub_basic(sampass, username, lp_logon_drive()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_drive()),
PDB_DEFAULT);
}
@@ -372,7 +378,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf
pdb_set_logon_script(sampass, logon_script, PDB_SET);
else {
pdb_set_logon_script(sampass,
- talloc_sub_basic(sampass, username, lp_logon_script()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_script()),
PDB_DEFAULT);
}
@@ -380,7 +387,8 @@ static BOOL init_sam_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32 buf
pdb_set_profile_path(sampass, profile_path, PDB_SET);
} else {
pdb_set_profile_path(sampass,
- talloc_sub_basic(sampass, username, lp_logon_path()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_path()),
PDB_DEFAULT);
}
@@ -541,14 +549,15 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen)
if (homedir) {
fstrcpy( tmpstring, homedir );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_homedir(sampass, tmpstring, PDB_SET);
}
else {
pdb_set_homedir(sampass,
- talloc_sub_basic(sampass, username, lp_logon_home()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_home()),
PDB_DEFAULT);
}
@@ -560,28 +569,30 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen)
if (logon_script) {
fstrcpy( tmpstring, logon_script );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_logon_script(sampass, tmpstring, PDB_SET);
}
else {
pdb_set_logon_script(sampass,
- talloc_sub_basic(sampass, username, lp_logon_script()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_script()),
PDB_DEFAULT);
}
if (profile_path) {
fstrcpy( tmpstring, profile_path );
if (expand_explicit) {
- standard_sub_basic( username, tmpstring,
+ standard_sub_basic( username, domain, tmpstring,
sizeof(tmpstring) );
}
pdb_set_profile_path(sampass, tmpstring, PDB_SET);
}
else {
pdb_set_profile_path(sampass,
- talloc_sub_basic(sampass, username, lp_logon_path()),
+ talloc_sub_basic(sampass, username, domain,
+ lp_logon_path()),
PDB_DEFAULT);
}
@@ -606,7 +617,7 @@ BOOL init_sam_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32 buflen)
/* Change from V1 is addition of password history field. */
pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
if (pwHistLen) {
- uint8 *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
+ uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);
if (!pw_hist) {
ret = False;
goto done;
@@ -901,7 +912,7 @@ static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data,
/* save a copy of the key */
- ptr->key.dptr = memdup( key.dptr, key.dsize );
+ ptr->key.dptr = (char *)memdup( key.dptr, key.dsize );
if (!ptr->key.dptr) {
DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n"));
/* just return 0 and let the traversal continue */
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 04d6da2814..f72a7cb8d5 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -104,8 +104,9 @@ BOOL secrets_store(const char *key, const void *data, size_t size)
secrets_init();
if (!tdb)
return False;
- return tdb_store(tdb, string_tdb_data(key), make_tdb_data(data, size),
- TDB_REPLACE) == 0;
+ return tdb_trans_store(tdb, string_tdb_data(key),
+ make_tdb_data((const char *)data, size),
+ TDB_REPLACE) == 0;
}
@@ -288,7 +289,8 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
return True;
}
- if (!(pass = secrets_fetch(trust_keystr(domain), &size))) {
+ if (!(pass = (struct machine_acct_pass *)secrets_fetch(
+ trust_keystr(domain), &size))) {
DEBUG(5, ("secrets_fetch failed!\n"));
return False;
}
@@ -319,6 +321,136 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
return True;
}
+/**
+ * Pack SID passed by pointer
+ *
+ * @param pack_buf pointer to buffer which is to be filled with packed data
+ * @param bufsize size of packing buffer
+ * @param sid pointer to sid to be packed
+ *
+ * @return length of the packed representation of the whole structure
+ **/
+static size_t tdb_sid_pack(char* pack_buf, int bufsize, DOM_SID* sid)
+{
+ int idx;
+ size_t len = 0;
+
+ if (!sid || !pack_buf) return -1;
+
+ len += tdb_pack(pack_buf + len, bufsize - len, "bb", sid->sid_rev_num,
+ sid->num_auths);
+
+ for (idx = 0; idx < 6; idx++) {
+ len += tdb_pack(pack_buf + len, bufsize - len, "b",
+ sid->id_auth[idx]);
+ }
+
+ for (idx = 0; idx < MAXSUBAUTHS; idx++) {
+ len += tdb_pack(pack_buf + len, bufsize - len, "d",
+ sid->sub_auths[idx]);
+ }
+
+ return len;
+}
+
+/**
+ * Unpack SID into a pointer
+ *
+ * @param pack_buf pointer to buffer with packed representation
+ * @param bufsize size of the buffer
+ * @param sid pointer to sid structure to be filled with unpacked data
+ *
+ * @return size of structure unpacked from buffer
+ **/
+static size_t tdb_sid_unpack(char* pack_buf, int bufsize, DOM_SID* sid)
+{
+ int idx, len = 0;
+
+ if (!sid || !pack_buf) return -1;
+
+ len += tdb_unpack(pack_buf + len, bufsize - len, "bb",
+ &sid->sid_rev_num, &sid->num_auths);
+
+ for (idx = 0; idx < 6; idx++) {
+ len += tdb_unpack(pack_buf + len, bufsize - len, "b",
+ &sid->id_auth[idx]);
+ }
+
+ for (idx = 0; idx < MAXSUBAUTHS; idx++) {
+ len += tdb_unpack(pack_buf + len, bufsize - len, "d",
+ &sid->sub_auths[idx]);
+ }
+
+ return len;
+}
+
+/**
+ * Pack TRUSTED_DOM_PASS passed by pointer
+ *
+ * @param pack_buf pointer to buffer which is to be filled with packed data
+ * @param bufsize size of the buffer
+ * @param pass pointer to trusted domain password to be packed
+ *
+ * @return length of the packed representation of the whole structure
+ **/
+static size_t tdb_trusted_dom_pass_pack(char* pack_buf, int bufsize,
+ TRUSTED_DOM_PASS* pass)
+{
+ int idx, len = 0;
+
+ if (!pack_buf || !pass) return -1;
+
+ /* packing unicode domain name and password */
+ len += tdb_pack(pack_buf + len, bufsize - len, "d",
+ pass->uni_name_len);
+
+ for (idx = 0; idx < 32; idx++)
+ len += tdb_pack(pack_buf + len, bufsize - len, "w",
+ pass->uni_name[idx]);
+
+ len += tdb_pack(pack_buf + len, bufsize - len, "dPd", pass->pass_len,
+ pass->pass, pass->mod_time);
+
+ /* packing SID structure */
+ len += tdb_sid_pack(pack_buf + len, bufsize - len, &pass->domain_sid);
+
+ return len;
+}
+
+
+/**
+ * Unpack TRUSTED_DOM_PASS passed by pointer
+ *
+ * @param pack_buf pointer to buffer with packed representation
+ * @param bufsize size of the buffer
+ * @param pass pointer to trusted domain password to be filled with unpacked data
+ *
+ * @return size of structure unpacked from buffer
+ **/
+size_t tdb_trusted_dom_pass_unpack(char* pack_buf, int bufsize,
+ TRUSTED_DOM_PASS* pass)
+{
+ int idx, len = 0;
+
+ if (!pack_buf || !pass) return -1;
+
+ /* unpack unicode domain name and plaintext password */
+ len += tdb_unpack(pack_buf, bufsize - len, "d", &pass->uni_name_len);
+
+ for (idx = 0; idx < 32; idx++)
+ len += tdb_unpack(pack_buf + len, bufsize - len, "w",
+ &pass->uni_name[idx]);
+
+ len += tdb_unpack(pack_buf + len, bufsize - len, "dPd",
+ &pass->pass_len, &pass->pass, &pass->mod_time);
+
+ /* unpack domain sid */
+ len += tdb_sid_unpack(pack_buf + len, bufsize - len,
+ &pass->domain_sid);
+
+ return len;
+}
+
/************************************************************************
Routine to get account password to trusted domain
************************************************************************/
@@ -336,7 +468,8 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
ZERO_STRUCT(pass);
/* fetching trusted domain password structure */
- if (!(pass_buf = secrets_fetch(trustdom_keystr(domain), &size))) {
+ if (!(pass_buf = (char *)secrets_fetch(trustdom_keystr(domain),
+ &size))) {
DEBUG(5, ("secrets_fetch failed!\n"));
return False;
}
@@ -494,7 +627,7 @@ char *secrets_fetch_machine_password(const char *domain,
uint32 *last_set_time;
asprintf(&key, "%s/%s", SECRETS_MACHINE_LAST_CHANGE_TIME, domain);
strupper_m(key);
- last_set_time = secrets_fetch(key, &size);
+ last_set_time = (unsigned int *)secrets_fetch(key, &size);
if (last_set_time) {
*pass_last_set_time = IVAL(last_set_time,0);
SAFE_FREE(last_set_time);
@@ -509,7 +642,7 @@ char *secrets_fetch_machine_password(const char *domain,
uint32 *channel_type;
asprintf(&key, "%s/%s", SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain);
strupper_m(key);
- channel_type = secrets_fetch(key, &size);
+ channel_type = (unsigned int *)secrets_fetch(key, &size);
if (channel_type) {
*channel = IVAL(channel_type,0);
SAFE_FREE(channel_type);
@@ -613,7 +746,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
}
- *pw=secrets_fetch(key, &size);
+ *pw=(char *)secrets_fetch(key, &size);
SAFE_FREE(key);
if (!size) {
@@ -631,7 +764,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
for (p=old_style_key; *p; p++)
if (*p == ',') *p = '/';
- data=secrets_fetch(old_style_key, &size);
+ data=(char *)secrets_fetch(old_style_key, &size);
if (!size && size < sizeof(old_style_pw)) {
DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n"));
SAFE_FREE(old_style_key);
@@ -672,20 +805,35 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
{
TDB_LIST_NODE *keys, *k;
char *pattern;
+ TALLOC_CTX *tmp_ctx;
+
+ if (!(tmp_ctx = talloc_new(mem_ctx))) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
/* generate searching pattern */
- pattern = talloc_asprintf(mem_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS);
+ pattern = talloc_asprintf(tmp_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS);
if (pattern == NULL) {
DEBUG(0, ("secrets_trusted_domains: talloc_asprintf() "
"failed!\n"));
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- *domains = NULL;
*num_domains = 0;
+ /*
+ * Make sure that a talloc context for the trustdom_info structs
+ * exists
+ */
+
+ if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* fetching trusted domains' data and collecting them in a list */
keys = tdb_search_keys(tdb, pattern);
@@ -698,16 +846,17 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
struct trustdom_info *dom_info;
/* important: ensure null-termination of the key string */
- secrets_key = talloc_strndup(mem_ctx,
+ secrets_key = talloc_strndup(tmp_ctx,
k->node_key.dptr,
k->node_key.dsize);
if (!secrets_key) {
DEBUG(0, ("strndup failed!\n"));
tdb_search_list_free(keys);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- packed_pass = secrets_fetch(secrets_key, &size);
+ packed_pass = (char *)secrets_fetch(secrets_key, &size);
packed_size = tdb_trusted_dom_pass_unpack(packed_pass, size,
&pass);
/* packed representation isn't needed anymore */
@@ -727,30 +876,31 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
continue;
}
- dom_info = TALLOC_P(mem_ctx, struct trustdom_info);
- if (dom_info == NULL) {
+ if (!(dom_info = TALLOC_P(*domains, struct trustdom_info))) {
DEBUG(0, ("talloc failed\n"));
tdb_search_list_free(keys);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- if (pull_ucs2_talloc(mem_ctx, &dom_info->name,
+ if (pull_ucs2_talloc(dom_info, &dom_info->name,
pass.uni_name) == (size_t)-1) {
DEBUG(2, ("pull_ucs2_talloc failed\n"));
tdb_search_list_free(keys);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
sid_copy(&dom_info->sid, &pass.domain_sid);
- ADD_TO_ARRAY(mem_ctx, struct trustdom_info *, dom_info,
+ ADD_TO_ARRAY(*domains, struct trustdom_info *, dom_info,
domains, num_domains);
if (*domains == NULL) {
tdb_search_list_free(keys);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- talloc_steal(*domains, dom_info);
}
DEBUG(5, ("secrets_get_trusted_domains: got %d domains\n",
@@ -758,6 +908,7 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
/* free the results of searching the keys */
tdb_search_list_free(keys);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}
@@ -858,9 +1009,9 @@ BOOL secrets_fetch_afs_key(const char *cell, struct afs_key *result)
*******************************************************************************/
void secrets_fetch_ipc_userpass(char **username, char **domain, char **password)
{
- *username = secrets_fetch(SECRETS_AUTH_USER, NULL);
- *domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
- *password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
+ *username = (char *)secrets_fetch(SECRETS_AUTH_USER, NULL);
+ *domain = (char *)secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
+ *password = (char *)secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
if (*username && **username) {
@@ -965,7 +1116,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx,
pdc->remote_machine,
pdc->domain);
- value.dptr = TALLOC(mem_ctx, value.dsize);
+ value.dptr = (char *)TALLOC(mem_ctx, value.dsize);
if (!value.dptr) {
TALLOC_FREE(keystr);
return False;
generated by cgit (git 2.34.1) at 2024-07-02 05:50:27 +0000