diff options
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/net.c | 79 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 4 | ||||
-rw-r--r-- | source3/utils/net_rpc_samsync.c | 82 | ||||
-rw-r--r-- | source3/utils/pdbedit.c | 30 | ||||
-rw-r--r-- | source3/utils/smbgroupedit.c | 10 |
5 files changed, 61 insertions, 144 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index 704b886d72..d38ca58622 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -402,84 +402,6 @@ static int net_getdomainsid(int argc, const char **argv) return 0; } -static uint32 get_maxrid(void) -{ - SAM_ACCOUNT *pwd = NULL; - uint32 max_rid = 0; - GROUP_MAP *map = NULL; - int num_entries = 0; - int i; - - if (!pdb_setsampwent(False)) { - DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n")); - return 0; - } - - for (; (NT_STATUS_IS_OK(pdb_init_sam(&pwd))) - && pdb_getsampwent(pwd) == True; pwd=NULL) { - uint32 rid; - - if (!sid_peek_rid(pdb_get_user_sid(pwd), &rid)) { - DEBUG(0, ("can't get RID for user '%s'\n", - pdb_get_username(pwd))); - pdb_free_sam(&pwd); - continue; - } - - if (rid > max_rid) - max_rid = rid; - - DEBUG(1,("%d is user '%s'\n", rid, pdb_get_username(pwd))); - pdb_free_sam(&pwd); - } - - pdb_endsampwent(); - pdb_free_sam(&pwd); - - if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, - ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) - return max_rid; - - for (i = 0; i < num_entries; i++) { - uint32 rid; - - if (!sid_peek_check_rid(get_global_sam_sid(), &map[i].sid, - &rid)) { - DEBUG(3, ("skipping map for group '%s', SID %s\n", - map[i].nt_name, - sid_string_static(&map[i].sid))); - continue; - } - DEBUG(1,("%d is group '%s'\n", rid, map[i].nt_name)); - - if (rid > max_rid) - max_rid = rid; - } - - SAFE_FREE(map); - - return max_rid; -} - -static int net_maxrid(int argc, const char **argv) -{ - uint32 rid; - - if (argc != 0) { - DEBUG(0, ("usage: net initrid\n")); - return 1; - } - - if ((rid = get_maxrid()) == 0) { - DEBUG(0, ("can't get current maximum rid\n")); - return 1; - } - - d_printf("Currently used maximum rid: %d\n", rid); - - return 0; -} - /* main function table */ static struct functable net_func[] = { {"RPC", net_rpc}, @@ -507,7 +429,6 @@ static struct functable net_func[] = { {"GETLOCALSID", net_getlocalsid}, {"SETLOCALSID", net_setlocalsid}, {"GETDOMAINSID", net_getdomainsid}, - {"MAXRID", net_maxrid}, {"HELP", net_help}, {NULL, NULL} diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index ae1e8dbbac..06538797e2 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -2014,7 +2014,7 @@ static int rpc_trustdom_list(int argc, const char **argv) }; /* SamrConnect */ - nt_status = cli_samr_connect(cli, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN, + nt_status = cli_samr_connect(cli, mem_ctx, SAMR_ACCESS_OPEN_DOMAIN, &connect_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n", @@ -2025,7 +2025,7 @@ static int rpc_trustdom_list(int argc, const char **argv) /* SamrOpenDomain - we have to open domain policy handle in order to be able to enumerate accounts*/ nt_status = cli_samr_open_domain(cli, mem_ctx, &connect_hnd, - SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + DOMAIN_ACCESS_ENUM_ACCOUNTS, &queried_dom_sid, &domain_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open domain object. Error was %s\n", diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 10fba52be8..00e5dee0ce 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -111,7 +111,7 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) { - unsigned sync_context = 0; + unsigned last_rid = -1; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; @@ -126,15 +126,15 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret d_printf("Dumping database %u\n", db_type); do { - result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, - sync_context, + result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, last_rid+1, &num_deltas, &hdr_deltas, &deltas); clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds); + last_rid = 0; for (i = 0; i < num_deltas; i++) { display_sam_entry(&hdr_deltas[i], &deltas[i]); + last_rid = hdr_deltas[i].target_rid; } - sync_context += 1; - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); } @@ -199,62 +199,62 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) desc, workstations, profile. */ unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1); - pdb_set_nt_username(account, s, PDB_CHANGED); + pdb_set_nt_username(account, s); /* Unix username is the same - for sainity */ - pdb_set_username(account, s, PDB_CHANGED); + pdb_set_username(account, s); unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1); - pdb_set_fullname(account, s, PDB_CHANGED); + pdb_set_fullname(account, s); unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1); - pdb_set_homedir(account, s, PDB_CHANGED); + pdb_set_homedir(account, s, True); unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1); - pdb_set_dir_drive(account, s, PDB_CHANGED); + pdb_set_dir_drive(account, s, True); unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1); - pdb_set_logon_script(account, s, PDB_CHANGED); + pdb_set_logon_script(account, s, True); unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1); - pdb_set_acct_desc(account, s, PDB_CHANGED); + pdb_set_acct_desc(account, s); unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1); - pdb_set_workstations(account, s, PDB_CHANGED); + pdb_set_workstations(account, s); unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1); - pdb_set_profile_path(account, s, PDB_CHANGED); + pdb_set_profile_path(account, s, True); /* User and group sid */ - pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); - pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); + pdb_set_user_sid_from_rid(account, delta->user_rid); + pdb_set_group_sid_from_rid(account, delta->group_rid); /* Logon and password information */ - pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED); + pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True); pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), - PDB_CHANGED); - pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); + True); + pdb_set_logon_divs(account, delta->logon_divs); /* TODO: logon hours */ /* TODO: bad password count */ /* TODO: logon count */ pdb_set_pass_last_set_time( - account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED); + account, nt_time_to_unix(&delta->pwd_last_set_time)); - pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED); + pdb_set_kickoff_time(account, get_time_t_max(), True); /* Decode hashes from password hash */ sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); - pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); - pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); + pdb_set_nt_passwd(account, nt_passwd); + pdb_set_lanman_passwd(account, lm_passwd); /* TODO: account expiry time */ - pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + pdb_set_acct_ctrl(account, delta->acb_info); return NT_STATUS_OK; } @@ -324,7 +324,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) pdb_update_sam_account(sam_account); } - if (!pdb_getgrsid(&map, *pdb_get_group_sid(sam_account), False)) { + if (!get_group_map_from_sid(*pdb_get_group_sid(sam_account), + &map, False)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); pdb_free_sam(&sam_account); @@ -352,7 +353,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) DOM_SID group_sid; fstring sid_string; GROUP_MAP map; - BOOL insert = True; + int flag = TDB_INSERT; unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1); unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1); @@ -362,9 +363,9 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - if (pdb_getgrsid(&map, group_sid, False)) { + if (get_group_map_from_sid(group_sid, &map, False)) { grp = getgrgid(map.gid); - insert = False; + flag = 0; /* Don't TDB_INSERT, mapping exists */ } if (grp == NULL) @@ -391,10 +392,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) map.priv_set.count = 0; map.priv_set.set = NULL; - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); + add_mapping_entry(&map, flag); return NT_STATUS_OK; } @@ -532,7 +530,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, DOM_SID alias_sid; fstring sid_string; GROUP_MAP map; - BOOL insert = True; + int insert_flag = TDB_INSERT; unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1); unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1); @@ -542,9 +540,9 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, sid_append_rid(&alias_sid, rid); sid_to_string(sid_string, &alias_sid); - if (pdb_getgrsid(&map, alias_sid, False)) { + if (get_group_map_from_sid(alias_sid, &map, False)) { grp = getgrgid(map.gid); - insert = False; + insert_flag = 0; /* Don't TDB_INSERT, mapping exists */ } if (grp == NULL) { @@ -575,10 +573,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, map.priv_set.count = 0; map.priv_set.set = NULL; - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); + add_mapping_entry(&map, insert_flag); return NT_STATUS_OK; } @@ -625,7 +620,7 @@ static void fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, DOM_SID dom_sid) { - unsigned sync_context = 0; + unsigned last_rid = -1; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; @@ -641,16 +636,17 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, do { result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, - db_type, sync_context, + db_type, last_rid+1, &num_deltas, &hdr_deltas, &deltas); clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds); + last_rid = 0; for (i = 0; i < num_deltas; i++) { fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); + last_rid = hdr_deltas[i].target_rid; } - sync_context += 1; - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); } diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 1199dec7fb..7f8348c65a 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -247,15 +247,15 @@ static int set_user_info (struct pdb_context *in, char *username, char *fullname } if (fullname) - pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); + pdb_set_fullname(sam_pwent, fullname); if (homedir) - pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED); + pdb_set_homedir(sam_pwent, homedir, True); if (drive) - pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED); + pdb_set_dir_drive(sam_pwent,drive, True); if (script) - pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); + pdb_set_logon_script(sam_pwent, script, True); if (profile) - pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED); + pdb_set_profile_path (sam_pwent, profile, True); if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent))) print_user_info (in, username, True, False); @@ -285,7 +285,7 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha } else { fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username); pdb_init_sam(&sam_pwent); - if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) { + if (!pdb_set_username(sam_pwent, username)) { return False; } } @@ -313,17 +313,17 @@ static int new_user (struct pdb_context *in, char *username, char *fullname, cha SAFE_FREE(password2); if (fullname) - pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); + pdb_set_fullname(sam_pwent, fullname); if (homedir) - pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED); + pdb_set_homedir (sam_pwent, homedir, True); if (drive) - pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED); + pdb_set_dir_drive (sam_pwent, drive, True); if (script) - pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); + pdb_set_logon_script(sam_pwent, script, True); if (profile) - pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED); + pdb_set_profile_path (sam_pwent, profile, True); - pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED); + pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL); if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) { print_user_info (in, username, True, False); @@ -361,11 +361,11 @@ static int new_machine (struct pdb_context *in, char *machinename) pdb_set_plaintext_passwd (sam_pwent, password); - pdb_set_username (sam_pwent, name, PDB_CHANGED); + pdb_set_username (sam_pwent, name); - pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED); + pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST); - pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS, PDB_CHANGED); + pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS); if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) { print_user_info (in, name, True, False); diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c index bdff59c6f2..589dafc231 100644 --- a/source3/utils/smbgroupedit.c +++ b/source3/utils/smbgroupedit.c @@ -69,7 +69,7 @@ static BOOL get_sid_from_input(DOM_SID *sid, char *input) if (StrnCaseCmp( input, "S-", 2)) { /* Perhaps its the NT group name? */ - if (!pdb_getgrnam(&map, input, MAPPING_WITHOUT_PRIV)) { + if (!get_group_map_from_ntname(input, &map, MAPPING_WITHOUT_PRIV)) { printf("NT Group %s doesn't exist in mapping DB\n", input); return False; } else { @@ -133,7 +133,7 @@ static int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type } /* Get the current mapping from the database */ - if(!pdb_getgrsid(&map, sid, MAPPING_WITH_PRIV)) { + if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) { printf("This SID does not exist in the database\n"); return -1; } @@ -177,7 +177,7 @@ static int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type if (privilege!=NULL) convert_priv_from_text(&map.priv_set, privilege); - if (!pdb_add_group_mapping_entry(&map)) { + if (!add_mapping_entry(&map, TDB_REPLACE)) { printf("Count not update group database\n"); free_privilege(&map.priv_set); return -1; @@ -198,7 +198,7 @@ static int deletegroup(char *group) return -1; } - if(!pdb_delete_group_mapping_entry(sid)) { + if(!group_map_remove(sid)) { printf("removing group %s from the mapping db failed!\n", group); return -1; } @@ -220,7 +220,7 @@ static int listgroup(enum SID_NAME_USE sid_type, BOOL long_list) if (!long_list) printf("NT group (SID) -> Unix group\n"); - if (!pdb_enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV)) + if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV)) return -1; for (i=0; i<entries; i++) { |