diff options
Diffstat (limited to 'source3')
95 files changed, 1507 insertions, 984 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 64d0a6a4df..ce8c865cb3 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -620,6 +620,8 @@ REG_INIT_FULL_OBJ = registry/reg_init_full.o REGFIO_OBJ = registry/regfio.o \ $(REG_PARSE_PRS_OBJ) +REG_API_REGF_OBJ = registry/reg_api_regf.o + REGOBJS_OBJ = registry/reg_objects.o REG_BACKENDS_BASE_OBJ = registry/reg_backend_db.o @@ -638,7 +640,6 @@ REG_BACKENDS_EXTRA_OBJ = registry/reg_backend_printing.o \ REG_BASE_OBJ = registry/reg_api.o \ registry/reg_dispatcher.o \ registry/reg_cachehook.o \ - $(REGFIO_OBJ) \ $(REGOBJS_OBJ) \ registry/reg_util_internal.o \ lib/util_nttoken.o \ @@ -647,6 +648,7 @@ REG_BASE_OBJ = registry/reg_api.o \ REG_SMBCONF_OBJ = $(REG_BASE_OBJ) \ registry/reg_util_token.o \ + registry/reg_api_util.o \ $(REG_BACKENDS_SMBCONF_OBJ) \ $(REG_INIT_SMBCONF_OBJ) @@ -756,7 +758,8 @@ PROFILES_OBJ = utils/profiles.o \ $(LIBSMB_ERR_OBJ) \ $(PARAM_OBJ) \ $(LIB_OBJ) $(LIB_DUMMY_OBJ) \ - $(POPT_LIB_OBJ) + $(POPT_LIB_OBJ) \ + $(REGFIO_OBJ) OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o \ smbd/oplock_onefs.o @@ -904,6 +907,8 @@ SMBD_OBJ_BASE = $(PARAM_WITHOUT_REG_OBJ) $(SMBD_OBJ_SRV) $(LIBSMB_OBJ) \ $(SMBLDAP_OBJ) $(LIBNET_OBJ) \ $(LIBSMBCONF_OBJ) \ $(PRIVILEGES_BASIC_OBJ) \ + $(REGFIO_OBJ) \ + $(REG_API_REGF_OBJ) \ $(LIBNDR_XATTR_OBJ) PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/print_aix.o \ @@ -1007,6 +1012,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_shutdown.o rpcclient/cmd_test.o \ rpcclient/cmd_wkssvc.o rpcclient/cmd_ntsvcs.o \ rpcclient/cmd_drsuapi.o rpcclient/cmd_eventlog.o \ + rpcclient/cmd_winreg.o \ $(DISPLAY_SEC_OBJ) RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ @@ -1026,6 +1032,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(LIBCLI_SRVSVC_OBJ) \ $(LIBCLI_LSA_OBJ) \ $(LIBCLI_SAMR_OBJ) \ + $(LIBCLI_WINREG_OBJ) \ $(LIBCLI_NETLOGON_OBJ) \ $(RPC_CLIENT_SCHANNEL_OBJ) \ rpc_client/init_netlogon.o \ @@ -1162,6 +1169,7 @@ NET_OBJ = $(NET_OBJ1) \ $(REG_SMBCONF_OBJ) \ $(LIBNET_OBJ) $(LIBNET_DSSYNC_OBJ) $(LIBNET_SAMSYNC_OBJ) \ $(LIBSMBCONF_OBJ) \ + $(REGFIO_OBJ) \ $(PRIVILEGES_BASIC_OBJ) \ $(LIB_EVENTLOG_OBJ) localedir.o @@ -1430,6 +1438,7 @@ NTLM_AUTH_OBJ1 = utils/ntlm_auth.o utils/ntlm_auth_diagnostics.o NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \ ../lib/util/asn1.o ../libcli/auth/spnego_parse.o libsmb/clikrb5.o libads/kerberos.o \ + libsmb/samlogon_cache.o \ $(LIBADS_SERVER_OBJ) \ $(PASSDB_OBJ) $(LIBTSOCKET_OBJ) $(GROUPDB_OBJ) \ $(SMBLDAP_OBJ) $(LIBNMB_OBJ) \ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5e3091c7ae..825452026e 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -26,6 +26,7 @@ #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/arcfour.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -664,7 +665,7 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, /* Domain sid */ sid_copy(&domain_sid, get_global_sam_sid()); - info3->base.domain_sid = sid_dup_talloc(mem_ctx, &domain_sid); + info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid); if (info3->base.domain_sid == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index e457bd4ae7..690838d779 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -20,6 +20,7 @@ #include "includes.h" #include "../lib/crypto/arcfour.h" #include "../librpc/gen_ndr/netlogon.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -229,7 +230,7 @@ static NTSTATUS append_netr_SidAttr(TALLOC_CTX *mem_ctx, if (*sids == NULL) { return NT_STATUS_NO_MEMORY; } - (*sids)[t].sid = sid_dup_talloc(*sids, asid); + (*sids)[t].sid = dom_sid_dup(*sids, asid); if ((*sids)[t].sid == NULL) { return NT_STATUS_NO_MEMORY; } @@ -332,7 +333,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, /* check if this is a "Unix Users" domain user, * we need to handle it in a special way if that's the case */ - if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) { + if (dom_sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) { /* in info3 you can only set rids for the user and the * primary group, and the domain sid must be that of * the sam domain. @@ -358,7 +359,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, /* check if this is a "Unix Groups" domain group, * if so we need special handling */ - if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) { + if (dom_sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) { /* in info3 you can only set rids for the user and the * primary group, and the domain sid must be that of * the sam domain. @@ -467,7 +468,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, pdb_get_domain(samu)); RET_NOMEM(info3->base.domain.string); - info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid); + info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); RET_NOMEM(info3->base.domain_sid); info3->base.acct_flags = pdb_get_acct_ctrl(samu); @@ -547,7 +548,7 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, } if (orig->base.domain_sid) { - info3->base.domain_sid = sid_dup_talloc(info3, orig->base.domain_sid); + info3->base.domain_sid = dom_sid_dup(info3, orig->base.domain_sid); RET_NOMEM(info3->base.domain_sid); } @@ -557,7 +558,7 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, orig->sidcount); RET_NOMEM(info3->sids); for (i = 0; i < orig->sidcount; i++) { - info3->sids[i].sid = sid_dup_talloc(info3->sids, + info3->sids[i].sid = dom_sid_dup(info3->sids, orig->sids[i].sid); RET_NOMEM(info3->sids[i].sid); info3->sids[i].attributes = @@ -694,7 +695,7 @@ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, RET_NOMEM(info3->base.domain.string); } - info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid); + info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); RET_NOMEM(info3->base.domain_sid); memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index bc7d998341..4385dc400c 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -27,7 +27,7 @@ #include "includes.h" #include "secrets.h" #include "memcache.h" - +#include "../libcli/security/dom_sid.h" #include "../librpc/gen_ndr/netlogon.h" /**************************************************************************** @@ -42,7 +42,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token return False; for ( i=0; i<token->num_sids; i++ ) { - if ( sid_equal( sid, &token->sids[i] ) ) + if ( dom_sid_equal( sid, &token->sids[i] ) ) return True; } diff --git a/source3/build/dynconfig.py b/source3/build/dynconfig.py index 65798a35ec..7382516e3e 100644 --- a/source3/build/dynconfig.py +++ b/source3/build/dynconfig.py @@ -10,7 +10,8 @@ dir_options = { 'with-lockdir' : [ '${PREFIX}/var/locks', 'where to put lock files' ], 'with-codepagedir' : [ '${PREFIX}/lib/samba', 'where to put codepages' ], 'with-privatedir' : [ '${PREFIX}/private', 'where to put smbpasswd' ], - 'with-cachedir' : [ '${PREFIX}/var/locks', 'where to put temporary cache files' ] + 'with-cachedir' : [ '${PREFIX}/var/locks', 'where to put temporary cache files' ], + 'with-localedir' : [ '${PREFIX}/share/locale', 'Where to put po files' ] } # list of cflags to use for dynconfig.c @@ -37,6 +38,7 @@ dyn_cflags = { 'NTP_SIGND_SOCKET_DIR' : '${NTP_SIGND_SOCKET_DIR}', 'CODEPAGEDIR' : '${CODEPAGEDIR}', 'CACHEDIR' : '${CACHEDIR}', + 'LOCALEDIR' : '${LOCALEDIR}', 'SMB_PASSWD_FILE' : '${PRIVATEDIR}/smbpasswd', } diff --git a/source3/build/wscript b/source3/build/wscript index f27e279d6b..2cbcbe6de1 100644 --- a/source3/build/wscript +++ b/source3/build/wscript @@ -43,6 +43,9 @@ def build(bld): '../dynconfig.c', deps='replace talloc tdb popt', cflags=cflags) + bld.SAMBA_SUBSYSTEM('LOCALE_DIR', + '../localedir.c', + cflags=cflags) def dynconfig_cflags(bld): '''work out the extra CFLAGS for dynconfig.c''' diff --git a/source3/client/client.c b/source3/client/client.c index c911559911..86d64f6afa 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -1119,7 +1119,7 @@ static int do_get(const char *rname, const char *lname_in, bool reget) int this_time; clock_gettime_mono(&tp_end); - this_time = TspecDiff(&tp_start,&tp_end); + this_time = nsec_time_diff(&tp_end,&tp_start)/1000000; get_total_time_ms += this_time; get_total_size += nread; @@ -1768,7 +1768,7 @@ static int do_put(const char *rname, const char *lname, bool reput) int this_time; clock_gettime_mono(&tp_end); - this_time = TspecDiff(&tp_start,&tp_end); + this_time = nsec_time_diff(&tp_end,&tp_start)/1000000; put_total_time_ms += this_time; put_total_size += state.nread; diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index 140fd28d97..dab2520fc1 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -23,6 +23,7 @@ #include "includes.h" #include "groupdb/mapping.h" #include "dbwrap.h" +#include "../libcli/security/dom_sid.h" static struct db_context *db; /* used for driver files */ @@ -340,7 +341,7 @@ static int collect_map(struct db_record *rec, void *private_data) } if ((state->domsid != NULL) && - (sid_compare_domain(state->domsid, &map.sid) != 0)) { + (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) { DEBUG(11,("enum_group_mapping: group %s is not in domain\n", sid_string_dbg(&map.sid))); return 0; @@ -455,7 +456,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe return False; for (i=0; i<num; i++) { - if (sid_compare(alias, &sids[i]) == 0) { + if (dom_sid_compare(alias, &sids[i]) == 0) { TALLOC_FREE(sids); return True; } @@ -576,7 +577,7 @@ static int collect_aliasmem(struct db_record *rec, void *priv) if (!string_to_sid(&alias, alias_string)) continue; - if (sid_compare(state->alias, &alias) != 0) + if (dom_sid_compare(state->alias, &alias) != 0) continue; /* Ok, we found the alias we're looking for in the membership @@ -656,7 +657,7 @@ static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid * } for (i=0; i<num; i++) { - if (sid_compare(&sids[i], alias) == 0) { + if (dom_sid_compare(&sids[i], alias) == 0) { found = True; break; } diff --git a/source3/include/includes.h b/source3/include/includes.h index 2e45b7964d..a17e014ca9 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -653,18 +653,11 @@ extern void *cmdline_lp_ctx; #include "session.h" #include "module.h" #include "packet.h" -#include "ctdbd_conn.h" #include "../lib/util/talloc_stack.h" #include "serverid.h" -#include "async_smb.h" -#include "../lib/async_req/async_sock.h" #include "../lib/util/smb_threads.h" #include "../lib/util/smb_threads_internal.h" -/* forward declarations from smbldap.c */ - -#include "smbldap.h" - /* * Reasons for cache flush. */ @@ -769,10 +762,6 @@ enum flush_reason_enum { #define PASSWORD_LENGTH 8 #endif -#ifndef HAVE_PIPE -#define SYNC_DNS 1 -#endif - #if defined(HAVE_CRYPT16) && defined(HAVE_GETAUTHUID) #define ULTRIX_AUTH 1 #endif diff --git a/source3/include/proto.h b/source3/include/proto.h index 6fe8f641ba..5bb91c53eb 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -740,43 +740,6 @@ bool share_access_check(const struct security_token *token, const char *sharenam uint32 desired_access); bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd); -/* The following definitions come from lib/smbldap.c */ - -int smb_ldap_start_tls(LDAP *ldap_struct, int version); -int smb_ldap_setup_full_conn(LDAP **ldap_struct, const char *uri); -int smbldap_search(struct smbldap_state *ldap_state, - const char *base, int scope, const char *filter, - const char *attrs[], int attrsonly, - LDAPMessage **res); -int smbldap_search_paged(struct smbldap_state *ldap_state, - const char *base, int scope, const char *filter, - const char **attrs, int attrsonly, int pagesize, - LDAPMessage **res, void **cookie); -int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]); -int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]); -int smbldap_delete(struct smbldap_state *ldap_state, const char *dn); -int smbldap_extended_operation(struct smbldap_state *ldap_state, - LDAP_CONST char *reqoid, struct berval *reqdata, - LDAPControl **serverctrls, LDAPControl **clientctrls, - char **retoidp, struct berval **retdatap); -int smbldap_search_suffix (struct smbldap_state *ldap_state, - const char *filter, const char **search_attr, - LDAPMessage ** result); -void smbldap_free_struct(struct smbldap_state **ldap_state) ; -NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct event_context *event_ctx, - const char *location, - struct smbldap_state **smbldap_state); -bool smbldap_has_control(LDAP *ld, const char *control); -bool smbldap_has_extension(LDAP *ld, const char *extension); -bool smbldap_has_naming_context(LDAP *ld, const char *naming_context); -bool smbldap_set_creds(struct smbldap_state *ldap_state, bool anon, const char *dn, const char *secret); - -/* The following definitions come from lib/smbldap_util.c */ - -NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, - LDAPMessage ** result, const char *domain_name, - bool try_add); - /* The following definitions come from lib/smbrun.c */ int smbrun_no_sanitize(const char *cmd, int *outfd); @@ -1153,7 +1116,6 @@ char *unix_clean_name(TALLOC_CTX *ctx, const char *s); char *clean_name(TALLOC_CTX *ctx, const char *s); ssize_t write_data_at_offset(int fd, const char *buffer, size_t N, SMB_OFF_T pos); int set_blocking(int fd, bool set); -void smb_msleep(unsigned int t); NTSTATUS reinit_after_fork(struct messaging_context *msg_ctx, struct event_context *ev_ctx, struct server_id id, @@ -1332,13 +1294,9 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid void sid_copy(struct dom_sid *dst, const struct dom_sid *src); bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid); bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid); -int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2); -int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2); -bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); bool non_mappable_sid(struct dom_sid *sid); char *sid_binstring(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); char *sid_binstring_hex(const struct dom_sid *sid); -struct dom_sid *sid_dup_talloc(TALLOC_CTX *ctx, const struct dom_sid *src); NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, struct dom_sid **sids, uint32_t *num); NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, @@ -3944,17 +3902,17 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) ; /* The following definitions come from passdb/pdb_ldap.c */ +struct ldapsam_privates; + const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver ); -int ldapsam_search_suffix_by_name(struct ldapsam_privates *ldap_state, - const char *user, - LDAPMessage ** result, - const char **attr); NTSTATUS pdb_init_ldapsam_compat(struct pdb_methods **pdb_method, const char *location); NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location); NTSTATUS pdb_ldap_init(void); /* The following definitions come from passdb/pdb_nds.c */ +struct smbldap_state; + int pdb_nds_get_password( struct smbldap_state *ldap_state, char *object_dn, @@ -5677,5 +5635,6 @@ uint32_t ds_uf2acb(uint32_t uf); uint32_t ds_uf2atype(uint32_t uf); uint32_t ds_gtype2atype(uint32_t gtype); enum lsa_SidType ds_atype_map(uint32_t atype); +uint32_t ds_uf2prim_group_rid(uint32_t uf); #endif /* _PROTO_H_ */ diff --git a/source3/include/registry.h b/source3/include/registry.h index 66a364d97d..600fffe679 100644 --- a/source3/include/registry.h +++ b/source3/include/registry.h @@ -169,25 +169,18 @@ WERROR reg_getkeysecurity(TALLOC_CTX *mem_ctx, struct registry_key *key, WERROR reg_setkeysecurity(struct registry_key *key, struct security_descriptor *psecdesc); WERROR reg_getversion(uint32_t *version); -WERROR reg_restorekey(struct registry_key *key, const char *fname); -WERROR reg_savekey(struct registry_key *key, const char *fname); WERROR reg_deleteallvalues(struct registry_key *key); -WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, - uint32 desired_access, const struct security_token *token, - struct registry_key **pkey); WERROR reg_deletekey_recursive(TALLOC_CTX *ctx, struct registry_key *parent, const char *path); WERROR reg_deletesubkeys_recursive(TALLOC_CTX *ctx, struct registry_key *parent, const char *path); -WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path, - uint32 desired_access, - const struct security_token *token, - enum winreg_CreateAction *paction, - struct registry_key **pkey); -WERROR reg_delete_path(const struct security_token *token, - const char *orig_path); + +/* The following definitions come from registry/reg_api_regf.c */ + +WERROR reg_restorekey(struct registry_key *key, const char *fname); +WERROR reg_savekey(struct registry_key *key, const char *fname); /* The following definitions come from registry/reg_init_basic.c */ diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index e72f2aab68..9f4b345b84 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -144,24 +144,6 @@ #define ENCRYPTION_REQUIRED(conn) ((conn) ? ((conn)->encrypt_level == Required) : false) #define IS_CONN_ENCRYPTED(conn) ((conn) ? (conn)->encrypted_tid : false) -/******************************************************************* -find the difference in milliseconds between two struct timeval -values -********************************************************************/ - -#define TvalDiff(tvalold,tvalnew) \ - (((tvalnew)->tv_sec - (tvalold)->tv_sec)*1000 + \ - ((int)(tvalnew)->tv_usec - (int)(tvalold)->tv_usec)/1000) - -/******************************************************************* -find the difference in milliseconds between two struct timespec -values -********************************************************************/ - -#define TspecDiff(tvalold,tvalnew) \ - (((tvalnew)->tv_sec - (tvalold)->tv_sec)*1000 + \ - ((int)(tvalnew)->tv_nsec - (int)(tvalold)->tv_nsec)/1000000) - /**************************************************************************** true if two IPv4 addresses are equal ****************************************************************************/ diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 060fcc21eb..ffe618d4f7 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -233,6 +233,43 @@ char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld, LDAPMessage *entry); +/* The following definitions come from lib/smbldap.c */ + +int smb_ldap_start_tls(LDAP *ldap_struct, int version); +int smb_ldap_setup_full_conn(LDAP **ldap_struct, const char *uri); +int smbldap_search(struct smbldap_state *ldap_state, + const char *base, int scope, const char *filter, + const char *attrs[], int attrsonly, + LDAPMessage **res); +int smbldap_search_paged(struct smbldap_state *ldap_state, + const char *base, int scope, const char *filter, + const char **attrs, int attrsonly, int pagesize, + LDAPMessage **res, void **cookie); +int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]); +int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[]); +int smbldap_delete(struct smbldap_state *ldap_state, const char *dn); +int smbldap_extended_operation(struct smbldap_state *ldap_state, + LDAP_CONST char *reqoid, struct berval *reqdata, + LDAPControl **serverctrls, LDAPControl **clientctrls, + char **retoidp, struct berval **retdatap); +int smbldap_search_suffix (struct smbldap_state *ldap_state, + const char *filter, const char **search_attr, + LDAPMessage ** result); +void smbldap_free_struct(struct smbldap_state **ldap_state) ; +NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct event_context *event_ctx, + const char *location, + struct smbldap_state **smbldap_state); +bool smbldap_has_control(LDAP *ld, const char *control); +bool smbldap_has_extension(LDAP *ld, const char *extension); +bool smbldap_has_naming_context(LDAP *ld, const char *naming_context); +bool smbldap_set_creds(struct smbldap_state *ldap_state, bool anon, const char *dn, const char *secret); + +/* The following definitions come from lib/smbldap_util.c */ + +NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, + LDAPMessage ** result, const char *domain_name, + bool try_add); + #else #define LDAP void #define LDAPMessage void diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index ff286148eb..e0682f3a74 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -24,6 +24,7 @@ #include "librpc/gen_ndr/messaging.h" #include "librpc/gen_ndr/ndr_messaging.h" +#include "ctdbd_conn.h" /* paths to these include files come from --with-ctdb= in configure */ #include "ctdb.h" diff --git a/source3/lib/fault.c b/source3/lib/fault.c index 02e054b680..dd87ae1100 100644 --- a/source3/lib/fault.c +++ b/source3/lib/fault.c @@ -319,14 +319,6 @@ void dump_core_setup(const char *progname) #endif #endif -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) - /* On Linux we lose the ability to dump core when we change our user - * ID. We know how to dump core safely, so let's make sure we have our - * dumpable flag set. - */ - prctl(PR_SET_DUMPABLE, 1); -#endif - /* FIXME: if we have a core-plus-pid facility, configurably set * this up here. */ @@ -382,6 +374,14 @@ void dump_core_setup(const char *progname) umask(~(0700)); dbgflush(); +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* On Linux we lose the ability to dump core when we change our user + * ID. We know how to dump core safely, so let's make sure we have our + * dumpable flag set. + */ + prctl(PR_SET_DUMPABLE, 1); +#endif + /* Ensure we don't have a signal handler for abort. */ #ifdef SIGABRT CatchSignal(SIGABRT, SIG_DFL); diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c index 6e4c6d796c..edb77869cc 100644 --- a/source3/lib/g_lock.c +++ b/source3/lib/g_lock.c @@ -20,6 +20,7 @@ #include "includes.h" #include "g_lock.h" #include "librpc/gen_ndr/messaging.h" +#include "ctdbd_conn.h" static NTSTATUS g_lock_force_unlock(struct g_lock_ctx *ctx, const char *name, struct server_id pid); diff --git a/source3/lib/netapi/examples/netlogon/nltest.c b/source3/lib/netapi/examples/netlogon/nltest.c index e3ced90a20..0c393ea3be 100644 --- a/source3/lib/netapi/examples/netlogon/nltest.c +++ b/source3/lib/netapi/examples/netlogon/nltest.c @@ -58,7 +58,8 @@ enum { OPT_SITE, OPT_ACCOUNT, OPT_RET_DNS, - OPT_RET_NETBIOS + OPT_RET_NETBIOS, + OPT_DSREGDNS }; /**************************************************************** @@ -207,6 +208,7 @@ int main(int argc, const char **argv) char *opt_account = NULL; int opt_ret_dns = 0; int opt_ret_netbios = 0; + int opt_dsregdns = 0; uint32_t query_level = 0; uint8_t *buffer = NULL; uint32_t flags = 0; @@ -244,6 +246,7 @@ int main(int argc, const char **argv) {"account", 0, POPT_ARG_STRING, &opt_account, OPT_ACCOUNT, "ACCOUNT"}, {"ret_dns", 0, POPT_ARG_NONE, &opt_ret_dns, OPT_RET_DNS, NULL}, {"ret_netbios", 0, POPT_ARG_NONE, &opt_ret_netbios, OPT_RET_NETBIOS, NULL}, + {"dsregdns", 0, POPT_ARG_NONE, &opt_dsregdns, OPT_DSREGDNS, "Force registration of all DC-specific DNS records"}, POPT_COMMON_LIBNETAPI_EXAMPLES POPT_TABLEEND }; @@ -363,6 +366,23 @@ int main(int argc, const char **argv) print_netlogon_info_result(query_level, buffer); break; + case OPT_DSREGDNS: + query_level = 1; + status = I_NetLogonControl2(opt_server, + NETLOGON_CONTROL_FORCE_DNS_REG, + query_level, + NULL, + &buffer); + if (status != 0) { + fprintf(stderr, "I_NetlogonControl failed: Status = %d 0x%x %s\n", + status, status, + libnetapi_get_error_string(ctx, status)); + goto done; + } + + print_netlogon_info_result(query_level, buffer); + + break; case OPT_DSGETDC: if (opt_pdc) flags |= DS_PDC_REQUIRED; diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c index 53114b5d7d..6a926953c0 100644 --- a/source3/lib/netapi/group.c +++ b/source3/lib/netapi/group.c @@ -25,6 +25,7 @@ #include "lib/netapi/libnetapi.h" #include "../librpc/gen_ndr/cli_samr.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" /**************************************************************** ****************************************************************/ @@ -603,7 +604,7 @@ static WERROR map_group_info_to_buffer(TALLOC_CTX *mem_ctx, info3.grpi3_name = info->name.string; info3.grpi3_comment = info->description.string; info3.grpi3_attributes = info->attributes; - info3.grpi3_group_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + info3.grpi3_group_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info3, sizeof(info3)); @@ -1086,7 +1087,7 @@ static WERROR convert_samr_disp_groups_to_GROUP_INFO_3_buffer(TALLOC_CTX *mem_ct groups->entries[i].account_name.string); g3[i].grpi3_comment = talloc_strdup(mem_ctx, groups->entries[i].description.string); - g3[i].grpi3_group_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + g3[i].grpi3_group_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); g3[i].grpi3_attributes = groups->entries[i].acct_flags; W_ERROR_HAVE_NO_MEMORY(g3[i].grpi3_name); } diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c index 69cf974225..c9e1b722bd 100644 --- a/source3/lib/netapi/localgroup.c +++ b/source3/lib/netapi/localgroup.c @@ -27,6 +27,7 @@ #include "../librpc/gen_ndr/cli_lsa.h" #include "rpc_client/cli_lsarpc.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *pipe_cli, @@ -1171,7 +1172,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (i=0; i < r->in.total_entries; i++) { bool already_member = false; for (k=0; k < current_sids.num_sids; k++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { already_member = true; break; @@ -1193,7 +1194,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (k=0; k < current_sids.num_sids; k++) { bool keep_member = false; for (i=0; i < r->in.total_entries; i++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { keep_member = true; break; diff --git a/source3/lib/netapi/netlogon.c b/source3/lib/netapi/netlogon.c index d58b7ccf67..932ab8bb1d 100644 --- a/source3/lib/netapi/netlogon.c +++ b/source3/lib/netapi/netlogon.c @@ -43,6 +43,9 @@ static WERROR construct_data(enum netr_LogonControlCode function_code, case NETLOGON_CONTROL_SET_DBFLAG: data_out->debug_level = atoi((const char *)data_in); break; + case NETLOGON_CONTROL_FORCE_DNS_REG: + ZERO_STRUCTP(data_out); + break; default: return WERR_INVALID_PARAM; } @@ -193,6 +196,7 @@ WERROR I_NetLogonControl2_r(struct libnetapi_ctx *ctx, switch (r->in.function_code) { case NETLOGON_CONTROL_TC_VERIFY: case NETLOGON_CONTROL_SET_DBFLAG: + case NETLOGON_CONTROL_FORCE_DNS_REG: status = rpccli_netr_LogonControl2Ex(pipe_cli, ctx, r->in.server_name, r->in.function_code, diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index 67a7443cd4..de0fc7da6e 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -27,6 +27,7 @@ #include "rpc_client/init_samr.h" #include "../libds/common/flags.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" /**************************************************************** ****************************************************************/ @@ -705,12 +706,12 @@ static NTSTATUS libnetapi_samr_lookup_user(TALLOC_CTX *mem_ctx, for (i=0; i<rid_array->count; i++) { sid_compose(&sid, domain_sid, rid_array->rids[i].rid); - sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sid); + sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid); NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid); } sid_compose(&sid, domain_sid, rid); - sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sid); + sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid); NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid); status = rpccli_samr_GetAliasMembership(pipe_cli, mem_ctx, @@ -923,7 +924,7 @@ static NTSTATUS info21_to_USER_INFO_4(TALLOC_CTX *mem_ctx, if (!sid_compose(&sid, domain_sid, i21->rid)) { return NT_STATUS_NO_MEMORY; } - i->usri4_user_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + i->usri4_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); i->usri4_primary_group_id = i21->primary_gid; i->usri4_profile = talloc_strdup(mem_ctx, i21->profile_path.string); i->usri4_home_dir_drive = talloc_strdup(mem_ctx, i21->home_drive.string); @@ -1024,7 +1025,7 @@ static NTSTATUS info21_to_USER_INFO_23(TALLOC_CTX *mem_ctx, if (!sid_compose(&sid, domain_sid, i21->rid)) { return NT_STATUS_NO_MEMORY; } - i->usri23_user_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + i->usri23_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); return NT_STATUS_OK; } @@ -2066,7 +2067,7 @@ static NTSTATUS query_USER_MODALS_INFO_2(TALLOC_CTX *mem_ctx, info2->usrmod2_domain_name = talloc_strdup(mem_ctx, dom_info5.domain_name.string); info2->usrmod2_domain_id = - (struct domsid *)sid_dup_talloc(mem_ctx, domain_sid); + (struct domsid *)dom_sid_dup(mem_ctx, domain_sid); NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_name); NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_id); @@ -3334,7 +3335,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx, goto done; } - sid_array.sids[0].sid = sid_dup_talloc(ctx, &user_sid); + sid_array.sids[0].sid = dom_sid_dup(ctx, &user_sid); if (!sid_array.sids[0].sid) { werr = WERR_NOMEM; goto done; @@ -3348,7 +3349,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx, goto done; } - sid_array.sids[i+1].sid = sid_dup_talloc(ctx, &sid); + sid_array.sids[i+1].sid = dom_sid_dup(ctx, &sid); if (!sid_array.sids[i+1].sid) { werr = WERR_NOMEM; goto done; diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index b9ed955dee..11256817a5 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -22,6 +22,7 @@ #include "includes.h" #include "../librpc/gen_ndr/ndr_security.h" +#include "../libcli/security/dom_sid.h" #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ SECINFO_DACL|SECINFO_SACL|\ @@ -190,10 +191,10 @@ struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx, dst->sacl = NULL; dst->dacl = NULL; - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(dst,owner_sid)) == NULL)) + if(owner_sid && ((dst->owner_sid = dom_sid_dup(dst,owner_sid)) == NULL)) goto error_exit; - if(grp_sid && ((dst->group_sid = sid_dup_talloc(dst,grp_sid)) == NULL)) + if(grp_sid && ((dst->group_sid = dom_sid_dup(dst,grp_sid)) == NULL)) goto error_exit; if(sacl && ((dst->sacl = dup_sec_acl(dst, sacl)) == NULL)) @@ -607,10 +608,10 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } /* The CREATOR sids are special when inherited */ - if (sid_equal(ptrustee, &global_sid_Creator_Owner)) { + if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) { creator = &global_sid_Creator_Owner; ptrustee = owner_sid; - } else if (sid_equal(ptrustee, &global_sid_Creator_Group)) { + } else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) { creator = &global_sid_Creator_Group; ptrustee = group_sid; } diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c index ba27b48206..cafa3bfee4 100644 --- a/source3/lib/smbconf/smbconf_reg.c +++ b/source3/lib/smbconf/smbconf_reg.c @@ -22,6 +22,7 @@ #include "registry.h" #include "registry/reg_backend_db.h" #include "registry/reg_util_token.h" +#include "registry/reg_api_util.h" #include "lib/smbconf/smbconf_init.h" #include "lib/smbconf/smbconf_reg.h" diff --git a/source3/lib/util.c b/source3/lib/util.c index 3303894e0e..28336512df 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -24,6 +24,7 @@ #include "includes.h" #include "popt_common.h" #include "secrets.h" +#include "ctdbd_conn.h" extern char *global_clobber_region_function; extern unsigned int global_clobber_region_line; @@ -823,55 +824,6 @@ ssize_t write_data_at_offset(int fd, const char *buffer, size_t N, SMB_OFF_T pos #endif } -/******************************************************************* - Sleep for a specified number of milliseconds. -********************************************************************/ - -void smb_msleep(unsigned int t) -{ -#if defined(HAVE_NANOSLEEP) - struct timespec tval; - int ret; - - tval.tv_sec = t/1000; - tval.tv_nsec = 1000000*(t%1000); - - do { - errno = 0; - ret = nanosleep(&tval, &tval); - } while (ret < 0 && errno == EINTR && (tval.tv_sec > 0 || tval.tv_nsec > 0)); -#else - unsigned int tdiff=0; - struct timeval tval,t1,t2; - fd_set fds; - - GetTimeOfDay(&t1); - t2 = t1; - - while (tdiff < t) { - tval.tv_sec = (t-tdiff)/1000; - tval.tv_usec = 1000*((t-tdiff)%1000); - - /* Never wait for more than 1 sec. */ - if (tval.tv_sec > 1) { - tval.tv_sec = 1; - tval.tv_usec = 0; - } - - FD_ZERO(&fds); - errno = 0; - sys_select_intr(0,&fds,NULL,NULL,&tval); - - GetTimeOfDay(&t2); - if (t2.tv_sec < t1.tv_sec) { - /* Someone adjusted time... */ - t1 = t2; - } - - tdiff = TvalDiff(&t1,&t2); - } -#endif -} NTSTATUS reinit_after_fork(struct messaging_context *msg_ctx, struct event_context *ev_ctx, diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c index 3130ed89fb..680dd29ba7 100644 --- a/source3/lib/util_nttoken.c +++ b/source3/lib/util_nttoken.c @@ -26,6 +26,7 @@ /* function(s) moved from auth/auth_util.c to minimize linker deps */ #include "includes.h" +#include "../libcli/security/dom_sid.h" /**************************************************************************** Duplicate a SID token. @@ -120,7 +121,7 @@ bool token_sid_in_ace(const struct security_token *token, const struct security_ size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->trustee, &token->sids[i])) + if (dom_sid_equal(&ace->trustee, &token->sids[i])) return true; } diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 92218ff2b2..d75c8e2c97 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -244,7 +244,7 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid return False; } - if (sid_compare_domain(exp_dom_sid, sid)!=0){ + if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){ *rid=(-1); return False; } @@ -308,84 +308,6 @@ bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid) } /***************************************************************** - Compare the auth portion of two sids. -*****************************************************************/ - -static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - if (sid1->sid_rev_num != sid2->sid_rev_num) - return sid1->sid_rev_num - sid2->sid_rev_num; - - for (i = 0; i < 6; i++) - if (sid1->id_auth[i] != sid2->id_auth[i]) - return sid1->id_auth[i] - sid2->id_auth[i]; - - return 0; -} - -/***************************************************************** - Compare two sids. -*****************************************************************/ - -int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - /* Compare most likely different rids, first: i.e start at end */ - if (sid1->num_auths != sid2->num_auths) - return sid1->num_auths - sid2->num_auths; - - for (i = sid1->num_auths-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -} - -/***************************************************************** - See if 2 SIDs are in the same domain - this just compares the leading sub-auths -*****************************************************************/ - -int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int n, i; - - n = MIN(sid1->num_auths, sid2->num_auths); - - for (i = n-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -} - -/***************************************************************** - Compare two sids. -*****************************************************************/ - -bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - return sid_compare(sid1, sid2) == 0; -} - -/***************************************************************** Returns true if SID is internal (and non-mappable). *****************************************************************/ @@ -397,10 +319,10 @@ bool non_mappable_sid(struct dom_sid *sid) sid_copy(&dom, sid); sid_split_rid(&dom, &rid); - if (sid_equal(&dom, &global_sid_Builtin)) + if (dom_sid_equal(&dom, &global_sid_Builtin)) return True; - if (sid_equal(&dom, &global_sid_NT_Authority)) + if (dom_sid_equal(&dom, &global_sid_NT_Authority)) return True; return False; @@ -444,25 +366,6 @@ char *sid_binstring_hex(const struct dom_sid *sid) return s; } -/******************************************************************* - Tallocs a duplicate SID. -********************************************************************/ - -struct dom_sid *sid_dup_talloc(TALLOC_CTX *ctx, const struct dom_sid *src) -{ - struct dom_sid *dst; - - if (src == NULL) { - return NULL; - } - dst = talloc_zero(ctx, struct dom_sid); - if (dst == NULL) { - return NULL; - } - sid_copy(dst, src); - return dst; -} - /******************************************************************** Add SID to an array SIDs ********************************************************************/ @@ -494,7 +397,7 @@ NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, size_t i; for (i=0; i<(*num_sids); i++) { - if (sid_compare(sid, &(*sids)[i]) == 0) + if (dom_sid_compare(sid, &(*sids)[i]) == 0) return NT_STATUS_OK; } @@ -515,7 +418,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t /* if we find the SID, then decrement the count and break out of the loop */ - if ( sid_equal(sid, &sid_list[i]) ) { + if ( dom_sid_equal(sid, &sid_list[i]) ) { *num -= 1; break; } @@ -555,7 +458,7 @@ bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, bool is_null_sid(const struct dom_sid *sid) { static const struct dom_sid null_sid = {0}; - return sid_equal(sid, &null_sid); + return dom_sid_equal(sid, &null_sid); } bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid) @@ -563,7 +466,7 @@ bool is_sid_in_token(const struct security_token *token, const struct dom_sid *s int i; for (i=0; i<token->num_sids; i++) { - if (sid_compare(sid, &token->sids[i]) == 0) + if (dom_sid_compare(sid, &token->sids[i]) == 0) return true; } return false; diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 46926f6298..2b33816293 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -21,6 +21,7 @@ #include "includes.h" #include "memcache.h" +#include "../lib/async_req/async_sock.h" /**************************************************************************** Get a port number in host byte order from a sockaddr_storage. diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 97d89dc88d..3525876ecf 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -27,6 +27,7 @@ #include "libads/cldap.h" #include "libads/dns.h" #include "../libds/common/flags.h" +#include "smbldap.h" #ifdef HAVE_LDAP diff --git a/source3/libgpo/gpo_reg.c b/source3/libgpo/gpo_reg.c index f599435e6c..8c05b2f132 100644 --- a/source3/libgpo/gpo_reg.c +++ b/source3/libgpo/gpo_reg.c @@ -22,6 +22,7 @@ #include "libgpo/gpo_proto.h" #include "registry.h" #include "registry/reg_backend_db.h" +#include "registry/reg_api_util.h" /**************************************************************** diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 34fe3a72ab..28b2f6c654 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -35,6 +35,7 @@ #include "secrets.h" #include "rpc_client/init_lsa.h" #include "krb5_env.h" +#include "../libcli/security/dom_sid.h" /**************************************************************** ****************************************************************/ @@ -744,7 +745,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, r->out.netbios_domain_name = info->dns.name.string; r->out.dns_domain_name = info->dns.dns_domain.string; r->out.forest_name = info->dns.dns_forest.string; - r->out.domain_sid = sid_dup_talloc(mem_ctx, info->dns.sid); + r->out.domain_sid = dom_sid_dup(mem_ctx, info->dns.sid); NT_STATUS_HAVE_NO_MEMORY(r->out.domain_sid); } @@ -758,7 +759,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, } r->out.netbios_domain_name = info->account_domain.name.string; - r->out.domain_sid = sid_dup_talloc(mem_ctx, info->account_domain.sid); + r->out.domain_sid = dom_sid_dup(mem_ctx, info->account_domain.sid); NT_STATUS_HAVE_NO_MEMORY(r->out.domain_sid); } @@ -2008,7 +2009,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, "Unable to fetch domain sid: are we joined?"); return WERR_SETUP_NOT_JOINED; } - r->in.domain_sid = sid_dup_talloc(mem_ctx, &sid); + r->in.domain_sid = dom_sid_dup(mem_ctx, &sid); W_ERROR_HAVE_NO_MEMORY(r->in.domain_sid); } diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 6668be28b5..1b5b9c3b2f 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -28,6 +28,7 @@ #include "../libcli/auth/libcli_auth.h" #include "../librpc/gen_ndr/ndr_netlogon.h" #include "../librpc/gen_ndr/cli_netlogon.h" +#include "../libcli/security/dom_sid.h" /** * Fix up the delta, dealing with encryption issues so that the final @@ -72,7 +73,7 @@ NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(ctx); if (domain_sid) { - ctx->domain_sid = sid_dup_talloc(mem_ctx, domain_sid); + ctx->domain_sid = dom_sid_dup(mem_ctx, domain_sid); NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 96bad4da32..454f0a9c41 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -25,6 +25,7 @@ #include "includes.h" #include "libnet/libnet_samsync.h" +#include "smbldap.h" #ifdef HAVE_LDAP diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 224598a480..a837ecd6dc 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -25,6 +25,7 @@ #include "includes.h" #include "libnet/libnet_samsync.h" +#include "../libcli/security/dom_sid.h" /* Convert a struct samu_DELTA to a struct samu. */ #define STRING_CHANGED (old_string && !new_string) ||\ @@ -608,7 +609,7 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx, map.gid = grp->gr_gid; map.sid = alias_sid; - if (sid_equal(dom_sid, &global_sid_Builtin)) + if (dom_sid_equal(dom_sid, &global_sid_Builtin)) map.sid_name_use = SID_NAME_WKN_GRP; else map.sid_name_use = SID_NAME_ALIAS; diff --git a/source3/librpc/idl/libnetapi.idl b/source3/librpc/idl/libnetapi.idl index f83896cf72..935256af16 100644 --- a/source3/librpc/idl/libnetapi.idl +++ b/source3/librpc/idl/libnetapi.idl @@ -1936,7 +1936,7 @@ interface libnetapi [in] string server_name, [in] uint32 function_code, [in] uint32 query_level, - [in] uint8 *data, + [in,unique] uint8 *data, [out,ref] uint8 **buffer ); } diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 8e08d6fc40..0aaeea2827 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -18,6 +18,8 @@ */ #include "includes.h" +#include "../lib/async_req/async_sock.h" +#include "async_smb.h" /* * Read an smb packet asynchronously, discard keepalives diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 169bf4f037..92e5bb2021 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -26,6 +26,7 @@ #include "../libcli/auth/ntlmssp.h" #include "libads/kerberos_proto.h" #include "krb5_env.h" +#include "async_smb.h" static const struct { int prot; @@ -1498,7 +1499,7 @@ NTSTATUS cli_session_setup(struct cli_state *cli, struct cli_ulogoff_state { struct cli_state *cli; - uint16_t vwv[2]; + uint16_t vwv[3]; }; static void cli_ulogoff_done(struct tevent_req *subreq); diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index cdf51c75c3..2c49a8b3f0 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -20,6 +20,7 @@ #include "includes.h" #include "smb_signing.h" +#include "async_smb.h" /******************************************************************* Setup the word count and byte count for a client smb message. diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index d6b2e31de7..ce8d7a593b 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "async_smb.h" /*********************************************************** Common function for pushing stings, used by smb_bytes_push_str() diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 6cbf7104d4..5ca76ac16a 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -21,6 +21,7 @@ #include "includes.h" #include "../libcli/auth/spnego.h" #include "../libcli/auth/ntlmssp.h" +#include "async_smb.h" /**************************************************************************** Get UNIX extensions version info. diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index b580172317..280f876ba7 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "async_smb.h" /**************************************************************************** Calculate a safe next_entry_offset. diff --git a/source3/libsmb/climessage.c b/source3/libsmb/climessage.c index 3777c41482..4c730c4b76 100644 --- a/source3/libsmb/climessage.c +++ b/source3/libsmb/climessage.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "async_smb.h" struct cli_message_start_state { uint16_t grp; diff --git a/source3/libsmb/clioplock.c b/source3/libsmb/clioplock.c index 8904ac973f..09f9869420 100644 --- a/source3/libsmb/clioplock.c +++ b/source3/libsmb/clioplock.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "async_smb.h" /**************************************************************************** send an ack for an oplock break request diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index a1b911cfbf..3ac9f4454f 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -23,6 +23,7 @@ #include "../libcli/auth/libcli_auth.h" #include "../librpc/gen_ndr/rap.h" #include "../lib/crypto/arcfour.h" +#include "async_smb.h" /**************************************************************************** Call a remote api diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 24c9d9f681..370c068fe4 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "async_smb.h" /**************************************************************************** Calculate the recommended read buffer size diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index dd0873d824..4379e1480a 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -18,7 +18,7 @@ */ #include "includes.h" - +#include "async_smb.h" /**************************************************************************** Send a SMB trans or trans2 request. diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index cc87715d8f..bc329bf226 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -27,6 +27,7 @@ #include "libsmb_internal.h" #include "../librpc/gen_ndr/ndr_lsa.h" #include "rpc_client/cli_lsarpc.h" +#include "../libcli/security/dom_sid.h" /* @@ -121,8 +122,8 @@ ace_compare(struct security_ace *ace1, return ace2->type - ace1->type; } - if (sid_compare(&ace1->trustee, &ace2->trustee)) { - return sid_compare(&ace1->trustee, &ace2->trustee); + if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) { + return dom_sid_compare(&ace1->trustee, &ace2->trustee); } if (ace1->flags != ace2->flags) { @@ -1608,7 +1609,7 @@ cacl_set(SMBCCTX *context, bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->aces[i].trustee, + if (dom_sid_equal(&sd->dacl->aces[i].trustee, &old->dacl->aces[j].trustee)) { if (!(flags & SMBC_XATTR_FLAG_CREATE)) { err = EEXIST; diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index c949d3bcb4..d1fb5ab817 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -307,7 +307,7 @@ NODE_STATUS_STRUCT *node_status_query(int fd, while (1) { struct timespec tp2; clock_gettime_mono(&tp2); - if (TspecDiff(&tp,&tp2) > retry_time) { + if (nsec_time_diff(&tp2,&tp)/1000000 > retry_time) { if (!retries) break; if (!found && !send_packet(&p)) @@ -716,7 +716,7 @@ struct sockaddr_storage *name_query(int fd, struct timespec tp2; clock_gettime_mono(&tp2); - if (TspecDiff(&tp,&tp2) > retry_time) { + if (nsec_time_diff(&tp2,&tp)/1000000 > retry_time) { if (!retries) break; if (!found && !send_packet(&p)) diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 9dd5df87ec..8e61351a1a 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -417,7 +417,7 @@ static void split_afs_acl(struct afs_acl *acl, static bool same_principal(struct afs_ace *x, struct afs_ace *y) { return ( (x->positive == y->positive) && - (sid_compare(&x->sid, &y->sid) == 0) ); + (dom_sid_compare(&x->sid, &y->sid) == 0) ); } static void merge_afs_acls(struct afs_acl *dir_acl, @@ -699,16 +699,16 @@ static bool mappable_sid(const struct dom_sid *sid) { struct dom_sid domain_sid; - if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0) + if (dom_sid_compare(sid, &global_sid_Builtin_Administrators) == 0) return True; - if (sid_compare(sid, &global_sid_World) == 0) + if (dom_sid_compare(sid, &global_sid_World) == 0) return True; - if (sid_compare(sid, &global_sid_Authenticated_Users) == 0) + if (dom_sid_compare(sid, &global_sid_Authenticated_Users) == 0) return True; - if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0) + if (dom_sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0) return True; string_to_sid(&domain_sid, "S-1-5-21"); @@ -757,22 +757,22 @@ static bool nt_to_afs_acl(const char *filename, continue; } - if (sid_compare(&ace->trustee, + if (dom_sid_compare(&ace->trustee, &global_sid_Builtin_Administrators) == 0) { name = "system:administrators"; - } else if (sid_compare(&ace->trustee, + } else if (dom_sid_compare(&ace->trustee, &global_sid_World) == 0) { name = "system:anyuser"; - } else if (sid_compare(&ace->trustee, + } else if (dom_sid_compare(&ace->trustee, &global_sid_Authenticated_Users) == 0) { name = "system:authuser"; - } else if (sid_compare(&ace->trustee, + } else if (dom_sid_compare(&ace->trustee, &global_sid_Builtin_Backup_Operators) == 0) { diff --git a/source3/modules/vfs_scannedonly.c b/source3/modules/vfs_scannedonly.c index b76bef41b4..ab5a7f4e6c 100644 --- a/source3/modules/vfs_scannedonly.c +++ b/source3/modules/vfs_scannedonly.c @@ -476,13 +476,12 @@ static bool scannedonly_allow_access(vfs_handle_struct * handle, flush_sendbuffer(handle); while (retval != 0 /*&& errno == ENOENT */ && i < recheck_tries) { - struct timespec req = { 0, recheck_time * 10000 }; DEBUG(SCANNEDONLY_DEBUG, ("scannedonly_allow_access, wait (try=%d " "(max %d), %d ms) for %s\n", i, recheck_tries, recheck_time, cache_smb_fname->base_name)); - nanosleep(&req, NULL); + smb_msleep(recheck_time); retval = SMB_VFS_NEXT_STAT(handle, cache_smb_fname); i++; } diff --git a/source3/nmbd/nmbd.h b/source3/nmbd/nmbd.h index 0e8d12edf8..6ccbd930fb 100644 --- a/source3/nmbd/nmbd.h +++ b/source3/nmbd/nmbd.h @@ -1,2 +1,5 @@ +#ifndef HAVE_PIPE +#define SYNC_DNS 1 +#endif #include "nmbd/nmbd_proto.h" diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 4ae699ac2a..4567f3602d 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -62,6 +62,7 @@ #include "smb_signing.h" #include "dbwrap.h" +#include "smbldap.h" #ifdef HAVE_SYS_SYSCTL_H #include <sys/sysctl.h> diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 0e2385f43f..fa855f3467 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -24,6 +24,7 @@ #include "secrets.h" #include "memcache.h" #include "idmap_cache.h" +#include "../libcli/security/dom_sid.h" /***************************************************************** Dissect a user-provided name into domain, name, sid and type. @@ -655,7 +656,7 @@ static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx, } for (i=0; i<num_domains; i++) { - if (sid_equal(sid, &domains[i]->sid)) { + if (dom_sid_equal(sid, &domains[i]->sid)) { *name = talloc_strdup(mem_ctx, domains[i]->name); return true; @@ -834,7 +835,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, if (!dom_infos[j].valid) { break; } - if (sid_equal(&sid, &dom_infos[j].sid)) { + if (dom_sid_equal(&sid, &dom_infos[j].sid)) { break; } } @@ -1581,7 +1582,7 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx, /* We need a sid within our domain */ sid_copy(&domain_sid, group_sid); sid_split_rid(&domain_sid, &rid); - if (sid_equal(&domain_sid, get_global_sam_sid())) { + if (dom_sid_equal(&domain_sid, get_global_sam_sid())) { /* * As shortcut for the expensive lookup_sid call * compare the domain sid part diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index c3534f7fa7..6e5a970f4c 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -23,6 +23,7 @@ #include "includes.h" #include "secrets.h" #include "dbwrap.h" +#include "../libcli/security/dom_sid.h" /* NOTE! the global_sam_sid is the SID of our local SAM. This is only equal to the domain SID when we are a DC, otherwise its our @@ -113,7 +114,7 @@ static struct dom_sid *pdb_generate_sam_sid(void) return sam_sid; } - if (!sid_equal(&domain_sid, sam_sid)) { + if (!dom_sid_equal(&domain_sid, sam_sid)) { /* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */ @@ -232,7 +233,7 @@ void reset_global_sam_sid(void) bool sid_check_is_domain(const struct dom_sid *sid) { - return sid_equal(sid, get_global_sam_sid()); + return dom_sid_equal(sid, get_global_sam_sid()); } /***************************************************************** diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 3e2510e74c..493e9ed0dd 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -23,6 +23,7 @@ #include "includes.h" #include "../libcli/auth/libcli_auth.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -509,7 +510,7 @@ bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum p sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS); - if (sid_equal(&dug_sid, g_sid)) { + if (dom_sid_equal(&dug_sid, g_sid)) { sid_copy(sampass->group_sid, &dug_sid); } else if (sid_to_gid( g_sid, &gid ) ) { sid_copy(sampass->group_sid, g_sid); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 4f93b33a54..9f3a1725a4 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -25,6 +25,7 @@ #include "../librpc/gen_ndr/samr.h" #include "memcache.h" #include "nsswitch/winbind_client.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -890,7 +891,7 @@ static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account, } for (i=0; i<num_groups; i++) { - if (sid_equal(group_sid, &sids[i])) { + if (dom_sid_equal(group_sid, &sids[i])) { return True; } } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 658d774fef..d046a527a6 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -47,6 +47,7 @@ #include "../libcli/auth/libcli_auth.h" #include "secrets.h" #include "idmap_cache.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -1106,7 +1107,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state, gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid); primary_gsid = pdb_get_group_sid(sampass); - if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) { + if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) { store_gid_sid_cache(primary_gsid, sampass->unix_pw->pw_gid); idmap_cache_set_sid2gid(primary_gsid, @@ -2682,7 +2683,7 @@ static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct, return False; } - if (sid_compare_domain(&sid, domain_sid) != 0) { + if (dom_sid_compare_domain(&sid, domain_sid) != 0) { DEBUG(10, ("SID %s is not in expected domain %s\n", str, sid_string_dbg(domain_sid))); return False; @@ -3055,7 +3056,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, } } - if (sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) { + if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) { DEBUG(3, ("primary group of [%s] not found\n", pdb_get_username(user))); goto done; @@ -6668,7 +6669,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) } found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, &secrets_domain_sid); - if (!found_sid || !sid_equal(&secrets_domain_sid, + if (!found_sid || !dom_sid_equal(&secrets_domain_sid, &ldap_domain_sid)) { DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain " "%s based on pdb_ldap results %s -> %s\n", diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index dd89c8e10b..9369726988 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -22,6 +22,7 @@ #include "includes.h" #include "../librpc/gen_ndr/samr.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -1372,7 +1373,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct sam return nt_status; /* build_sam_account might change the SID on us, if the name was for the guest account */ - if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) { + if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) { DEBUG(1, ("looking for user with sid %s instead returned %s " "for account %s!?!\n", sid_string_dbg(sid), sid_string_dbg(pdb_get_user_sid(sam_acct)), diff --git a/source3/passdb/util_builtin.c b/source3/passdb/util_builtin.c index 05a46371b3..cf483bbb96 100644 --- a/source3/passdb/util_builtin.c +++ b/source3/passdb/util_builtin.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" struct rid_name_map { uint32 rid; @@ -104,7 +105,7 @@ const char *builtin_domain_name(void) bool sid_check_is_builtin(const struct dom_sid *sid) { - return sid_equal(sid, &global_sid_Builtin); + return dom_sid_equal(sid, &global_sid_Builtin); } /***************************************************************** diff --git a/source3/passdb/util_unixsids.c b/source3/passdb/util_unixsids.c index 0894804c5b..1bd07c7a2f 100644 --- a/source3/passdb/util_unixsids.c +++ b/source3/passdb/util_unixsids.c @@ -18,10 +18,11 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" bool sid_check_is_unix_users(const struct dom_sid *sid) { - return sid_equal(sid, &global_sid_Unix_Users); + return dom_sid_equal(sid, &global_sid_Unix_Users); } bool sid_check_is_in_unix_users(const struct dom_sid *sid) @@ -79,7 +80,7 @@ bool lookup_unix_user_name(const char *name, struct dom_sid *sid) bool sid_check_is_unix_groups(const struct dom_sid *sid) { - return sid_equal(sid, &global_sid_Unix_Groups); + return dom_sid_equal(sid, &global_sid_Unix_Groups); } bool sid_check_is_in_unix_groups(const struct dom_sid *sid) diff --git a/source3/passdb/util_wellknown.c b/source3/passdb/util_wellknown.c index 7f670f9225..4f6f3f308d 100644 --- a/source3/passdb/util_wellknown.c +++ b/source3/passdb/util_wellknown.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" struct rid_name_map { uint32 rid; @@ -75,7 +76,7 @@ bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name) int i; for (i=0; special_domains[i].sid != NULL; i++) { - if (sid_equal(sid, special_domains[i].sid)) { + if (dom_sid_equal(sid, special_domains[i].sid)) { if (name != NULL) { *name = special_domains[i].name; } @@ -115,7 +116,7 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, } for (i=0; special_domains[i].sid != NULL; i++) { - if (sid_equal(&dom_sid, special_domains[i].sid)) { + if (dom_sid_equal(&dom_sid, special_domains[i].sid)) { *domain = talloc_strdup(mem_ctx, special_domains[i].name); users = special_domains[i].known_users; diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index 0352446e7b..1cbe4661b1 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -53,19 +53,18 @@ * 0x1a winreg_GetVersion reg_getversion * 0x1b winreg_OpenHKCC * 0x1c winreg_OpenHKDD - * 0x1d winreg_QueryMultipleValues + * 0x1d winreg_QueryMultipleValues reg_querymultiplevalues * 0x1e winreg_InitiateSystemShutdownEx * 0x1f winreg_SaveKeyEx * 0x20 winreg_OpenHKPT * 0x21 winreg_OpenHKPN - * 0x22 winreg_QueryMultipleValues2 + * 0x22 winreg_QueryMultipleValues2 reg_querymultiplevalues * */ #include "includes.h" #include "registry.h" #include "reg_cachehook.h" -#include "regfio.h" #include "reg_util_internal.h" #include "reg_backend_db.h" #include "reg_dispatcher.h" @@ -748,277 +747,6 @@ WERROR reg_getversion(uint32_t *version) return WERR_OK; } -/******************************************************************* - Note: topkeypat is the *full* path that this *key will be - loaded into (including the name of the key) - ********************************************************************/ - -static WERROR reg_load_tree(REGF_FILE *regfile, const char *topkeypath, - REGF_NK_REC *key) -{ - REGF_NK_REC *subkey; - struct registry_key_handle registry_key; - struct regval_ctr *values; - struct regsubkey_ctr *subkeys; - int i; - char *path = NULL; - WERROR result = WERR_OK; - - /* initialize the struct registry_key_handle structure */ - - registry_key.ops = reghook_cache_find(topkeypath); - if (!registry_key.ops) { - DEBUG(0, ("reg_load_tree: Failed to assign registry_ops " - "to [%s]\n", topkeypath)); - return WERR_BADFILE; - } - - registry_key.name = talloc_strdup(regfile->mem_ctx, topkeypath); - if (!registry_key.name) { - DEBUG(0, ("reg_load_tree: Talloc failed for reg_key.name!\n")); - return WERR_NOMEM; - } - - /* now start parsing the values and subkeys */ - - result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys); - W_ERROR_NOT_OK_RETURN(result); - - result = regval_ctr_init(subkeys, &values); - W_ERROR_NOT_OK_RETURN(result); - - /* copy values into the struct regval_ctr */ - - for (i=0; i<key->num_values; i++) { - regval_ctr_addvalue(values, key->values[i].valuename, - key->values[i].type, - key->values[i].data, - (key->values[i].data_size & ~VK_DATA_IN_OFFSET)); - } - - /* copy subkeys into the struct regsubkey_ctr */ - - key->subkey_index = 0; - while ((subkey = regfio_fetch_subkey( regfile, key ))) { - result = regsubkey_ctr_addkey(subkeys, subkey->keyname); - if (!W_ERROR_IS_OK(result)) { - TALLOC_FREE(subkeys); - return result; - } - } - - /* write this key and values out */ - - if (!store_reg_values(®istry_key, values) - || !store_reg_keys(®istry_key, subkeys)) - { - DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath)); - result = WERR_REG_IO_FAILURE; - } - - TALLOC_FREE(subkeys); - - if (!W_ERROR_IS_OK(result)) { - return result; - } - - /* now continue to load each subkey registry tree */ - - key->subkey_index = 0; - while ((subkey = regfio_fetch_subkey(regfile, key))) { - path = talloc_asprintf(regfile->mem_ctx, - "%s\\%s", - topkeypath, - subkey->keyname); - if (path == NULL) { - return WERR_NOMEM; - } - result = reg_load_tree(regfile, path, subkey); - if (!W_ERROR_IS_OK(result)) { - break; - } - } - - return result; -} - -/******************************************************************* - ********************************************************************/ - -static WERROR restore_registry_key(struct registry_key_handle *krecord, - const char *fname) -{ - REGF_FILE *regfile; - REGF_NK_REC *rootkey; - WERROR result; - - /* open the registry file....fail if the file already exists */ - - regfile = regfio_open(fname, (O_RDONLY), 0); - if (regfile == NULL) { - DEBUG(0, ("restore_registry_key: failed to open \"%s\" (%s)\n", - fname, strerror(errno))); - return ntstatus_to_werror(map_nt_error_from_unix(errno)); - } - - /* get the rootkey from the regf file and then load the tree - via recursive calls */ - - if (!(rootkey = regfio_rootkey(regfile))) { - regfio_close(regfile); - return WERR_REG_FILE_INVALID; - } - - result = reg_load_tree(regfile, krecord->name, rootkey); - - /* cleanup */ - - regfio_close(regfile); - - return result; -} - -WERROR reg_restorekey(struct registry_key *key, const char *fname) -{ - return restore_registry_key(key->key, fname); -} - -/******************************************************************** -********************************************************************/ - -static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, - REGF_NK_REC *parent) -{ - REGF_NK_REC *key; - struct regval_ctr *values; - struct regsubkey_ctr *subkeys; - int i, num_subkeys; - char *key_tmp = NULL; - char *keyname, *parentpath; - char *subkeypath = NULL; - char *subkeyname; - struct registry_key_handle registry_key; - WERROR result = WERR_OK; - struct security_descriptor *sec_desc = NULL; - - if (!regfile) { - return WERR_GENERAL_FAILURE; - } - - if (!keypath) { - return WERR_OBJECT_PATH_INVALID; - } - - /* split up the registry key path */ - - key_tmp = talloc_strdup(regfile->mem_ctx, keypath); - if (!key_tmp) { - return WERR_NOMEM; - } - if (!reg_split_key(key_tmp, &parentpath, &keyname)) { - return WERR_OBJECT_PATH_INVALID; - } - - if (!keyname) { - keyname = parentpath; - } - - /* we need a registry_key_handle object here to enumerate subkeys and values */ - - ZERO_STRUCT(registry_key); - - registry_key.name = talloc_strdup(regfile->mem_ctx, keypath); - if (registry_key.name == NULL) { - return WERR_NOMEM; - } - - registry_key.ops = reghook_cache_find(registry_key.name); - if (registry_key.ops == NULL) { - return WERR_BADFILE; - } - - /* lookup the values and subkeys */ - - result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys); - W_ERROR_NOT_OK_RETURN(result); - - result = regval_ctr_init(subkeys, &values); - W_ERROR_NOT_OK_RETURN(result); - - fetch_reg_keys(®istry_key, subkeys); - fetch_reg_values(®istry_key, values); - - result = regkey_get_secdesc(regfile->mem_ctx, ®istry_key, &sec_desc); - if (!W_ERROR_IS_OK(result)) { - goto done; - } - - /* write out this key */ - - key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc, - parent); - if (key == NULL) { - result = WERR_CAN_NOT_COMPLETE; - goto done; - } - - /* write each one of the subkeys out */ - - num_subkeys = regsubkey_ctr_numkeys(subkeys); - for (i=0; i<num_subkeys; i++) { - subkeyname = regsubkey_ctr_specific_key(subkeys, i); - subkeypath = talloc_asprintf(regfile->mem_ctx, "%s\\%s", - keypath, subkeyname); - if (subkeypath == NULL) { - result = WERR_NOMEM; - goto done; - } - result = reg_write_tree(regfile, subkeypath, key); - if (!W_ERROR_IS_OK(result)) - goto done; - } - - DEBUG(6, ("reg_write_tree: wrote key [%s]\n", keypath)); - -done: - TALLOC_FREE(subkeys); - TALLOC_FREE(registry_key.name); - - return result; -} - -static WERROR backup_registry_key(struct registry_key_handle *krecord, - const char *fname) -{ - REGF_FILE *regfile; - WERROR result; - - /* open the registry file....fail if the file already exists */ - - regfile = regfio_open(fname, (O_RDWR|O_CREAT|O_EXCL), - (S_IREAD|S_IWRITE)); - if (regfile == NULL) { - DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n", - fname, strerror(errno) )); - return ntstatus_to_werror(map_nt_error_from_unix(errno)); - } - - /* write the registry tree to the file */ - - result = reg_write_tree(regfile, krecord->name, NULL); - - /* cleanup */ - - regfio_close(regfile); - - return result; -} - -WERROR reg_savekey(struct registry_key *key, const char *fname) -{ - return backup_registry_key(key->key, fname); -} - /********************************************************************** * Higher level utility functions **********************************************************************/ @@ -1051,62 +779,6 @@ WERROR reg_deleteallvalues(struct registry_key *key) } /* - * Utility function to open a complete registry path including the hive prefix. - */ - -WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, - uint32 desired_access, const struct security_token *token, - struct registry_key **pkey) -{ - struct registry_key *hive, *key; - char *path, *p; - WERROR err; - - if (!(path = SMB_STRDUP(orig_path))) { - return WERR_NOMEM; - } - - p = strchr(path, '\\'); - - if ((p == NULL) || (p[1] == '\0')) { - /* - * No key behind the hive, just return the hive - */ - - err = reg_openhive(mem_ctx, path, desired_access, token, - &hive); - if (!W_ERROR_IS_OK(err)) { - SAFE_FREE(path); - return err; - } - SAFE_FREE(path); - *pkey = hive; - return WERR_OK; - } - - *p = '\0'; - - err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token, - &hive); - if (!W_ERROR_IS_OK(err)) { - SAFE_FREE(path); - return err; - } - - err = reg_openkey(mem_ctx, hive, p+1, desired_access, &key); - - TALLOC_FREE(hive); - SAFE_FREE(path); - - if (!W_ERROR_IS_OK(err)) { - return err; - } - - *pkey = key; - return WERR_OK; -} - -/* * Utility function to delete a registry key with all its subkeys. * Note that reg_deletekey returns ACCESS_DENIED when called on a * key that has subkeys. @@ -1212,101 +884,3 @@ WERROR reg_deletesubkeys_recursive(TALLOC_CTX *ctx, return reg_deletekey_recursive_trans(ctx, parent, path, false); } -#if 0 -/* these two functions are unused. */ - -/** - * Utility function to create a registry key without opening the hive - * before. Assumes the hive already exists. - */ - -WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path, - uint32 desired_access, - const struct security_token *token, - enum winreg_CreateAction *paction, - struct registry_key **pkey) -{ - struct registry_key *hive; - char *path, *p; - WERROR err; - - if (!(path = SMB_STRDUP(orig_path))) { - return WERR_NOMEM; - } - - p = strchr(path, '\\'); - - if ((p == NULL) || (p[1] == '\0')) { - /* - * No key behind the hive, just return the hive - */ - - err = reg_openhive(mem_ctx, path, desired_access, token, - &hive); - if (!W_ERROR_IS_OK(err)) { - SAFE_FREE(path); - return err; - } - SAFE_FREE(path); - *pkey = hive; - *paction = REG_OPENED_EXISTING_KEY; - return WERR_OK; - } - - *p = '\0'; - - err = reg_openhive(mem_ctx, path, - (strchr(p+1, '\\') != NULL) ? - KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, - token, &hive); - if (!W_ERROR_IS_OK(err)) { - SAFE_FREE(path); - return err; - } - - err = reg_createkey(mem_ctx, hive, p+1, desired_access, pkey, paction); - SAFE_FREE(path); - TALLOC_FREE(hive); - return err; -} - -/* - * Utility function to create a registry key without opening the hive - * before. Will not delete a hive. - */ - -WERROR reg_delete_path(const struct security_token *token, - const char *orig_path) -{ - struct registry_key *hive; - char *path, *p; - WERROR err; - - if (!(path = SMB_STRDUP(orig_path))) { - return WERR_NOMEM; - } - - p = strchr(path, '\\'); - - if ((p == NULL) || (p[1] == '\0')) { - SAFE_FREE(path); - return WERR_INVALID_PARAM; - } - - *p = '\0'; - - err = reg_openhive(NULL, path, - (strchr(p+1, '\\') != NULL) ? - KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, - token, &hive); - if (!W_ERROR_IS_OK(err)) { - SAFE_FREE(path); - return err; - } - - err = reg_deletekey(hive, p+1); - SAFE_FREE(path); - TALLOC_FREE(hive); - return err; -} -#endif /* #if 0 */ diff --git a/source3/registry/reg_api_regf.c b/source3/registry/reg_api_regf.c new file mode 100644 index 0000000000..8f249b5aa7 --- /dev/null +++ b/source3/registry/reg_api_regf.c @@ -0,0 +1,301 @@ +/* + * Unix SMB/CIFS implementation. + * Virtual Windows Registry Layer + * Copyright (C) Volker Lendecke 2006 + * Copyright (C) Michael Adam 2007-2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "registry.h" +#include "reg_cachehook.h" +#include "regfio.h" +#include "reg_util_internal.h" +#include "reg_dispatcher.h" +#include "reg_objects.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_REGISTRY + +/******************************************************************* + Note: topkeypat is the *full* path that this *key will be + loaded into (including the name of the key) + ********************************************************************/ + +static WERROR reg_load_tree(REGF_FILE *regfile, const char *topkeypath, + REGF_NK_REC *key) +{ + REGF_NK_REC *subkey; + struct registry_key_handle registry_key; + struct regval_ctr *values; + struct regsubkey_ctr *subkeys; + int i; + char *path = NULL; + WERROR result = WERR_OK; + + /* initialize the struct registry_key_handle structure */ + + registry_key.ops = reghook_cache_find(topkeypath); + if (!registry_key.ops) { + DEBUG(0, ("reg_load_tree: Failed to assign registry_ops " + "to [%s]\n", topkeypath)); + return WERR_BADFILE; + } + + registry_key.name = talloc_strdup(regfile->mem_ctx, topkeypath); + if (!registry_key.name) { + DEBUG(0, ("reg_load_tree: Talloc failed for reg_key.name!\n")); + return WERR_NOMEM; + } + + /* now start parsing the values and subkeys */ + + result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys); + W_ERROR_NOT_OK_RETURN(result); + + result = regval_ctr_init(subkeys, &values); + W_ERROR_NOT_OK_RETURN(result); + + /* copy values into the struct regval_ctr */ + + for (i=0; i<key->num_values; i++) { + regval_ctr_addvalue(values, key->values[i].valuename, + key->values[i].type, + key->values[i].data, + (key->values[i].data_size & ~VK_DATA_IN_OFFSET)); + } + + /* copy subkeys into the struct regsubkey_ctr */ + + key->subkey_index = 0; + while ((subkey = regfio_fetch_subkey( regfile, key ))) { + result = regsubkey_ctr_addkey(subkeys, subkey->keyname); + if (!W_ERROR_IS_OK(result)) { + TALLOC_FREE(subkeys); + return result; + } + } + + /* write this key and values out */ + + if (!store_reg_values(®istry_key, values) + || !store_reg_keys(®istry_key, subkeys)) + { + DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath)); + result = WERR_REG_IO_FAILURE; + } + + TALLOC_FREE(subkeys); + + if (!W_ERROR_IS_OK(result)) { + return result; + } + + /* now continue to load each subkey registry tree */ + + key->subkey_index = 0; + while ((subkey = regfio_fetch_subkey(regfile, key))) { + path = talloc_asprintf(regfile->mem_ctx, + "%s\\%s", + topkeypath, + subkey->keyname); + if (path == NULL) { + return WERR_NOMEM; + } + result = reg_load_tree(regfile, path, subkey); + if (!W_ERROR_IS_OK(result)) { + break; + } + } + + return result; +} + +/******************************************************************* + ********************************************************************/ + +static WERROR restore_registry_key(struct registry_key_handle *krecord, + const char *fname) +{ + REGF_FILE *regfile; + REGF_NK_REC *rootkey; + WERROR result; + + /* open the registry file....fail if the file already exists */ + + regfile = regfio_open(fname, (O_RDONLY), 0); + if (regfile == NULL) { + DEBUG(0, ("restore_registry_key: failed to open \"%s\" (%s)\n", + fname, strerror(errno))); + return ntstatus_to_werror(map_nt_error_from_unix(errno)); + } + + /* get the rootkey from the regf file and then load the tree + via recursive calls */ + + if (!(rootkey = regfio_rootkey(regfile))) { + regfio_close(regfile); + return WERR_REG_FILE_INVALID; + } + + result = reg_load_tree(regfile, krecord->name, rootkey); + + /* cleanup */ + + regfio_close(regfile); + + return result; +} + +WERROR reg_restorekey(struct registry_key *key, const char *fname) +{ + return restore_registry_key(key->key, fname); +} + +/******************************************************************** +********************************************************************/ + +static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, + REGF_NK_REC *parent) +{ + REGF_NK_REC *key; + struct regval_ctr *values; + struct regsubkey_ctr *subkeys; + int i, num_subkeys; + char *key_tmp = NULL; + char *keyname, *parentpath; + char *subkeypath = NULL; + char *subkeyname; + struct registry_key_handle registry_key; + WERROR result = WERR_OK; + struct security_descriptor *sec_desc = NULL; + + if (!regfile) { + return WERR_GENERAL_FAILURE; + } + + if (!keypath) { + return WERR_OBJECT_PATH_INVALID; + } + + /* split up the registry key path */ + + key_tmp = talloc_strdup(regfile->mem_ctx, keypath); + if (!key_tmp) { + return WERR_NOMEM; + } + if (!reg_split_key(key_tmp, &parentpath, &keyname)) { + return WERR_OBJECT_PATH_INVALID; + } + + if (!keyname) { + keyname = parentpath; + } + + /* we need a registry_key_handle object here to enumerate subkeys and values */ + + ZERO_STRUCT(registry_key); + + registry_key.name = talloc_strdup(regfile->mem_ctx, keypath); + if (registry_key.name == NULL) { + return WERR_NOMEM; + } + + registry_key.ops = reghook_cache_find(registry_key.name); + if (registry_key.ops == NULL) { + return WERR_BADFILE; + } + + /* lookup the values and subkeys */ + + result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys); + W_ERROR_NOT_OK_RETURN(result); + + result = regval_ctr_init(subkeys, &values); + W_ERROR_NOT_OK_RETURN(result); + + fetch_reg_keys(®istry_key, subkeys); + fetch_reg_values(®istry_key, values); + + result = regkey_get_secdesc(regfile->mem_ctx, ®istry_key, &sec_desc); + if (!W_ERROR_IS_OK(result)) { + goto done; + } + + /* write out this key */ + + key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc, + parent); + if (key == NULL) { + result = WERR_CAN_NOT_COMPLETE; + goto done; + } + + /* write each one of the subkeys out */ + + num_subkeys = regsubkey_ctr_numkeys(subkeys); + for (i=0; i<num_subkeys; i++) { + subkeyname = regsubkey_ctr_specific_key(subkeys, i); + subkeypath = talloc_asprintf(regfile->mem_ctx, "%s\\%s", + keypath, subkeyname); + if (subkeypath == NULL) { + result = WERR_NOMEM; + goto done; + } + result = reg_write_tree(regfile, subkeypath, key); + if (!W_ERROR_IS_OK(result)) + goto done; + } + + DEBUG(6, ("reg_write_tree: wrote key [%s]\n", keypath)); + +done: + TALLOC_FREE(subkeys); + TALLOC_FREE(registry_key.name); + + return result; +} + +static WERROR backup_registry_key(struct registry_key_handle *krecord, + const char *fname) +{ + REGF_FILE *regfile; + WERROR result; + + /* open the registry file....fail if the file already exists */ + + regfile = regfio_open(fname, (O_RDWR|O_CREAT|O_EXCL), + (S_IREAD|S_IWRITE)); + if (regfile == NULL) { + DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n", + fname, strerror(errno) )); + return ntstatus_to_werror(map_nt_error_from_unix(errno)); + } + + /* write the registry tree to the file */ + + result = reg_write_tree(regfile, krecord->name, NULL); + + /* cleanup */ + + regfio_close(regfile); + + return result; +} + +WERROR reg_savekey(struct registry_key *key, const char *fname) +{ + return backup_registry_key(key->key, fname); +} diff --git a/source3/registry/reg_api_util.c b/source3/registry/reg_api_util.c new file mode 100644 index 0000000000..592b370d3b --- /dev/null +++ b/source3/registry/reg_api_util.c @@ -0,0 +1,181 @@ +/* + * Unix SMB/CIFS implementation. + * Virtual Windows Registry Layer + * Copyright (C) Volker Lendecke 2006 + * Copyright (C) Michael Adam 2007-2010 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +/* + * Higher level utility functions on top of reg_api.c + */ + +#include "includes.h" +#include "registry.h" +#include "reg_api_util.h" + +/** + * Utility function to open a complete registry path including the hive prefix. + */ +WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, + uint32 desired_access, const struct security_token *token, + struct registry_key **pkey) +{ + struct registry_key *hive, *key; + char *path, *p; + WERROR err; + + if (!(path = SMB_STRDUP(orig_path))) { + return WERR_NOMEM; + } + + p = strchr(path, '\\'); + + if ((p == NULL) || (p[1] == '\0')) { + /* + * No key behind the hive, just return the hive + */ + + err = reg_openhive(mem_ctx, path, desired_access, token, + &hive); + if (!W_ERROR_IS_OK(err)) { + SAFE_FREE(path); + return err; + } + SAFE_FREE(path); + *pkey = hive; + return WERR_OK; + } + + *p = '\0'; + + err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token, + &hive); + if (!W_ERROR_IS_OK(err)) { + SAFE_FREE(path); + return err; + } + + err = reg_openkey(mem_ctx, hive, p+1, desired_access, &key); + + TALLOC_FREE(hive); + SAFE_FREE(path); + + if (!W_ERROR_IS_OK(err)) { + return err; + } + + *pkey = key; + return WERR_OK; +} + +#if 0 +/* these two functions are unused. */ + +/** + * Utility function to create a registry key without opening the hive + * before. Assumes the hive already exists. + */ + +WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path, + uint32 desired_access, + const struct security_token *token, + enum winreg_CreateAction *paction, + struct registry_key **pkey) +{ + struct registry_key *hive; + char *path, *p; + WERROR err; + + if (!(path = SMB_STRDUP(orig_path))) { + return WERR_NOMEM; + } + + p = strchr(path, '\\'); + + if ((p == NULL) || (p[1] == '\0')) { + /* + * No key behind the hive, just return the hive + */ + + err = reg_openhive(mem_ctx, path, desired_access, token, + &hive); + if (!W_ERROR_IS_OK(err)) { + SAFE_FREE(path); + return err; + } + SAFE_FREE(path); + *pkey = hive; + *paction = REG_OPENED_EXISTING_KEY; + return WERR_OK; + } + + *p = '\0'; + + err = reg_openhive(mem_ctx, path, + (strchr(p+1, '\\') != NULL) ? + KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, + token, &hive); + if (!W_ERROR_IS_OK(err)) { + SAFE_FREE(path); + return err; + } + + err = reg_createkey(mem_ctx, hive, p+1, desired_access, pkey, paction); + SAFE_FREE(path); + TALLOC_FREE(hive); + return err; +} + +/* + * Utility function to create a registry key without opening the hive + * before. Will not delete a hive. + */ + +WERROR reg_delete_path(const struct security_token *token, + const char *orig_path) +{ + struct registry_key *hive; + char *path, *p; + WERROR err; + + if (!(path = SMB_STRDUP(orig_path))) { + return WERR_NOMEM; + } + + p = strchr(path, '\\'); + + if ((p == NULL) || (p[1] == '\0')) { + SAFE_FREE(path); + return WERR_INVALID_PARAM; + } + + *p = '\0'; + + err = reg_openhive(NULL, path, + (strchr(p+1, '\\') != NULL) ? + KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, + token, &hive); + if (!W_ERROR_IS_OK(err)) { + SAFE_FREE(path); + return err; + } + + err = reg_deletekey(hive, p+1); + SAFE_FREE(path); + TALLOC_FREE(hive); + return err; +} +#endif /* #if 0 */ diff --git a/source3/registry/reg_api_util.h b/source3/registry/reg_api_util.h new file mode 100644 index 0000000000..d2d7894d78 --- /dev/null +++ b/source3/registry/reg_api_util.h @@ -0,0 +1,46 @@ +/* + * Unix SMB/CIFS implementation. + * Virtual Windows Registry Layer + * Copyright (C) Volker Lendecke 2006 + * Copyright (C) Michael Adam 2007-2010 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +/* + * Higher level utility functions on top of reg_api.c + */ + +#ifndef _REG_API_UTIL_H +#define _REG_API_UTIL_H + +/** + * Utility function to open a complete registry path including the hive prefix. + */ +WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, + uint32 desired_access, const struct security_token *token, + struct registry_key **pkey); + +#if 0 +/* currently unused */ +WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path, + uint32 desired_access, + const struct security_token *token, + enum winreg_CreateAction *paction, + struct registry_key **pkey); +WERROR reg_delete_path(const struct security_token *token, + const char *orig_path); +#endif + +#endif /* _REG_API_UTIL_H */ diff --git a/source3/registry/reg_util_legacy.c b/source3/registry/reg_util_legacy.c index 3a3f0207e2..29b0889402 100644 --- a/source3/registry/reg_util_legacy.c +++ b/source3/registry/reg_util_legacy.c @@ -22,6 +22,7 @@ #include "includes.h" #include "registry.h" #include "reg_util_legacy.h" +#include "reg_api_util.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_REGISTRY diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 823bdfac6a..52fd6037e0 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -26,6 +26,7 @@ #include "../librpc/gen_ndr/cli_lsa.h" #include "rpc_client/cli_lsarpc.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" /** @defgroup lsa LSA - Local Security Architecture * @ingroup rpc_client @@ -145,7 +146,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, } for (i = 0; i<num_sids; i++) { - sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]); + sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sids[i]); if (!sid_array.sids[i].sid) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 1975d73e70..d8bed84e2d 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -704,6 +704,7 @@ struct rpc_api_pipe_state { static void rpc_api_pipe_trans_done(struct tevent_req *subreq); static void rpc_api_pipe_got_pdu(struct tevent_req *subreq); +static void rpc_api_pipe_auth3_done(struct tevent_req *subreq); static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx, struct event_context *ev, @@ -738,6 +739,16 @@ static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx, DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(talloc_tos(), cli))); + if (state->expected_pkt_type == DCERPC_PKT_AUTH3) { + subreq = rpc_write_send(state, ev, cli->transport, + data->data, data->length); + if (subreq == NULL) { + goto fail; + } + tevent_req_set_callback(subreq, rpc_api_pipe_auth3_done, req); + return req; + } + /* get the header first, then fetch the rest once we have * the frag_length available */ max_recv_frag = RPC_HEADER_LEN; @@ -758,6 +769,23 @@ static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx, return NULL; } +static void rpc_api_pipe_auth3_done(struct tevent_req *subreq) +{ + struct tevent_req *req = + tevent_req_callback_data(subreq, + struct tevent_req); + NTSTATUS status; + + status = rpc_write_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + + tevent_req_done(req); +} + static void rpc_api_pipe_trans_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data( @@ -1446,53 +1474,6 @@ NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -#if 0 -/**************************************************************************** - Set the handle state. -****************************************************************************/ - -static bool rpc_pipe_set_hnd_state(struct rpc_pipe_client *cli, - const char *pipe_name, uint16 device_state) -{ - bool state_set = False; - char param[2]; - uint16 setup[2]; /* only need 2 uint16 setup parameters */ - char *rparam = NULL; - char *rdata = NULL; - uint32 rparam_len, rdata_len; - - if (pipe_name == NULL) - return False; - - DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n", - cli->fnum, pipe_name, device_state)); - - /* create parameters: device state */ - SSVAL(param, 0, device_state); - - /* create setup parameters. */ - setup[0] = 0x0001; - setup[1] = cli->fnum; /* pipe file handle. got this from an SMBOpenX. */ - - /* send the data on \PIPE\ */ - if (cli_api_pipe(cli->cli, "\\PIPE\\", - setup, 2, 0, /* setup, length, max */ - param, 2, 0, /* param, length, max */ - NULL, 0, 1024, /* data, length, max */ - &rparam, &rparam_len, /* return param, length */ - &rdata, &rdata_len)) /* return data, length */ - { - DEBUG(5, ("Set Handle state: return OK\n")); - state_set = True; - } - - SAFE_FREE(rparam); - SAFE_FREE(rdata); - - return state_set; -} -#endif - /**************************************************************************** Check the rpc bind acknowledge response. ****************************************************************************/ @@ -1623,11 +1604,11 @@ struct rpc_pipe_bind_state { struct event_context *ev; struct rpc_pipe_client *cli; DATA_BLOB rpc_out; + bool auth3; uint32_t rpc_call_id; }; static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq); -static void rpc_bind_auth3_write_done(struct tevent_req *subreq); static NTSTATUS rpc_bind_next_send(struct tevent_req *req, struct rpc_pipe_bind_state *state, DATA_BLOB *credentials); @@ -1658,7 +1639,6 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->cli = cli; state->rpc_call_id = get_rpc_call_id(); - state->rpc_out = data_blob_null; cli->auth = talloc_move(cli, &auth); @@ -1697,13 +1677,12 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) struct rpc_pipe_bind_state *state = tevent_req_data( req, struct rpc_pipe_bind_state); struct pipe_auth_data *pauth = state->cli->auth; - DATA_BLOB reply_pdu; struct ncacn_packet *pkt; struct dcerpc_auth auth; DATA_BLOB auth_token = data_blob_null; NTSTATUS status; - status = rpc_api_pipe_recv(subreq, talloc_tos(), &pkt, &reply_pdu); + status = rpc_api_pipe_recv(subreq, talloc_tos(), &pkt, NULL); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("rpc_pipe_bind: %s bind request returned %s\n", @@ -1713,6 +1692,11 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) return; } + if (state->auth3) { + tevent_req_done(req); + return; + } + if (!check_bind_response(&pkt->u.bind_ack, &state->cli->transfer_syntax)) { DEBUG(2, ("rpc_pipe_bind: check_bind_response failed.\n")); tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL); @@ -1835,21 +1819,6 @@ err_out: tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); } -static void rpc_bind_auth3_write_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data( - subreq, struct tevent_req); - NTSTATUS status; - - status = rpc_write_recv(subreq); - TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(status)) { - tevent_req_nterror(req, status); - return; - } - tevent_req_done(req); -} - static NTSTATUS rpc_bind_next_send(struct tevent_req *req, struct rpc_pipe_bind_state *state, DATA_BLOB *auth_token) @@ -1890,6 +1859,8 @@ static NTSTATUS rpc_bind_finish_send(struct tevent_req *req, struct tevent_req *subreq; NTSTATUS status; + state->auth3 = true; + /* Now prepare the auth3 context pdu. */ data_blob_free(&state->rpc_out); @@ -1903,12 +1874,12 @@ static NTSTATUS rpc_bind_finish_send(struct tevent_req *req, return status; } - subreq = rpc_write_send(state, state->ev, state->cli->transport, - state->rpc_out.data, state->rpc_out.length); + subreq = rpc_api_pipe_send(state, state->ev, state->cli, + &state->rpc_out, DCERPC_PKT_AUTH3); if (subreq == NULL) { return NT_STATUS_NO_MEMORY; } - tevent_req_set_callback(subreq, rpc_bind_auth3_write_done, req); + tevent_req_set_callback(subreq, rpc_pipe_bind_step_one_done, req); return NT_STATUS_OK; } diff --git a/source3/rpc_client/rpc_transport_sock.c b/source3/rpc_client/rpc_transport_sock.c index b7bb7d70d5..359ec478cc 100644 --- a/source3/rpc_client/rpc_transport_sock.c +++ b/source3/rpc_client/rpc_transport_sock.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "../lib/async_req/async_sock.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_CLI diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 96787a374f..de3439eb93 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -24,6 +24,7 @@ #include "../librpc/gen_ndr/srv_eventlog.h" #include "lib/eventlog/eventlog.h" #include "registry.h" +#include "registry/reg_api_util.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 49bdca7b7f..191cdfeb66 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -34,6 +34,7 @@ #include "secrets.h" #include "../librpc/gen_ndr/netlogon.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -91,7 +92,7 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx, if (dom_name != NULL) { for (num = 0; num < ref->count; num++) { - if (sid_equal(dom_sid, ref->domains[num].sid)) { + if (dom_sid_equal(dom_sid, ref->domains[num].sid)) { return num; } } @@ -116,7 +117,7 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx, ZERO_STRUCT(ref->domains[num]); init_lsa_StringLarge(&ref->domains[num].name, dom_name); - ref->domains[num].sid = sid_dup_talloc(mem_ctx, dom_sid); + ref->domains[num].sid = dom_sid_dup(mem_ctx, dom_sid); if (!ref->domains[num].sid) { return -1; } @@ -306,7 +307,7 @@ static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx, /* Initialize the lsa_TranslatedSid3 return. */ trans_sids[i].sid_type = type; - trans_sids[i].sid = sid_dup_talloc(mem_ctx, &sid); + trans_sids[i].sid = dom_sid_dup(mem_ctx, &sid); trans_sids[i].sid_index = dom_idx; } @@ -653,7 +654,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p, case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: name = get_global_sam_name(); - sid = sid_dup_talloc(p->mem_ctx, get_global_sam_sid()); + sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid()); if (!sid) { return NT_STATUS_NO_MEMORY; } @@ -662,7 +663,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p, name = lp_workgroup(); /* We need to return the Domain SID here. */ if (secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) { - sid = sid_dup_talloc(p->mem_ctx, &domain_sid); + sid = dom_sid_dup(p->mem_ctx, &domain_sid); if (!sid) { return NT_STATUS_NO_MEMORY; } @@ -1605,7 +1606,7 @@ NTSTATUS _lsa_EnumAccounts(struct pipes_struct *p, } for (i = *r->in.resume_handle, j = 0; i < num_entries; i++, j++) { - sids[j].sid = sid_dup_talloc(p->mem_ctx, &sid_list[i]); + sids[j].sid = dom_sid_dup(p->mem_ctx, &sid_list[i]); if (!sids[j].sid) { talloc_free(sid_list); return NT_STATUS_NO_MEMORY; @@ -2427,7 +2428,7 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p, r->out.sids->num_sids); for (i=0; i < r->out.sids->num_sids; i++) { - r->out.sids->sids[i].sid = sid_dup_talloc(r->out.sids->sids, + r->out.sids->sids[i].sid = dom_sid_dup(r->out.sids->sids, &sids[i]); if (!r->out.sids->sids[i].sid) { TALLOC_FREE(r->out.sids->sids); diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 4b692b36fc..76da1d00d6 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -36,6 +36,7 @@ #include "../lib/crypto/md4.h" #include "rpc_client/init_lsa.h" #include "rpc_server/rpc_ncacn_np.h" +#include "../libcli/security/dom_sid.h" extern userdom_struct current_user_info; @@ -909,7 +910,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p, goto out; } - creds->sid = sid_dup_talloc(creds, &sid); + creds->sid = dom_sid_dup(creds, &sid); if (!creds->sid) { status = NT_STATUS_NO_MEMORY; goto out; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index bc71146f38..994fc7934b 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -39,6 +39,7 @@ #include "../lib/crypto/arcfour.h" #include "secrets.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -712,7 +713,7 @@ NTSTATUS _samr_SetSecurity(struct pipes_struct *p, dacl = r->in.sdbuf->sd->dacl; for (i=0; i < dacl->num_aces; i++) { - if (sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) { + if (dom_sid_equal(&uinfo->sid, &dacl->aces[i].trustee)) { ret = pdb_set_pass_can_change(sampass, (dacl->aces[i].access_mask & SAMR_USER_ACCESS_CHANGE_PASSWORD) ? @@ -5472,7 +5473,7 @@ NTSTATUS _samr_GetMembersInAlias(struct pipes_struct *p, } for (i = 0; i < num_sids; i++) { - sids[i].sid = sid_dup_talloc(p->mem_ctx, &pdb_sids[i]); + sids[i].sid = dom_sid_dup(p->mem_ctx, &pdb_sids[i]); if (!sids[i].sid) { TALLOC_FREE(pdb_sids); return NT_STATUS_NO_MEMORY; @@ -6735,7 +6736,7 @@ NTSTATUS _samr_RidToSid(struct pipes_struct *p, return NT_STATUS_NO_MEMORY; } - *r->out.sid = sid_dup_talloc(p->mem_ctx, &sid); + *r->out.sid = dom_sid_dup(p->mem_ctx, &sid); if (!*r->out.sid) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/rpc_server/srv_spoolss_util.c b/source3/rpc_server/srv_spoolss_util.c index 2ebce91c52..cd5ffe245f 100644 --- a/source3/rpc_server/srv_spoolss_util.c +++ b/source3/rpc_server/srv_spoolss_util.c @@ -28,6 +28,7 @@ #include "../librpc/gen_ndr/ndr_security.h" #include "secrets.h" #include "rpc_server/rpc_ncacn_np.h" +#include "../libcli/security/dom_sid.h" #define TOP_LEVEL_PRINT_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print" #define TOP_LEVEL_PRINT_PRINTERS_KEY TOP_LEVEL_PRINT_KEY "\\Printers" @@ -2387,7 +2388,7 @@ create_default: /* If security descriptor is owned by S-1-1-0 and winbindd is up, this security descriptor has been created when winbindd was down. Take ownership of security descriptor. */ - if (sid_equal(secdesc->owner_sid, &global_sid_World)) { + if (dom_sid_equal(secdesc->owner_sid, &global_sid_World)) { struct dom_sid owner_sid; /* Change sd owner to workgroup administrator */ diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index cba555ac3a..17314d23e9 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -30,6 +30,7 @@ #include "rpc_client/cli_samr.h" #include "rpc_client/init_samr.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" extern struct dom_sid domain_sid; @@ -668,7 +669,7 @@ static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli, } for (i=0; i<num_sids; i++) { - sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]); + sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sids[i]); if (!sid_array.sids[i].sid) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/rpcclient/cmd_winreg.c b/source3/rpcclient/cmd_winreg.c new file mode 100644 index 0000000000..6fcb528467 --- /dev/null +++ b/source3/rpcclient/cmd_winreg.c @@ -0,0 +1,321 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + + Copyright (C) Guenther Deschner 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "rpcclient.h" +#include "../librpc/gen_ndr/cli_winreg.h" +#include "../librpc/gen_ndr/ndr_misc.h" + +static WERROR cmd_winreg_enumkeys(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status; + WERROR werr; + struct policy_handle handle; + uint32_t enum_index = 0; + struct winreg_StringBuf name; + + if (argc < 2) { + printf("usage: %s [name]\n", argv[0]); + return WERR_OK; + } + + status = rpccli_winreg_OpenHKLM(cli, mem_ctx, + NULL, + SEC_FLAG_MAXIMUM_ALLOWED, + &handle, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + ZERO_STRUCT(name); + + name.name = argv[1]; + name.length = strlen_m_term_null(name.name)*2; + name.size = name.length; + + status = rpccli_winreg_EnumKey(cli, mem_ctx, + &handle, + enum_index, + &name, + NULL, + NULL, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR pull_winreg_Data(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob, + union winreg_Data *data, + enum winreg_Type type) +{ + enum ndr_err_code ndr_err; + ndr_err = ndr_pull_union_blob(blob, mem_ctx, data, type, + (ndr_pull_flags_fn_t)ndr_pull_winreg_Data); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return WERR_GENERAL_FAILURE; + } + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static void display_winreg_data(const char *v, + enum winreg_Type type, + uint8_t *data, + uint32_t length) +{ + int i; + union winreg_Data r; + DATA_BLOB blob = data_blob_const(data, length); + WERROR result; + + result = pull_winreg_Data(talloc_tos(), &blob, &r, type); + if (!W_ERROR_IS_OK(result)) { + return; + } + + switch (type) { + case REG_DWORD: + printf("%s: REG_DWORD: 0x%08x\n", v, r.value); + break; + case REG_SZ: + printf("%s: REG_SZ: %s\n", v, r.string); + break; + case REG_BINARY: { + char *hex = hex_encode_talloc(NULL, + r.binary.data, r.binary.length); + size_t len; + printf("%s: REG_BINARY:", v); + len = strlen(hex); + for (i=0; i<len; i++) { + if (hex[i] == '\0') { + break; + } + if (i%40 == 0) { + putchar('\n'); + } + putchar(hex[i]); + } + TALLOC_FREE(hex); + putchar('\n'); + break; + } + case REG_MULTI_SZ: + printf("%s: REG_MULTI_SZ: ", v); + for (i=0; r.string_array[i] != NULL; i++) { + printf("%s ", r.string_array[i]); + } + printf("\n"); + break; + default: + printf("%s: unknown type 0x%02x:\n", v, type); + break; + } +} + + +static WERROR cmd_winreg_querymultiplevalues_ex(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv, bool multiplevalues2) +{ + NTSTATUS status; + WERROR werr; + struct policy_handle handle, key_handle; + struct winreg_String key_name; + + struct QueryMultipleValue *values_in, *values_out; + uint32_t num_values; + uint8_t *buffer = NULL; + int i; + + + if (argc < 2) { + printf("usage: %s [key] [value1] [value2] ...\n", argv[0]); + return WERR_OK; + } + + status = rpccli_winreg_OpenHKLM(cli, mem_ctx, + NULL, + SEC_FLAG_MAXIMUM_ALLOWED, + &handle, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + key_name.name = argv[1]; + + status = rpccli_winreg_OpenKey(cli, mem_ctx, + &handle, + key_name, + 0, /* options */ + SEC_FLAG_MAXIMUM_ALLOWED, + &key_handle, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + num_values = argc-2; + + values_in = talloc_zero_array(mem_ctx, struct QueryMultipleValue, num_values); + if (values_in == NULL) { + return WERR_NOMEM; + } + + values_out = talloc_zero_array(mem_ctx, struct QueryMultipleValue, num_values); + if (values_out == NULL) { + return WERR_NOMEM; + } + + for (i=0; i < num_values; i++) { + + values_in[i].ve_valuename = talloc_zero(values_in, struct winreg_ValNameBuf); + if (values_in[i].ve_valuename == NULL) { + return WERR_NOMEM; + } + + values_in[i].ve_valuename->name = talloc_strdup(values_in[i].ve_valuename, argv[i+2]); + values_in[i].ve_valuename->length = strlen_m_term_null(values_in[i].ve_valuename->name)*2; + values_in[i].ve_valuename->size = values_in[i].ve_valuename->length; + } + + if (multiplevalues2) { + + uint32_t offered = 0, needed = 0; + + status = rpccli_winreg_QueryMultipleValues2(cli, mem_ctx, + &key_handle, + values_in, + values_out, + num_values, + buffer, + &offered, + &needed, + &werr); + if (W_ERROR_EQUAL(werr, WERR_MORE_DATA)) { + offered = needed; + + buffer = talloc_zero_array(mem_ctx, uint8_t, needed); + if (buffer == NULL) { + return WERR_NOMEM; + } + + status = rpccli_winreg_QueryMultipleValues2(cli, mem_ctx, + &key_handle, + values_in, + values_out, + num_values, + buffer, + &offered, + &needed, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + } + + } else { + + uint32_t buffer_size = 0xff; + + buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_size); + if (buffer == NULL) { + return WERR_NOMEM; + } + + status = rpccli_winreg_QueryMultipleValues(cli, mem_ctx, + &key_handle, + values_in, + values_out, + num_values, + buffer, + &buffer_size, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + } + + for (i=0; i < num_values; i++) { + if (buffer) { + display_winreg_data(values_in[i].ve_valuename->name, + values_out[i].ve_type, + buffer + values_out[i].ve_valueptr, + values_out[i].ve_valuelen); + } + } + + return WERR_OK; +} + +static WERROR cmd_winreg_querymultiplevalues(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + return cmd_winreg_querymultiplevalues_ex(cli, mem_ctx, argc, argv, false); +} + +static WERROR cmd_winreg_querymultiplevalues2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + return cmd_winreg_querymultiplevalues_ex(cli, mem_ctx, argc, argv, true); +} + +/* List of commands exported by this module */ + +struct cmd_set winreg_commands[] = { + + { "WINREG" }, + { "enumkey", RPC_RTYPE_WERROR, NULL, cmd_winreg_enumkeys, &ndr_table_winreg.syntax_id, NULL, "Enumerate Keys", "" }, + { "querymultiplevalues", RPC_RTYPE_WERROR, NULL, cmd_winreg_querymultiplevalues, &ndr_table_winreg.syntax_id, NULL, "Query multiple values", "" }, + { "querymultiplevalues2", RPC_RTYPE_WERROR, NULL, cmd_winreg_querymultiplevalues2, &ndr_table_winreg.syntax_id, NULL, "Query multiple values", "" }, + { NULL } +}; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 9529212dd7..5fa8132db8 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -9,12 +9,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -54,7 +54,7 @@ handle completion of commands for readline ****************************************************************************/ static char **completion_fn(const char *text, int start, int end) { -#define MAX_COMPLETIONS 100 +#define MAX_COMPLETIONS 1000 char **matches; int i, count=0; struct cmd_list *commands = cmd_list; @@ -87,7 +87,7 @@ static char **completion_fn(const char *text, int start, int end) if (!commands->cmd_set) { break; } - + for (i=0; commands->cmd_set[i].name; i++) { if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) && (( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS && @@ -106,7 +106,6 @@ static char **completion_fn(const char *text, int start, int end) } } commands = commands->next; - } if (count == 2) { @@ -121,10 +120,10 @@ static char *next_command (char **cmdstr) { char *command; char *p; - + if (!cmdstr || !(*cmdstr)) return NULL; - + p = strchr_m(*cmdstr, ';'); if (p) *p = '\0'; @@ -133,7 +132,7 @@ static char *next_command (char **cmdstr) *cmdstr = p + 1; else *cmdstr = NULL; - + return command; } @@ -161,7 +160,7 @@ static void fetch_machine_sid(struct cli_state *cli) fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) ); goto error; } - + result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); @@ -222,7 +221,7 @@ static NTSTATUS cmd_listcommands(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct for (tmp = cmd_list; tmp; tmp = tmp->next) { tmp_set = tmp->cmd_set; - + if (!StrCaseCmp(argv[1], tmp_set->name)) { printf("Available commands on the %s pipe:\n\n", tmp_set->name); @@ -236,7 +235,7 @@ static NTSTATUS cmd_listcommands(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct if (i%3 == 0) printf("\n"); } - + /* drop out of the loop */ break; } @@ -265,7 +264,7 @@ static NTSTATUS cmd_help(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, if (argc == 2) { for (tmp = cmd_list; tmp; tmp = tmp->next) { - + tmp_set = tmp->cmd_set; while(tmp_set->name) { @@ -475,7 +474,7 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, timeout = atoi(argv[1]); for (tmp = cmd_list; tmp; tmp = tmp->next) { - + struct cmd_set *tmp_set; for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) { @@ -600,6 +599,7 @@ extern struct cmd_set wkssvc_commands[]; extern struct cmd_set ntsvcs_commands[]; extern struct cmd_set drsuapi_commands[]; extern struct cmd_set eventlog_commands[]; +extern struct cmd_set winreg_commands[]; static struct cmd_set *rpcclient_command_list[] = { rpcclient_commands, @@ -618,6 +618,7 @@ static struct cmd_set *rpcclient_command_list[] = { ntsvcs_commands, drsuapi_commands, eventlog_commands, + winreg_commands, NULL }; @@ -650,7 +651,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, { NTSTATUS ntresult; WERROR wresult; - + TALLOC_CTX *mem_ctx; /* Create mem_ctx */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 9470447f53..dc3585d81b 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "../libcli/security/dom_sid.h" extern const struct generic_mapping file_generic_mapping; @@ -944,10 +945,10 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl) * ensure the POSIX ACL types are the same. */ if (!dir_acl) { - can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace->attr == curr_ace_outer->attr)); } else { - can_merge = (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + can_merge = (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace->type == curr_ace_outer->type) && (curr_ace->attr == curr_ace_outer->attr)); } @@ -996,7 +997,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl) * we've put on the ACL, we know the deny must be the first one. */ - if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && + if (dom_sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) { if( DEBUGLVL( 10 )) { @@ -1297,7 +1298,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano /* "Everyone" always matches every uid. */ - if (sid_equal(&group_ace->trustee, &global_sid_World)) + if (dom_sid_equal(&group_ace->trustee, &global_sid_World)) return True; /* @@ -1513,12 +1514,12 @@ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, s for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) { if (!got_user_obj && current_ace->owner_type == UID_ACE && - sid_equal(¤t_ace->trustee, pfile_owner_sid)) { + dom_sid_equal(¤t_ace->trustee, pfile_owner_sid)) { current_ace->type = SMB_ACL_USER_OBJ; got_user_obj = True; } if (!got_group_obj && current_ace->owner_type == GID_ACE && - sid_equal(¤t_ace->trustee, pfile_grp_sid)) { + dom_sid_equal(¤t_ace->trustee, pfile_grp_sid)) { current_ace->type = SMB_ACL_GROUP_OBJ; got_group_obj = True; } @@ -1549,7 +1550,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace) */ if (ace->type == SMB_ACL_USER_OBJ && - !(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) { + !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner))) { canon_ace *dup_ace = dup_canon_ace(ace); if (dup_ace == NULL) { @@ -1560,7 +1561,7 @@ static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace) } if (ace->type == SMB_ACL_GROUP_OBJ && - !(sid_equal(&ace->trustee, &global_sid_Creator_Group))) { + !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Group))) { canon_ace *dup_ace = dup_canon_ace(ace); if (dup_ace == NULL) { @@ -1646,7 +1647,7 @@ static bool create_canon_ace_lists(files_struct *fsp, if (psa1->access_mask != psa2->access_mask) continue; - if (!sid_equal(&psa1->trustee, &psa2->trustee)) + if (!dom_sid_equal(&psa1->trustee, &psa2->trustee)) continue; /* @@ -1692,11 +1693,11 @@ static bool create_canon_ace_lists(files_struct *fsp, * Note what kind of a POSIX ACL this should map to. */ - if( sid_equal(¤t_ace->trustee, &global_sid_World)) { + if( dom_sid_equal(¤t_ace->trustee, &global_sid_World)) { current_ace->owner_type = WORLD_ACE; current_ace->unix_ug.world = -1; current_ace->type = SMB_ACL_OTHER; - } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) { + } else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) { current_ace->owner_type = UID_ACE; current_ace->unix_ug.uid = pst->st_ex_uid; current_ace->type = SMB_ACL_USER_OBJ; @@ -1709,7 +1710,7 @@ static bool create_canon_ace_lists(files_struct *fsp, psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY; - } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) { + } else if (dom_sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) { current_ace->owner_type = GID_ACE; current_ace->unix_ug.gid = pst->st_ex_gid; current_ace->type = SMB_ACL_GROUP_OBJ; @@ -2085,7 +2086,7 @@ static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list ) continue; } - if (!sid_equal(&curr_ace->trustee, &global_sid_World)) + if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World)) continue; /* JRATEST - assert. */ @@ -3080,7 +3081,7 @@ static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_a if ((nt_ace_list[i].type == nt_ace_list[j].type) && (nt_ace_list[i].size == nt_ace_list[j].size) && (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) && - sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && + dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && (i_inh == j_inh) && (i_flags_ni == 0) && (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT| @@ -3144,7 +3145,7 @@ static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_ace /* first search for a duplicate */ for (i = 0; i < *num_aces; i++) { - if (sid_equal(&nt_ace_list[i].trustee, sid) && + if (dom_sid_equal(&nt_ace_list[i].trustee, sid) && (nt_ace_list[i].flags == flags)) break; } @@ -3367,7 +3368,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, if (lp_profile_acls(SNUM(conn))) { for (i = 0; i < num_aces; i++) { - if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { + if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { add_or_replace_ace(nt_ace_list, &num_aces, &orig_owner_sid, nt_ace_list[i].type, @@ -3756,7 +3757,7 @@ NTSTATUS append_parent_acl(files_struct *fsp, * same SID. This is order N^2. Ouch :-(. JRA. */ unsigned int k; for (k = 0; k < psd->dacl->num_aces; k++) { - if (sid_equal(&psd->dacl->aces[k].trustee, + if (dom_sid_equal(&psd->dacl->aces[k].trustee, &se->trustee)) { break; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 40009c8a3c..b890687425 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -22,6 +22,8 @@ #include "smbd/globals.h" #include "librpc/gen_ndr/netlogon.h" #include "librpc/gen_ndr/messaging.h" +#include "../lib/async_req/async_sock.h" +#include "ctdbd_conn.h" extern bool global_machine_password_needs_changing; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 247cbb84d5..e2edaf3a3c 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -29,6 +29,7 @@ #include "libcli/auth/schannel.h" #include "secrets.h" #include "memcache.h" +#include "ctdbd_conn.h" #include "../librpc/gen_ndr/srv_dfs.h" #include "../librpc/gen_ndr/srv_dssetup.h" diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 06ed264deb..588ed14675 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -29,6 +29,7 @@ #include "nsswitch/winbind_client.h" #include "dbwrap.h" #include "talloc_dict.h" +#include "async_smb.h" extern char *optarg; extern int optind; @@ -6851,7 +6852,7 @@ static bool run_local_string_to_sid(int dummy) { printf("could not parse S-1-5-32-545\n"); return false; } - if (!sid_equal(&sid, &global_sid_Builtin_Users)) { + if (!dom_sid_equal(&sid, &global_sid_Builtin_Users)) { printf("mis-parsed S-1-5-32-545 as %s\n", sid_string_tos(&sid)); return false; diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 671f7e81e9..96b3626391 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -36,6 +36,7 @@ #include "secrets.h" #include "lib/netapi/netapi.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -4171,7 +4172,7 @@ static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias) int i; for (i=0; i<alias->num_members; i++) { - if (sid_compare(sid, &alias->members[i]) == 0) + if (dom_sid_compare(sid, &alias->members[i]) == 0) return true; } diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 8b5a90838e..59c52bc270 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -29,6 +29,7 @@ #include "../librpc/gen_ndr/ndr_drsuapi.h" #include "libnet/libnet_samsync.h" #include "libnet/libnet_dssync.h" +#include "../libcli/security/dom_sid.h" static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx, int argc, @@ -187,7 +188,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, NTSTATUS result; struct samsync_context *ctx = NULL; - if (!sid_equal(domain_sid, get_global_sam_sid())) { + if (!dom_sid_equal(domain_sid, get_global_sam_sid())) { d_printf(_("Cannot import users from %s at this time, " "as the current domain:\n\t%s: %s\nconflicts " "with the remote domain\n\t%s: %s\n" @@ -235,7 +236,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, } /* fetch builtin */ - ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); + ctx->domain_sid = dom_sid_dup(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); result = libnet_samsync(SAM_DATABASE_BUILTIN, ctx); @@ -318,7 +319,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, } /* fetch builtin */ - ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); + ctx->domain_sid = dom_sid_dup(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); status = libnet_samsync(SAM_DATABASE_BUILTIN, ctx); diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index a5be714631..ff2a8db9fd 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -21,6 +21,7 @@ #include "includes.h" #include "utils/net.h" #include "../librpc/gen_ndr/samr.h" +#include "smbldap.h" /* * Set a user's data diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 38ed9f7c9b..f8145b4a6d 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -34,6 +34,7 @@ #include "../lib/crypto/arcfour.h" #include "libads/kerberos_proto.h" #include "nsswitch/winbind_client.h" +#include "librpc/gen_ndr/krb5pac.h" #ifndef PAM_WINBIND_CONFIG_FILE #define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf" @@ -812,15 +813,17 @@ static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_m return NT_STATUS_MORE_PROCESSING_REQUIRED; } -static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, - char *buf, int length) +static void manage_squid_ntlmssp_request_int(struct ntlm_auth_state *state, + char *buf, int length, + TALLOC_CTX *mem_ctx, + char **response) { DATA_BLOB request, reply; NTSTATUS nt_status; if (strlen(buf) < 2) { DEBUG(1, ("NTLMSSP query [%s] invalid\n", buf)); - x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); + *response = talloc_strdup(mem_ctx, "BH NTLMSSP query invalid"); return; } @@ -830,7 +833,7 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, TALLOC_FREE(state->want_feature_list); state->want_feature_list = talloc_strdup(state->mem_ctx, buf+3); - x_fprintf(x_stdout, "OK\n"); + *response = talloc_strdup(mem_ctx, "OK"); return; } request = base64_decode_data_blob(buf + 3); @@ -847,12 +850,12 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, if (opt_password == NULL) { DEBUG(1, ("Out of memory\n")); - x_fprintf(x_stdout, "BH Out of memory\n"); + *response = talloc_strdup(mem_ctx, "BH Out of memory"); data_blob_free(&request); return; } - x_fprintf(x_stdout, "OK\n"); + *response = talloc_strdup(mem_ctx, "OK"); data_blob_free(&request); return; } @@ -866,10 +869,11 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, DEBUG(10, ("Requested negotiated NTLMSSP flags\n")); if (state->svr_state == SERVER_FINISHED) { - x_fprintf(x_stdout, "GF 0x%08x\n", state->neg_flags); + *response = talloc_asprintf(mem_ctx, "GF 0x%08x", + state->neg_flags); } else { - x_fprintf(x_stdout, "BH\n"); + *response = talloc_strdup(mem_ctx, "BH\n"); } data_blob_free(&request); return; @@ -878,17 +882,18 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, if(state->have_session_key) { char *key64 = base64_encode_data_blob(state->mem_ctx, state->session_key); - x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>"); + *response = talloc_asprintf(mem_ctx, "GK %s", + key64 ? key64 : "<NULL>"); TALLOC_FREE(key64); } else { - x_fprintf(x_stdout, "BH\n"); + *response = talloc_strdup(mem_ctx, "BH"); } data_blob_free(&request); return; } else { DEBUG(1, ("NTLMSSP query [%s] invalid\n", buf)); - x_fprintf(x_stdout, "BH NTLMSSP query invalid\n"); + *response = talloc_strdup(mem_ctx, "BH NTLMSSP query invalid"); return; } @@ -896,7 +901,8 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, nt_status = ntlm_auth_start_ntlmssp_server( &state->ntlmssp_state); if (!NT_STATUS_IS_OK(nt_status)) { - x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status)); + *response = talloc_asprintf( + mem_ctx, "BH %s", nt_errstr(nt_status)); return; } ntlmssp_want_feature_list(state->ntlmssp_state, @@ -911,22 +917,25 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { char *reply_base64 = base64_encode_data_blob(state->mem_ctx, reply); - x_fprintf(x_stdout, "TT %s\n", reply_base64); + *response = talloc_asprintf(mem_ctx, "TT %s", reply_base64); TALLOC_FREE(reply_base64); data_blob_free(&reply); state->svr_state = SERVER_CHALLENGE; DEBUG(10, ("NTLMSSP challenge\n")); } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) { - x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status)); + *response = talloc_asprintf(mem_ctx, "BH %s", + nt_errstr(nt_status)); DEBUG(0, ("NTLMSSP BH: %s\n", nt_errstr(nt_status))); TALLOC_FREE(state->ntlmssp_state); } else if (!NT_STATUS_IS_OK(nt_status)) { - x_fprintf(x_stdout, "NA %s\n", nt_errstr(nt_status)); + *response = talloc_asprintf(mem_ctx, "NA %s", + nt_errstr(nt_status)); DEBUG(10, ("NTLMSSP %s\n", nt_errstr(nt_status))); } else { - x_fprintf(x_stdout, "AF %s\n", - (char *)state->ntlmssp_state->callback_private); + *response = talloc_asprintf( + mem_ctx, "AF %s", + (char *)state->ntlmssp_state->callback_private); DEBUG(10, ("NTLMSSP OK!\n")); if(state->have_session_key) @@ -942,6 +951,22 @@ static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, data_blob_free(&request); } +static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state, + char *buf, int length) +{ + char *response; + + manage_squid_ntlmssp_request_int(state, buf, length, + talloc_tos(), &response); + + if (response == NULL) { + x_fprintf(x_stdout, "BH Out of memory\n"); + return; + } + x_fprintf(x_stdout, "%s\n", response); + TALLOC_FREE(response); +} + static void manage_client_ntlmssp_request(struct ntlm_auth_state *state, char *buf, int length) { @@ -1199,6 +1224,45 @@ static void offer_gss_spnego_mechs(void) { return; } +bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, uint8 tok_id[2]) +{ + bool ret; + ASN1_DATA *data; + int data_remaining; + + data = asn1_init(talloc_tos()); + if (data == NULL) { + return false; + } + + asn1_load(data, blob); + asn1_start_tag(data, ASN1_APPLICATION(0)); + asn1_check_OID(data, OID_KERBEROS5); + + data_remaining = asn1_tag_remaining(data); + + if (data_remaining < 3) { + data->has_error = True; + } else { + asn1_read(data, tok_id, 2); + data_remaining -= 2; + *ticket = data_blob_talloc(ctx, NULL, data_remaining); + asn1_read(data, ticket->data, ticket->length); + } + + asn1_end_tag(data); + + ret = !data->has_error; + + if (data->has_error) { + data_blob_free(ticket); + } + + asn1_free(data); + + return ret; +} + static void manage_gss_spnego_request(struct ntlm_auth_state *state, char *buf, int length) { @@ -1250,6 +1314,31 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, } token = base64_decode_data_blob(buf + 3); + + if ((token.length >= 7) + && (strncmp((char *)token.data, "NTLMSSP", 7) == 0)) { + char *reply; + + DEBUG(10, ("Could not parse GSS-SPNEGO, trying raw " + "ntlmssp\n")); + + manage_squid_ntlmssp_request_int(state, buf, length, + talloc_tos(), &reply); + if (reply == NULL) { + x_fprintf(x_stdout, "BH Out of memory\n"); + return; + } + + if (strncmp(reply, "AF ", 3) == 0) { + x_fprintf(x_stdout, "AF * %s\n", reply+3); + } else { + x_fprintf(x_stdout, "%s *\n", reply); + } + + TALLOC_FREE(reply); + return; + } + len = spnego_read_data(ctx, token, &request); data_blob_free(&token); @@ -1318,6 +1407,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, DATA_BLOB ap_rep; DATA_BLOB session_key; struct PAC_LOGON_INFO *logon_info = NULL; + DATA_BLOB ticket; + uint8_t tok_id[2]; if ( request.negTokenInit.mechToken.data == NULL ) { DEBUG(1, ("Client did not provide Kerberos data\n")); @@ -1326,13 +1417,23 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, return; } + dump_data(10, request.negTokenInit.mechToken.data, + request.negTokenInit.mechToken.length); + + if (!spnego_parse_krb5_wrap(ctx, request.negTokenInit.mechToken, + &ticket, tok_id)) { + DEBUG(1, ("spnego_parse_krb5_wrap failed\n")); + x_fprintf(x_stdout, "BH spnego_parse_krb5_wrap failed\n"); + return; + } + response.type = SPNEGO_NEG_TOKEN_TARG; response.negTokenTarg.supportedMech = talloc_strdup(ctx, OID_KERBEROS5_OLD); response.negTokenTarg.mechListMIC = data_blob_talloc(ctx, NULL, 0); response.negTokenTarg.responseToken = data_blob_talloc(ctx, NULL, 0); status = ads_verify_ticket(mem_ctx, lp_realm(), 0, - &request.negTokenInit.mechToken, + &ticket, &principal, &logon_info, &ap_rep, &session_key, True); @@ -1356,6 +1457,9 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state, domain = SMB_STRDUP(domain); user = SMB_STRDUP(principal); + netsamlogon_cache_store( + user, &logon_info->info3); + data_blob_free(&ap_rep); } @@ -2319,7 +2423,9 @@ static void squid_stream(enum stdio_helper_mode stdio_mode, stdio_helper_functio state->helper_mode = stdio_mode; while(1) { + TALLOC_CTX *frame = talloc_stackframe(); manage_squid_request(state, fn); + TALLOC_FREE(frame); } } diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c index f6f500a2aa..faec8e2c3b 100644 --- a/source3/utils/profiles.c +++ b/source3/utils/profiles.c @@ -23,6 +23,7 @@ #include "popt_common.h" #include "registry/reg_objects.h" #include "regfio.h" +#include "../libcli/security/dom_sid.h" /* GLOBAL VARIABLES */ @@ -64,7 +65,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, bool update = False; verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid)); - if ( sid_equal( sd->owner_sid, s1 ) ) { + if ( dom_sid_equal( sd->owner_sid, s1 ) ) { sid_copy( sd->owner_sid, s2 ); update = True; verbose_output(" New Owner SID: %s\n", @@ -73,7 +74,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, } verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid)); - if ( sid_equal( sd->group_sid, s1 ) ) { + if ( dom_sid_equal( sd->group_sid, s1 ) ) { sid_copy( sd->group_sid, s2 ); update = True; verbose_output(" New Group SID: %s\n", @@ -85,7 +86,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, for ( i=0; i<theacl->num_aces; i++ ) { verbose_output(" Trustee SID: %s\n", sid_string_tos(&theacl->aces[i].trustee)); - if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) { + if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) { sid_copy( &theacl->aces[i].trustee, s2 ); update = True; verbose_output(" New Trustee SID: %s\n", @@ -99,7 +100,7 @@ static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, for ( i=0; i<theacl->num_aces; i++ ) { verbose_output(" Trustee SID: %s\n", sid_string_tos(&theacl->aces[i].trustee)); - if ( sid_equal( &theacl->aces[i].trustee, s1 ) ) { + if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) { sid_copy( &theacl->aces[i].trustee, s2 ); update = True; verbose_output(" New Trustee SID: %s\n", diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c index 79078b234a..decd063913 100644 --- a/source3/utils/sharesec.c +++ b/source3/utils/sharesec.c @@ -24,6 +24,7 @@ #include "includes.h" #include "popt_common.h" +#include "../libcli/security/dom_sid.h" static TALLOC_CTX *ctx; @@ -370,8 +371,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2) if (ace1->type != ace2->type) return ace2->type - ace1->type; - if (sid_compare(&ace1->trustee, &ace2->trustee)) - return sid_compare(&ace1->trustee, &ace2->trustee); + if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) + return dom_sid_compare(&ace1->trustee, &ace2->trustee); if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; @@ -459,7 +460,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->aces[i].trustee, + if (dom_sid_equal(&sd->dacl->aces[i].trustee, &old->dacl->aces[j].trustee)) { old->dacl->aces[j] = sd->dacl->aces[i]; found = True; diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 65fec1041b..fa039f639f 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -25,6 +25,7 @@ #include "popt_common.h" #include "../librpc/gen_ndr/ndr_lsa.h" #include "rpc_client/cli_lsarpc.h" +#include "../libcli/security/dom_sid.h" extern bool AllowDebugChange; @@ -835,8 +836,8 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2) if (ace1->type != ace2->type) return ace2->type - ace1->type; - if (sid_compare(&ace1->trustee, &ace2->trustee)) - return sid_compare(&ace1->trustee, &ace2->trustee); + if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) + return dom_sid_compare(&ace1->trustee, &ace2->trustee); if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; @@ -929,7 +930,7 @@ static int cacl_set(struct cli_state *cli, const char *filename, bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->aces[i].trustee, + if (dom_sid_equal(&sd->dacl->aces[i].trustee, &old->dacl->aces[j].trustee)) { old->dacl->aces[j] = sd->dacl->aces[i]; found = True; diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 3d47baadc9..f2e47a7042 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -33,6 +33,7 @@ #include "nss_info.h" #include "secrets.h" #include "idmap.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -266,7 +267,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid) int i; for (i = 0; maps[i] && i<IDMAP_AD_MAX_IDS; i++) { - if (sid_equal(maps[i]->sid, sid)) { + if (dom_sid_equal(maps[i]->sid, sid)) { return maps[i]; } } diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 39df489be7..dcdc14f277 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -28,6 +28,7 @@ #include "secrets.h" #include "idmap.h" #include "idmap_rw.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -1030,7 +1031,7 @@ static struct id_map *find_map_by_sid(struct id_map **maps, struct dom_sid *sid) if (maps[i] == NULL) { /* end of the run */ return NULL; } - if (sid_equal(maps[i]->sid, sid)) { + if (dom_sid_equal(maps[i]->sid, sid)) { return maps[i]; } } diff --git a/source3/winbindd/wb_getgrsid.c b/source3/winbindd/wb_getgrsid.c index bb93be2174..8accc639af 100644 --- a/source3/winbindd/wb_getgrsid.c +++ b/source3/winbindd/wb_getgrsid.c @@ -20,6 +20,7 @@ #include "includes.h" #include "winbindd.h" #include "librpc/gen_ndr/cli_wbint.h" +#include "../libcli/security/dom_sid.h" struct wb_getgrsid_state { struct tevent_context *ev; @@ -55,7 +56,7 @@ struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx, if (lp_winbind_trusted_domains_only()) { struct winbindd_domain *our_domain = find_our_domain(); - if (sid_compare_domain(group_sid, &our_domain->sid) == 0) { + if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) { DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting " "getgrsid() for %s\n", sid_string_tos(group_sid))); tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP); diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 9c48c71aa2..c2ce0a2713 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -30,6 +30,7 @@ #include "../librpc/gen_ndr/ndr_wbint.h" #include "ads.h" #include "nss_info.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -105,35 +106,6 @@ void (*smb_panic_fn)(const char *const why) = smb_panic; static struct winbind_cache *wcache; -void winbindd_check_cache_size(time_t t) -{ - static time_t last_check_time; - struct stat st; - - if (last_check_time == (time_t)0) - last_check_time = t; - - if (t - last_check_time < 60 && t - last_check_time > 0) - return; - - if (wcache == NULL || wcache->tdb == NULL) { - DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n")); - return; - } - - if (fstat(tdb_fd(wcache->tdb), &st) == -1) { - DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) )); - return; - } - - if (st.st_size > WINBINDD_MAX_CACHE_SIZE) { - DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n", - (unsigned long)st.st_size, - (unsigned long)WINBINDD_MAX_CACHE_SIZE)); - wcache_flush_cache(); - } -} - /* get the winbind_cache structure */ static struct winbind_cache *get_cache(struct winbindd_domain *domain) { @@ -147,7 +119,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain) } if (strequal(domain->name, get_global_sam_name()) && - sid_equal(&domain->sid, get_global_sam_sid())) { + dom_sid_equal(&domain->sid, get_global_sam_sid())) { domain->backend = &sam_passdb_methods; domain->initialized = True; } @@ -673,7 +645,7 @@ static struct cache_entry *wcache_fetch_raw(char *kstr) static bool is_my_own_sam_domain(struct winbindd_domain *domain) { if (strequal(domain->name, get_global_sam_name()) && - sid_equal(&domain->sid, get_global_sam_sid())) { + dom_sid_equal(&domain->sid, get_global_sam_sid())) { return true; } @@ -683,7 +655,7 @@ static bool is_my_own_sam_domain(struct winbindd_domain *domain) static bool is_builtin_domain(struct winbindd_domain *domain) { if (strequal(domain->name, "BUILTIN") && - sid_equal(&domain->sid, &global_sid_Builtin)) { + dom_sid_equal(&domain->sid, &global_sid_Builtin)) { return true; } diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index ae6401379a..f43c08f417 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -81,7 +81,6 @@ bool parse_sidlist(TALLOC_CTX *mem_ctx, const char *sidstr, /* The following definitions come from winbindd/winbindd_cache.c */ -void winbindd_check_cache_size(time_t t); struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status); NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const struct dom_sid *sid); NTSTATUS wcache_get_creds(struct winbindd_domain *domain, diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 80f7bb69bf..3ceaa67b7e 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -33,6 +33,7 @@ #include "librpc/gen_ndr/srv_lsa.h" #include "rpc_client/cli_samr.h" #include "rpc_client/cli_lsarpc.h" +#include "../libcli/security/dom_sid.h" /* Query display info for a domain */ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx, @@ -612,7 +613,7 @@ NTSTATUS rpc_lookup_useraliases(TALLOC_CTX *mem_ctx, } for (i = 0; i < num_query_sids; i++) { - sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[total_sids++]); + sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sids[total_sids++]); if (sid_array.sids[i].sid == NULL) { return NT_STATUS_NO_MEMORY; } @@ -739,7 +740,7 @@ NTSTATUS rpc_lookup_groupmem(TALLOC_CTX *mem_ctx, struct lsa_SidPtr sid_ptr; struct samr_Ids rids_query; - sid_ptr.sid = sid_dup_talloc(mem_ctx, group_sid); + sid_ptr.sid = dom_sid_dup(mem_ctx, group_sid); if (sid_ptr.sid == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 671c868273..14be0e26fa 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -23,6 +23,7 @@ #include "includes.h" #include "winbindd.h" #include "secrets.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -135,7 +136,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const continue; } - if (sid_equal(sid, &domain->sid)) { + if (dom_sid_equal(sid, &domain->sid)) { break; } } @@ -146,7 +147,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const * We found a match. Possibly update the SID */ if ((sid != NULL) - && sid_equal(&domain->sid, &global_sid_NULL)) { + && dom_sid_equal(&domain->sid, &global_sid_NULL)) { sid_copy( &domain->sid, sid ); } return domain; @@ -740,7 +741,7 @@ struct winbindd_domain *find_domain_from_sid_noinit(const struct dom_sid *sid) /* Search through list */ for (domain = domain_list(); domain != NULL; domain = domain->next) { - if (sid_compare_domain(sid, &domain->sid) == 0) + if (dom_sid_compare_domain(sid, &domain->sid) == 0) return domain; } diff --git a/source3/wscript_build b/source3/wscript_build index e0e0e5fb50..e5ad33bab4 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -66,78 +66,81 @@ LIBNDR_SCHANNEL_SRC = '''../librpc/gen_ndr/ndr_schannel.c LIBNDR_SPOOLSS_SRC = '''../librpc/gen_ndr/ndr_spoolss.c ../librpc/ndr/ndr_spoolss_buf.c''' +LIBNDR_PREG_SRC = '''librpc/gen_ndr/ndr_preg.c + librpc/ndr/ndr_preg.c''' + LIBNDR_XATTR_SRC = '''../librpc/gen_ndr/ndr_xattr.c ../librpc/ndr/ndr_xattr.c''' LIBCLI_SPOOLSS_SRC = ''' - librpc/gen_ndr/cli_spoolss.c - librpc/gen_ndr/ndr_spoolss_c.c + ../librpc/gen_ndr/cli_spoolss.c + ../librpc/gen_ndr/ndr_spoolss_c.c rpc_client/cli_spoolss.c rpc_client/init_spoolss.c''' LIBCLI_EVENTLOG_SRC = ''' - librpc/gen_ndr/cli_eventlog.c - librpc/gen_ndr/ndr_eventlog_c.c''' + ../librpc/gen_ndr/cli_eventlog.c + ../librpc/gen_ndr/ndr_eventlog_c.c''' LIBCLI_WINREG_SRC = ''' - librpc/gen_ndr/cli_winreg.c - librpc/gen_ndr/ndr_winreg_c.c''' + ../librpc/gen_ndr/cli_winreg.c + ../librpc/gen_ndr/ndr_winreg_c.c''' LIBCLI_NTSVCS_SRC = ''' - librpc/gen_ndr/cli_ntsvcs.c - librpc/gen_ndr/ndr_ntsvcs_c.c''' + ../librpc/gen_ndr/cli_ntsvcs.c + ../librpc/gen_ndr/ndr_ntsvcs_c.c''' LIBCLI_DRSUAPI_SRC = ''' - librpc/gen_ndr/cli_drsuapi.c - librpc/gen_ndr/ndr_drsuapi_c.c''' + ../librpc/gen_ndr/cli_drsuapi.c + ../librpc/gen_ndr/ndr_drsuapi_c.c''' LIBCLI_DFS_SRC = ''' - librpc/gen_ndr/cli_dfs.c - librpc/gen_ndr/ndr_dfs_c.c''' + ../librpc/gen_ndr/cli_dfs.c + ../librpc/gen_ndr/ndr_dfs_c.c''' LIBCLI_ECHO_SRC = ''' - librpc/gen_ndr/cli_echo.c - librpc/gen_ndr/ndr_echo_c.c''' + ../librpc/gen_ndr/cli_echo.c + ../librpc/gen_ndr/ndr_echo_c.c''' LIBCLI_INITSHUTDOWN_SRC = ''' - librpc/gen_ndr/cli_initshutdown.c - librpc/gen_ndr/ndr_initshutdown_c.c''' + ../librpc/gen_ndr/cli_initshutdown.c + ../librpc/gen_ndr/ndr_initshutdown_c.c''' LIBCLI_DSSETUP_SRC = ''' - librpc/gen_ndr/cli_dssetup.c - librpc/gen_ndr/ndr_dssetup_c.c''' + ../librpc/gen_ndr/cli_dssetup.c + ../librpc/gen_ndr/ndr_dssetup_c.c''' LIBCLI_SVCCTL_SRC = ''' - librpc/gen_ndr/cli_svcctl.c - librpc/gen_ndr/ndr_svcctl_c.c''' + ../librpc/gen_ndr/cli_svcctl.c + ../librpc/gen_ndr/ndr_svcctl_c.c''' LIBCLI_WKSSVC_SRC = ''' - librpc/gen_ndr/cli_wkssvc.c - librpc/gen_ndr/ndr_wkssvc_c.c''' + ../librpc/gen_ndr/cli_wkssvc.c + ../librpc/gen_ndr/ndr_wkssvc_c.c''' LIBCLI_SRVSVC_SRC = ''' - librpc/gen_ndr/cli_srvsvc.c - librpc/gen_ndr/ndr_srvsvc_c.c''' + ../librpc/gen_ndr/cli_srvsvc.c + ../librpc/gen_ndr/ndr_srvsvc_c.c''' LIBCLI_LSA_SRC = ''' - librpc/gen_ndr/cli_lsa.c - librpc/gen_ndr/ndr_lsa_c.c + ../librpc/gen_ndr/cli_lsa.c + ../librpc/gen_ndr/ndr_lsa_c.c rpc_client/cli_lsarpc.c rpc_client/init_lsa.c''' LIBCLI_SAMR_SRC = ''' - librpc/gen_ndr/cli_samr.c - librpc/gen_ndr/ndr_samr_c.c + ../librpc/gen_ndr/cli_samr.c + ../librpc/gen_ndr/ndr_samr_c.c rpc_client/cli_samr.c''' LIBCLI_NETLOGON_SRC = ''' - librpc/gen_ndr/cli_netlogon.c - librpc/gen_ndr/ndr_netlogon_c.c + ../librpc/gen_ndr/cli_netlogon.c + ../librpc/gen_ndr/ndr_netlogon_c.c rpc_client/cli_netlogon.c''' LIBCLI_EPMAPPER_SRC = ''' - librpc/gen_ndr/cli_epmapper.c - librpc/gen_ndr/ndr_epmapper_c.c''' + ../librpc/gen_ndr/cli_epmapper.c + ../librpc/gen_ndr/ndr_epmapper_c.c''' LIBNDR_GEN_SRC = '''../librpc/gen_ndr/ndr_wkssvc.c ${LIBNDR_GEN_SRC0} @@ -376,6 +379,8 @@ REG_INIT_FULL_SRC = '''registry/reg_init_full.c''' REGFIO_SRC = '''registry/regfio.c ${REG_PARSE_PRS_SRC}''' +REG_API_REGF_SRC = '''registry/reg_api_regf.c''' + REGSRCS_SRC = '''registry/reg_objects.c''' REG_BACKENDS_BASE_SRC = '''registry/reg_backend_db.c''' @@ -394,7 +399,6 @@ REG_BACKENDS_EXTRA_SRC = '''registry/reg_backend_printing.c REG_BASE_SRC = '''registry/reg_api.c registry/reg_dispatcher.c registry/reg_cachehook.c - ${REGFIO_SRC} ${REGSRCS_SRC} registry/reg_util_internal.c lib/util_nttoken.c @@ -404,7 +408,8 @@ REG_BASE_SRC = '''registry/reg_api.c REG_SMBCONF_SRC = '''${REG_BASE_SRC} ${REG_BACKENDS_SMBCONF_SRC} ${REG_INIT_SMBCONF_SRC} - registry/reg_util_token.c''' + registry/reg_util_token.c + registry/reg_api_util.c''' REG_FULL_SRC = '''${REG_SMBCONF_SRC} ${REG_BACKENDS_EXTRA_SRC} @@ -808,6 +813,8 @@ SMBD_SRC_BASE = '''${SMBD_SRC_SRV} rpc_client/init_samr.c ${AUTH_SRC} ${PRIVILEGES_BASIC_SRC} + ${REGFIO_SRC} + ${REG_API_REGF_SRC} ${LIBNDR_XATTR_SRC}''' PRINTING_SRC = '''printing/pcap.c printing/print_svid.c printing/print_aix.c @@ -874,6 +881,99 @@ CLIENT_SRC = '''${CLIENT_SRC1} ${LIBMSRPC_GEN_SRC} ${LIBCLI_SRVSVC_SRC} rpc_client/init_lsa.c''' +RPCCLIENT_SRC1 = '''rpcclient/rpcclient.c rpcclient/cmd_lsarpc.c + rpcclient/cmd_samr.c rpcclient/cmd_spoolss.c + rpcclient/cmd_netlogon.c rpcclient/cmd_srvsvc.c + rpcclient/cmd_dfs.c rpcclient/cmd_epmapper.c + rpcclient/cmd_dssetup.c rpcclient/cmd_echo.c + rpcclient/cmd_shutdown.c rpcclient/cmd_test.c + rpcclient/cmd_wkssvc.c rpcclient/cmd_ntsvcs.c + rpcclient/cmd_drsuapi.c rpcclient/cmd_eventlog.c + rpcclient/cmd_winreg.c + ${DISPLAY_SEC_SRC}''' + +RPCCLIENT_SRC = '''${RPCCLIENT_SRC1} + ${LIBMSRPC_GEN_SRC} + ${LIBMSRPC_SRC} + ${READLINE_SRC} + ${LIBADS_SRC} + ${DCUTIL_SRC} + ${LIBCLI_SPOOLSS_SRC} + ${LIBCLI_EVENTLOG_SRC} + ${LIBCLI_NTSVCS_SRC} + ${LIBCLI_DRSUAPI_SRC} + ${LIBCLI_DFS_SRC} + ${LIBCLI_ECHO_SRC} + ${LIBCLI_DSSETUP_SRC} + ${LIBCLI_WKSSVC_SRC} + ${LIBCLI_SRVSVC_SRC} + ${LIBCLI_LSA_SRC} + ${LIBCLI_SAMR_SRC} + ${LIBCLI_WINREG_SRC} + ${LIBCLI_NETLOGON_SRC} + ${RPC_CLIENT_SCHANNEL_SRC} + rpc_client/init_netlogon.c + rpc_client/init_samr.c''' + +LIBNET_DSSYNC_SRC = '''libnet/libnet_dssync.c + libnet/libnet_dssync_keytab.c + ../libcli/drsuapi/repl_decrypt.c''' + +LIBNET_SAMSYNC_SRC = '''libnet/libnet_samsync.c + libnet/libnet_samsync_ldif.c + libnet/libnet_samsync_passdb.c + libnet/libnet_samsync_display.c + libnet/libnet_samsync_keytab.c + ../libcli/samsync/decrypt.c''' + +PASSWD_UTIL_SRC = 'utils/passwd_util.c' + +NET_SRC1 = '''utils/net.c utils/net_ads.c utils/net_help.c + utils/net_rap.c utils/net_rpc.c utils/net_rpc_samsync.c + utils/net_rpc_join.c utils/net_time.c utils/net_lookup.c + utils/net_cache.c utils/net_groupmap.c utils/net_idmap.c + utils/net_status.c utils/net_rpc_printer.c utils/net_rpc_rights.c + utils/net_rpc_service.c utils/net_rpc_registry.c utils/net_usershare.c + utils/netlookup.c utils/net_sam.c utils/net_rpc_shell.c + utils/net_util.c utils/net_rpc_sh_acct.c utils/net_rpc_audit.c + ${PASSWD_UTIL_SRC} utils/net_dns.c utils/net_ads_gpo.c + utils/net_conf.c utils/net_join.c utils/net_user.c + utils/net_group.c utils/net_file.c utils/net_registry.c + auth/token_util.c utils/net_dom.c utils/net_share.c + utils/net_g_lock.c + utils/net_serverid.c + utils/net_eventlog.c + utils/net_printing.c + ${LIBNDR_NTPRINTING_SRC} + ${LIBNDR_PREG_SRC} + ${LIBCLI_SPOOLSS_SRC} + ${LIBCLI_WINREG_SRC} + ${LIBCLI_DRSUAPI_SRC} + ${LIBCLI_INITSHUTDOWN_SRC} + ${LIBCLI_DSSETUP_SRC} + ${LIBCLI_SVCCTL_SRC} + ${LIBCLI_WKSSVC_SRC} + ${LIBCLI_SRVSVC_SRC} + ${LIBCLI_LSA_SRC} + ${LIBCLI_SAMR_SRC} + ${LIBCLI_NETLOGON_SRC} + ${RPC_CLIENT_SCHANNEL_SRC} + rpc_client/init_netlogon.c + rpc_client/init_samr.c''' + + +NET_SRC2 = 'utils/net_registry_util.c utils/net_help_common.c' + +NET_SRC = '''${NET_SRC1} + ${NET_SRC2} + ${LIBADDNS_SRC0} + ${LIBMSRPC_SRC} ${LIBMSRPC_GEN_SRC} + ${LIBADS_SRC} ${LIBADS_SERVER_SRC} ${LIBADS_PRINTER_SRC} + ${DCUTIL_SRC} + ${AFS_SRC} ${AFS_SETTOKEN_SRC} ${READLINE_SRC} + ${LIBGPO_SRC} ${DISPLAY_SEC_SRC} + ${LIBNET_SRC} ${LIBNET_DSSYNC_SRC} ${LIBNET_SAMSYNC_SRC} + ${LIB_EVENTLOG_SRC} ${REGFIO_SRC}''' LIBS='ICONV' @@ -925,7 +1025,7 @@ for prefix in bld.env.MODULE_PREFIXES: bld.SAMBA_SUBSYSTEM('WBCOMMON', source=WBCOMMON_SRC) -bld.SAMBA_SUBSYSTEM('LIBWBCLIENT', +bld.SAMBA_LIBRARY('libwbclient', source='''../nsswitch/libwbclient/wbc_guid.c ../nsswitch/libwbclient/wbc_idmap.c ../nsswitch/libwbclient/wbclient.c @@ -935,6 +1035,24 @@ bld.SAMBA_SUBSYSTEM('LIBWBCLIENT', ../nsswitch/libwbclient/wbc_util.c''', public_deps='talloc WBCOMMON') +bld.SAMBA_LIBRARY('libnetapi', + source='''lib/netapi/netapi.c + lib/netapi/cm.c + librpc/gen_ndr/ndr_libnetapi.c + lib/netapi/libnetapi.c + lib/netapi/joindomain.c + lib/netapi/serverinfo.c + lib/netapi/getdc.c + lib/netapi/user.c + lib/netapi/group.c + lib/netapi/localgroup.c + lib/netapi/samr.c + lib/netapi/sid.c + lib/netapi/share.c + lib/netapi/file.c + lib/netapi/shutdown.c + lib/netapi/netlogon.c''', + public_deps='''talloc tdb''') bld.SAMBA_SUBSYSTEM('ASN1_UTIL', source='../lib/util/asn1.c', @@ -1014,14 +1132,14 @@ bld.SAMBA_SUBSYSTEM('SMBLDAP', bld.SAMBA_BINARY('smbd/smbd', source=SMBD_SRC, deps='''tdb DYNCONFIG tevent dl krb5 ldap gssapi gssapi_krb5 - NSS_WRAPPER LIBWBCLIENT crypt nsl cups cap resolv ZLIB PASSDB + NSS_WRAPPER libwbclient crypt nsl cups cap resolv ZLIB PASSDB PARAM_WITHOUT_REG LIBS LIBSMB POPT_SAMBA KRBCLIENT AVAHI''', install_path='${SBINDIR}', vars=locals()) bld.SAMBA_BINARY('nmbd/nmbd', source=NMBD_SRC, - deps='''talloc tdb tevent ZLIB cap resolv LIBWBCLIENT dl + deps='''talloc tdb tevent ZLIB cap resolv libwbclient dl NSS_WRAPPER DYNCONFIG PASSDB PARAM ldap LIB_NONSMBD LIBSMB POPT_SAMBA KRBCLIENT''', install_path='${SBINDIR}', @@ -1030,7 +1148,7 @@ bld.SAMBA_BINARY('nmbd/nmbd', bld.SAMBA_BINARY('winbindd/winbindd', source=WINBINDD_SRC, deps='''talloc tdb tevent cap dl DYNCONFIG ZLIB NSS_WRAPPER - LIBWBCLIENT PASSDB ldap resolv PARAM LIB_NONSMBD LIBSMB + libwbclient PASSDB ldap resolv PARAM LIB_NONSMBD LIBSMB POPT_SAMBA KRBCLIENT''', enabled=bld.env.build_winbind, install_path='${SBINDIR}', @@ -1038,7 +1156,7 @@ bld.SAMBA_BINARY('winbindd/winbindd', bld.SAMBA_BINARY('web/swat', source=SWAT_SRC, - deps='''talloc tevent cap DYNCONFIG LIBS LIBSMB LIBWBCLIENT PARAM + deps='''talloc tevent cap DYNCONFIG LIBS LIBSMB libwbclient PARAM LIB_NONSMBD resolv PASSDB POPT_SAMBA KRBCLIENT cups''', enabled=bld.env.build_swat, install_path='${SBINDIR}', @@ -1047,12 +1165,18 @@ bld.SAMBA_BINARY('web/swat', bld.SAMBA_BINARY('smbclient', source=CLIENT_SRC, deps='''talloc tdb cap resolv POPT_SAMBA PASSDB LIBSMB LIB_NONSMBD - PARAM_WITHOUT_REG LIBWBCLIENT DYNCONFIG PARAM KRBCLIENT''', + PARAM_WITHOUT_REG libwbclient DYNCONFIG PARAM KRBCLIENT''', + vars=locals()) + +bld.SAMBA_BINARY('rpcclient/rpcclient', + source=RPCCLIENT_SRC, + deps='''talloc tdb cap resolv POPT_SAMBA PASSDB LIBSMB LIB_NONSMBD + PARAM_WITHOUT_REG libwbclient DYNCONFIG PARAM KRBCLIENT''', vars=locals()) bld.SAMBA_BINARY('wbinfo', source=WBINFO_SRC, - deps='''talloc LIBWBCLIENT DYNCONFIG tevent cap + deps='''talloc libwbclient DYNCONFIG tevent cap NSS_WRAPPER ASN1_UTIL LIBTSOCKET PASSDB ldap PARAM LIB_NONSMBD LIBSAMBA POPT_SAMBA''', vars=locals()) @@ -1060,14 +1184,21 @@ bld.SAMBA_BINARY('wbinfo', bld.SAMBA_BINARY('testparm', source=TESTPARM_SRC, deps='''talloc tevent DYNCONFIG ldap cap NSS_WRAPPER - LIBWBCLIENT ASN1_UTIL LIBTSOCKET PASSDB PARAM LIB_NONSMBD + libwbclient ASN1_UTIL LIBTSOCKET PASSDB PARAM LIB_NONSMBD LIBSMB_ERR POPT_SAMBA''', vars=locals()) bld.SAMBA_BINARY('eventlogadm', source=EVTLOGADM_SRC, deps='''talloc tevent cap POPT_SAMBA DYNCONFIG LIBS PARAM - LIB_NONSMBD LIBSMB_ERR PASSDB LIBWBCLIENT''', + LIB_NONSMBD LIBSMB_ERR PASSDB libwbclient''', + vars=locals()) + +bld.SAMBA_BINARY('net', + source=NET_SRC, + deps='''talloc tdb libnetapi cap resolv POPT_SAMBA PASSDB LIBSMB LIB_NONSMBD + PARAM_WITHOUT_REG libwbclient DYNCONFIG PARAM KRBCLIENT + LOCALE_DIR''', vars=locals()) swat_files=recursive_dirlist('../swat', '../swat', '*') |