diff options
Diffstat (limited to 'source3')
122 files changed, 1172 insertions, 15349 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 9b4c8d5c04..843e843a1e 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -65,7 +65,6 @@ RPCLIBDIR = $(LIBDIR)/rpc IDMAPLIBDIR = $(LIBDIR)/idmap CHARSETLIBDIR = $(LIBDIR)/charset AUTHLIBDIR = $(LIBDIR)/auth -CONFIGLIBDIR = $(LIBDIR)/config CONFIGDIR = @configdir@ VARDIR = @localstatedir@ MANDIR = @mandir@ @@ -155,8 +154,7 @@ RPC_MODULES = @RPC_MODULES@ IDMAP_MODULES = @IDMAP_MODULES@ CHARSET_MODULES = @CHARSET_MODULES@ AUTH_MODULES = @AUTH_MODULES@ -CONFIG_MODULES = @CONFIG_MODULES@ -MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) $(CONFIG_MODULES) +MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) ###################################################################### # object file lists @@ -165,7 +163,7 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSE TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o tdb/tdbback.o -SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@ +SMBLDAP_OBJ = @SMBLDAP@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/getsmbpass.o lib/interface.o lib/md4.o \ @@ -186,8 +184,7 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \ - lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o \ - lib/genparser.o lib/genparser_samba.o + lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o @@ -202,7 +199,7 @@ POPT_LIB_OBJ = lib/popt_common.o UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o -PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o param/modconf.o +PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o @@ -240,7 +237,7 @@ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \ rpc_client/cli_reg.o rpc_client/cli_pipe.o \ rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \ rpc_client/cli_ds.o rpc_client/cli_echo.o \ - rpc_client/cli_shutdown.o rpc_client/cli_epmapper.o + rpc_client/cli_shutdown.o REGOBJS_OBJ = registry/reg_objects.o REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \ @@ -269,8 +266,6 @@ RPC_PIPE_OBJ = rpc_server/srv_pipe_hnd.o rpc_server/srv_util.o \ RPC_ECHO_OBJ = rpc_server/srv_echo.o rpc_server/srv_echo_nt.o -RPC_EPMAPPER_OBJ = rpc_server/srv_epmapper.o rpc_server/srv_epmapper_nt.o - RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) # this includes only the low level parse code, not stuff @@ -284,15 +279,13 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \ rpc_parse/parse_wks.o rpc_parse/parse_ds.o \ rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o \ rpc_parse/parse_echo.o rpc_parse/parse_shutdown.o \ - rpc_parse/parse_epmapper.o $(REGOBJS_OBJ) + $(REGOBJS_OBJ) RPC_CLIENT_OBJ = rpc_client/cli_pipe.o LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o smbd/tdbutil.o -GUMS_OBJ = sam/gums.o sam/gums_api.o sam/gums_helper.o @GUMS_STATIC@ - PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ @@ -347,8 +340,6 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/auth_compat.o \ MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o -CONFIG_LDAP_OBJ = param/config_ldap.o - SMBD_OBJ_MAIN = smbd/server.o BUILDOPT_OBJ = smbd/build_options.o @@ -451,9 +442,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o libsmb/passchange.o $(PARAM_OBJ) $(SECRETS_OBJ $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) lib/dummyroot.o -PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) \ +PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \ $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(KRBCLIENT_OBJ) $(RPC_PARSE_OBJ) lib/dummyroot.o + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) lib/dummyroot.o SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) $(SECRETS_OBJ) @@ -462,8 +453,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \ rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \ rpcclient/display_sec.o rpcclient/cmd_ds.o \ - rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o \ - rpcclient/cmd_epmapper.o + rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \ @@ -516,7 +506,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \ utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \ utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \ utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \ - utils/net_status.o utils/net_privileges.o + utils/net_status.o NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ @@ -602,10 +592,9 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \ $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \ $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \ $(LIB_SMBD_OBJ) $(AUTH_SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \ - $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \ - $(RPC_LSA_DS_OBJ) $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) \ - $(RPC_SPOOLSS_OBJ) $(RPC_ECHO_OBJ) $(RPC_EPMAPPER_OBJ) \ - $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o + $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) $(RPC_LSA_DS_OBJ) \ + $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \ + $(RPC_ECHO_OBJ) $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) @@ -637,7 +626,6 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_wins.o \ nsswitch/winbindd_rpc.o \ nsswitch/winbindd_ads.o \ - nsswitch/winbindd_passdb.o \ nsswitch/winbindd_dual.o \ nsswitch/winbindd_acct.o @@ -879,7 +867,7 @@ bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) $(KRB5LIBS) + @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) bin/smbget@EXEEXT@: $(SMBGET_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @@ -1042,11 +1030,6 @@ bin/librpc_echo.@SHLIBEXT@: $(RPC_ECHO_OBJ) @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_ECHO_OBJ) -lc \ @SONAMEFLAG@`basename $@` -bin/librpc_epmapper.@SHLIBEXT@: $(RPC_EPMAPPER_OBJ) - @echo "Linking $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_EPMAPPER_OBJ) -lc \ - @SONAMEFLAG@`basename $@` - bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @echo "Linking $@" @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) @@ -1188,11 +1171,6 @@ bin/cap.@SHLIBEXT@: $(VFS_CAP_OBJ:.o=.@PICSUFFIX@) @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_CAP_OBJ:.o=.@PICSUFFIX@) \ @SONAMEFLAG@`basename $@` -bin/config_ldap.@SHLIBEXT@: $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) - @echo "Building plugin $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) \ - @SMBLDAP@ @LDAP_LIBS@ @SONAMEFLAG@`basename $@` - bin/wbinfo@EXEEXT@: $(WBINFO_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(LINK) -o $@ $(WBINFO_OBJ) $(LIBS) @POPTLIBS@ @@ -1428,15 +1406,6 @@ utils/net_proto.h: -h _NET_PROTO_H_ $(builddir)/utils/net_proto.h \ $(NET_OBJ1) -include/tdbsam2_parse_info.h: - @if test -n "$(PERL)"; then \ - cd $(srcdir) && @PERL@ -w script/genstruct.pl \ - -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \ - include/gums.h; \ - else \ - echo Unable to build $@, continuing; \ - fi - # "make headers" or "make proto" calls a subshell because we need to # make sure these commands are executed in sequence even for a # parallel make. @@ -1449,12 +1418,7 @@ headers: $(MAKE) nsswitch/winbindd_proto.h; \ $(MAKE) web/swat_proto.h; \ $(MAKE) client/client_proto.h; \ - $(MAKE) utils/net_proto.h; - -prebuiltheaders: - $(MAKE) include/tdbsam2_parse_info.h - -genparse: prebuiltheaders + $(MAKE) utils/net_proto.h proto: headers diff --git a/source3/VERSION b/source3/VERSION index d7f386ab42..00ec36133b 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -18,8 +18,8 @@ # -> "3.0.0" # ######################################################## SAMBA_VERSION_MAJOR=3 -SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_MINOR=0 +SAMBA_VERSION_RELEASE=3 ######################################################## # If a official release has a serious bug # @@ -41,7 +41,7 @@ SAMBA_VERSION_REVISION= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # ######################################################## -SAMBA_VERSION_PRE_RELEASE= +SAMBA_VERSION_PRE_RELEASE=2 ######################################################## # For 'rc' releases the version will be # @@ -71,7 +71,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # -> "4.0.0alpha1" # ######################################################## -SAMBA_VERSION_ALPHA_RELEASE=1 +SAMBA_VERSION_ALPHA_RELEASE= ######################################################## # For 'test' releases the version will be # diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 0de47f9107..f62cc2fb9e 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -803,23 +803,6 @@ static NTSTATUS add_user_groups(auth_serversupplied_info **server_info, } /*************************************************************************** -Fill a server_info struct from a SAM_ACCOUNT with its privileges -***************************************************************************/ - -static NTSTATUS add_privileges(auth_serversupplied_info **server_info) -{ - PRIVILEGE_SET *privs = NULL; - - init_privilege(&privs); - if (!pdb_get_privilege_set((*server_info)->ptok, privs)) - DEBUG(1, ("Could not add privileges\n")); - - (*server_info)->privs = privs; - - return NT_STATUS_OK; -} - -/*************************************************************************** Make (and fill) a user_info struct from a SAM_ACCOUNT ***************************************************************************/ @@ -855,11 +838,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, return nt_status; } - if (!NT_STATUS_IS_OK(nt_status = add_privileges(server_info))) { - free_server_info(server_info); - return nt_status; - } - (*server_info)->sam_fill_level = SAM_FILL_ALL; DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", pdb_get_username(sampass), diff --git a/source3/bin/.cvsignore b/source3/bin/.cvsignore index 3144075134..fd5d9372e4 100644 --- a/source3/bin/.cvsignore +++ b/source3/bin/.cvsignore @@ -1,7 +1,8 @@ -debug2html +*.so .dummy -editreg .libs +debug2html +editreg locktest locktest2 log2pcap @@ -39,17 +40,16 @@ smbstatus smbtorture smbtree smbumount -*.so swat +t_push_ucs2 +t_snprintf +t_strcmp +t_stringoverflow talloctort tdbbackup tdbdump testparm testprns -t_push_ucs2 -t_snprintf -t_strcmp -t_stringoverflow vfstest wbinfo winbindd diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index 8c23cc2212..504de9e629 100755 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -38,12 +38,16 @@ #include <fcntl.h> #define MOUNT_CIFS_VERSION_MAJOR "1" -#define MOUNT_CIFS_VERSION_MINOR "0" +#define MOUNT_CIFS_VERSION_MINOR "1" #ifndef MOUNT_CIFS_VENDOR_SUFFIX #define MOUNT_CIFS_VENDOR_SUFFIX "" #endif +#ifndef MS_MOVE +#define MS_MOVE 8192 +#endif + char * thisprogram; int verboseflag = 0; static int got_password = 0; @@ -227,7 +231,7 @@ static int get_password_from_file(int file_descript, char * filename) return rc; } -static int parse_options(char * options) +static int parse_options(char * options, int * filesys_flags) { char * data; char * percent_char = 0; @@ -394,7 +398,7 @@ static int parse_options(char * options) if (strcmp (data, "fmask") == 0) { printf ("WARNING: CIFS mount option 'fmask' is deprecated. Use 'file_mode' instead.\n"); - data = "file_mode"; + data = "file_mode"; /* BB fix this */ } } else if (strcmp(data, "dir_mode") == 0 || strcmp(data, "dmask")==0) { if (!value || !*value) { @@ -410,29 +414,50 @@ static int parse_options(char * options) printf ("WARNING: CIFS mount option 'dmask' is deprecated. Use 'dir_mode' instead.\n"); data = "dir_mode"; } + /* the following eight mount options should be + stripped out from what is passed into the kernel + since these eight options are best passed as the + mount flags rather than redundantly to the kernel + and could generate spurious warnings depending on the + level of the corresponding cifs vfs kernel code */ + } else if (strncmp(data, "nosuid", 6) == 0) { + *filesys_flags |= MS_NOSUID; + } else if (strncmp(data, "suid", 4) == 0) { + *filesys_flags &= ~MS_NOSUID; + } else if (strncmp(data, "nodev", 5) == 0) { + *filesys_flags |= MS_NODEV; + } else if (strncmp(data, "dev", 3) == 0) { + *filesys_flags &= ~MS_NODEV; + } else if (strncmp(data, "noexec", 6) == 0) { + *filesys_flags |= MS_NOEXEC; + } else if (strncmp(data, "exec", 4) == 0) { + *filesys_flags &= ~MS_NOEXEC; + } else if (strncmp(data, "ro", 2) == 0) { + *filesys_flags |= MS_RDONLY; + } else if (strncmp(data, "rw", 2) == 0) { + *filesys_flags &= ~MS_RDONLY; } /* else if (strnicmp(data, "port", 4) == 0) { - if (value && *value) { - vol->port = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "rsize", 5) == 0) { - if (value && *value) { - vol->rsize = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "wsize", 5) == 0) { - if (value && *value) { - vol->wsize = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "version", 3) == 0) { - - } else if (strnicmp(data, "rw", 2) == 0) { - - } else - printf("CIFS: Unknown mount option %s\n",data); */ + if (value && *value) { + vol->port = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "rsize", 5) == 0) { + if (value && *value) { + vol->rsize = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "wsize", 5) == 0) { + if (value && *value) { + vol->wsize = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "version", 3) == 0) { + } else { + printf("CIFS: Unknown mount option %s\n",data); + } */ /* nothing to do on those four mount options above. + Just pass to kernel and ignore them here */ - /* move to next option */ + /* move to next option */ data = next_keyword+1; /* put overwritten equals sign back */ @@ -440,7 +465,7 @@ static int parse_options(char * options) value--; *value = '='; } - + /* put previous overwritten comma back */ if(next_keyword) *next_keyword = ','; @@ -522,7 +547,9 @@ char * parse_server(char * unc_name) static struct option longopts[] = { { "all", 0, 0, 'a' }, - { "help", 0, 0, 'h' }, + { "help",0, 0, 'h' }, + { "move",0, 0, 'm' }, + { "bind",0, 0, 'b' }, { "read-only", 0, 0, 'r' }, { "ro", 0, 0, 'r' }, { "verbose", 0, 0, 'v' }, @@ -530,12 +557,11 @@ static struct option longopts[] = { { "read-write", 0, 0, 'w' }, { "rw", 0, 0, 'w' }, { "options", 1, 0, 'o' }, - { "types", 1, 0, 't' }, + { "type", 1, 0, 't' }, { "rsize",1, 0, 'R' }, { "wsize",1, 0, 'W' }, { "uid", 1, 0, '1'}, { "gid", 1, 0, '2'}, - { "uuid",1,0,'U' }, { "user",1,0,'u'}, { "username",1,0,'u'}, { "dom",1,0,'d'}, @@ -544,13 +570,14 @@ static struct option longopts[] = { { "pass",1,0,'p'}, { "credentials",1,0,'c'}, { "port",1,0,'P'}, + /* { "uuid",1,0,'U'}, */ /* BB unimplemented */ { NULL, 0, 0, 0 } }; int main(int argc, char ** argv) { int c; - int flags = MS_MANDLOCK | MS_MGC_VAL; + int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */ char * orgoptions = NULL; char * share_name = NULL; char * domain_name = NULL; @@ -615,6 +642,12 @@ int main(int argc, char ** argv) case 'n': ++nomtab; break; + case 'b': + flags |= MS_BIND; + break; + case 'm': + flags |= MS_MOVE; + break; case 'o': orgoptions = strdup(optarg); break; @@ -693,7 +726,7 @@ int main(int argc, char ** argv) ipaddr = parse_server(share_name); - if (orgoptions && parse_options(orgoptions)) + if (orgoptions && parse_options(orgoptions, &flags)) return 1; /* BB save off path and pop after mount returns? */ @@ -701,9 +734,10 @@ int main(int argc, char ** argv) if(chdir(mountpoint)) { printf("mount error: can not change directory into mount target %s\n",mountpoint); + return -1; } - if(stat (mountpoint, &statbuf)) { + if(stat (".", &statbuf)) { printf("mount error: mount point %s does not exist\n",mountpoint); return -1; } @@ -715,7 +749,11 @@ int main(int argc, char ** argv) if((getuid() != 0) && (geteuid() == 0)) { if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) { - printf("setuid mount allowed\n"); +#ifndef CIFS_ALLOW_USR_SUID + /* Do not allow user mounts to control suid flag + for mount unless explicitly built that way */ + flags |= MS_NOSUID | MS_NODEV; +#endif } else { printf("mount error: permission denied or not superuser and cifs.mount not installed SUID\n"); return -1; @@ -746,6 +784,12 @@ int main(int argc, char ** argv) optlen += strlen(mountpassword) + 6; options = malloc(optlen + 10); + if(options == NULL) { + printf("Could not allocate memory for mount options\n"); + return -1; + } + + options[0] = 0; strncat(options,"unc=",4); strcat(options,share_name); diff --git a/source3/configure.in b/source3/configure.in index c58f640a00..f92ea2d080 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -220,7 +220,6 @@ AC_SUBST(SMBWRAPPER) AC_SUBST(EXTRA_BIN_PROGS) AC_SUBST(EXTRA_SBIN_PROGS) AC_SUBST(EXTRA_ALL_TARGETS) -AC_SUBST(CONFIG_LIBS) AC_ARG_ENABLE(debug, [ --enable-debug Turn on compiler debugging information (default=no)], @@ -358,7 +357,7 @@ DYNEXP= dnl Add modules that have to be built by default here dnl These have to be built static: -default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_epmapper auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin" +default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin" dnl These are preferably build shared, and static if dlopen() is not available default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap charset_CP850 charset_CP437" @@ -1686,7 +1685,7 @@ dnl Try to find iconv(3) LDFLAGS=$save_LDFLAGS LIB_ADD_DIR(LDFLAGS, "$i/lib") CFLAGS_ADD_DIR(CPPFLAGS, "$i/include") - LIBS="$save_LIBS" + LIBS="$save_LIBS" ICONV_LOCATION=$i export LDFLAGS LIBS CPPFLAGS dnl Now, check for a working iconv ... we want to do it here because @@ -2407,8 +2406,6 @@ AC_MSG_RESULT($with_ldap_support) SMBLDAP="" AC_SUBST(SMBLDAP) -SMBLDAPUTIL="" -AC_SUBST(SMBLDAPUTIL) if test x"$with_ldap_support" != x"no"; then ################################################################## @@ -2464,9 +2461,7 @@ if test x"$with_ldap_support" != x"no"; then if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available]) default_static_modules="$default_static_modules pdb_ldap idmap_ldap"; - default_shared_modules="$default_shared_modules config_ldap"; SMBLDAP="lib/smbldap.o" - SMBLDAPUTIL="lib/smbldap_util.o" with_ldap_support=yes AC_MSG_CHECKING(whether LDAP support is used) AC_MSG_RESULT(yes) @@ -4298,7 +4293,6 @@ MODULE_pdb_guest=STATIC MODULE_rpc_spoolss=STATIC MODULE_rpc_srv=STATIC MODULE_idmap_tdb=STATIC -MODULE_gums_tdbsam2=STATIC AC_ARG_WITH(static-modules, [ --with-static-modules=MODULES Comma-seperated list of names of modules to statically link in], @@ -4336,12 +4330,8 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, "bin/ldapsam.$SHLIBEXT", PDB, SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB) SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB) SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB) -SMB_MODULE(pdb_gums, [passdb/pdb_gums.o \$(GUMS_OBJ)], "bin/gums.$SHLIBEXT", PDB) SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o) -SMB_MODULE(gums_tdbsam2, sam/gums_tdbsam2.o, "bin/tdbsam2.$SHLIBEXT", GUMS) -SMB_SUBSYSTEM(GUMS) - SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC) SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC) SMB_MODULE(rpc_lsa_ds, \$(RPC_LSA_DS_OBJ), "bin/librpc_lsa_ds.$SHLIBEXT", RPC) @@ -4352,8 +4342,6 @@ SMB_MODULE(rpc_srv, \$(RPC_SVC_OBJ), "bin/librpc_srvsvc.$SHLIBEXT", RPC) SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), "bin/librpc_spoolss.$SHLIBEXT", RPC) SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), "bin/librpc_samr.$SHLIBEXT", RPC) SMB_MODULE(rpc_echo, \$(RPC_ECHO_OBJ), "bin/librpc_echo.$SHLIBEXT", RPC) -SMB_MODULE(rpc_epmapper, \$(RPC_EPMAPPER_OBJ), "bin/librpc_epmapper.$SHLIBEXT", - RPC) SMB_SUBSYSTEM(RPC,smbd/server.o) SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, "bin/idmap_ldap.$SHLIBEXT", IDMAP) @@ -4385,9 +4373,6 @@ SMB_MODULE(vfs_readonly, \$(VFS_READONLY_OBJ), "bin/readonly.$SHLIBEXT", VFS) SMB_MODULE(vfs_cap, \$(VFS_CAP_OBJ), "bin/cap.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) -SMB_MODULE(config_ldap, param/config_ldap.o, "bin/config_ldap.$SHLIBEXT", CONFIG, [ CONFIG_LIBS="$CONFIG_LIBS $LDAP_LIBS" "$SMBLDAP" ]) -SMB_SUBSYSTEM(CONFIG, param/modconf.o) - AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules]) ################################################# diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 319d39c99f..d10a7decb7 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -27,7 +27,17 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V2 2 /* le format. */ #define GROUP_PREFIX "UNIXGROUP/" -#define ALIASMEM_PREFIX "ALIASMEMBERS/" + +PRIVS privs[] = { + {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ + {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, + {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" }, + {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" }, + {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" }, + {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, + {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } +}; + /**************************************************************************** dump the mapping group mapping to a text file @@ -362,7 +372,7 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) Remove a group mapping entry. ****************************************************************************/ -static BOOL group_map_remove(const DOM_SID *sid) +static BOOL group_map_remove(DOM_SID sid) { TDB_DATA kbuf, dbuf; pstring key; @@ -375,7 +385,7 @@ static BOOL group_map_remove(const DOM_SID *sid) /* the key is the SID, retrieving is direct */ - sid_to_string(string_sid, sid); + sid_to_string(string_sid, &sid); slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dptr = key; @@ -479,263 +489,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, return True; } -static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - GROUP_MAP map; - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - char *new_memberstring; - int result; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!get_group_map_from_sid(*alias, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; - - sid_to_string(string_sid, alias); - slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - dbuf = tdb_fetch(tdb, kbuf); - - sid_to_string(string_sid, member); - - if (dbuf.dptr != NULL) { - asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr), - string_sid); - } else { - new_memberstring = strdup(string_sid); - } - - if (new_memberstring == NULL) - return NT_STATUS_NO_MEMORY; - - SAFE_FREE(dbuf.dptr); - dbuf.dsize = strlen(new_memberstring)+1; - dbuf.dptr = new_memberstring; - - result = tdb_store(tdb, kbuf, dbuf, 0); - - SAFE_FREE(new_memberstring); - - return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED); -} - -static void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID)); - - if (*sids == NULL) - return; - - sid_copy(&((*sids)[*num]), sid); - *num += 1; - - return; -} - -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num) -{ - GROUP_MAP map; - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - const char *p; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!get_group_map_from_sid(*alias, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; - - *sids = NULL; - *num = 0; - - sid_to_string(string_sid, alias); - slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - dbuf = tdb_fetch(tdb, kbuf); - - if (dbuf.dptr == NULL) { - return NT_STATUS_OK; - } - - p = dbuf.dptr; - - while (next_token(&p, string_sid, " ", sizeof(string_sid))) { - - DOM_SID sid; - - if (!string_to_sid(&sid, string_sid)) - continue; - - add_sid_to_array(&sid, sids, num); - - if (sids == NULL) - return NT_STATUS_NO_MEMORY; - } - - SAFE_FREE(dbuf.dptr); - - return NT_STATUS_OK; -} - -/* This is racy as hell, but hey, it's only a prototype :-) */ - -static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - NTSTATUS result; - DOM_SID *sids; - int i, num; - BOOL found = False; - char *member_string; - TDB_DATA kbuf, dbuf; - pstring key; - fstring sid_string; - - result = enum_aliasmem(alias, &sids, &num); - - if (!NT_STATUS_IS_OK(result)) - return result; - - for (i=0; i<num; i++) { - if (sid_compare(&sids[i], member) == 0) { - found = True; - break; - } - } - - if (!found) { - SAFE_FREE(sids); - return NT_STATUS_MEMBER_NOT_IN_ALIAS; - } - - if (i < num) - sids[i] = sids[num-1]; - - num -= 1; - - member_string = strdup(""); - - if (member_string == NULL) { - SAFE_FREE(sids); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i<num; i++) { - char *s = member_string; - - sid_to_string(sid_string, &sids[i]); - asprintf(&member_string, "%s %s", s, sid_string); - - SAFE_FREE(s); - if (member_string == NULL) { - SAFE_FREE(sids); - return NT_STATUS_NO_MEMORY; - } - } - - sid_to_string(sid_string, alias); - slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, sid_string); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - dbuf.dsize = strlen(member_string)+1; - dbuf.dptr = member_string; - - result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ? - NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; - - SAFE_FREE(sids); - SAFE_FREE(member_string); - - return result; -} - -static BOOL is_foreign_alias_member(const DOM_SID *sid, const DOM_SID *alias) -{ - DOM_SID *members; - int i, num; - BOOL result = False; - - if (!NT_STATUS_IS_OK(enum_aliasmem(alias, &members, &num))) - return False; - - for (i=0; i<num; i++) { - - if (sid_compare(&members[i], sid) == 0) { - result = True; - break; - } - } - - SAFE_FREE(members); - return result; -} - -static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - GROUP_MAP *maps; - int i, num_maps; - - *num = 0; - *sids = NULL; - - if (!enum_group_mapping(SID_NAME_WKN_GRP, &maps, &num_maps, False)) - return NT_STATUS_NO_MEMORY; - - for (i=0; i<num_maps; i++) { - - if (is_foreign_alias_member(sid, &maps[i].sid)) { - - add_sid_to_array(&maps[i].sid, sids, num); - - if (sids == NULL) { - SAFE_FREE(maps); - return NT_STATUS_NO_MEMORY; - } - } - } - SAFE_FREE(maps); - - if (!enum_group_mapping(SID_NAME_ALIAS, &maps, &num_maps, False)) - return NT_STATUS_NO_MEMORY; - - for (i=0; i<num_maps; i++) { - if (is_foreign_alias_member(sid, &maps[i].sid)) { - - add_sid_to_array(&maps[i].sid, sids, num); - - if (sids == NULL) { - SAFE_FREE(maps); - return NT_STATUS_NO_MEMORY; - } - } - } - SAFE_FREE(maps); - - return NT_STATUS_OK; -} - /* * * High level functions @@ -815,8 +568,7 @@ BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map) if ( !ret ) return False; - if ( ( (map->sid_name_use != SID_NAME_ALIAS) && - (map->sid_name_use != SID_NAME_WKN_GRP) ) + if ( (map->sid_name_use != SID_NAME_ALIAS) || (map->gid == -1) || (getgrgid(map->gid) == NULL) ) { @@ -952,9 +704,6 @@ BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) int i=0; char *gr; DOM_SID *s; - DOM_SID sid; - DOM_SID *members; - int num_members; struct sys_pwent *userlist; struct sys_pwent *user; @@ -1054,18 +803,6 @@ BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids)); winbind_on(); - - if ( NT_STATUS_IS_OK(gid_to_sid(&sid, gid)) && - NT_STATUS_IS_OK(enum_aliasmem(&sid, &members, &num_members)) ) { - - for (i=0; i<num_members; i++) { - add_sid_to_array(&members[i], sids, num_sids); - - if (sids == NULL) - return False; - } - } - return True; } @@ -1279,151 +1016,10 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, DOM_SID sid) { - return group_map_remove(&sid) ? + return group_map_remove(sid) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, - const char *name, DOM_SID *sid) -{ - GROUP_MAP map; - - if (!get_group_map_from_ntname(name, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ((map.sid_name_use != SID_NAME_WKN_GRP) && - (map.sid_name_use != SID_NAME_ALIAS)) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - sid_copy(sid, &map.sid); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, - const char *name, uint32 *rid) -{ - DOM_SID sid; - enum SID_NAME_USE type; - uint32 new_rid; - gid_t gid; - - if (lookup_name(get_global_sam_name(), name, &sid, &type)) - return NT_STATUS_ALIAS_EXISTS; - - if (!winbind_allocate_rid(&new_rid)) - return NT_STATUS_ACCESS_DENIED; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, new_rid); - - /* Here we allocate the gid */ - if (!winbind_sid_to_gid(&gid, &sid)) { - DEBUG(0, ("Could not get gid for new RID\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!add_initial_entry(gid, sid_string_static(&sid), SID_NAME_ALIAS, - name, "")) { - DEBUG(0, ("Could not add group mapping entry for alias %s\n", - name)); - return NT_STATUS_ACCESS_DENIED; - } - - *rid = new_rid; - - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, - const DOM_SID *sid) -{ - if (!group_map_remove(sid)) - return NT_STATUS_ACCESS_DENIED; - - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - extern DOM_SID global_sid_Builtin; - - GROUP_MAP *map; - int i, num_maps; - enum SID_NAME_USE type = SID_NAME_UNKNOWN; - - if (sid_compare(sid, get_global_sam_sid()) == 0) - type = SID_NAME_ALIAS; - - if (sid_compare(sid, &global_sid_Builtin) == 0) - type = SID_NAME_WKN_GRP; - - if (!enum_group_mapping(type, &map, &num_maps, False) || - (num_maps == 0)) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - if (start_idx > num_maps) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - *num_aliases = num_maps - start_idx; - - if (*num_aliases > max_entries) - *num_aliases = max_entries; - - *info = malloc(sizeof(struct acct_info) * (*num_aliases)); - - for (i=0; i<*num_aliases; i++) { - fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name); - fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment); - sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid); - } - - done: - SAFE_FREE(map); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info) -{ - GROUP_MAP map; - - if (!get_group_map_from_sid(*sid, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - fstrcpy(info->acct_name, map.nt_name); - fstrcpy(info->acct_desc, map.comment); - sid_peek_rid(&map.sid, &info->rid); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info) -{ - GROUP_MAP map; - - if (!get_group_map_from_sid(*sid, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - fstrcpy(map.comment, info->acct_desc); - - if (!add_mapping_entry(&map, TDB_REPLACE)) - return NT_STATUS_ACCESS_DENIED; - - return NT_STATUS_OK; -} - NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries, @@ -1433,32 +1029,6 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member) -{ - return add_aliasmem(alias, member); -} - -NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member) -{ - return del_aliasmem(alias, member); -} - -NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members) -{ - return enum_aliasmem(alias, members, num_members); -} - -NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - return alias_memberships(sid, aliases, num); -} - /********************************************************************** no ops for passdb backends that don't implement group mapping *********************************************************************/ diff --git a/source3/include/auth.h b/source3/include/auth.h index 27cdc1e3f5..ecf4d539d8 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -86,7 +86,6 @@ typedef struct auth_serversupplied_info /* NT group information taken from the info3 structure */ NT_USER_TOKEN *ptok; - PRIVILEGE_SET *privs; DATA_BLOB nt_session_key; DATA_BLOB lm_session_key; diff --git a/source3/include/genparser.h b/source3/include/genparser.h deleted file mode 100644 index f28cd78249..0000000000 --- a/source3/include/genparser.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_H -#define _GENPARSER_H - -/* these macros are needed for genstruct auto-parsers */ -#ifndef GENSTRUCT -#define GENSTRUCT -#define _LEN(x) -#define _NULLTERM -#endif - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -/* flag to mark a fixed size array as actually being null terminated */ -#define FLAG_NULLTERM 1 -#define FLAG_ALWAYS 2 - -struct enum_struct { - const char *name; - unsigned value; -}; - -/* intermediate dumps are stored in one of these */ -struct parse_string { - unsigned allocated; - unsigned length; - char *s; -}; - -typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent); -typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str); - -/* genstruct.pl generates arrays of these */ -struct parse_struct { - const char *name; - unsigned ptr_count; - unsigned size; - unsigned offset; - unsigned array_len; - const char *dynamic_len; - unsigned flags; - gen_dump_fn dump_fn; - gen_parse_fn parse_fn; -}; - -#define DUMP_PARSE_DECL(type) \ - int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \ - int gen_parse_ ## type(TALLOC_CTX *, char *, const char *); - -DUMP_PARSE_DECL(char) -DUMP_PARSE_DECL(int) -DUMP_PARSE_DECL(unsigned) -DUMP_PARSE_DECL(double) -DUMP_PARSE_DECL(float) - -#define gen_dump_unsigned_char gen_dump_char -#define gen_parse_unsigned_char gen_parse_char - -#endif /* _GENPARSER_H */ diff --git a/source3/include/genparser_samba.h b/source3/include/genparser_samba.h deleted file mode 100644 index 213d51da87..0000000000 --- a/source3/include/genparser_samba.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_SAMBA_H -#define _GENPARSER_SAMBA_H - -const struct parse_struct pinfo_security_ace_info[] = { -{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS}, -{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_acl_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_descriptor_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_luid_attr_info[] = { -{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_data_blob_info[] = { -{"length", 0, sizeof(int), offsetof(DATA_BLOB, length), 0, NULL, 0, gen_dump_int, gen_parse_int}, -{"data", 1, sizeof(char), offsetof(DATA_BLOB, data), 0, "length", 0, gen_dump_char, gen_parse_char}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -#endif /* _GENPARSER_SAMBA_H */ diff --git a/source3/include/gums.h b/source3/include/gums.h deleted file mode 100644 index d16a839bc4..0000000000 --- a/source3/include/gums.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GUMS_H -#define _GUMS_H - -#define GUMS_VERSION_MAJOR 0 -#define GUMS_VERSION_MINOR 1 -#define GUMS_OBJECT_VERSION 1 -#define GUMS_PRIVILEGE_VERSION 1 -#define GUMS_INTERFACE_VERSION 1 - -#define GUMS_OBJ_DOMAIN 0x10 -#define GUMS_OBJ_NORMAL_USER 0x20 -#define GUMS_OBJ_GROUP 0x30 -#define GUMS_OBJ_ALIAS 0x31 - -/* define value types */ -#define GUMS_SET_PRIMARY_GROUP 0x1 -#define GUMS_SET_SEC_DESC 0x2 - -#define GUMS_SET_NAME 0x10 -#define GUMS_SET_DESCRIPTION 0x11 -#define GUMS_SET_FULL_NAME 0x12 - -/* user specific type values */ -#define GUMS_SET_LOGON_TIME 0x20 -#define GUMS_SET_LOGOFF_TIME 0x21 -#define GUMS_SET_KICKOFF_TIME 0x23 -#define GUMS_SET_PASS_LAST_SET_TIME 0x24 -#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25 -#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26 - - -#define GUMS_SET_HOME_DIRECTORY 0x31 -#define GUMS_SET_DRIVE 0x32 -#define GUMS_SET_LOGON_SCRIPT 0x33 -#define GUMS_SET_PROFILE_PATH 0x34 -#define GUMS_SET_WORKSTATIONS 0x35 -#define GUMS_SET_UNKNOWN_STRING 0x36 -#define GUMS_SET_MUNGED_DIAL 0x37 - -#define GUMS_SET_LM_PASSWORD 0x40 -#define GUMS_SET_NT_PASSWORD 0x41 -#define GUMS_SET_PLAINTEXT_PASSWORD 0x42 -#define GUMS_SET_UNKNOWN_3 0x43 -#define GUMS_SET_LOGON_DIVS 0x44 -#define GUMS_SET_HOURS_LEN 0x45 -#define GUMS_SET_HOURS 0x46 -#define GUMS_SET_BAD_PASSWORD_COUNT 0x47 -#define GUMS_SET_LOGON_COUNT 0x48 -#define GUMS_SET_UNKNOWN_6 0x49 - -#define GUMS_SET_MUST_CHANGE_PASS 0x50 -#define GUMS_SET_CANNOT_CHANGE_PASS 0x51 -#define GUMS_SET_PASS_NEVER_EXPIRE 0x52 -#define GUMS_SET_ACCOUNT_DISABLED 0x53 -#define GUMS_SET_ACCOUNT_LOCKOUT 0x54 - -/*group specific type values */ -#define GUMS_ADD_SID_LIST 0x60 -#define GUMS_DEL_SID_LIST 0x61 -#define GUMS_SET_SID_LIST 0x62 - -GENSTRUCT struct gums_user -{ - DOM_SID *group_sid; /* Primary Group SID */ - - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - char *full_name; _NULLTERM /* user's full name string */ - char *home_dir; _NULLTERM /* home directory string */ - char *dir_drive; _NULLTERM /* home directory drive string */ - char *logon_script; _NULLTERM /* logon script string */ - char *profile_path; _NULLTERM /* profile path string */ - char *workstations; _NULLTERM /* login from workstations string */ - char *unknown_str; _NULLTERM /* don't know what this is, yet. */ - char *munged_dial; _NULLTERM /* munged path name and dial-back tel number */ - - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - - uint16 acct_ctrl; /* account type & status flags */ - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */ - - uint16 bad_password_count; /* 0 */ - uint16 logon_count; /* 0 */ - uint32 unknown_3; /* 0x00ff ffff */ - uint32 unknown_6; /* 0x0000 04ec */ - -}; - -GENSTRUCT struct gums_group -{ - uint32 count; /* Number of SIDs */ - DOM_SID *members; _LEN(count) /* SID array */ - -}; - -GENSTRUCT struct gums_domain -{ - uint32 next_rid; - -}; - -GENSTRUCT struct gums_object -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object Type */ - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - SEC_DESC *sec_desc; /* Security Descriptor */ - - DOM_SID *sid; /* Object Sid */ - char *name; _NULLTERM /* Object Name - it should be in DOMAIN\NAME format */ - char *description; _NULLTERM /* Object Description */ - - struct gums_user *user; - struct gums_group *group; - struct gums_domain *domain; - -}; - -GENSTRUCT struct gums_privilege -{ - TALLOC_CTX *mem_ctx; - - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - char *name; _NULLTERM /* Object Name */ - char *description; _NULLTERM /* Object Description */ - - LUID_ATTR *privilege; /* Privilege Type */ - - uint32 count; - DOM_SID *members; _LEN(count) - -}; - -typedef struct gums_user GUMS_USER; -typedef struct gums_group GUMS_GROUP; -typedef struct gums_domain GUMS_DOMAIN; -typedef struct gums_object GUMS_OBJECT; -typedef struct gums_privilege GUMS_PRIVILEGE; - -typedef struct gums_data_set -{ - int type; /* GUMS_SET_xxx */ - void *data; - -} GUMS_DATA_SET; - -typedef struct gums_commit_set -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object type */ - DOM_SID sid; /* Object Sid */ - uint32 count; /* number of changes */ - GUMS_DATA_SET *data; - -} GUMS_COMMIT_SET; - -typedef struct gums_priv_commit_set -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object type */ - char *name; /* Object Sid */ - uint32 count; /* number of changes */ - GUMS_DATA_SET *data; - -} GUMS_PRIV_COMMIT_SET; - - -typedef struct gums_functions -{ - /* module data */ - TALLOC_CTX *mem_ctx; - char *name; - void *private_data; - void (*free_private_data)(void **); - - /* Generic object functions */ - - NTSTATUS (*get_domain_sid) (DOM_SID *sid, const char* name); - NTSTATUS (*set_domain_sid) (const DOM_SID *sid); - - NTSTATUS (*get_sequence_number) (void); - - NTSTATUS (*new_object) (DOM_SID *sid, const char *name, const int obj_type); - NTSTATUS (*delete_object) (const DOM_SID *sid); - - NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type); - NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type); - /* This function is used to get the list of all objects changed since b_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - - NTSTATUS (*enumerate_objects_start) (void **handle, const DOM_SID *sid, const int obj_type); - NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle); - NTSTATUS (*enumerate_objects_stop) (void *handle); - - /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. - Never use this function to update an object in the database, use set_object_values() */ - NTSTATUS (*set_object) (GUMS_OBJECT *object); - - /* set object values function */ - NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ - NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - - NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - - NTSTATUS (*lock_sid) (const DOM_SID *sid); - NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - - NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name); - NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members); - NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members); - NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members); - NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs); - - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ - NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); - -} GUMS_FUNCTIONS; - -typedef NTSTATUS (*gums_init_function)( - struct gums_functions *, - const char *); - -struct gums_init_function_entry { - - const char *name; - gums_init_function init_fn; - struct gums_init_function_entry *prev, *next; -}; - -#endif /* _GUMS_H */ diff --git a/source3/include/includes.h b/source3/include/includes.h index dd93c813d3..ea8eb1a304 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -779,8 +779,6 @@ extern int errno; #include "version.h" -#include "privileges.h" - #include "smb.h" #include "nameserv.h" @@ -789,6 +787,8 @@ extern int errno; #include "byteorder.h" +#include "privileges.h" + #include "rpc_creds.h" #include "mapping.h" @@ -801,10 +801,6 @@ extern int errno; #include "rpc_secdes.h" -#include "genparser.h" - -#include "gums.h" - #include "nt_printing.h" #include "msdfs.h" @@ -889,7 +885,6 @@ struct smb_ldap_privates; /* forward declarations from smbldap.c */ #include "smbldap.h" -#include "modconf.h" /***** automatically generated prototypes *****/ #ifndef NO_PROTO_H diff --git a/source3/include/mapping.h b/source3/include/mapping.h index cd213cfc11..fdaa2b0453 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -29,12 +29,5 @@ typedef struct _GROUP_MAP { enum SID_NAME_USE sid_name_use; fstring nt_name; fstring comment; - - /* Here we store SIDs that we can be sure of to be of type - * SID_NAME_DOM_GRP, so it's a Domain Group which can not be - * represented via /etc/group memberships. */ - - int num_member; - DOM_SID *alias_members; } GROUP_MAP; diff --git a/source3/include/modconf.h b/source3/include/modconf.h deleted file mode 100644 index f5cc5ef488..0000000000 --- a/source3/include/modconf.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef _MODCONF_H_ -#define _MODCONF_H_ -/* - Unix SMB/CIFS implementation. - - ModConf headers - - Copyright (C) Simo Sorce 2003 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#define SAMBA_CONFIG_INTERFACE_VERSION 1 - -/* Filled out by config backends */ -struct config_functions { - NTSTATUS (*init)(char *params); - NTSTATUS (*load)(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *)); - NTSTATUS (*close)(void); -}; -#endif /* _MODCONF_H_ */ diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 4e6795a85d..b1a4107980 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -23,22 +23,6 @@ #ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */ #define _NT_DOMAIN_H -struct uuid -{ - uint32 time_low; - uint16 time_mid; - uint16 time_hi_and_version; - uint8 clock_seq[2]; - uint8 node[6]; -}; -#define UUID_SIZE 16 - -#define UUID_FLAT_SIZE 16 -typedef struct uuid_flat -{ - uint8 info[UUID_FLAT_SIZE]; -} UUID_FLAT; - /* dce/rpc support */ #include "rpc_dce.h" @@ -382,6 +366,13 @@ typedef struct } rid_name; +struct acct_info +{ + fstring acct_name; /* account name */ + fstring acct_desc; /* account name */ + uint32 rid; /* domain-relative RID */ +}; + /* * higher order functions for use with msrpc client code */ @@ -411,7 +402,6 @@ typedef struct #include "rpc_dfs.h" #include "rpc_ds.h" #include "rpc_echo.h" -#include "rpc_epmapper.h" #include "rpc_shutdown.h" #endif /* _NT_DOMAIN_H */ diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 92e4bf3e8d..75c4fd215b 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -115,15 +115,6 @@ enum pdb_group_elements { PDB_GROUP_COUNT }; -enum pdb_trust_passwd_elements { - PDB_TRUST_PASS, - PDB_TRUST_SID, - PDB_TRUST_NAME, - PDB_TRUST_MODTIME, - PDB_TRUST_FLAGS, - - PDB_TRUST_COUNT -}; enum pdb_value_state { PDB_DEFAULT=0, @@ -233,41 +224,6 @@ typedef struct sam_group { } SAM_GROUP; -typedef struct _GROUP_INFO { - struct pdb_methods *methods; - DOM_SID sid; - enum SID_NAME_USE sid_name_use; - fstring nt_name; - fstring comment; -} GROUP_INFO; - -struct acct_info -{ - fstring acct_name; /* account name */ - fstring acct_desc; /* account name */ - uint32 rid; /* domain-relative RID */ -}; - -typedef struct sam_trust_passwd { - TALLOC_CTX *mem_ctx; - - void (*free_fn)(struct sam_trust_passwd **); - - struct pdb_methods *methods; - - struct trust_passwd_data { - uint16 flags; /* flags */ - size_t uni_name_len; /* unicode name length */ - smb_ucs2_t uni_name[32]; /* unicode domain name */ - fstring pass; /* trust password */ - time_t mod_time; /* last change time */ - DOM_SID domain_sid; /* trusted domain sid */ - } private; - -} SAM_TRUST_PASSWD; - - - /***************************************************************** Functions to be implemented by the new (v2) passdb API ****************************************************************/ @@ -277,7 +233,7 @@ typedef struct sam_trust_passwd { * this SAMBA will load. Increment this if *ANY* changes are made to the interface. */ -#define PASSDB_INTERFACE_VERSION 7 +#define PASSDB_INTERFACE_VERSION 4 typedef struct pdb_context { @@ -303,8 +259,6 @@ typedef struct pdb_context NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username); - /* group mapping functions: to be removed */ - NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid); @@ -325,96 +279,6 @@ typedef struct pdb_context GROUP_MAP **rmap, int *num_entries, BOOL unix_only); - NTSTATUS (*pdb_find_alias)(struct pdb_context *context, - const char *name, DOM_SID *sid); - - NTSTATUS (*pdb_create_alias)(struct pdb_context *context, - const char *name, uint32 *rid); - - NTSTATUS (*pdb_delete_alias)(struct pdb_context *context, - const DOM_SID *sid); - - NTSTATUS (*pdb_enum_aliases)(struct pdb_context *context, - const DOM_SID *domain_sid, - uint32 start_idx, uint32 num_entries, - uint32 *num_aliases, - struct acct_info **aliases); - - NTSTATUS (*pdb_get_aliasinfo)(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*pdb_set_aliasinfo)(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*pdb_add_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member); - - NTSTATUS (*pdb_del_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member); - - NTSTATUS (*pdb_enum_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - DOM_SID **members, int *num_members); - - NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context, - const DOM_SID *alias, - DOM_SID **aliases, - int *num); - - /* group functions */ - - NTSTATUS (*pdb_get_group_info_by_sid)(struct pdb_context *context, GROUP_INFO *info, const DOM_SID *group); - - NTSTATUS (*pdb_get_group_list)(struct pdb_context *context, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); - - NTSTATUS (*pdb_get_group_sids)(struct pdb_context *context, const DOM_SID *group, DOM_SID **members, int *num_members); - - NTSTATUS (*pdb_add_group)(struct pdb_context *context, const SAM_GROUP *group); - - NTSTATUS (*pdb_update_group)(struct pdb_context *context, const SAM_GROUP *group); - - NTSTATUS (*pdb_delete_group)(struct pdb_context *context, const DOM_SID *group); - - NTSTATUS (*pdb_add_sid_to_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*pdb_remove_sid_from_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*pdb_get_group_info_by_name)(struct pdb_context *context, GROUP_INFO *info, const char *name); - - NTSTATUS (*pdb_get_group_info_by_nt_name)(struct pdb_context *context, GROUP_INFO *info, const char *nt_name); - - NTSTATUS (*pdb_get_group_uids)(struct pdb_context *context, const DOM_SID *group, uid_t **members, int *num_members); - - /* trust password functions */ - - NTSTATUS (*pdb_settrustpwent)(struct pdb_context *context); - - NTSTATUS (*pdb_gettrustpwent)(struct pdb_context *context, SAM_TRUST_PASSWD *trust); - - NTSTATUS (*pdb_gettrustpwnam)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const char *dom_name); - - NTSTATUS (*pdb_gettrustpwsid)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const DOM_SID *sid); - - NTSTATUS (*pdb_add_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - NTSTATUS (*pdb_update_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - NTSTATUS (*pdb_delete_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - /* privileges functions */ - - NTSTATUS (*pdb_add_sid_to_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*pdb_remove_sid_from_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*pdb_get_privilege_set)(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privs); - - NTSTATUS (*pdb_get_privilege_entry)(struct pdb_context *context, const char *privname, char **sid_list); - void (*free_fn)(struct pdb_context **); TALLOC_CTX *mem_ctx; @@ -445,9 +309,7 @@ typedef struct pdb_methods NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username); - - /* group mapping functions: to be removed */ - + NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid); @@ -468,92 +330,9 @@ typedef struct pdb_methods GROUP_MAP **rmap, int *num_entries, BOOL unix_only); - NTSTATUS (*find_alias)(struct pdb_methods *methods, - const char *name, DOM_SID *sid); - - NTSTATUS (*create_alias)(struct pdb_methods *methods, - const char *name, uint32 *rid); - - NTSTATUS (*delete_alias)(struct pdb_methods *methods, - const DOM_SID *sid); - - NTSTATUS (*enum_aliases)(struct pdb_methods *methods, - const DOM_SID *domain_sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, struct acct_info **info); - - NTSTATUS (*get_aliasinfo)(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*set_aliasinfo)(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*add_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member); - NTSTATUS (*del_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member); - NTSTATUS (*enum_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members); - NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num); - - /* group functions */ - - NTSTATUS (*get_group_info_by_sid)(struct pdb_methods *methods, GROUP_INFO *info, const DOM_SID *group); - - NTSTATUS (*get_group_list)(struct pdb_methods *methods, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); - - NTSTATUS (*get_group_sids)(struct pdb_methods *methods, const DOM_SID *group, DOM_SID **members, int *num_members); - - NTSTATUS (*add_group)(struct pdb_methods *methods, const SAM_GROUP *group); - - NTSTATUS (*update_group)(struct pdb_methods *methods, const SAM_GROUP *group); - - NTSTATUS (*delete_group)(struct pdb_methods *methods, const DOM_SID *group); - - NTSTATUS (*add_sid_to_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*remove_sid_from_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*get_group_info_by_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *name); - - NTSTATUS (*get_group_info_by_nt_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *nt_name); - - NTSTATUS (*get_group_uids)(struct pdb_methods *methods, const DOM_SID *group, uid_t **members, int *num_members); - void *private_data; /* Private data of some kind */ void (*free_private_data)(void **); - - /* trust password functions */ - - NTSTATUS (*settrustpwent)(struct pdb_methods *methods); - - NTSTATUS (*gettrustpwent)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust); - - NTSTATUS (*gettrustpwnam)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const char *name); - - NTSTATUS (*gettrustpwsid)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const DOM_SID *sid); - - NTSTATUS (*add_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - NTSTATUS (*update_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - NTSTATUS (*delete_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - /* privileges functions */ - - NTSTATUS (*add_sid_to_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*remove_sid_from_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*get_privilege_set)(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privs); - - NTSTATUS (*get_privilege_entry)(struct pdb_methods *methods, const char *privname, char **sid_list); } PDB_METHODS; diff --git a/source3/include/privileges.h b/source3/include/privileges.h index 289afa234e..b7e1b44c2a 100644 --- a/source3/include/privileges.h +++ b/source3/include/privileges.h @@ -23,39 +23,15 @@ #ifndef PRIVILEGES_H #define PRIVILEGES_H -#define PRIV_ALL_INDEX 30 +#define PRIV_ALL_INDEX 5 -#define SE_NONE 0 -#define SE_ASSIGN_PRIMARY_TOKEN 1 -#define SE_CREATE_TOKEN 2 -#define SE_LOCK_MEMORY 3 -#define SE_INCREASE_QUOTA 4 -#define SE_UNSOLICITED_INPUT 5 -#define SE_MACHINE_ACCOUNT 6 -#define SE_TCB 7 -#define SE_SECURITY 8 -#define SE_TAKE_OWNERSHIP 9 -#define SE_LOAD_DRIVER 10 -#define SE_SYSTEM_PROFILE 11 -#define SE_SYSTEM_TIME 12 -#define SE_PROF_SINGLE_PROCESS 13 -#define SE_INC_BASE_PRIORITY 14 -#define SE_CREATE_PAGEFILE 15 -#define SE_CREATE_PERMANENT 16 -#define SE_BACKUP 17 -#define SE_RESTORE 18 -#define SE_SHUTDOWN 19 -#define SE_DEBUG 20 -#define SE_AUDIT 21 -#define SE_SYSTEM_ENVIRONMENT 22 -#define SE_CHANGE_NOTIFY 23 -#define SE_REMOTE_SHUTDOWN 24 -#define SE_UNDOCK 25 -#define SE_SYNC_AGENT 26 -#define SE_ENABLE_DELEGATION 27 -#define SE_PRINT_OPERATOR 28 -#define SE_ADD_USERS 29 -#define SE_ALL_PRIVS 0xffff +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_MACHINES 0x0006 +#define SE_PRIV_SEC_PRIV 0x0008 +#define SE_PRIV_TAKE_OWNER 0x0009 +#define SE_PRIV_ADD_USERS 0xff01 +#define SE_PRIV_PRINT_OPERATOR 0xff03 +#define SE_PRIV_ALL 0xffff #define PR_NONE 0x0000 #define PR_LOG_ON_LOCALLY 0x0001 @@ -63,11 +39,6 @@ #define PR_LOG_ON_BATCH_JOB 0x0004 #define PR_LOG_ON_SERVICE 0x0010 -#ifndef _BOOL -typedef int BOOL; -#define _BOOL /* So we don't typedef BOOL again in vfs.h */ -#endif - typedef struct LUID { uint32 low; @@ -78,7 +49,7 @@ typedef struct LUID_ATTR { LUID luid; uint32 attr; -} LUID_ATTR; +} LUID_ATTR ; typedef struct privilege_set { diff --git a/source3/include/rpc_client_proto.h b/source3/include/rpc_client_proto.h deleted file mode 100644 index 0ecb195691..0000000000 --- a/source3/include/rpc_client_proto.h +++ /dev/null @@ -1,231 +0,0 @@ -#ifndef _RPC_CLIENT_PROTO_H_ -#define _RPC_CLIENT_PROTO_H_ -/* This file is automatically generated with "make proto". DO NOT EDIT */ - - -/*The following definitions come from lib/util_list.c */ - -BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src); -BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x, - const RPC_HND_NODE *y); -BOOL RpcHndList_set_connection(const POLICY_HND *hnd, - struct cli_connection *con); -BOOL RpcHndList_del_connection(const POLICY_HND *hnd); -struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd); - -/*The following definitions come from rpc_client/cli_connect.c */ - -void init_connections(void); -void free_connections(void); -void cli_connection_free(struct cli_connection *con); -void cli_connection_unlink(struct cli_connection *con); -BOOL cli_connection_init(const char *srv_name, char *pipe_name, - struct cli_connection **con); -BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name, - struct cli_connection **con, - cli_auth_fns * auth, void *auth_creds); -struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con); -void *cli_conn_get_auth_creds(struct cli_connection *con); -BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num, - prs_struct * data, prs_struct * rdata); -BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num, - prs_struct * data, prs_struct * rdata); -BOOL rpc_con_ok(struct cli_connection *con); - -/*The following definitions come from rpc_client/cli_login.c */ - -BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]); -BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd); -BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char *password, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); -BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char lm_chal[8], - char *lm_chal_resp, char *nt_chal_resp, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); -BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); - -/*The following definitions come from rpc_client/cli_lsarpc.c */ - -BOOL do_lsa_open_policy(struct cli_state *cli, - char *system_name, POLICY_HND *hnd, - BOOL sec_qos); -BOOL do_lsa_query_info_pol(struct cli_state *cli, - POLICY_HND *hnd, uint16 info_class, - fstring domain_name, DOM_SID *domain_sid); -BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd); -BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server); -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access); -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names); -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids); - -/*The following definitions come from rpc_client/cli_netlogon.c */ - -BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level); -BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan, - uint32 neg_flags, DOM_CHAL *srv_chal); -BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal); -BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]); -BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); -BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); -BOOL change_trust_account_password( char *domain, char *remote_machine_list); - -/*The following definitions come from rpc_client/cli_pipe.c */ - -BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num, - prs_struct *data, prs_struct *rdata); -BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name); -void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs); -BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name); -void cli_nt_session_close(struct cli_state *cli); - -/*The following definitions come from rpc_client/cli_reg.c */ - -BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name, - POLICY_HND *reg_hnd); -BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level, - POLICY_HND *hnd); -BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level, - POLICY_HND *hnd); -BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd); -BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd, - char *class, uint32 *class_len, - uint32 *num_subkeys, uint32 *max_subkeylen, - uint32 *max_subkeysize, uint32 *num_values, - uint32 *max_valnamelen, uint32 *max_valbufsize, - uint32 *sec_desc, NTTIME *mod_time); -BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk); -BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd, - char *key_value, uint32* key_type); -BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf); -BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf); -BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name); -BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name); -BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd, - char *key_name, char *key_class, - SEC_ACCESS *sam_access, - POLICY_HND *key); -BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd, - int key_index, char *key_name, - uint32 *unk_1, uint32 *unk_2, - time_t *mod_time); -BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd, - char *val_name, uint32 type, BUFFER3 *data); -BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd, - int val_index, int max_valnamelen, int max_valbufsize, - fstring val_name, - uint32 *val_type, BUFFER2 *value); -BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd, - char *key_name, uint32 unk_0, - POLICY_HND *key_hnd); -BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd); - -/*The following definitions come from rpc_client/cli_samr.c */ - -BOOL get_samr_query_usergroups(struct cli_state *cli, - POLICY_HND *pol_open_domain, uint32 user_rid, - uint32 *num_groups, DOM_GID *gid); -BOOL get_samr_query_userinfo(struct cli_state *cli, - POLICY_HND *pol_open_domain, - uint32 info_level, - uint32 user_rid, SAM_USER_INFO_21 *usr); -BOOL do_samr_chgpasswd_user(struct cli_state *cli, - char *srv_name, char *user_name, - char nt_newpass[516], uchar nt_oldhash[16], - char lm_newpass[516], uchar lm_oldhash[16]); -BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name); -BOOL do_samr_query_dom_info(struct cli_state *cli, - POLICY_HND *domain_pol, uint16 switch_value); -BOOL do_samr_enum_dom_users(struct cli_state *cli, - POLICY_HND *pol, uint16 num_entries, uint16 unk_0, - uint16 acb_mask, uint16 unk_1, uint32 size, - struct acct_info **sam, - int *num_sam_users); -BOOL do_samr_connect(struct cli_state *cli, - char *srv_name, uint32 unknown_0, - POLICY_HND *connect_pol); -BOOL do_samr_open_user(struct cli_state *cli, - POLICY_HND *pol, uint32 unk_0, uint32 rid, - POLICY_HND *user_pol); -BOOL do_samr_open_domain(struct cli_state *cli, - POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid, - POLICY_HND *domain_pol); -BOOL do_samr_query_unknown_12(struct cli_state *cli, - POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids, - uint32 *num_aliases, - fstring als_names [MAX_LOOKUP_SIDS], - uint32 num_als_users[MAX_LOOKUP_SIDS]); -BOOL do_samr_query_usergroups(struct cli_state *cli, - POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid); -BOOL do_samr_query_userinfo(struct cli_state *cli, - POLICY_HND *pol, uint16 switch_value, void* usr); -BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd); - -/*The following definitions come from rpc_client/cli_spoolss_notify.c */ - -BOOL spoolss_disconnect_from_client( struct cli_state *cli); -BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine); -BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle); -BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle, - uint32 change_low, uint32 change_high, uint32 *status); -BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status); - -/*The following definitions come from rpc_client/cli_srvsvc.c */ - -BOOL do_srv_net_srv_conn_enum(struct cli_state *cli, - char *server_name, char *qual_name, - uint32 switch_value, SRV_CONN_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd); -BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, - char *server_name, char *qual_name, - uint32 switch_value, SRV_SESS_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd); -BOOL do_srv_net_srv_share_enum(struct cli_state *cli, - char *server_name, - uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o, - uint32 preferred_len, ENUM_HND *hnd); -BOOL do_srv_net_srv_file_enum(struct cli_state *cli, - char *server_name, char *qual_name, - uint32 switch_value, SRV_FILE_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd); -BOOL do_srv_net_srv_get_info(struct cli_state *cli, - char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr); - -/*The following definitions come from rpc_client/cli_use.c */ - -void init_cli_use(void); -void free_cli_use(void); -struct cli_state *cli_net_use_add(const char *srv_name, - const struct ntuser_creds *usr_creds, - BOOL reuse, BOOL *is_new); -BOOL cli_net_use_del(const char *srv_name, - const struct ntuser_creds *usr_creds, - BOOL force_close, BOOL *connection_closed); -void cli_net_use_enum(uint32 *num_cons, struct use_info ***use); -void cli_use_wait_keyboard(void); - -/*The following definitions come from rpc_client/cli_wkssvc.c */ - -BOOL do_wks_query_info(struct cli_state *cli, - char *server_name, uint32 switch_value, - WKS_INFO_100 *wks100); - -/*The following definitions come from rpc_client/ncacn_np_use.c */ - -BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name, - const vuser_key * key, - BOOL force_close, BOOL *connection_closed); -struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc, - const vuser_key * key); -struct ncacn_np *ncacn_np_use_add(const char *pipe_name, - const vuser_key * key, - const char *srv_name, - const struct ntuser_creds *ntc, - BOOL reuse, BOOL *is_new_connection); -#endif /* _PROTO_H_ */ diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h index 8266fc861f..52fe08d875 100644 --- a/source3/include/rpc_dce.h +++ b/source3/include/rpc_dce.h @@ -87,15 +87,29 @@ enum netsec_direction /* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */ #define MAX_PDU_FRAG_LEN 0x10b8 /* this is what w2k sets */ +/* + * Actual structure of a DCE UUID + */ + +typedef struct rpc_uuid +{ + uint32 time_low; + uint16 time_mid; + uint16 time_hi_and_version; + uint8 remaining[8]; +} RPC_UUID; + +#define RPC_UUID_LEN 16 + /* RPC_IFACE */ typedef struct rpc_iface_info { - struct uuid uuid; /* 16 bytes of rpc interface identification */ + RPC_UUID uuid; /* 16 bytes of rpc interface identification */ uint32 version; /* the interface version number */ } RPC_IFACE; -#define RPC_IFACE_LEN (UUID_SIZE + 4) +#define RPC_IFACE_LEN (RPC_UUID_LEN + 4) struct pipe_id_info { diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h index e06918730a..dc1aeef464 100644 --- a/source3/include/rpc_ds.h +++ b/source3/include/rpc_ds.h @@ -64,7 +64,7 @@ typedef struct uint32 dnsname_ptr; uint32 forestname_ptr; - struct uuid domain_guid; + GUID domain_guid; UNISTR2 netbios_domain; @@ -110,7 +110,7 @@ typedef struct { uint32 trust_type; uint32 trust_attributes; uint32 sid_ptr; - struct uuid guid; + GUID guid; UNISTR2 netbios_domain; UNISTR2 dns_domain; @@ -124,7 +124,7 @@ struct ds_domain_trust { uint32 parent_index; uint32 trust_type; uint32 trust_attributes; - struct uuid guid; + GUID guid; DOM_SID sid; char *netbios_domain; diff --git a/source3/include/rpc_epmapper.h b/source3/include/rpc_epmapper.h deleted file mode 100644 index bbca6ac1f2..0000000000 --- a/source3/include/rpc_epmapper.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Endpoint mapper data definitions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#define EPM_HANDLE_LEN 20 - -/* ordinal for the mapping interface */ - -#define EPM_MAP_PIPE_NAME 0x03 - -/* some of the different connection protocols and their IDs from Windows */ - -#define EPM_FLOOR_UUID 0x0d /* floor contains UUID */ -#define EPM_FLOOR_RPC 0x0b /* tower is for connection-oriented rpc */ -#define EPM_FLOOR_TCP 0x07 /* floor contains tcp port number */ -#define EPM_FLOOR_IP 0x09 /* floor contains IP address */ -#define EPM_FLOOR_NMPIPES 0x0f /* floor contains remote named pipe name */ -#define EPM_FLOOR_LRPC 0x10 /* floor contains local named pipe name */ -#define EPM_FLOOR_NETBIOS 0x11 /* floor contains netbios address */ -#define EPM_FLOOR_NETBEUI 0x12 /* floor contains netbeui address */ -#define EPM_FLOOR_SOCKET 0x20 - -#define EPM_PIPE_NM "epmapper" - -#define MAX_TOWERS 1 - -typedef struct -{ - uint8 data[EPM_HANDLE_LEN]; -} EPM_HANDLE; - -typedef struct -{ - struct { - uint16 length; - uint8 protocol; - struct { - struct uuid uuid; - uint16 version; - } uuid; - } lhs; - struct { - uint16 length; - uint16 unknown; - struct { - uint16 port; - } tcp; - struct { - uint8 addr[4]; - } ip; - char string[MAXHOSTNAMELEN+3]; /* hostname + \\ + null term */ - } rhs; -} EPM_FLOOR; - -typedef struct -{ - uint32 max_length; - uint32 length; - uint16 num_floors; - EPM_FLOOR *floors; - uint8 unknown; -} EPM_TOWER; - -typedef struct -{ - EPM_HANDLE handle; - uint32 tower_ref_id; - EPM_TOWER *tower; - EPM_HANDLE term_handle; /* in/out */ - uint32 max_towers; -} EPM_Q_MAP; - -typedef struct -{ - uint32 max_count; - uint32 offset; - uint32 count; - uint32 *tower_ref_ids; - EPM_TOWER *towers; -} EPM_TOWER_ARRAY; - -typedef struct -{ - EPM_HANDLE handle; - uint32 num_results; - EPM_TOWER_ARRAY *results; - uint32 status; -} EPM_R_MAP; - - -/* port mapping entries to be read */ - -typedef struct _mapper_entries{ - uint8 protocol ; - RPC_IFACE uuid_info ; /* needs to be zeroed if no specific uuid */ - uint16 port ; - char pipe_name[40] ; - char srv_name[20] ; - uint8 srv_port[4] ; - char func_name[16][16]; /* array of up to 16 functions available */ -} mapper_entries; - diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index 43ffa37d59..2064a38056 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -275,7 +275,7 @@ typedef struct lsa_dns_dom_info UNIHDR hdr_dns_dom_name; UNIHDR hdr_forest_name; - struct uuid dom_guid; /* domain GUID */ + GUID dom_guid; /* domain GUID */ UNISTR2 uni_nb_dom_name; UNISTR2 uni_dns_dom_name; diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 56145ac024..5e718f8167 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -113,6 +113,13 @@ PROTECTED_SACL_SECURITY_INFORMATION|\ PROTECTED_DACL_SECURITY_INFORMATION) +/* Globally Unique ID */ +#define GUID_SIZE 16 +typedef struct guid_info +{ + uint8 info[GUID_SIZE]; +} GUID; + /* SEC_ACCESS */ typedef struct security_info_info { @@ -131,8 +138,8 @@ typedef struct security_ace_info /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ - struct uuid obj_guid; /* object GUID */ - struct uuid inh_guid; /* inherited object GUID */ + GUID obj_guid; /* object GUID */ + GUID inh_guid; /* inherited object GUID */ /* eof object stuff */ DOM_SID trustee; diff --git a/source3/include/secrets.h b/source3/include/secrets.h index 8c39394058..cb4fbd043a 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -49,13 +49,6 @@ #define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN" #define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD" -/* Trust password type flags */ -#define PASS_MACHINE_TRUST_NT 0x0001 -#define PASS_SERVER_TRUST_NT 0x0002 -#define PASS_DOMAIN_TRUST_NT 0x0004 -#define PASS_MACHINE_TRUST_ADS 0x0008 -#define PASS_DOMAIN_TRUST_ADS 0x0010 - /* structure for storing machine account password (ie. when samba server is member of a domain */ struct machine_acct_pass { diff --git a/source3/include/smb.h b/source3/include/smb.h index 7a1e8f87ba..6c2f74e3b9 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -195,7 +195,6 @@ typedef smb_ucs2_t wfstring[FSTRING_LEN]; #define PIPE_NETDFS "\\PIPE\\netdfs" #define PIPE_ECHO "\\PIPE\\rpcecho" #define PIPE_SHUTDOWN "\\PIPE\\initshutdown" -#define PIPE_EPM "\\PIPE\\epmapper" #define PIPE_NETLOGON_PLAIN "\\NETLOGON" @@ -210,8 +209,7 @@ typedef smb_ucs2_t wfstring[FSTRING_LEN]; #define PI_NETDFS 8 #define PI_ECHO 9 #define PI_SHUTDOWN 10 -#define PI_EPM 11 -#define PI_MAX_PIPES 12 +#define PI_MAX_PIPES 11 /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */ typedef struct nttime_info @@ -500,7 +498,6 @@ typedef struct connection_struct int ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; time_t lastused; BOOL used; @@ -520,7 +517,6 @@ struct current_user int ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; }; /* Defines for the sent_oplock_break field above. */ @@ -1558,7 +1554,6 @@ typedef struct user_struct gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; DATA_BLOB session_key; @@ -1654,7 +1649,7 @@ struct ip_service { typedef struct smb_sign_info { void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si); - BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si, BOOL expected_ok); + BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si); void (*free_signing_context)(struct smb_sign_info *si); void *signing_context; @@ -1662,7 +1657,6 @@ typedef struct smb_sign_info { BOOL allow_smb_signing; BOOL doing_signing; BOOL mandatory_signing; - BOOL seen_valid; /* Have I ever seen a validly signed packet? */ } smb_sign_info; #endif /* _SMB_H */ diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index 119479f218..68a2c00afe 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -38,7 +38,6 @@ #define LDAP_OBJ_IDPOOL "sambaUnixIdPool" #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" -#define LDAP_OBJ_PRIVILEGE "sambaPrivilege" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -50,7 +49,6 @@ #define LDAP_ATTRIBUTE_SID "sambaSID" #define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber" #define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber" -#define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList" /* attribute map table indexes */ @@ -95,7 +93,6 @@ #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 #define LDAP_ATTR_MOD_TIMESTAMP 39 -#define LDAP_ATTR_SID_LIST 40 typedef struct _attrib_map_entry { int attrib; @@ -109,7 +106,6 @@ extern ATTRIB_MAP_ENTRY attrib_map_v22[]; extern ATTRIB_MAP_ENTRY attrib_map_v30[]; extern ATTRIB_MAP_ENTRY dominfo_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; -extern ATTRIB_MAP_ENTRY privilege_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; extern ATTRIB_MAP_ENTRY idpool_attr_list[]; extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; diff --git a/source3/include/tdbsam2_parse_info.h b/source3/include/tdbsam2_parse_info.h deleted file mode 100644 index 35eeaeb2d2..0000000000 --- a/source3/include/tdbsam2_parse_info.h +++ /dev/null @@ -1,2 +0,0 @@ -/* This is an automatically generated file - DO NOT EDIT! */ - diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c deleted file mode 100644 index 988f5e5d65..0000000000 --- a/source3/lib/domain_namemap.c +++ /dev/null @@ -1,1317 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Groupname handling - Copyright (C) Jeremy Allison 1998. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - * UNIX gid and Local or Domain SID resolution. This module resolves - * only those entries in the map files, it is *NOT* responsible for - * resolving UNIX groups not listed: that is an entirely different - * matter, altogether... - */ - -/* - * - * - - format of the file is: - - unixname NT Group name - unixname Domain Admins (well-known Domain Group) - unixname DOMAIN_NAME\NT Group name - unixname OTHER_DOMAIN_NAME\NT Group name - unixname DOMAIN_NAME\Domain Admins (well-known Domain Group) - .... - - if the DOMAIN_NAME\ component is left off, then your own domain is assumed. - - * - * - */ - - -#include "includes.h" -extern int DEBUGLEVEL; - -extern fstring global_myworkgroup; -extern DOM_SID global_member_sid; -extern fstring global_sam_name; -extern DOM_SID global_sam_sid; -extern DOM_SID global_sid_S_1_5_20; - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uid_t pwdb_user_rid_to_uid(uint32 user_rid) -{ - return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_group_rid_to_gid(uint32 group_rid) -{ - return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid) -{ - return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_gid_to_group_rid(uint32 gid) -{ - uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); - return grp_rid; -} - -/****************************************************************** - converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_gid_to_alias_rid(uint32 gid) -{ - uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); - return alias_rid; -} - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_uid_to_user_rid(uint32 uid) -{ - uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); - return user_rid; -} - -/****************************************************************** - converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is, - and can only be, our own SID. - ********************************************************************/ -static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id) -{ - DOM_SID tmp_sid; - uint32 rid; - - sid_copy(&tmp_sid, sid); - sid_split_rid(&tmp_sid, &rid); - if (!sid_equal(&global_sam_sid, &tmp_sid)) - { - return False; - } - - switch (type) - { - case SID_NAME_USER: - { - *id = pwdb_user_rid_to_uid(rid); - return True; - } - case SID_NAME_ALIAS: - { - *id = pwdb_alias_rid_to_gid(rid); - return True; - } - case SID_NAME_DOM_GRP: - case SID_NAME_WKN_GRP: - { - *id = pwdb_group_rid_to_gid(rid); - return True; - } - } - return False; -} - -/****************************************************************** - converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is, - and can only be, our own SID. - ********************************************************************/ -static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid) -{ - sid_copy(sid, &global_sam_sid); - switch (type) - { - case SID_NAME_USER: - { - sid_append_rid(sid, pwdb_uid_to_user_rid(id)); - return True; - } - case SID_NAME_ALIAS: - { - sid_append_rid(sid, pwdb_gid_to_alias_rid(id)); - return True; - } - case SID_NAME_DOM_GRP: - case SID_NAME_WKN_GRP: - { - sid_append_rid(sid, pwdb_gid_to_group_rid(id)); - return True; - } - } - return False; -} - -/******************************************************************* - Decides if a RID is a well known RID. - ********************************************************************/ -static BOOL pwdb_rid_is_well_known(uint32 rid) -{ - return (rid < 1000); -} - -/******************************************************************* - determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_rid_type(uint32 rid) -{ - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type: SID_ENUM_TYPE. - */ - if (pwdb_rid_is_well_known(rid)) - { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - { - return RID_TYPE_USER; - } - if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) - { - return RID_TYPE_GROUP; - } - if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) - { - return RID_TYPE_ALIAS; - } - } - return (rid & RID_TYPE_MASK); -} - -/******************************************************************* - checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -BOOL pwdb_rid_is_user(uint32 rid) -{ - return pwdb_rid_type(rid) == RID_TYPE_USER; -} - -/************************************************************************** - Groupname map functionality. The code loads a groupname map file and - (currently) loads it into a linked list. This is slow and memory - hungry, but can be changed into a more efficient storage format - if the demands on it become excessive. -***************************************************************************/ - -typedef struct name_map -{ - ubi_slNode next; - DOM_NAME_MAP grp; - -} name_map_entry; - -static ubi_slList groupname_map_list; -static ubi_slList aliasname_map_list; -static ubi_slList ntusrname_map_list; - -static void delete_name_entry(name_map_entry *gmep) -{ - if (gmep->grp.nt_name) - { - free(gmep->grp.nt_name); - } - if (gmep->grp.nt_domain) - { - free(gmep->grp.nt_domain); - } - if (gmep->grp.unix_name) - { - free(gmep->grp.unix_name); - } - free((char*)gmep); -} - -/************************************************************************** - Delete all the entries in the name map list. -***************************************************************************/ - -static void delete_map_list(ubi_slList *map_list) -{ - name_map_entry *gmep; - - while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL) - { - delete_name_entry(gmep); - } -} - - -/************************************************************************** - makes a group sid out of a domain sid and a _unix_ gid. -***************************************************************************/ -static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) -{ - int ret = False; - fstring sid_str; - - if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) - { - DEBUG(0,("make_mydomain_sid: unknown domain %s\n", - grp->nt_domain)); - return False; - } - - if (sid_equal(&grp->sid, &global_sid_S_1_5_20)) - { - /* - * only builtin aliases are recognised in S-1-5-20 - */ - DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n", - grp->nt_name)); - - if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0) - { - DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n", - grp->unix_name, grp->nt_name)); - return False; - } - ret = True; - } - else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) - { - if (type != DOM_MAP_USER) - { - DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); - return False; - } - ret = True; - } - else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) - { - if (type != DOM_MAP_DOMAIN) - { - DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); - return False; - } - ret = True; - } - else - { - switch (type) - { - case DOM_MAP_USER: - { - grp->type = SID_NAME_USER; - break; - } - case DOM_MAP_DOMAIN: - { - grp->type = SID_NAME_DOM_GRP; - break; - } - case DOM_MAP_LOCAL: - { - grp->type = SID_NAME_ALIAS; - break; - } - } - - ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid); - } - - sid_to_string(sid_str, &grp->sid); - DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n", - grp->nt_domain, grp->nt_name, grp->unix_id, sid_str)); - return ret; -} - -/************************************************************************** - makes a group sid out of an nt domain, nt group name or a unix group name. -***************************************************************************/ -static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type) -{ - /* - * Attempt to get the unix gid_t for this name. - */ - - DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name)); - - if (type == DOM_MAP_USER) - { - const struct passwd *pwptr = Get_Pwnam(map->unix_name, False); - if (pwptr == NULL) - { - DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); - return False; - } - - map->unix_id = (uint32)pwptr->pw_uid; - } - else - { - struct group *gptr = getgrnam(map->unix_name); - if (gptr == NULL) - { - DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); - return False; - } - - map->unix_id = (uint32)gptr->gr_gid; - } - - DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id)); - - /* - * Now map the name to an NT SID+RID. - */ - - if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name)) - { - /* Must add client-call lookup code here, to - * resolve remote domain's sid and the group's rid, - * in that domain. - * - * NOTE: it is _incorrect_ to put code here that assumes - * we are responsible for lookups for foriegn domains' RIDs. - * - * for foriegn domains for which we are *NOT* the PDC, all - * we can be responsible for is the unix gid_t to which - * the foriegn SID+rid maps to, on this _local_ machine. - * we *CANNOT* make any short-cuts or assumptions about - * RIDs in a foriegn domain. - */ - - if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain))) - { - DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n", - map->nt_domain)); - return False; - } - } - - return make_mydomain_sid(map, type); -} - -static BOOL make_name_entry(name_map_entry **new_ep, - char *nt_domain, char *nt_group, char *unix_group, - DOM_MAP_TYPE type) -{ - /* - * Create the list entry and add it onto the list. - */ - - DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group)); - - (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry)); - if ((*new_ep) == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n")); - return False; - } - - ZERO_STRUCTP(*new_ep); - - (*new_ep)->grp.nt_name = strdup(nt_group ); - (*new_ep)->grp.nt_domain = strdup(nt_domain ); - (*new_ep)->grp.unix_name = strdup(unix_group); - - if ((*new_ep)->grp.nt_name == NULL || - (*new_ep)->grp.unix_name == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n")); - delete_name_entry((*new_ep)); - return False; - } - - /* - * look up the group names, make the Group-SID and unix gid - */ - - if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type)) - { - delete_name_entry((*new_ep)); - return False; - } - - return True; -} - -/************************************************************************** - Load a name map file. Sets last accessed timestamp. -***************************************************************************/ -static ubi_slList *load_name_map(DOM_MAP_TYPE type) -{ - static time_t groupmap_file_last_modified = (time_t)0; - static time_t aliasmap_file_last_modified = (time_t)0; - static time_t ntusrmap_file_last_modified = (time_t)0; - static BOOL initialised_group = False; - static BOOL initialised_alias = False; - static BOOL initialised_ntusr = False; - char *groupname_map_file = lp_groupname_map(); - char *aliasname_map_file = lp_aliasname_map(); - char *ntusrname_map_file = lp_ntusrname_map(); - - FILE *fp; - char *s; - pstring buf; - name_map_entry *new_ep; - - time_t *file_last_modified = NULL; - int *initialised = NULL; - char *map_file = NULL; - ubi_slList *map_list = NULL; - - switch (type) - { - case DOM_MAP_DOMAIN: - { - file_last_modified = &groupmap_file_last_modified; - initialised = &initialised_group; - map_file = groupname_map_file; - map_list = &groupname_map_list; - - break; - } - case DOM_MAP_LOCAL: - { - file_last_modified = &aliasmap_file_last_modified; - initialised = &initialised_alias; - map_file = aliasname_map_file; - map_list = &aliasname_map_list; - - break; - } - case DOM_MAP_USER: - { - file_last_modified = &ntusrmap_file_last_modified; - initialised = &initialised_ntusr; - map_file = ntusrname_map_file; - map_list = &ntusrname_map_list; - - break; - } - } - - if (!(*initialised)) - { - DEBUG(10,("initialising map %s\n", map_file)); - ubi_slInitList(map_list); - (*initialised) = True; - } - - if (!*map_file) - { - return map_list; - } - - /* - * Load the file. - */ - - fp = open_file_if_modified(map_file, "r", file_last_modified); - if (!fp) - { - return map_list; - } - - /* - * Throw away any previous list. - */ - delete_map_list(map_list); - - DEBUG(4,("load_name_map: Scanning name map %s\n",map_file)); - - while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL) - { - pstring unixname; - pstring nt_name; - fstring nt_domain; - fstring ntname; - char *p; - - DEBUG(10,("Read line |%s|\n", s)); - - memset(nt_name, 0, sizeof(nt_name)); - - if (!*s || strchr("#;",*s)) - continue; - - if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) - continue; - - if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name))) - continue; - - trim_string(unixname, " ", " "); - trim_string(nt_name, " ", " "); - - if (!*nt_name) - continue; - - if (!*unixname) - continue; - - p = strchr(nt_name, '\\'); - - if (p == NULL) - { - memset(nt_domain, 0, sizeof(nt_domain)); - fstrcpy(ntname, nt_name); - } - else - { - *p = 0; - p++; - fstrcpy(nt_domain, nt_name); - fstrcpy(ntname , p); - } - - if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type)) - { - ubi_slAddTail(map_list, (ubi_slNode *)new_ep); - DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n", - new_ep->grp.unix_name, - new_ep->grp.nt_domain, - new_ep->grp.nt_name, - new_ep->grp.type)); - } - } - - DEBUG(10,("load_name_map: Added %ld entries to name map.\n", - ubi_slCount(map_list))); - - fclose(fp); - - return map_list; -} - -static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from) -{ - sid_copy(&grp->sid, &from->sid); - grp->unix_id = from->unix_id; - grp->nt_name = from->nt_name; - grp->nt_domain = from->nt_domain; - grp->unix_name = from->unix_name; - grp->type = from->type; -} - -#if 0 -/*********************************************************** - Lookup unix name. -************************************************************/ -static BOOL map_unixname(DOM_MAP_TYPE type, - char *unixname, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (strequal(gmep->grp.unix_name, unixname)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -#endif - -/*********************************************************** - Lookup nt name. -************************************************************/ -static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain, - DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (strequal(gmep->grp.nt_name , ntname) && - strequal(gmep->grp.nt_domain, ntdomain)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - - -/*********************************************************** - Lookup by SID -************************************************************/ -static BOOL map_sid(DOM_MAP_TYPE type, - DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (sid_equal(&gmep->grp.sid, psid)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -/*********************************************************** - Lookup by gid_t. -************************************************************/ -static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - fstring sid_str; - sid_to_string(sid_str, &gmep->grp.sid); - DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n", - gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str)); - if (gmep->grp.unix_id == unix_id) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n", - gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type)); - return True; - } - } - - return False; -} - -/*********************************************************** - * - * Call four functions to resolve unix group ids and either - * local group SIDs or domain group SIDs listed in the local group - * or domain group map files. - * - * Note that it is *NOT* the responsibility of these functions to - * resolve entries that are not in the map files. - * - * Any SID can be in the map files (i.e from any Domain). - * - ***********************************************************/ - -#if 0 - -/*********************************************************** - Lookup a UNIX Group entry by name. -************************************************************/ -BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info) -{ - return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info); -} - -/*********************************************************** - Lookup a UNIX Alias entry by name. -************************************************************/ -BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info) -{ - return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info); -} - -/*********************************************************** - Lookup an Alias name entry -************************************************************/ -BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info); -} - -/*********************************************************** - Lookup a Group entry -************************************************************/ -BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info); -} - -#endif - -/*********************************************************** - Lookup a Username entry by name. -************************************************************/ -static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info); -} - -/*********************************************************** - Lookup a Username entry by SID. -************************************************************/ -static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_USER, sid, grp_info); -} - -/*********************************************************** - Lookup a Username SID entry by uid. -************************************************************/ -static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info); -} - -/*********************************************************** - Lookup an Alias SID entry by name. -************************************************************/ -BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_LOCAL, psid, grp_info); -} - -/*********************************************************** - Lookup a Group entry by sid. -************************************************************/ -BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_DOMAIN, psid, grp_info); -} - -/*********************************************************** - Lookup an Alias SID entry by gid_t. -************************************************************/ -static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info); -} - -/*********************************************************** - Lookup a Group SID entry by gid_t. -************************************************************/ -static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info); -} - - -/************************************************************************ - Routine to look up User details by UNIX name -*************************************************************************/ -BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp) -{ - uid_t uid; - DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name)); - if (nametouid(unix_usr_name, &uid)) - { - return lookupsmbpwuid(uid, grp); - } - else - { - return False; - } -} - -/************************************************************************ - Routine to look up a remote nt name -*************************************************************************/ -static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type) -{ - struct cli_state cli; - POLICY_HND lsa_pol; - fstring srv_name; - extern struct ntuser_creds *usr_creds; - struct ntuser_creds usr; - - BOOL res3 = True; - BOOL res4 = True; - uint32 num_sids; - DOM_SID *sids; - uint8 *types; - char *names[1]; - - usr_creds = &usr; - - ZERO_STRUCT(usr); - pwd_set_nullpwd(&usr.pwd); - - DEBUG(5,("lookup_remote_ntname: %s\n", ntname)); - - if (!cli_connect_serverlist(&cli, lp_passwordserver())) - { - return False; - } - - names[0] = ntname; - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, cli.desthost); - strupper(srv_name); - - /* lookup domain controller; receive a policy handle */ - res3 = res3 ? lsa_open_policy( srv_name, - &lsa_pol, True) : False; - - /* send lsa lookup sids call */ - res4 = res3 ? lsa_lookup_names( &lsa_pol, - 1, names, - &sids, &types, &num_sids) : False; - - res3 = res3 ? lsa_close(&lsa_pol) : False; - - if (res4 && res3 && sids != NULL && types != NULL) - { - sid_copy(sid, &sids[0]); - *type = types[0]; - } - else - { - res3 = False; - } - if (types != NULL) - { - free(types); - } - - if (sids != NULL) - { - free(sids); - } - - return res3 && res4; -} - -/************************************************************************ - Routine to look up a remote nt name -*************************************************************************/ -static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type, - DOM_NAME_MAP *gmep) -{ - /* - * check with the PDC to see if it owns the name. if so, - * the SID is resolved with the PDC database. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type)) - { - if (sid_front_equal(&gmep->sid, &global_member_sid) && - strequal(gmep->nt_domain, global_myworkgroup) && - gmep->type == expected_type) - { - return True; - } - return False; - } - } - - /* - * ... otherwise, it's one of ours. map the sid ourselves, - * which can only happen in our own SAM database. - */ - - if (!strequal(gmep->nt_domain, global_sam_name)) - { - return False; - } - if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid)) - { - return False; - } - - return True; -} - -/* - * used by lookup functions below - */ - -static fstring nt_name; -static fstring unix_name; -static fstring nt_domain; - -/************************************************************************* - looks up a uid, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid)); - if (map_username_uid(uid, gmep)) - { - return True; - } -#if 0 - if (lp_server_role() != ROLE_DOMAIN_NONE) -#endif - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - gmep->unix_id = (uint32)uid; - - /* - * ok, assume it's one of ours. then double-check it - * if we are a member of a domain - */ - - gmep->type = SID_NAME_USER; - fstrcpy(gmep->nt_name, uidtoname(uid)); - fstrcpy(gmep->unix_name, gmep->nt_name); - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); -#endif - } - - /* - * ok, it's one of ours. - */ - - gmep->nt_domain = global_sam_name; - pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid); - - return True; - } - - /* oops. */ - - return False; -} - -/************************************************************************* - looks up by NT name, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname)); - - if (!split_domain_name(fullntname, nt_domain, nt_name)) - { - return False; - } - - if (map_nt_username(nt_name, nt_domain, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - uid_t uid; - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * ok, it's one of ours. we therefore "create" an nt user named - * after the unix user. this is the point where "appliance mode" - * should get its teeth in, as unix users won't really exist, - * they will only be numbers... - */ - - gmep->type = SID_NAME_USER; - fstrcpy(gmep->unix_name, gmep->nt_name); - if (!nametouid(gmep->unix_name, &uid)) - { - return False; - } - gmep->unix_id = (uint32)uid; - - return get_sid_and_type(fullntname, gmep->type, gmep); - } - - /* oops. */ - - return False; -} - -/************************************************************************* - looks up by RID, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) -{ - fstring sid_str; - sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str)); - - if (map_username_sid(sid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt user named - * after the unix user. this is the point where "appliance mode" - * should get its teeth in, as unix users won't really exist, - * they will only be numbers... - */ - - gmep->type = SID_NAME_USER; - sid_copy(&gmep->sid, sid); - if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id)) - { - return False; - } - fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id)); - fstrcpy(gmep->unix_name, gmep->nt_name); - gmep->nt_domain = global_sam_name; - - return True; - } - - /* oops. */ - - return False; -} - -/************************************************************************ - Routine to look up group / alias / well-known group RID by UNIX name -*************************************************************************/ -BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp) -{ - gid_t gid; - DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name)); - if (nametogid(unix_grp_name, &gid)) - { - return lookupsmbgrpgid(gid, grp); - } - else - { - return False; - } -} - -/************************************************************************* - looks up a SID, returns name map entry -*************************************************************************/ -BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) -{ - fstring sid_str; - sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str)); - - if (map_alias_sid(sid, gmep)) - { - return True; - } - if (map_group_sid(sid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt group or - * alias name named after the unix group. this is the point - * where "appliance mode" should get its teeth in, as unix - * groups won't really exist, they will only be numbers... - */ - - /* name is not explicitly mapped - * with map files or the PDC - * so we are responsible for it... - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - /* ... as a LOCAL group. */ - gmep->type = SID_NAME_ALIAS; - } - else - { - /* ... as a DOMAIN group. */ - gmep->type = SID_NAME_DOM_GRP; - } - - sid_copy(&gmep->sid, sid); - if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id)) - { - return False; - } - fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id)); - fstrcpy(gmep->unix_name, gmep->nt_name); - gmep->nt_domain = global_sam_name; - - return True; - } - - /* oops */ - return False; -} - -/************************************************************************* - looks up a gid, returns RID and type local, domain or well-known domain group -*************************************************************************/ -BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid)); - if (map_alias_gid(gid, gmep)) - { - return True; - } - if (map_group_gid(gid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - gmep->unix_id = (uint32)gid; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); - { - return True; - } -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt group or - * alias name named after the unix group. this is the point - * where "appliance mode" should get its teeth in, as unix - * groups won't really exist, they will only be numbers... - */ - - /* name is not explicitly mapped - * with map files or the PDC - * so we are responsible for it... - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - /* ... as a LOCAL group. */ - gmep->type = SID_NAME_ALIAS; - } - else - { - /* ... as a DOMAIN group. */ - gmep->type = SID_NAME_DOM_GRP; - } - fstrcpy(gmep->nt_name, gidtoname(gid)); - fstrcpy(gmep->unix_name, gmep->nt_name); - - return get_sid_and_type(gmep->nt_name, gmep->type, gmep); - } - - /* oops */ - return False; -} - diff --git a/source3/lib/genparser.c b/source3/lib/genparser.c deleted file mode 100644 index 7476b5d0af..0000000000 --- a/source3/lib/genparser.c +++ /dev/null @@ -1,783 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -#include "includes.h" - -/* see if a range of memory is all zero. Used to prevent dumping of zero elements */ -static int all_zero(const char *ptr, unsigned size) -{ - int i; - if (!ptr) return 1; - for (i=0;i<size;i++) { - if (ptr[i]) return 0; - } - return 1; -} - -/* encode a buffer of bytes into a escaped string */ -static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len) -{ - const char *hexdig = "0123456789abcdef"; - char *ret, *p; - unsigned i; - ret = talloc(mem_ctx, len*3 + 1); /* worst case size */ - if (!ret) return NULL; - for (p=ret,i=0;i<len;i++) { - if (isalnum(ptr[i]) || isspace(ptr[i]) || - (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) { - *p++ = ptr[i]; - } else { - unsigned char c = *(unsigned char *)(ptr+i); - if (c == 0 && all_zero(ptr+i, len-i)) break; - p[0] = '\\'; - p[1] = hexdig[c>>4]; - p[2] = hexdig[c&0xF]; - p += 3; - } - } - - *p = 0; - - return ret; -} - -/* decode an escaped string from encode_bytes() into a buffer */ -static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len) -{ - char *ret, *p; - unsigned i; - int slen = strlen(s) + 1; - - ret = talloc(mem_ctx, slen); /* worst case length */ - if (!ret) - return NULL; - memset(ret, 0, slen); - - if (*s == '{') s++; - - for (p=ret,i=0;s[i];i++) { - if (s[i] == '}') { - break; - } else if (s[i] == '\\') { - unsigned v; - if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) { - return NULL; - } - *(unsigned char *)p = v; - p++; - i += 2; - } else { - *p++ = s[i]; - } - } - *p = 0; - - (*len) = (unsigned)(p - ret); - - return ret; -} - -/* the add*() functions deal with adding things to a struct - parse_string */ - -/* allocate more space if needed */ -static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n) -{ - if (p->length + n <= p->allocated) return 0; - p->allocated = p->length + n + 200; - p->s = talloc_realloc(mem_ctx, p->s, p->allocated); - if (!p->s) { - errno = ENOMEM; - return -1; - } - return 0; -} - -/* add a character to the buffer */ -static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c) -{ - if (addgen_alloc(mem_ctx, p, 2) != 0) { - return -1; - } - p->s[p->length++] = c; - p->s[p->length] = 0; - return 0; -} - -/* add a string to the buffer */ -int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, len+1) != 0) { - return -1; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* add a string to the buffer with a tab prefix */ -static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) { - return -1; - } - while (indent--) { - p->s[p->length++] = '\t'; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* note! this can only be used for results up to 60 chars wide! */ -int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char buf[60]; - int n; - va_list ap; - va_start(ap, fmt); - n = vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - return 0; -} - -/* - this is here to make it easier for people to write dump functions - for their own types - */ -int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char *buf = NULL; - int n; - va_list ap; - va_start(ap, fmt); - n = vasprintf(&buf, fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - if (buf) free(buf); - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - if (buf) free(buf); - return 0; -} - -/* dump a enumerated type */ -int gen_dump_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - unsigned v = *(unsigned *)ptr; - int i; - for (i=0;einfo[i].name;i++) { - if (v == einfo[i].value) { - addstr(mem_ctx, p, einfo[i].name); - return 0; - } - } - /* hmm, maybe we should just fail? */ - return gen_dump_unsigned(mem_ctx, p, ptr, indent); -} - -/* dump a single non-array element, hanlding struct and enum */ -static int gen_dump_one(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - unsigned indent) -{ - if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) { - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addchar(mem_ctx, p,'{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}")) { - return -1; - } - return 0; - } - - return pinfo->dump_fn(mem_ctx, p, ptr, indent); -} - -/* handle dumping of an array of arbitrary type */ -static int gen_dump_array(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - int array_len, - int indent) -{ - int i, count=0; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - char *s = encode_bytes(mem_ctx, ptr, array_len); - if (!s) return -1; - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = {") || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - return 0; - } - - for (i=0;i<array_len;i++) { - const char *p2 = ptr; - unsigned size = pinfo->size; - - /* generic pointer dereference */ - if (pinfo->ptr_count) { - p2 = *(const char **)ptr; - size = sizeof(void *); - } - - if ((count || pinfo->ptr_count) && - !(pinfo->flags & FLAG_ALWAYS) && - all_zero(ptr, size)) { - ptr += size; - continue; - } - if (count == 0) { - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addshort(mem_ctx, p, " = %u:", i)) { - return -1; - } - } else { - if (addshort(mem_ctx, p, ", %u:", i) != 0) { - return -1; - } - } - if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) { - return -1; - } - ptr += size; - count++; - } - if (count) { - return addstr(mem_ctx, p, "\n"); - } - return 0; -} - -/* find a variable by name in a loaded structure and return its value - as an integer. Used to support dynamic arrays */ -static int find_var(const struct parse_struct *pinfo, - const char *data, - const char *var) -{ - int i; - const char *ptr; - - /* this allows for constant lengths */ - if (isdigit(*var)) { - return atoi(var); - } - - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, var) == 0) break; - } - if (!pinfo[i].name) return -1; - - ptr = data + pinfo[i].offset; - - switch (pinfo[i].size) { - case sizeof(int): - return *(int *)ptr; - case sizeof(char): - return *(char *)ptr; - } - - return -1; -} - - -int gen_dump_struct(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1); - if (!s) return -1; - if (addstr(mem_ctx, p, "{\n") || - addstr(mem_ctx, p, s) || - addtabbed(mem_ctx, p, "}", indent)) { - return -1; - } - return 0; -} - -static int gen_dump_string(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - const char *ptr = *(char **)data; - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = ") || - addchar(mem_ctx, p, '{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - return 0; -} - -/* - find the length of a nullterm array -*/ -static int len_nullterm(const char *ptr, int size, int array_len) -{ - int len; - - if (size == 1) { - len = strnlen(ptr, array_len); - } else { - for (len=0; len < array_len; len++) { - if (all_zero(ptr+len*size, size)) break; - } - } - - if (len == 0) len = 1; - - return len; -} - - -/* the generic dump routine. Scans the parse information for this structure - and processes it recursively */ -char *gen_dump(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - struct parse_string p; - int i; - - p.length = 0; - p.allocated = 0; - p.s = NULL; - - if (addstr(mem_ctx, &p, "") != 0) { - return NULL; - } - - for (i=0;pinfo[i].name;i++) { - const char *ptr = data + pinfo[i].offset; - unsigned size = pinfo[i].size; - - if (pinfo[i].ptr_count) { - size = sizeof(void *); - } - - /* special handling for array types */ - if (pinfo[i].array_len) { - unsigned len = pinfo[i].array_len; - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(ptr, size, len); - } - if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr, - len, indent)) { - goto failed; - } - continue; - } - - /* and dynamically sized arrays */ - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - struct parse_struct p2 = pinfo[i]; - if (len < 0) { - goto failed; - } - if (len > 0) { - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(*(char **)ptr, - pinfo[i].size, len); - } - p2.ptr_count--; - p2.dynamic_len = NULL; - if (gen_dump_array(mem_ctx, &p, &p2, - *(char **)ptr, - len, indent) != 0) { - goto failed; - } - } - continue; - } - - /* don't dump zero elements */ - if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue; - - /* assume char* is a null terminated string */ - if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 && - pinfo[i].dump_fn == gen_dump_char) { - if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) { - goto failed; - } - continue; - } - - /* generic pointer dereference */ - if (pinfo[i].ptr_count) { - ptr = *(const char **)ptr; - } - - if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) || - addstr(mem_ctx, &p, " = ") || - gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) || - addstr(mem_ctx, &p, "\n")) { - goto failed; - } - } - return p.s; - -failed: - return NULL; -} - -/* search for a character in a string, skipping over sections within - matching braces */ -static char *match_braces(char *s, char c) -{ - int depth = 0; - while (*s) { - switch (*s) { - case '}': - depth--; - break; - case '{': - depth++; - break; - } - if (depth == 0 && *s == c) { - return s; - } - s++; - } - return s; -} - -/* parse routine for enumerated types */ -int gen_parse_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - char *ptr, - const char *str) -{ - unsigned v; - int i; - - if (isdigit(*str)) { - if (sscanf(str, "%u", &v) != 1) { - errno = EINVAL; - return -1; - } - *(unsigned *)ptr = v; - return 0; - } - - for (i=0;einfo[i].name;i++) { - if (strcmp(einfo[i].name, str) == 0) { - *(unsigned *)ptr = einfo[i].value; - return 0; - } - } - - /* unknown enum value?? */ - return -1; -} - - -/* parse all base types */ -static int gen_parse_base(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str) -{ - if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) { - unsigned len; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s) return -1; - *(char **)ptr = s; - return 0; - } - - if (pinfo->ptr_count) { - unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size; - struct parse_struct p2 = *pinfo; - *(void **)ptr = talloc(mem_ctx, size); - if (! *(void **)ptr) { - return -1; - } - memset(*(void **)ptr, 0, size); - ptr = *(char **)ptr; - p2.ptr_count--; - return gen_parse_base(mem_ctx, &p2, ptr, str); - } - - return pinfo->parse_fn(mem_ctx, ptr, str); -} - -/* parse a generic array */ -static int gen_parse_array(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str, - int array_len) -{ - char *p, *p2; - unsigned size = pinfo->size; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - unsigned len = 0; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s || (len > array_len)) return -1; - memset(ptr, 0, array_len); - memcpy(ptr, s, len); - return 0; - } - - if (pinfo->ptr_count) { - size = sizeof(void *); - } - - while (*str) { - unsigned idx; - int done; - - idx = atoi(str); - p = strchr(str,':'); - if (!p) break; - p++; - p2 = match_braces(p, ','); - done = (*p2 != ','); - *p2 = 0; - - if (*p == '{') { - p++; - p[strlen(p)-1] = 0; - } - - if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) { - return -1; - } - - if (done) break; - str = p2+1; - } - - return 0; -} - -/* parse one element, hanlding dynamic and static arrays */ -static int gen_parse_one(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *name, - char *data, - const char *str) -{ - int i; - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, name) == 0) { - break; - } - } - if (pinfo[i].name == NULL) { - return 0; - } - - if (pinfo[i].array_len) { - return gen_parse_array(mem_ctx, &pinfo[i], - data+pinfo[i].offset, - str, pinfo[i].array_len); - } - - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - if (len < 0) { - errno = EINVAL; - return -1; - } - if (len > 0) { - struct parse_struct p2 = pinfo[i]; - char *ptr; - unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size; - ptr = talloc(mem_ctx, len*size); - if (!ptr) { - errno = ENOMEM; - return -1; - } - memset(ptr, 0, len*size); - *((char **)(data + pinfo[i].offset)) = ptr; - p2.ptr_count--; - p2.dynamic_len = NULL; - return gen_parse_array(mem_ctx, &p2, ptr, str, len); - } - return 0; - } - - return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str); -} - -int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str) -{ - return gen_parse(mem_ctx, pinfo, ptr, str); -} - -/* the main parse routine */ -int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s) -{ - char *str, *s0; - - s0 = talloc_strdup(mem_ctx, s); - str = s0; - - while (*str) { - char *p; - char *name; - char *value; - - /* skip leading whitespace */ - while (isspace(*str)) str++; - - p = strchr(str, '='); - if (!p) break; - value = p+1; - while (p > str && isspace(*(p-1))) { - p--; - } - - *p = 0; - name = str; - - while (isspace(*value)) value++; - - if (*value == '{') { - str = match_braces(value, '}'); - value++; - } else { - str = match_braces(value, '\n'); - } - - *str++ = 0; - - if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) { - return -1; - } - } - - return 0; -} - - - -/* for convenience supply some standard dumpers and parsers here */ - -int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned char *)ptr = atoi(str); - return 0; -} - -int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(int *)ptr = atoi(str); - return 0; -} - -int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(time_t *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(double *)ptr = atof(str); - return 0; -} - -int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(float *)ptr = atof(str); - return 0; -} - -int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr)); -} - -int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%d", *(int *)(ptr)); -} - -int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr)); -} - -int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(time_t *)(ptr)); -} - -int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%lg", *(double *)(ptr)); -} - -int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%g", *(float *)(ptr)); -} diff --git a/source3/lib/genparser_samba.c b/source3/lib/genparser_samba.c deleted file mode 100644 index 8f469a46d6..0000000000 --- a/source3/lib/genparser_samba.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "genparser_samba.h" - -/* PARSE functions */ - -int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint8 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint16 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint32 *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - -int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(!string_to_sid((DOM_SID *)ptr, str)) return -1; - return 0; -} - -int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - int info[UUID_FLAT_SIZE]; - int i; - char *sc; - char *p; - char *m; - - m = strdup(str); - if (!m) return -1; - sc = m; - - memset(info, 0, sizeof(info)); - for (i = 0; i < UUID_FLAT_SIZE; i++) { - p = strchr(sc, ','); - if (p != NULL) p = '\0'; - info[i] = atoi(sc); - if (p != NULL) sc = p + 1; - } - free(m); - - for (i = 0; i < UUID_FLAT_SIZE; i++) { - ((UUID_FLAT *)ptr)->info[i] = info[i]; - } - - return 0; -} - -int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str); -} - -int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str); -} - -int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str); -} - -int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str); -} - -int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - -int gen_parse_DATA_BLOB(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_data_blob_info, ptr, str); -} - -int gen_parse_TALLOC_CTX(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - (TALLOC_CTX *)ptr = NULL; - return 0; -} - -/* DUMP functions */ - -int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr)); -} - -int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr)); -} - -int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr)); -} - -int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((NTTIME *)(ptr))->high; - low = ((NTTIME *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - -int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - fstring sidstr; - - sid_to_string(sidstr, (DOM_SID *)ptr); - return addstr(mem_ctx, p, sidstr); -} - -int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask); -} - -int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - int i, r; - - for (i = 0; i < (UUID_FLAT_SIZE - 1); i++) { - if (!(r = addshort(mem_ctx, p, "%d,", ((UUID_FLAT *)ptr)->info[i]))) return r; - } - return addshort(mem_ctx, p, "%d", ((UUID_FLAT *)ptr)->info[i]); -} - -int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent); -} - -int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent); -} - -int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent); -} - -int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent); -} - -int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((LUID *)(ptr))->high; - low = ((LUID *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - -int gen_dump_DATA_BLOB(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_data_blob_info, p, ptr, indent); -} - -int gen_dump_TALLOC_CTX(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "TALLOC_CTX"); -} diff --git a/source3/lib/pam_errors.c b/source3/lib/pam_errors.c index 925441fb1d..212d3831fd 100644 --- a/source3/lib/pam_errors.c +++ b/source3/lib/pam_errors.c @@ -36,7 +36,7 @@ static const struct { {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL}, {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL}, {PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL}, + {PAM_BUF_ERR, NT_STATUS_NO_MEMORY}, {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED}, {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD}, {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */ @@ -69,6 +69,8 @@ static const struct { {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED}, {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED}, {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD}, + {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES}, + {NT_STATUS_NO_MEMORY, PAM_BUF_ERR}, {NT_STATUS_OK, PAM_SUCCESS} }; diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index ce647f02cd..b9d4df301d 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -26,43 +26,6 @@ #define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) #define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) - -PRIVS privs[] = { - {SE_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ - {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"}, - {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"}, - {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"}, - {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"}, - {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"}, - {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"}, - {SE_TCB, "SeTcbPrivilege", "TCB"}, - {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, - {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, - {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, - {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"}, - {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, - {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, - {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, - {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"}, - {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, - {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, - {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, - {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, - {SE_AUDIT, "SeAuditPrivilege", "Audit"}, - {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, - {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, - {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, - {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, - {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"}, - {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} -}; - - - /**************************************************************************** Check if a user is a mapped group. @@ -170,9 +133,6 @@ void reset_privilege(PRIVILEGE_SET *priv_set) void destroy_privilege(PRIVILEGE_SET **priv_set) { - if (priv_set == NULL || *priv_set == NULL) - return; - reset_privilege(*priv_set); if (!((*priv_set)->ext_ctx)) /* mem_ctx is local, destroy it */ @@ -210,27 +170,6 @@ done: return ret; } -NTSTATUS add_privilege_by_name(PRIVILEGE_SET *priv_set, const char *name) -{ - int e; - - for (e = 0; privs[e].se_priv != SE_ALL_PRIVS; e++) { - if (StrCaseCmp(privs[e].priv, name) == 0) { - LUID_ATTR la; - - la.attr = 0; - la.luid.high = 0; - la.luid.low = privs[e].se_priv; - - return add_privilege(priv_set, la); - } - } - - DEBUG(1, ("add_privilege_by_name: No Such Privilege Found (%s)\n", name)); - - return NT_STATUS_UNSUCCESSFUL; -} - /**************************************************************************** add all the privileges to a privilege array ****************************************************************************/ @@ -243,15 +182,15 @@ NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set) set.luid.high = 0; /* TODO: set a proper list of privileges */ - set.luid.low = SE_ADD_USERS; + set.luid.low = SE_PRIV_ADD_USERS; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); - set.luid.low = SE_MACHINE_ACCOUNT; + set.luid.low = SE_PRIV_ADD_MACHINES; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); - set.luid.low = SE_PRINT_OPERATOR; + set.luid.low = SE_PRIV_PRINT_OPERATOR; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); @@ -375,7 +314,7 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) LUID_ATTR *old_set; int i; - if (new_priv_set == NULL || priv_set == NULL) + if (!new_priv_set || !priv_set) return NT_STATUS_INVALID_PARAMETER; /* special case if there are no privileges in the list */ @@ -390,7 +329,7 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) old_set = priv_set->set; - new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count) * (sizeof(LUID_ATTR))); + new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); ALLOC_CHECK(new_set, ret, done, "dup_priv_set"); for (i=0; i < priv_set->count; i++) { @@ -409,16 +348,3 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) done: return ret; } - - -NTSTATUS user_has_privilege(struct current_user *user, uint32 privilege) -{ - LUID_ATTR set; - - set.attr = 0; - set.luid.high = 0; - set.luid.low = privilege; - - return check_priv_in_privilege(user->privs, set); -} - diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 8c54c97043..6769f1288a 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -48,8 +48,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->size = ace_src->size; ace_dest->info.mask = ace_src->info.mask; ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct uuid)); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct uuid)); + memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE); + memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE); sid_copy(&ace_dest->trustee, &ace_src->trustee); } diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index c2dcd905ea..18979e2f76 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -155,16 +155,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { { LDAP_ATTR_LIST_END, NULL } }; -/* privileges */ - -ATTRIB_MAP_ENTRY privilege_attr_list[] = { - { LDAP_ATTR_CN, "sambaPrivName" }, - { LDAP_ATTR_SID_LIST, LDAP_ATTRIBUTE_SID_LIST }, - { LDAP_ATTR_DESC, "description" }, - { LDAP_ATTR_OBJCLASS, "objectClass" }, - { LDAP_ATTR_LIST_END, NULL } -}; - /********************************************************************** perform a simple table lookup and return the attribute name **********************************************************************/ @@ -1210,6 +1200,181 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ return NT_STATUS_OK; } +/********************************************************************** + Add the sambaDomain to LDAP, so we don't have to search for this stuff + again. This is a once-add operation for now. + + TODO: Add other attributes, and allow modification. +*********************************************************************/ +static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, + const char *domain_name) +{ + fstring sid_string; + fstring algorithmic_rid_base_string; + pstring filter, dn; + LDAPMod **mods = NULL; + int rc; + int ldap_op; + LDAPMessage *result = NULL; + int num_result; + char **attr_list; + uid_t u_low, u_high; + gid_t g_low, g_high; + uint32 rid_low, rid_high; + + slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, LDAP_OBJ_DOMINFO); + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + num_result = ldap_count_entries(ldap_state->ldap_struct, result); + + if (num_result > 1) { + DEBUG (0, ("More than domain with that name exists: bailing out!\n")); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + /* Check if we need to add an entry */ + DEBUG(3,("Adding new domain\n")); + ldap_op = LDAP_MOD_ADD; + + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, lp_ldap_suffix()); + + /* Free original search */ + ldap_msgfree(result); + + /* make the changes - the entry *must* not already have samba attributes */ + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + /* If we don't have an entry, then ask secrets.tdb for what it thinks. + It may choose to make it up */ + + sid_to_string(sid_string, get_global_sam_sid()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); + + slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), + algorithmic_rid_base_string); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); + + /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. + TODO: fix all the places where the line between idmap and normal operations + needed by smbd gets fuzzy --jerry 2003-08-11 */ + + if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) + && get_free_rid_range(&rid_low, &rid_high) ) + { + fstring rid_str; + + fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); + DEBUG(10,("setting next available user rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), + rid_str); + + fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); + DEBUG(10,("setting next available group rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + rid_str); + + } + + + switch(ldap_op) + { + case LDAP_MOD_ADD: + rc = smbldap_add(ldap_state, dn, mods); + break; + case LDAP_MOD_REPLACE: + rc = smbldap_modify(ldap_state, dn, mods); + break; + default: + DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); + return NT_STATUS_INVALID_PARAMETER; + } + + if (rc!=LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", + ldap_op == LDAP_MOD_ADD ? "add" : "modify", + dn, ldap_err2string(rc), + ld_error?ld_error:"unknown")); + SAFE_FREE(ld_error); + + ldap_mods_free(mods, True); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); + ldap_mods_free(mods, True); + return NT_STATUS_OK; +} + +/********************************************************************** +Search for the domain info entry +*********************************************************************/ +NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, + LDAPMessage ** result, const char *domain_name, + BOOL try_add) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + pstring filter; + int rc; + char **attr_list; + int count; + + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", + LDAP_OBJ_DOMINFO, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + DEBUG(2, ("Searching for:[%s]\n", filter)); + + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); + DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { + DEBUG(3, ("Got no domain info entries for domain\n")); + ldap_msgfree(*result); + *result = NULL; + if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { + return smbldap_search_domain_info(ldap_state, result, domain_name, False); + } + else { + DEBUG(0, ("Adding domain info for %s failed with %s\n", + domain_name, nt_errstr(ret))); + return ret; + } + } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { + DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", + count, domain_name)); + ldap_msgfree(*result); + *result = NULL; + return ret; + } else { + return NT_STATUS_OK; + } + + return ret; +} + /******************************************************************* Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX. ********************************************************************/ @@ -1230,3 +1395,4 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) ldap_memfree(utf8_dn); return unix_dn; } + diff --git a/source3/lib/smbldap_util.c b/source3/lib/smbldap_util.c deleted file mode 100644 index f6097599bc..0000000000 --- a/source3/lib/smbldap_util.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - Unix SMB/CIFS mplementation. - LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 - Copyright (C) Gerald Carter 2001-2003 - Copyright (C) Shahms King 2001 - Copyright (C) Andrew Bartlett 2002-2003 - Copyright (C) Stefan (metze) Metzmacher 2002-2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include "includes.h" -#include "smbldap.h" - -/********************************************************************** - Add the sambaDomain to LDAP, so we don't have to search for this stuff - again. This is a once-add operation for now. - - TODO: Add other attributes, and allow modification. -*********************************************************************/ -static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, - const char *domain_name) -{ - fstring sid_string; - fstring algorithmic_rid_base_string; - pstring filter, dn; - LDAPMod **mods = NULL; - int rc; - int ldap_op; - LDAPMessage *result = NULL; - int num_result; - char **attr_list; - uid_t u_low, u_high; - gid_t g_low, g_high; - uint32 rid_low, rid_high; - - slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, LDAP_OBJ_DOMINFO); - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - return NT_STATUS_UNSUCCESSFUL; - } - - num_result = ldap_count_entries(ldap_state->ldap_struct, result); - - if (num_result > 1) { - DEBUG (0, ("More than domain with that name exists: bailing out!\n")); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Check if we need to add an entry */ - DEBUG(3,("Adding new domain\n")); - ldap_op = LDAP_MOD_ADD; - - pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, lp_ldap_suffix()); - - /* Free original search */ - ldap_msgfree(result); - - /* make the changes - the entry *must* not already have samba attributes */ - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - /* If we don't have an entry, then ask secrets.tdb for what it thinks. - It may choose to make it up */ - - sid_to_string(sid_string, get_global_sam_sid()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); - - slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), - algorithmic_rid_base_string); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); - - /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. - TODO: fix all the places where the line between idmap and normal operations - needed by smbd gets fuzzy --jerry 2003-08-11 */ - - if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) - && get_free_rid_range(&rid_low, &rid_high) ) - { - fstring rid_str; - - fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); - DEBUG(10,("setting next available user rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), - rid_str); - - fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); - DEBUG(10,("setting next available group rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), - rid_str); - - } - - - switch(ldap_op) - { - case LDAP_MOD_ADD: - rc = smbldap_add(ldap_state, dn, mods); - break; - case LDAP_MOD_REPLACE: - rc = smbldap_modify(ldap_state, dn, mods); - break; - default: - DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); - return NT_STATUS_INVALID_PARAMETER; - } - - if (rc!=LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", - ldap_op == LDAP_MOD_ADD ? "add" : "modify", - dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - - ldap_mods_free(mods, True); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); - ldap_mods_free(mods, True); - return NT_STATUS_OK; -} - -/********************************************************************** -Search for the domain info entry -*********************************************************************/ -NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, - LDAPMessage ** result, const char *domain_name, - BOOL try_add) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - pstring filter; - int rc; - char **attr_list; - int count; - - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", - LDAP_OBJ_DOMINFO, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - DEBUG(2, ("Searching for:[%s]\n", filter)); - - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); - DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); - } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { - DEBUG(3, ("Got no domain info entries for domain\n")); - ldap_msgfree(*result); - *result = NULL; - if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { - return smbldap_search_domain_info(ldap_state, result, domain_name, False); - } - else { - DEBUG(0, ("Adding domain info for %s failed with %s\n", - domain_name, nt_errstr(ret))); - return ret; - } - } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { - DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", - count, domain_name)); - ldap_msgfree(*result); - *result = NULL; - return ret; - } else { - return NT_STATUS_OK; - } - - return ret; -} - diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 2c0bd79785..50bbb4c72c 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -617,6 +617,23 @@ char *sid_binstring(const DOM_SID *sid) return s; } + +/***************************************************************** + Print a GUID structure for debugging. +*****************************************************************/ + +void print_guid(GUID *guid) +{ + int i; + + d_printf("%08x-%04x-%04x", + IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6)); + d_printf("-%02x%02x-", guid->info[8], guid->info[9]); + for (i=10;i<GUID_SIZE;i++) + d_printf("%02x", guid->info[i]); + d_printf("\n"); +} + /******************************************************************* Tallocs a duplicate SID. ********************************************************************/ diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 845aaa4b13..19fb41f6ca 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -596,7 +596,7 @@ BOOL receive_smb(int fd,char *buffer, unsigned int timeout) } /* Check the incoming SMB signature. */ - if (!srv_check_sign_mac(buffer, True)) { + if (!srv_check_sign_mac(buffer)) { DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n")); if (smb_read_error == 0) smb_read_error = READ_BAD_SIG; diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index be1e2ffeb1..2be8b7eb64 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -2027,21 +2027,3 @@ SMB_BIG_UINT STR_TO_SMB_BIG_UINT(const char *nptr, const char **entptr) return val; } - -void string_append(char **left, const char *right) -{ - int new_len = strlen(right) + 1; - - if (*left == NULL) { - *left = malloc(new_len); - *left[0] = '\0'; - } else { - new_len += strlen(*left); - *left = Realloc(*left, new_len); - } - - if (*left == NULL) - return; - - safe_strcat(*left, right, new_len-1); -} diff --git a/source3/lib/util_uuid.c b/source3/lib/util_uuid.c index 4c35236c90..56f0ecd85b 100644 --- a/source3/lib/util_uuid.c +++ b/source3/lib/util_uuid.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * UUID server routines * Copyright (C) Theodore Ts'o 1996, 1997, - * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002, 2003 + * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,47 +27,57 @@ #define TIME_OFFSET_HIGH 0x01B21DD2 #define TIME_OFFSET_LOW 0x13814000 -void smb_uuid_pack(const struct uuid uu, UUID_FLAT *ptr) -{ - SIVAL(ptr, 0, uu.time_low); - SSVAL(ptr, 4, uu.time_mid); - SSVAL(ptr, 6, uu.time_hi_and_version); - memcpy(ptr+8, uu.clock_seq, 2); - memcpy(ptr+10, uu.node, 6); -} +struct uuid { + uint32 time_low; + uint16 time_mid; + uint16 time_hi_and_version; + uint8 clock_seq[2]; + uint8 node[6]; +}; -void smb_uuid_unpack(const UUID_FLAT in, struct uuid *uu) + +static void uuid_pack(const struct uuid *uu, GUID *ptr) { - uu->time_low = IVAL(in.info, 0); - uu->time_mid = SVAL(in.info, 4); - uu->time_hi_and_version = SVAL(in.info, 6); - memcpy(uu->clock_seq, in.info+8, 2); - memcpy(uu->node, in.info+10, 6); + uint8 *out = ptr->info; + + SIVAL(out, 0, uu->time_low); + SSVAL(out, 4, uu->time_mid); + SSVAL(out, 6, uu->time_hi_and_version); + memcpy(out+8, uu->clock_seq, 2); + memcpy(out+10, uu->node, 6); } -const struct uuid smb_uuid_unpack_static(const UUID_FLAT in) +static void uuid_unpack(const GUID in, struct uuid *uu) { - static struct uuid uu; + const uint8 *ptr = in.info; - smb_uuid_unpack(in, &uu); - return uu; + uu->time_low = IVAL(ptr, 0); + uu->time_mid = SVAL(ptr, 4); + uu->time_hi_and_version = SVAL(ptr, 6); + memcpy(uu->clock_seq, ptr+8, 2); + memcpy(uu->node, ptr+10, 6); } -void smb_uuid_generate_random(struct uuid *uu) +void smb_uuid_generate_random(GUID *out) { - UUID_FLAT tmp; + GUID tmp; + struct uuid uu; generate_random_buffer(tmp.info, sizeof(tmp.info), True); - smb_uuid_unpack(tmp, uu); + uuid_unpack(tmp, &uu); - uu->clock_seq[0] = (uu->clock_seq[0] & 0x3F) | 0x80; - uu->time_hi_and_version = (uu->time_hi_and_version & 0x0FFF) | 0x4000; + uu.clock_seq[0] = (uu.clock_seq[0] & 0x3F) | 0x80; + uu.time_hi_and_version = (uu.time_hi_and_version & 0x0FFF) | 0x4000; + uuid_pack(&uu, out); } -char *smb_uuid_to_string(const struct uuid uu) +char *smb_uuid_to_string(const GUID in) { + struct uuid uu; char *out; + uuid_unpack(in, &uu); + asprintf(&out, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", uu.time_low, uu.time_mid, uu.time_hi_and_version, uu.clock_seq[0], uu.clock_seq[1], @@ -77,11 +87,13 @@ char *smb_uuid_to_string(const struct uuid uu) return out; } -const char *smb_uuid_string_static(const struct uuid uu) +const char *smb_uuid_string_static(const GUID in) { + struct uuid uu; static char out[37]; - slprintf(out, sizeof(out), + uuid_unpack(in, &uu); + slprintf(out, sizeof(out) -1, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", uu.time_low, uu.time_mid, uu.time_hi_and_version, uu.clock_seq[0], uu.clock_seq[1], @@ -89,86 +101,3 @@ const char *smb_uuid_string_static(const struct uuid uu) uu.node[3], uu.node[4], uu.node[5]); return out; } - -BOOL smb_string_to_uuid(const char *in, struct uuid* uu) -{ - BOOL ret = False; - const char *ptr = in; - char *end = (char *)in; - int i; - - if (!in || !uu) goto out; - - uu->time_low = strtoul(ptr, &end, 16); - if ((end - ptr) != 8 || *end != '-') goto out; - ptr = (end + 1); - - uu->time_mid = strtoul(ptr, &end, 16); - if ((end - ptr) != 4 || *end != '-') goto out; - ptr = (end + 1); - - uu->time_hi_and_version = strtoul(ptr, &end, 16); - if ((end - ptr) != 4 || *end != '-') goto out; - ptr = (end + 1); - - for (i = 0; i < 2; i++) { - int adj = 0; - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->clock_seq[i] = (*ptr - adj) << 4; - ptr++; - - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->clock_seq[i] |= (*ptr - adj); - ptr++; - } - - if (*ptr != '-') goto out; - ptr++; - - for (i = 0; i < 6; i++) { - int adj = 0; - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->node[i] = (*ptr - adj) << 4; - ptr++; - - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->node[i] |= (*ptr - adj); - ptr++; - } - - ret = True; -out: - return ret; -} diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 20a36dfdf5..15504a5202 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1106,14 +1106,20 @@ static void dump_binary(const char *field, struct berval **values) } } +struct uuid { + uint32 i1; + uint16 i2; + uint16 i3; + uint8 s[8]; +}; + static void dump_guid(const char *field, struct berval **values) { int i; - UUID_FLAT guid; + GUID guid; for (i=0; values[i]; i++) { memcpy(guid.info, values[i]->bv_val, sizeof(guid.info)); - printf("%s: %s\n", field, - smb_uuid_string_static(smb_uuid_unpack_static(guid))); + printf("%s: %s\n", field, smb_uuid_string_static(guid)); } } @@ -1765,18 +1771,16 @@ BOOL ads_pull_uint32(ADS_STRUCT *ads, * @return boolean indicating success **/ BOOL ads_pull_guid(ADS_STRUCT *ads, - void *msg, struct uuid *guid) + void *msg, GUID *guid) { char **values; - UUID_FLAT flat_guid; values = ldap_get_values(ads->ld, msg, "objectGUID"); if (!values) return False; if (values[0]) { - memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT)); - smb_uuid_unpack(flat_guid, guid); + memcpy(guid, values[0], sizeof(GUID)); ldap_value_free(values); return True; } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 8093d79452..e75a361e25 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -325,7 +325,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user, session_key = data_blob(NULL, 16); SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); } - cli_simple_set_signing(cli, session_key, nt_response); + cli_simple_set_signing(cli, session_key, nt_response, 0); } else { /* pre-encrypted password supplied. Only used for security=server, can't do @@ -521,7 +521,7 @@ static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char * file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length); #endif - cli_simple_set_signing(cli, session_key_krb5, null_blob); + cli_simple_set_signing(cli, session_key_krb5, null_blob, 0); blob2 = cli_session_setup_blob(cli, negTokenTarg); @@ -643,16 +643,13 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use fstrcpy(cli->server_domain, ntlmssp_state->server_domain); cli_set_session_key(cli, ntlmssp_state->session_key); - if (cli_simple_set_signing(cli, key, null_blob)) { - - /* 'resign' the last message, so we get the right sequence numbers - for checking the first reply from the server */ - cli_calculate_sign_mac(cli); - - if (!cli_check_sign_mac(cli, True)) { - nt_status = NT_STATUS_ACCESS_DENIED; - } - } + /* Using NTLMSSP session setup, signing on the net only starts + * after a successful authentication and the session key has + * been determined, but with a sequence number of 2. This + * assumes that NTLMSSP needs exactly 2 roundtrips, for any + * other SPNEGO mechanism it needs adapting. */ + + cli_simple_set_signing(cli, key, null_blob, 2); } /* we have a reference conter on ntlmssp_state, if we are signing @@ -1091,8 +1088,6 @@ BOOL cli_negprot(struct cli_state *cli) } cli->sign_info.negotiated_smb_signing = True; cli->sign_info.mandatory_signing = True; - } else if (cli->sign_info.allow_smb_signing && cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) { - cli->sign_info.negotiated_smb_signing = True; } } else if (cli->protocol >= PROTOCOL_LANMAN1) { @@ -1610,8 +1605,8 @@ struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip, struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring workgroup, struct user_auth_info *user_info) { static fstring name; - struct cli_state *cli; - struct in_addr server_ip; + struct cli_state *cli; + struct in_addr server_ip; DEBUG(99, ("Looking up name of master browser %s\n", inet_ntoa(mb_ip->ip))); @@ -1640,14 +1635,14 @@ struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring w return NULL; } - pstrcpy(workgroup, name); + pstrcpy(workgroup, name); - DEBUG(4, ("found master browser %s, %s\n", + DEBUG(4, ("found master browser %s, %s\n", name, inet_ntoa(mb_ip->ip))); - cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info); + cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info); - return cli; + return cli; } diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 66edc3ce38..8542eea064 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -117,7 +117,7 @@ BOOL cli_receive_smb(struct cli_state *cli) return ret; } - if (!cli_check_sign_mac(cli, True)) { + if (!cli_check_sign_mac(cli)) { DEBUG(0, ("SMB Signature verification failed on incoming packet!\n")); cli->smb_rw_error = READ_BAD_SIG; close(cli->fd); diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c index 4cd642c4e3..72c10007bf 100644 --- a/source3/libsmb/samlogon_cache.c +++ b/source3/libsmb/samlogon_cache.c @@ -157,7 +157,7 @@ BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user) free the user_info struct (malloc()'d memory) ***********************************************************************/ -NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user_sid) +NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, DOM_SID *user_sid) { NET_USER_INFO_3 *user = NULL; TDB_DATA data, key; @@ -218,7 +218,7 @@ NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user return user; } -BOOL netsamlogon_cache_have(const DOM_SID *user_sid) +BOOL netsamlogon_cache_have(DOM_SID *user_sid) { TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have"); NET_USER_INFO_3 *user = NULL; diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 28ff0e0c2e..9010dbf5cb 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -150,7 +150,7 @@ static void null_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - NULL implementation - check a MAC sent by server. ************************************************************/ -static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si) { return True; } @@ -197,39 +197,25 @@ static void free_signing_context(struct smb_sign_info *si) } -static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq, BOOL expected_ok) +static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq) { - if (good) { + if (good && !si->doing_signing) { + si->doing_signing = True; + } - if (!si->doing_signing) { - si->doing_signing = True; - } - - if (!si->seen_valid) { - si->seen_valid = True; - } + if (!good) { + if (si->doing_signing) { + struct smb_basic_signing_context *data = si->signing_context; - } else { - if (!si->mandatory_signing && !si->seen_valid) { + /* W2K sends a bad first signature but the sign engine is on.... JRA. */ + if (data->send_seq_num > 1) + DEBUG(1, ("signing_good: SMB signature check failed on seq %u!\n", + (unsigned int)seq )); - if (!expected_ok) { - return True; - } - /* Non-mandatory signing - just turn off if this is the first bad packet.. */ - DEBUG(5, ("signing_good: signing negotiated but not required and the other side \ -isn't sending correct signatures. Turning signatures off.\n")); - si->negotiated_smb_signing = False; - si->allow_smb_signing = False; - si->doing_signing = False; - free_signing_context(si); - return True; - } else if (!expected_ok) { - /* This packet is known to be unsigned */ - return True; + return False; } else { - /* Mandatory signing or bad packet after signing started - fail and disconnect. */ - if (seq) - DEBUG(0, ("signing_good: BAD SIG: seq %u\n", (unsigned int)seq)); + DEBUG(3, ("signing_good: Peer did not sign reply correctly\n")); + free_signing_context(si); return False; } } @@ -337,7 +323,7 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - Client implementation - check a MAC sent by server. ************************************************************/ -static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si) { BOOL good; uint32 reply_seq_number; @@ -395,7 +381,7 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); dump_data(10, (const char *)server_sent_mac, 8); } - return signing_good(inbuf, si, good, saved_seq, expected_ok); + return signing_good(inbuf, si, good, saved_seq); } /*********************************************************** @@ -429,7 +415,7 @@ static void simple_free_signing_context(struct smb_sign_info *si) BOOL cli_simple_set_signing(struct cli_state *cli, const DATA_BLOB user_session_key, - const DATA_BLOB response) + const DATA_BLOB response, int initial_send_seq_num) { struct smb_basic_signing_context *data; @@ -467,7 +453,7 @@ BOOL cli_simple_set_signing(struct cli_state *cli, dump_data_pw("MAC ssession key is:\n", data->mac_key.data, data->mac_key.length); /* Initialise the sequence number */ - data->send_seq_num = 0; + data->send_seq_num = initial_send_seq_num; /* Initialise the list of outstanding packets */ data->outstanding_packet_list = NULL; @@ -549,7 +535,7 @@ static void temp_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - TEMP implementation - check a MAC sent by server. ************************************************************/ -static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si) { return True; } @@ -611,9 +597,9 @@ void cli_calculate_sign_mac(struct cli_state *cli) * which had a bad checksum, True otherwise. */ -BOOL cli_check_sign_mac(struct cli_state *cli, BOOL expected_ok) +BOOL cli_check_sign_mac(struct cli_state *cli) { - if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, expected_ok)) { + if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info)) { free_signing_context(&cli->sign_info); return False; } @@ -702,7 +688,7 @@ static BOOL is_oplock_break(char *inbuf) SMB signing - Server implementation - check a MAC sent by server. ************************************************************/ -static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si) { BOOL good; struct smb_basic_signing_context *data = si->signing_context; @@ -776,7 +762,25 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); dump_data(10, (const char *)server_sent_mac, 8); } - return (signing_good(inbuf, si, good, saved_seq, expected_ok)); + if (!signing_good(inbuf, si, good, saved_seq)) { + if (!si->mandatory_signing && (data->send_seq_num < 3)){ + /* Non-mandatory signing - just turn off if this is the first bad packet.. */ + DEBUG(5, ("srv_check_incoming_message: signing negotiated but not required and client \ +isn't sending correct signatures. Turning off.\n")); + si->negotiated_smb_signing = False; + si->allow_smb_signing = False; + si->doing_signing = False; + free_signing_context(si); + return True; + } else { + /* Mandatory signing or bad packet after signing started - fail and disconnect. */ + if (saved_seq) + DEBUG(0, ("srv_check_incoming_message: BAD SIG: seq %u\n", (unsigned int)saved_seq)); + return False; + } + } else { + return True; + } } /*********************************************************** @@ -809,13 +813,13 @@ BOOL srv_oplock_set_signing(BOOL onoff) Called to validate an incoming packet from the client. ************************************************************/ -BOOL srv_check_sign_mac(char *inbuf, BOOL expected_ok) +BOOL srv_check_sign_mac(char *inbuf) { /* Check if it's a session keepalive. */ if(CVAL(inbuf,0) == SMBkeepalive) return True; - return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, expected_ok); + return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info); } /*********************************************************** @@ -903,42 +907,6 @@ BOOL srv_is_signing_active(void) return srv_sign_info.doing_signing; } - -/*********************************************************** - Returns whether signing is negotiated. We can't use it unless it was - in the negprot. -************************************************************/ - -BOOL srv_is_signing_negotiated(void) -{ - return srv_sign_info.negotiated_smb_signing; -} - -/*********************************************************** - Returns whether signing is negotiated. We can't use it unless it was - in the negprot. -************************************************************/ - -BOOL srv_signing_started(void) -{ - struct smb_basic_signing_context *data; - - if (!srv_sign_info.doing_signing) { - return False; - } - - data = (struct smb_basic_signing_context *)srv_sign_info.signing_context; - if (!data) - return False; - - if (data->send_seq_num == 0) { - return False; - } - - return True; -} - - /*********************************************************** Tell server code we are in a multiple trans reply state. ************************************************************/ diff --git a/source3/modules/developer.c b/source3/modules/developer.c deleted file mode 100644 index 7ffc3ff50d..0000000000 --- a/source3/modules/developer.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba module with developer tools - Copyright (C) Andrew Tridgell 2001 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -static struct { - char from; - char *to; - int len; -} weird_table[] = { - {'q', "^q^", 3}, - {'Q', "^Q^", 3}, - {0, NULL} -}; - -static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft, - char **outbuf, size_t *outbytesleft) -{ - while (*inbytesleft >= 1 && *outbytesleft >= 2) { - int i; - int done = 0; - for (i=0;weird_table[i].from;i++) { - if (strncmp((*inbuf), - weird_table[i].to, - weird_table[i].len) == 0) { - if (*inbytesleft < weird_table[i].len) { - DEBUG(0,("ERROR: truncated weird string\n")); - /* smb_panic("weird_pull"); */ - - } else { - (*outbuf)[0] = weird_table[i].from; - (*outbuf)[1] = 0; - (*inbytesleft) -= weird_table[i].len; - (*outbytesleft) -= 2; - (*inbuf) += weird_table[i].len; - (*outbuf) += 2; - done = 1; - break; - } - } - } - if (done) continue; - (*outbuf)[0] = (*inbuf)[0]; - (*outbuf)[1] = 0; - (*inbytesleft) -= 1; - (*outbytesleft) -= 2; - (*inbuf) += 1; - (*outbuf) += 2; - } - - if (*inbytesleft > 0) { - errno = E2BIG; - return -1; - } - - return 0; -} - -static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft, - char **outbuf, size_t *outbytesleft) -{ - int ir_count=0; - - while (*inbytesleft >= 2 && *outbytesleft >= 1) { - int i; - int done=0; - for (i=0;weird_table[i].from;i++) { - if ((*inbuf)[0] == weird_table[i].from && - (*inbuf)[1] == 0) { - if (*outbytesleft < weird_table[i].len) { - DEBUG(0,("No room for weird character\n")); - /* smb_panic("weird_push"); */ - } else { - memcpy(*outbuf, weird_table[i].to, - weird_table[i].len); - (*inbytesleft) -= 2; - (*outbytesleft) -= weird_table[i].len; - (*inbuf) += 2; - (*outbuf) += weird_table[i].len; - done = 1; - break; - } - } - } - if (done) continue; - - (*outbuf)[0] = (*inbuf)[0]; - if ((*inbuf)[1]) ir_count++; - (*inbytesleft) -= 2; - (*outbytesleft) -= 1; - (*inbuf) += 2; - (*outbuf) += 1; - } - - if (*inbytesleft == 1) { - errno = EINVAL; - return -1; - } - - if (*inbytesleft > 1) { - errno = E2BIG; - return -1; - } - - return ir_count; -} - -struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push}; - -int charset_weird_init(void) -{ - smb_register_charset(&weird_functions); - return True; -} diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c index da93224043..1d1fe75d9c 100644 --- a/source3/nmbd/nmbd_processlogon.c +++ b/source3/nmbd/nmbd_processlogon.c @@ -313,8 +313,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", } #ifdef HAVE_ADS else { - struct uuid domain_guid; - UUID_FLAT flat_guid; + GUID domain_guid; pstring domain; pstring hostname; char *component, *dc, *q1; @@ -341,10 +340,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain)); return; } - - smb_uuid_pack(domain_guid, &flat_guid); - memcpy(q, &flat_guid.info, UUID_FLAT_SIZE); - q += UUID_FLAT_SIZE; + memcpy(q, &domain_guid, sizeof(domain_guid)); + q += sizeof(domain_guid); /* Forest */ str_offset = q - q_orig; diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index 0f0190adb6..8a63840239 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -440,8 +440,8 @@ static void send_wins_name_registration_response(int rcode, int ttl, struct pack Deal with a name refresh request to a WINS server. ************************************************************************/ -void wins_process_name_refresh_request( struct subnet_record *subrec, - struct packet_struct *p ) +void wins_process_name_refresh_request(struct subnet_record *subrec, + struct packet_struct *p) { struct nmb_packet *nmb = &p->packet.nmb; struct nmb_name *question = &nmb->question.question_name; @@ -453,36 +453,28 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, struct in_addr from_ip; struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0"); - putip( (char *)&from_ip, &nmb->additional->rdata[2] ); + putip((char *)&from_ip,&nmb->additional->rdata[2]); if(bcast) { /* * We should only get unicast name refresh packets here. - * Anyone trying to refresh broadcast should not be going - * to a WINS server. Log an error here. + * Anyone trying to refresh broadcast should not be going to a WINS + * server. Log an error here. */ - if( DEBUGLVL( 0 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Broadcast name refresh request received " ); - dbgtext( "for name %s ", nmb_namestr(question) ); - dbgtext( "from IP %s ", inet_ntoa(from_ip) ); - dbgtext( "on subnet %s. ", subrec->subnet_name ); - dbgtext( "Error - Broadcasts should not be sent " ); - dbgtext( "to a WINS server\n" ); - } + + DEBUG(0,("wins_process_name_refresh_request: broadcast name refresh request \ +received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n", + nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name)); return; } - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s IP %s\n", - nmb_namestr(question), inet_ntoa(from_ip) ); - } + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s \ +IP %s\n", nmb_namestr(question), inet_ntoa(from_ip) )); /* * See if the name already exists. - * If not, handle it as a name registration and return. */ + namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME); /* @@ -490,62 +482,48 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, * treat it like a registration request. This allows us to recover * from errors (tridge) */ + if(namerec == NULL) { - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s ", - nmb_namestr( question ) ); - dbgtext( "and the name does not exist. Treating " ); - dbgtext( "as registration.\n" ); - } + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s and \ +the name does not exist. Treating as registration.\n", nmb_namestr(question) )); wins_process_name_registration_request(subrec,p); return; } /* - * if the name is present but not active, simply remove it - * and treat the refresh request as a registration & return. + * if the name is present but not active, + * simply remove it and treat the request + * as a registration */ if (namerec != NULL && !WINS_STATE_ACTIVE(namerec)) { - if( DEBUGLVL( 5 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name (%s) in WINS ", nmb_namestr(question) ); - dbgtext( "was not active - removing it.\n" ); - } + DEBUG(5,("wins_process_name_refresh_request: Name (%s) in WINS was \ +not active - removing it.\n", nmb_namestr(question) )); remove_name_from_namelist( subrec, namerec ); namerec = NULL; - wins_process_name_registration_request( subrec, p ); + wins_process_name_registration_request(subrec,p); return; } /* * Check that the group bits for the refreshing name and the - * name in our database match. If not, refuse the refresh. - * [crh: Why RFS_ERR instead of ACT_ERR? Is this what MS does?] + * name in our database match. */ - if( (namerec != NULL) && - ( (group && !NAME_GROUP(namerec)) - || (!group && NAME_GROUP(namerec)) ) ) { - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name %s ", nmb_namestr(question) ); - dbgtext( "group bit = %s does not match ", - group ? "True" : "False" ); - dbgtext( "group bit in WINS for this name.\n" ); - } + + if((namerec != NULL) && ((group && !NAME_GROUP(namerec)) || (!group && NAME_GROUP(namerec))) ) { + DEBUG(3,("wins_process_name_refresh_request: Name %s group bit = %s \ +does not match group bit in WINS for this name.\n", nmb_namestr(question), group ? "True" : "False" )); send_wins_name_registration_response(RFS_ERR, 0, p); return; } /* - * For a unique name check that the person refreshing the name is - * one of the registered IP addresses. If not - fail the refresh. - * Do the same for group names with a type of 0x1c. - * Just return success for unique 0x1d refreshes. For normal group - * names update the ttl and return success. + * For a unique name check that the person refreshing the name is one of the registered IP + * addresses. If not - fail the refresh. Do the same for group names with a type of 0x1c. + * Just return success for unique 0x1d refreshes. For normal group names update the ttl + * and return success. */ - if( (!group || (group && (question->name_type == 0x1c))) - && find_ip_in_name_record(namerec, from_ip) ) { + + if((!group || (group && (question->name_type == 0x1c))) && find_ip_in_name_record(namerec, from_ip )) { /* * Update the ttl. */ @@ -563,26 +541,11 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, send_wins_name_registration_response(0, ttl, p); wins_hook("refresh", namerec, ttl); return; - } else if((group && (question->name_type == 0x1c))) { - /* - * Added by crh for bug #1079. - * Fix from Bert Driehuis - */ - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s, ", - nmb_namestr(question) ); - dbgtext( "but IP address %s ", inet_ntoa(from_ip) ); - dbgtext( "is not yet associated with " ); - dbgtext( "that name. Treating as registration.\n" ); - } - wins_process_name_registration_request(subrec,p); - return; } else if(group) { /* - * Normal groups are all registered with an IP address of - * 255.255.255.255 so we can't search for the IP address. - */ + * Normal groups are all registered with an IP address of 255.255.255.255 + * so we can't search for the IP address. + */ update_name_ttl(namerec, ttl); send_wins_name_registration_response(0, ttl, p); return; @@ -596,12 +559,9 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, /* * Fail the refresh. */ - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s with IP %s ", - nmb_namestr(question), inet_ntoa(from_ip) ); - dbgtext( "and is IP is not known to the name.\n" ); - } + + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s with IP %s and \ +is IP is not known to the name.\n", nmb_namestr(question), inet_ntoa(from_ip) )); send_wins_name_registration_response(RFS_ERR, 0, p); return; } diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index 32dfc8deca..90e4584dab 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -235,30 +235,6 @@ BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid) return (result == NSS_STATUS_SUCCESS); } -BOOL winbind_allocate_rid(uint32 *rid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result; - - /* Initialise request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Make request */ - - result = winbindd_request(WINBINDD_ALLOCATE_RID, &request, &response); - - if (result != NSS_STATUS_SUCCESS) - return False; - - /* Copy out result */ - *rid = response.data.rid; - - return True; -} - /* Fetch the list of groups a user is a member of from winbindd. This is used by winbind_getgroups. */ @@ -619,6 +595,8 @@ BOOL winbind_delete_group( const char *group ) } /***********************************************************************/ +#if 0 /* not needed currently since winbindd_acct was added -- jerry */ + /* Call winbindd to convert SID to uid. Do not allocate */ BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid) @@ -689,5 +667,7 @@ BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid) return (result == NSS_STATUS_SUCCESS); } +#endif /* JERRY */ + /***********************************************************************/ diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index af2a0ce7c6..772332ee59 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -436,18 +436,6 @@ static BOOL wbinfo_sid_to_gid(char *sid) return True; } -static BOOL wbinfo_allocate_rid(void) -{ - uint32 rid; - - if (!winbind_allocate_rid(&rid)) - return False; - - d_printf("New rid: %d\n", rid); - - return True; -} - /* Convert sid to string */ static BOOL wbinfo_lookupsid(char *sid) @@ -995,7 +983,6 @@ int main(int argc, char **argv) { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" }, { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" }, { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" }, - { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" }, { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" }, { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" }, { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" }, @@ -1115,12 +1102,6 @@ int main(int argc, char **argv) goto done; } break; - case 'A': - if (!wbinfo_allocate_rid()) { - d_printf("Could not allocate a RID\n"); - goto done; - } - break; case 't': if (!wbinfo_check_secret()) { d_printf("Could not check secret\n"); diff --git a/source3/nsswitch/winbind_nss_solaris.c b/source3/nsswitch/winbind_nss_solaris.c index 8f03eb4cd6..1afa567746 100644 --- a/source3/nsswitch/winbind_nss_solaris.c +++ b/source3/nsswitch/winbind_nss_solaris.c @@ -270,10 +270,13 @@ _nss_winbind_getgroupsbymember_solwrap(nss_backend_t* be, void* args) &errnop); /* - * Always return NOTFOUND so nsswitch will get info from all - * the database backends specified in the nsswitch.conf file. - */ - return NSS_STATUS_NOTFOUND; + * If the maximum number of gids have been found, return + * SUCCESS so the switch engine will stop searching. Otherwise + * return NOTFOUND so nsswitch will continue to get groups + * from the remaining database backends specified in the + * nsswitch.conf file. + */ + return (gmem->numgids == gmem->maxgids ? NSS_STATUS_SUCCESS : NSS_STATUS_NOTFOUND); } static NSS_STATUS diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 283b2e4a89..b55ea297b4 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -255,7 +255,6 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" }, { WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" }, { WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" }, - { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, "ALLOCATE_RID" }, /* Miscellaneous */ diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index 5c05a1b045..7c8e6256e1 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -97,7 +97,6 @@ struct winbindd_domain { BOOL native_mode; /* is this a win2k domain in native mode ? */ BOOL active_directory; /* is this a win2k active directory ? */ BOOL primary; /* is this our primary domain ? */ - BOOL internal; /* BUILTIN and member SAM */ /* Lookup methods for this domain (LDAP or RPC) */ struct winbindd_methods *methods; @@ -163,7 +162,7 @@ struct winbindd_methods { /* lookup user info for a given SID */ NTSTATUS (*query_user)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, WINBIND_USERINFO *user_info); /* lookup all groups that a user is a member of. The backend @@ -171,13 +170,13 @@ struct winbindd_methods { function */ NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, uint32 *num_groups, DOM_SID ***user_gids); /* find all members of the group with the specified group_rid */ NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types); diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 73c5af978c..e6b857f406 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -390,7 +390,7 @@ failed: /* Lookup user information from a rid */ static NTSTATUS query_user(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *sid, + DOM_SID *sid, WINBIND_USERINFO *info) { ADS_STRUCT *ads = NULL; @@ -561,7 +561,7 @@ done: /* Lookup groups a user is a member of. */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *sid, + DOM_SID *sid, uint32 *num_groups, DOM_SID ***user_gids) { ADS_STRUCT *ads = NULL; @@ -659,7 +659,7 @@ done: */ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types) { diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index d684f6edfb..91834e476f 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -1039,7 +1039,7 @@ do_query: /* Lookup user information from a rid */ static NTSTATUS query_user(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, WINBIND_USERINFO *info) { struct winbind_cache *cache = get_cache(domain); @@ -1102,7 +1102,7 @@ do_query: /* Lookup groups a user is a member of. */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, uint32 *num_groups, DOM_SID ***user_gids) { struct winbind_cache *cache = get_cache(domain); @@ -1185,7 +1185,7 @@ skip_save: static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types) { diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 3bdf83cfdf..3ee8c0877b 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -106,15 +106,6 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid))); *num_gr_mem = 0; - - /* HACK ALERT!! This whole routine does not cope with group members - * from more than one domain, ie aliases. Thus we have to work it out - * ourselves in a special routine. */ - - if (domain->internal) - return fill_passdb_alias_grmem(domain, group_sid, - num_gr_mem, - gr_mem, gr_mem_len); if ( !((group_name_type==SID_NAME_DOM_GRP) || ((group_name_type==SID_NAME_ALIAS) && domain->primary)) ) @@ -252,11 +243,14 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) /* if no domain or our local domain, then do a local tdb search */ - if ( (!*name_domain || strequal(name_domain, get_global_sam_name())) && - ((grp = wb_getgrnam(name_group)) != NULL) ) { - + if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { char *buffer = NULL; + if ( !(grp=wb_getgrnam(name_group)) ) { + DEBUG(5,("winbindd_getgrnam: lookup for %s\\%s failed\n", + name_domain, name_group)); + return WINBINDD_ERROR; + } memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) ); gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem ); @@ -268,13 +262,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_OK; } - /* if no domain or our local domain and no local tdb group, default to - * our local domain for aliases */ - - if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { - fstrcpy(name_domain, get_global_sam_name()); - } - /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -300,8 +287,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) } if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && domain->primary) || - ((name_type==SID_NAME_ALIAS) && domain->internal)) ) + ((name_type==SID_NAME_ALIAS) && domain->primary)) ) { DEBUG(1, ("name '%s' is not a local or domain group: %d\n", name_group, name_type)); @@ -392,8 +378,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) } if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && domain->primary) || - ((name_type==SID_NAME_ALIAS) && domain->internal)) ) + ((name_type==SID_NAME_ALIAS) && domain->primary) )) { DEBUG(1, ("name '%s' is not a local or domain group: %d\n", group_name, name_type)); @@ -556,8 +541,8 @@ static BOOL get_sam_group_entries(struct getent_state *ent) /* get the domain local groups if we are a member of a native win2k domain and are not using LDAP to get the groups */ - if ( ( lp_security() != SEC_ADS && domain->native_mode - && domain->primary) || domain->internal ) + if ( lp_security() != SEC_ADS && domain->native_mode + && domain->primary ) { DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n")); @@ -913,53 +898,6 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) return WINBINDD_OK; } -static void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num) -{ - int i; - - if ((*num) >= groups_max()) - return; - - for (i=0; i<*num; i++) { - if ((*gids)[i] == gid) - return; - } - - *gids = Realloc(*gids, (*num+1) * sizeof(gid_t)); - - if (*gids == NULL) - return; - - (*gids)[*num] = gid; - *num += 1; -} - -static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num) -{ - gid_t gid; - DOM_SID *aliases; - int j, num_aliases; - - DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid))); - - if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0))) - add_gid_to_array_unique(gid, gids, num); - - /* Add nested group memberships */ - - if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases)) - return; - - for (j=0; j<num_aliases; j++) { - - if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid))) - continue; - - add_gid_to_array_unique(gid, gids, num); - } - SAFE_FREE(aliases); -} - /* Get user supplementary groups. This is much quicker than trying to invert the groups database. We merge the groups from the gids and other_sids info3 fields as trusted domain, universal group @@ -977,7 +915,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) DOM_SID **user_grpsids; struct winbindd_domain *domain; enum winbindd_result result = WINBINDD_ERROR; - gid_t *gid_list = NULL; + gid_t *gid_list; unsigned int i; TALLOC_CTX *mem_ctx; NET_USER_INFO_3 *info3 = NULL; @@ -1025,8 +963,6 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; } - add_gids_from_sid(&user_sid, &gid_list, &num_gids); - /* Treat the info3 cache as authoritative as the lookup_usergroups() function may return cached data. */ @@ -1036,6 +972,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) info3->num_groups2, info3->num_other_sids)); num_groups = info3->num_other_sids + info3->num_groups2; + gid_list = calloc(sizeof(gid_t), num_groups); /* Go through each other sid and convert it to a gid */ @@ -1069,11 +1006,23 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) continue; } - add_gids_from_sid(&info3->other_sids[i].sid, - &gid_list, &num_gids); + /* Map to a gid */ - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) ) + { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&info3->other_sids[i].sid))); + continue; + } + + /* We've jumped through a lot of hoops to get here */ + + DEBUG(10, ("winbindd_getgroups: mapped other sid %s to " + "gid %lu\n", sid_string_static( + &info3->other_sids[i].sid), + (unsigned long)gid_list[num_gids])); + + num_gids++; } for (i = 0; i < info3->num_groups2; i++) { @@ -1083,10 +1032,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) sid_copy( &group_sid, &domain->sid ); sid_append_rid( &group_sid, info3->gids[i].g_rid ); - add_gids_from_sid(&group_sid, &gid_list, &num_gids); + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&group_sid))); + } - if (gid_list == NULL) - goto done; + num_gids++; } SAFE_FREE(info3); @@ -1104,11 +1055,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; for (i = 0; i < num_groups; i++) { - add_gids_from_sid(user_grpsids[i], - &gid_list, &num_gids); - - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) { + DEBUG(1, ("unable to convert group sid %s to gid\n", + sid_string_static(user_grpsids[i]))); + continue; + } + num_gids++; } } diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 745a29facc..0d110b8afa 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -36,7 +36,7 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 10 +#define WINBIND_INTERFACE_VERSION 9 /* Socket commands */ @@ -84,7 +84,6 @@ enum winbindd_cmd { WINBINDD_SID_TO_GID, WINBINDD_UID_TO_SID, WINBINDD_GID_TO_SID, - WINBINDD_ALLOCATE_RID, /* Miscellaneous other stuff */ @@ -267,7 +266,7 @@ struct winbindd_response { char nt_session_key[16]; char first_8_lm_hash[8]; } auth; - uint32 rid; /* create user or group or allocate rid */ + uint32 rid; /* create user or group */ struct { fstring name; fstring alt_name; diff --git a/source3/nsswitch/winbindd_passdb.c b/source3/nsswitch/winbindd_passdb.c deleted file mode 100644 index 36f5297efe..0000000000 --- a/source3/nsswitch/winbindd_passdb.c +++ /dev/null @@ -1,339 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind rpc backend functions - - Copyright (C) Tim Potter 2000-2001,2003 - Copyright (C) Simo Sorce 2003 - Copyright (C) Volker Lendecke 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -static void -add_member(const char *domain, const char *user, - char **members, int *num_members) -{ - fstring name; - - fill_domain_username(name, domain, user); - safe_strcat(name, ",", sizeof(name)-1); - string_append(members, name); - *num_members += 1; -} - -/********************************************************************** - Add member users resulting from sid. Expand if it is a domain group. -**********************************************************************/ - -static void -add_expanded_sid(const DOM_SID *sid, char **members, int *num_members) -{ - DOM_SID dom_sid; - uint32 rid; - struct winbindd_domain *domain; - int i; - - char *name = NULL; - enum SID_NAME_USE type; - - uint32 num_names; - DOM_SID **sid_mem; - char **names; - uint32 *types; - - NTSTATUS result; - - TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid"); - - if (mem_ctx == NULL) { - DEBUG(1, ("talloc_init failed\n")); - return; - } - - sid_copy(&dom_sid, sid); - sid_split_rid(&dom_sid, &rid); - - domain = find_domain_from_sid(&dom_sid); - - if (domain == NULL) { - DEBUG(3, ("Could not find domain for sid %s\n", - sid_string_static(sid))); - goto done; - } - - result = domain->methods->sid_to_name(domain, mem_ctx, sid, - &name, &type); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("sid_to_name failed for sid %s\n", - sid_string_static(sid))); - goto done; - } - - DEBUG(10, ("Found name %s, type %d\n", name, type)); - - if (type == SID_NAME_USER) { - add_member(domain->name, name, members, num_members); - goto done; - } - - if (type != SID_NAME_DOM_GRP) { - DEBUG(10, ("Alias member %s neither user nor group, ignore\n", - name)); - goto done; - } - - /* Expand the domain group */ - - result = domain->methods->lookup_groupmem(domain, mem_ctx, - sid, &num_names, - &sid_mem, &names, - &types); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(10, ("Could not lookup group members for %s: %s\n", - name, nt_errstr(result))); - goto done; - } - - for (i=0; i<num_names; i++) { - DEBUG(10, ("Adding group member SID %s\n", - sid_string_static(sid_mem[i]))); - - if (types[i] != SID_NAME_USER) { - DEBUG(1, ("Hmmm. Member %s of group %s is no user. " - "Ignoring.\n", names[i], name)); - continue; - } - - add_member(domain->name, names[i], members, num_members); - } - - done: - talloc_destroy(mem_ctx); - return; -} - -BOOL fill_passdb_alias_grmem(struct winbindd_domain *domain, - DOM_SID *group_sid, - int *num_gr_mem, char **gr_mem, int *gr_mem_len) -{ - DOM_SID *members; - int i, num_members; - - *num_gr_mem = 0; - *gr_mem = NULL; - *gr_mem_len = 0; - - if (!pdb_enum_aliasmem(group_sid, &members, &num_members)) - return True; - - for (i=0; i<num_members; i++) { - add_expanded_sid(&members[i], gr_mem, num_gr_mem); - } - - SAFE_FREE(members); - - if (*gr_mem != NULL) { - int len; - - /* We have at least one member, strip off the last "," */ - len = strlen(*gr_mem); - (*gr_mem)[len-1] = '\0'; - *gr_mem_len = len; - } - - return True; -} - -/* Query display info for a domain. This returns enough information plus a - bit extra to give an overview of domain users for the User Manager - application. */ -static NTSTATUS query_user_list(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - WINBIND_USERINFO **info) -{ - /* We don't have users */ - *num_entries = 0; - *info = NULL; - return NT_STATUS_OK; -} - -/* list all domain groups */ -static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - /* We don't have domain groups */ - *num_entries = 0; - *info = NULL; - return NT_STATUS_OK; -} - -/* List all domain groups */ - -static NTSTATUS enum_local_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - struct acct_info *talloced_info; - - /* Hmm. One billion aliases should be enough for a start */ - - if (!pdb_enum_aliases(&domain->sid, 0, 1000000000, - num_entries, info)) { - /* Nothing to report, just exit. */ - return NT_STATUS_OK; - } - - talloced_info = (struct acct_info *) - talloc_memdup(mem_ctx, *info, - *num_entries * sizeof(struct acct_info)); - - SAFE_FREE(*info); - *info = talloced_info; - - return NT_STATUS_OK; -} - -/* convert a single name to a sid in a domain */ -static NTSTATUS name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *name, - DOM_SID *sid, - enum SID_NAME_USE *type) -{ - DEBUG(10, ("Finding name %s\n", name)); - - if (!pdb_find_alias(name, sid)) - return NT_STATUS_NONE_MAPPED; - - *type = SID_NAME_ALIAS; - return NT_STATUS_OK; -} - -/* - convert a domain SID to a user or group name -*/ -static NTSTATUS sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - char **name, - enum SID_NAME_USE *type) -{ - struct acct_info info; - - DEBUG(10, ("Converting SID %s\n", sid_string_static(sid))); - - if (!pdb_get_aliasinfo(sid, &info)) - return NT_STATUS_NONE_MAPPED; - - *name = talloc_strdup(mem_ctx, info.acct_name); - *type = SID_NAME_ALIAS; - - return NT_STATUS_OK; -} - -/* Lookup user information from a rid or username. */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, - WINBIND_USERINFO *user_info) -{ - return NT_STATUS_NO_SUCH_USER; -} - -/* Lookup groups a user is a member of. I wish Unix had a call like this! */ -static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, - uint32 *num_groups, DOM_SID ***user_gids) -{ - return NT_STATUS_NO_SUCH_USER; -} - - -/* Lookup group membership given a rid. */ -static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, - DOM_SID ***sid_mem, char ***names, - uint32 **name_types) -{ - return NT_STATUS_OK; -} - -/* find the sequence number for a domain */ -static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) -{ - *seq = 1; - return NT_STATUS_OK; -} - -/* get a list of trusted domains */ -static NTSTATUS trusted_domains(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_domains, - char ***names, - char ***alt_names, - DOM_SID **dom_sids) -{ - return NT_STATUS_OK; -} - -/* find the domain sid for a domain */ -static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) -{ - sid_copy(sid, &domain->sid); - return NT_STATUS_OK; -} - -/* find alternate names list for the domain - * should we look for netbios aliases?? - SSS */ -static NTSTATUS alternate_name(struct winbindd_domain *domain) -{ - DEBUG(3,("pdb: alternate_name\n")); - - return NT_STATUS_OK; -} - - -/* the rpc backend methods are exposed via this structure */ -struct winbindd_methods passdb_methods = { - False, - query_user_list, - enum_dom_groups, - enum_local_groups, - name_to_sid, - sid_to_name, - query_user, - lookup_usergroups, - lookup_groupmem, - sequence_number, - trusted_domains, - domain_sid, - alternate_name -}; diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c index 25d5f64df6..d4428a2f59 100644 --- a/source3/nsswitch/winbindd_rpc.c +++ b/source3/nsswitch/winbindd_rpc.c @@ -366,7 +366,7 @@ static NTSTATUS sid_to_name(struct winbindd_domain *domain, /* Lookup user information from a rid or username. */ static NTSTATUS query_user(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, WINBIND_USERINFO *user_info) { CLI_POLICY_HND *hnd = NULL; @@ -465,7 +465,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, /* Lookup groups a user is a member of. I wish Unix had a call like this! */ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, + DOM_SID *user_sid, uint32 *num_groups, DOM_SID ***user_grpsids) { CLI_POLICY_HND *hnd; @@ -571,7 +571,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, /* Lookup group membership given a rid. */ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, + DOM_SID *group_sid, uint32 *num_names, DOM_SID ***sid_mem, char ***names, uint32 **name_types) { diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index d4206558c5..9fbf47046d 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -30,8 +30,10 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) { + extern DOM_SID global_sid_Builtin; enum SID_NAME_USE type; - DOM_SID sid; + DOM_SID sid, tmp_sid; + uint32 rid; fstring name; fstring dom_name; @@ -48,6 +50,15 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } + /* Don't look up BUILTIN sids */ + + sid_copy(&tmp_sid, &sid); + sid_split_rid(&tmp_sid, &rid); + + if (sid_equal(&tmp_sid, &global_sid_Builtin)) { + return WINBINDD_ERROR; + } + /* Lookup the sid */ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) { @@ -434,23 +445,3 @@ done: return WINBINDD_OK; } - -enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state) -{ - if ( !state->privileged ) { - DEBUG(2, ("winbindd_allocate_rid: non-privileged access " - "denied!\n")); - return WINBINDD_ERROR; - } - - /* We tell idmap to always allocate a user RID. There might be a good - * reason to keep RID allocation for users to even and groups to - * odd. This needs discussion I think. For now only allocate user - * rids. */ - - if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid, - USER_RID_TYPE))) - return WINBINDD_ERROR; - - return WINBINDD_OK; -} diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index 6ac5c48285..403ba399c8 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -150,9 +150,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } /* set flags about native_mode, active_directory */ - - if (!domain->internal) - set_dc_type_and_flags( domain ); + + set_dc_type_and_flags( domain ); DEBUG(3,("add_trusted_domain: %s is an %s %s domain\n", domain->name, domain->active_directory ? "ADS" : "NT4", @@ -304,24 +303,6 @@ BOOL init_domain_list(void) /* do an initial scan for trusted domains */ add_trusted_domains(domain); - - /* Add our local SAM domains */ - { - DOM_SID sid; - extern struct winbindd_methods passdb_methods; - struct winbindd_domain *dom; - - string_to_sid(&sid, "S-1-5-32"); - - dom = add_trusted_domain("BUILTIN", NULL, &passdb_methods, - &sid); - dom->internal = True; - - dom = add_trusted_domain(get_global_sam_name(), NULL, - &passdb_methods, - get_global_sam_sid()); - dom->internal = True; - } /* avoid rescanning this right away */ last_trustdom_scan = time(NULL); diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c index a1eef159c0..bc982d0044 100644 --- a/source3/nsswitch/winbindd_wins.c +++ b/source3/nsswitch/winbindd_wins.c @@ -201,10 +201,7 @@ enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state) } if (i != 0) { /* Clear out the newline character */ - /* But only if there is something in there, - otherwise we clobber something in the stack */ - if (strlen(response)) - response[strlen(response)-1] = ' '; + response[strlen(response)-1] = ' '; } fstrcat(response,addr); fstrcat(response,"\t"); diff --git a/source3/param/config_ldap.c b/source3/param/config_ldap.c deleted file mode 100644 index fe4693fb58..0000000000 --- a/source3/param/config_ldap.c +++ /dev/null @@ -1,351 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - ModConfig LDAP backend - - Copyright (C) Simo Sorce 2003 - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - Copyright (C) Gerald Carter 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*#undef DBGC_CLASS -#define DBGC_CLASS DBGC_CONFIG -*/ - -#include <lber.h> -#include <ldap.h> - -#include "smbldap.h" - -#define LDAP_OBJ_SAMBA_CONFIG "sambaConfig" -#define LDAP_OBJ_SAMBA_SHARE "sambaShare" -#define LDAP_OBJ_SAMBA_OPTION "sambaConfigOption" - -#define LDAP_ATTR_LIST_END 0 -#define LDAP_ATTR_BOOL 1 -#define LDAP_ATTR_INTEGER 2 -#define LDAP_ATTR_STRING 3 -#define LDAP_ATTR_LIST 4 -#define LDAP_ATTR_NAME 5 - - -struct ldap_config_state { - struct smbldap_state *smbldap_state; - TALLOC_CTX *mem_ctx; -}; - -ATTRIB_MAP_ENTRY option_attr_list[] = { - { LDAP_ATTR_NAME, "sambaOptionName" }, - { LDAP_ATTR_LIST, "sambaListOption" }, - { LDAP_ATTR_STRING, "sambaStringOption" }, - { LDAP_ATTR_INTEGER, "sambaIntegerOption" }, - { LDAP_ATTR_BOOL, "sambaBoolOption" }, - { LDAP_ATTR_LIST_END, NULL } -}; - -static struct ldap_config_state ldap_state; -static char *config_base_dn; - -static NTSTATUS ldap_config_close(void); - -/* -TODO: - search each section - start with global, then with others - for each section parse all options -*/ - -static NTSTATUS parse_section( - const char *dn, - BOOL (*pfunc)(const char *, const char *)) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - pstring filter; - pstring option_name; - pstring option_value; - char **attr_list = NULL; - int rc; - int count; - - mem_ctx = talloc_init("parse_section"); - - /* search for the options */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_OPTION); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - attr_list = get_attr_list(option_attr_list); - rc = smbldap_search(ldap_state.smbldap_state, - dn, LDAP_SCOPE_ONELEVEL, - filter, attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("parse_section: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - while (entry) { - int o; - - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaOptionName", option_name)) { - goto done; - } - - option_value[0] = '\0'; - for (o = 1; option_attr_list[o].name != NULL; o++) { - if (smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, option_attr_list[o].name, option_value)) { - break; - } - } - if (option_value[0] != '\0') { - if (!pfunc(option_name, option_value)) { - goto done; - } - } else { - DEBUG(0,("parse_section: Missing value for option: %s\n", option_name)); - goto done; - } - - entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry); - } - - ret = NT_STATUS_OK; - -done: - talloc_destroy(mem_ctx); - free_attr_list(attr_list); - if (result) ldap_msgfree(result); - - return ret; -} - -/***************************************************************************** - load configuration from ldap -*****************************************************************************/ - -static NTSTATUS ldap_config_load( - BOOL (*sfunc)(const char *), - BOOL (*pfunc)(const char *, const char *)) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - pstring filter; - pstring attr_text; - char *config_dn = NULL; - char *temp; - int rc; - int count; - const char *config_attr_list[] = {"description", NULL}; - const char *share_attr_list[] = {"sambaShareName", "description", NULL}; - char **share_dn; - char **share_name; - - mem_ctx = talloc_init("ldap_config_load"); - - /* search for the base config dn */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_CONFIG); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - rc = smbldap_search(ldap_state.smbldap_state, - config_base_dn, LDAP_SCOPE_SUBTREE, - filter, config_attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - if (count != 1) { - DEBUG(0,("ldap_config_load: single %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, result))) { - goto done; - } - config_dn = talloc_strdup(mem_ctx, temp); - SAFE_FREE(temp); - if (!config_dn) { - goto done; - } - - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "description", attr_text)) { - DEBUG(0, ("ldap_config_load: no description field in %s object\n", LDAP_OBJ_SAMBA_CONFIG)); - } - - if (result) ldap_msgfree(result); -/* TODO: finish up the last section, see loadparm's lp_load()*/ - - /* retrive the section list */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_SHARE); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - rc = smbldap_search(ldap_state.smbldap_state, - config_dn, LDAP_SCOPE_SUBTREE, - filter, share_attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - DEBUG(0, ("config_ldap: Found %d shares\n", count)); - if (count) { - int i; - - share_dn = talloc(mem_ctx, (count + 1) * sizeof(char *)); - share_name = talloc(mem_ctx, (count) * sizeof(char *)); - if (!share_dn || !share_name) { - DEBUG(0,("config_ldap: Out of memory!\n")); - goto done; - } - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - i = 0; - while (entry) { - if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, entry))) { - goto done; - } - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaShareName", attr_text)) { - goto done; - } - share_dn[i] = talloc_strdup(mem_ctx, temp); - share_name[i] = talloc_strdup(mem_ctx, attr_text); - if (!share_dn[i] || !share_name[i]) { - DEBUG(0,("config_ldap: Out of memory!\n")); - goto done; - } - - DEBUG(0, ("config_ldap: Found share [%s] (%s)\n", attr_text, temp)); - SAFE_FREE(temp); - - entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry); - i++; - if (entry && (count == i)) { - DEBUG(0, ("Error too many entryes in ldap result\n")); - goto done; - } - } - share_dn[i] = NULL; - } - - /* parse global section*/ - if (!sfunc("global")) { - goto done; - } - if (!NT_STATUS_IS_OK(parse_section(config_dn, pfunc))) { - goto done; - } else { /* parse shares */ - int i; - - for (i = 0; share_dn[i] != NULL; i++) { - if (!sfunc(share_name[i])) { - goto done; - } - if (!NT_STATUS_IS_OK(parse_section(share_dn[i], pfunc))) { - goto done; - } - } - } - -done: - talloc_destroy(mem_ctx); - if (result) ldap_msgfree(result); - - return ret; -} - -/***************************************************************************** - Initialise config_ldap module -*****************************************************************************/ - -static NTSTATUS ldap_config_init(char *params) -{ - NTSTATUS nt_status; - const char *location; - const char *basedn; - - ldap_state.mem_ctx = talloc_init("config_ldap"); - if (!ldap_state.mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - - /* we assume only location is passed through an inline parameter - * other options go via parametrical options */ - if (params) { - location = params; - } else { - location = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "url", "ldap://localhost"); - } - DEBUG(0,("config_ldap: location=%s\n", location)); - basedn = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "basedn", NULL); - if (basedn) config_base_dn = smb_xstrdup(basedn); - - if (!NT_STATUS_IS_OK(nt_status = - smbldap_init(ldap_state.mem_ctx, location, - &ldap_state.smbldap_state))) { - talloc_destroy(ldap_state.mem_ctx); - DEBUG(0,("config_ldap: smbldap_init failed!\n")); - return nt_status; - } - - return NT_STATUS_OK; -} - -/***************************************************************************** - End the LDAP session -*****************************************************************************/ - -static NTSTATUS ldap_config_close(void) -{ - - smbldap_free_struct(&(ldap_state).smbldap_state); - talloc_destroy(ldap_state.mem_ctx); - - DEBUG(5,("The connection to the LDAP server was closed\n")); - /* maybe free the results here --metze */ - - return NT_STATUS_OK; -} - -static struct config_functions functions = { - ldap_config_init, - ldap_config_load, - ldap_config_close -}; - -NTSTATUS config_ldap_init(void) -{ - return smb_register_config(SAMBA_CONFIG_INTERFACE_VERSION, "ldap", &functions); -} diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b5372188de..af26697476 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -95,7 +95,6 @@ struct _param_opt_struct { */ typedef struct { - char *szConfigBackend; char *smb_ports; char *dos_charset; char *unix_charset; @@ -123,7 +122,6 @@ typedef struct char *szSMBPasswdFile; char *szPrivateDir; char **szPassdbBackend; - char *szGumsBackend; char **szPreloadModules; char *szPasswordServer; char *szSocketOptions; @@ -224,7 +222,6 @@ typedef struct char *szLdapUserSuffix; char *szLdapIdmapSuffix; char *szLdapGroupSuffix; - char *szLdapPrivilegeSuffix; #ifdef WITH_LDAP_SAMCONFIG int ldap_port; char *szLdapServer; @@ -758,7 +755,6 @@ static const struct enum_list enum_map_to_guest[] = { static struct parm_struct parm_table[] = { {N_("Base Options"), P_SEP, P_SEPARATOR}, - {"config backend", P_STRING, P_GLOBAL, &Globals.szConfigBackend, NULL, NULL, FLAG_ADVANCED}, {"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, handle_charset, NULL, FLAG_ADVANCED}, {"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, handle_charset, NULL, FLAG_ADVANCED}, {"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, handle_charset, NULL, FLAG_ADVANCED}, @@ -796,7 +792,6 @@ static struct parm_struct parm_table[] = { {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED}, {"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED}, {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, - {"gums backend", P_STRING, P_GLOBAL, &Globals.szGumsBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, @@ -1075,7 +1070,6 @@ static struct parm_struct parm_table[] = { {"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap group suffix", P_STRING, P_GLOBAL, &Globals.szLdapGroupSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED}, - {"ldap privilege suffix", P_STRING, P_GLOBAL, &Globals.szLdapPrivilegeSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, FLAG_ADVANCED}, {"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED}, {"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED}, @@ -1310,8 +1304,6 @@ static void init_globals(void) DEBUG(3, ("Initialising global parameters\n")); - string_set(&Globals.szConfigBackend, NULL); - string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE); string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR); @@ -1465,7 +1457,6 @@ static void init_globals(void) #else Globals.szPassdbBackend = str_list_make("smbpasswd", NULL); #endif /* WITH_LDAP_SAMCONFIG */ - string_set(&Globals.szGumsBackend, "tdbsam2"); string_set(&Globals.szLdapSuffix, ""); string_set(&Globals.szLdapFilter, "(uid=%u)"); @@ -1473,7 +1464,6 @@ static void init_globals(void) string_set(&Globals.szLdapUserSuffix, ""); string_set(&Globals.szLdapGroupSuffix, ""); string_set(&Globals.szLdapIdmapSuffix, ""); - string_set(&Globals.szLdapPrivilegeSuffix, ""); string_set(&Globals.szLdapAdminDn, ""); Globals.ldap_ssl = LDAP_SSL_ON; @@ -1616,7 +1606,6 @@ static char *lp_string(const char *s) #define FN_LOCAL_INTEGER(fn_name,val) \ int fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);} -FN_GLOBAL_STRING(lp_config_backend, &Globals.szConfigBackend) FN_GLOBAL_STRING(lp_smb_ports, &Globals.smb_ports) FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset) FN_GLOBAL_STRING(lp_unix_charset, &Globals.unix_charset) @@ -1651,7 +1640,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat) FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_realm, &Globals.szRealm) -FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) +FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap) FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript) FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath) @@ -1666,7 +1655,6 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases) FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend) -FN_GLOBAL_STRING(lp_gums_backend, &Globals.szGumsBackend) FN_GLOBAL_LIST(lp_preload_modules, &Globals.szPreloadModules) FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) @@ -2964,14 +2952,6 @@ char *lp_ldap_idmap_suffix(void) return lp_string(Globals.szLdapSuffix); } -char *lp_ldap_privilege_suffix(void) -{ - if (Globals.szLdapPrivilegeSuffix[0]) - return append_ldap_suffix(Globals.szLdapPrivilegeSuffix); - - return lp_string(Globals.szLdapSuffix); -} - /*************************************************************************** ***************************************************************************/ @@ -3871,11 +3851,6 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, if (iServiceIndex >= 0) bRetval = service_ok(iServiceIndex); - if (*(lp_config_backend())) { - modconf_init(lp_config_backend()); - modconf_load(do_section, do_parameter); - } - lp_add_auto_services(lp_auto_services()); if (add_ipc) { diff --git a/source3/param/modconf.c b/source3/param/modconf.c deleted file mode 100644 index a9ab6f9b4a..0000000000 --- a/source3/param/modconf.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Configuration Modules Support - Copyright (C) Simo Sorce 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_IDMAP - -struct modconf_struct { - char *name; - struct config_functions *fns; -}; - -static struct modconf_struct module; - -NTSTATUS smb_register_config(int version, const char *name, struct config_functions *fns) -{ - if ((version != SAMBA_CONFIG_INTERFACE_VERSION)) { - DEBUG(0, ("smb_register_config: Failed to register config module.\n" - "The module has been compiled with a different interface version (%d).\n" - "The supported version is: %d\n", - version, SAMBA_CONFIG_INTERFACE_VERSION)); - return NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - if (!name || !name[0]) { - DEBUG(0,("smb_register_config: Name missing!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - module.name = smb_xstrdup(name); - module.fns = fns; - DEBUG(5, ("smb_register_config: Successfully registeres config backend '%s'\n", name)); - return NT_STATUS_OK; -} - -/********************************************************************** - * Init the configuration module - *********************************************************************/ - -BOOL modconf_init(const char *config_backend) -{ - NTSTATUS ret; - BOOL bret = False; - char *name; - char *params; - - /* nothing to do */ - if (!config_backend) - return True; - - name = smb_xstrdup(config_backend); - if ((params = strchr(name, ':')) != NULL ) { - *params = '\0'; - params++; - } - - ret = smb_probe_module("config", name); - - if (NT_STATUS_IS_OK(ret) && NT_STATUS_IS_OK(module.fns->init(params))) - bret = True; - - SAFE_FREE(name); - return bret; -} - -BOOL modconf_load(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *)) -{ - if (module.fns) { - if (NT_STATUS_IS_OK(module.fns->load(sfunc, pfunc))) { - return True; - } - } - return False; -} - -NTSTATUS modconf_close(void) -{ - return module.fns->close(); -} diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c index 903f0ca5a1..47b9e2d487 100644 --- a/source3/passdb/machine_sid.c +++ b/source3/passdb/machine_sid.c @@ -207,8 +207,7 @@ DOM_SID *get_global_sam_sid(void) /** * Force get_global_sam_sid to requery the backends */ -void reset_global_sam_sid(void) +void reset_global_sam_sid(void) { SAFE_FREE(global_sam_sid); } - diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 273428dacf..7c9376e045 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1892,8 +1892,6 @@ BOOL init_sam_from_buffer_v1(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen) done: - SAFE_FREE(lm_pw_ptr); - SAFE_FREE(nt_pw_ptr); SAFE_FREE(username); SAFE_FREE(domain); SAFE_FREE(nt_username); diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 908588c898..e69dac524f 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -314,6 +314,14 @@ const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass) return (NULL); } +uint32 pdb_get_fields_present (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.fields_present); + else + return (-1); +} + uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass) { if (sampass) @@ -1001,6 +1009,16 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag); } +BOOL pdb_set_fields_present (SAM_ACCOUNT *sampass, uint32 fields_present, enum pdb_value_state flag) +{ + if (!sampass) + return False; + + sampass->private.fields_present = fields_present; + + return pdb_set_init_flags(sampass, PDB_FIELDS_PRESENT, flag); +} + BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag) { if (!sampass) @@ -1155,4 +1173,3 @@ uint32 pdb_build_fields_present (SAM_ACCOUNT *sampass) /* value set to all for testing */ return 0x00ffffff; } - diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c index 8c1d4c7b0f..510cf6abc8 100644 --- a/source3/passdb/pdb_guest.c +++ b/source3/passdb/pdb_guest.c @@ -152,21 +152,6 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c (*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping; - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = pdb_nop_get_group_info_by_sid; - (*pdb_method)->get_group_list = pdb_nop_get_group_list; - (*pdb_method)->get_group_sids = pdb_nop_get_group_sids; - (*pdb_method)->add_group = pdb_nop_add_group; - (*pdb_method)->update_group = pdb_nop_update_group; - (*pdb_method)->delete_group = pdb_nop_delete_group; - (*pdb_method)->add_sid_to_group = pdb_nop_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = pdb_nop_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = pdb_nop_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = pdb_nop_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = pdb_nop_get_group_uids; -*/ - /* There's not very much to initialise here */ return NT_STATUS_OK; diff --git a/source3/passdb/pdb_gums.c b/source3/passdb/pdb_gums.c deleted file mode 100644 index f34d3a94b5..0000000000 --- a/source3/passdb/pdb_gums.c +++ /dev/null @@ -1,464 +0,0 @@ -/* - * GUMS password backend for samba - * Copyright (C) Simo Sorce 2003-2004 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) -#define BOOL_SET_OR_FAIL(func, label) do { if (!func) { DEBUG(0, ("%s: Setting sam object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - -struct gums_gw_data { - GUMS_FUNCTIONS *fns; - void *handle; -}; - -static NTSTATUS gums_object_to_sam_account(SAM_ACCOUNT *sa, GUMS_OBJECT *go) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; -/* - if (!NT_STATUS_IS_OK(ret = pdb_init_sam(sa))) { - DEBUG(0, ("gums_object_to_sam_account: error occurred while creating sam_account object!\n")); - goto error; - } -*/ - if (gums_get_object_type(go) != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - BOOL_SET_OR_FAIL(pdb_set_acct_ctrl(sa, gums_get_user_acct_ctrl(go), PDB_SET), error); - - /* domain */ - /* unix_homedir ? */ - - nt_time = gums_get_user_logon_time(go); - BOOL_SET_OR_FAIL(pdb_set_logon_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_logoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_logoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_kickoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_kickoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_last_set_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_last_set_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_can_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_can_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_must_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_must_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours_len(sa, gums_get_user_hours_len(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_divs(sa, gums_get_user_logon_divs(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_user_sid(sa, gums_get_object_sid(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_group_sid(sa, gums_get_user_pri_group(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_nt_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_fullname(sa, gums_get_user_fullname(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_script(sa, gums_get_user_logon_script(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_profile_path(sa, gums_get_user_profile_path(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_dir_drive(sa, gums_get_user_dir_drive(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_homedir(sa, gums_get_user_homedir(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_acct_desc(sa, gums_get_object_description(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_workstations(sa, gums_get_user_workstations(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_str(sa, gums_get_user_unknown_str(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_munged_dial(sa, gums_get_user_munged_dial(go), PDB_SET), error); - - pwd = gums_get_user_nt_pwd(go); - if (!pdb_set_nt_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set nt password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - pwd = gums_get_user_lm_pwd(go); - if (!pdb_set_lanman_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set lanman password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - - BOOL_SET_OR_FAIL(pdb_set_bad_password_count(sa, gums_get_user_bad_password_count(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_6(sa, gums_get_user_unknown_6(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours(sa, gums_get_user_hours(go), PDB_SET), error); - - return NT_STATUS_OK; - -error: - if (sa && (sa->free_fn)) { - sa->free_fn(&sa); - } - - return ret; -} - -static NTSTATUS sam_account_to_gums_object(GUMS_OBJECT *go, SAM_ACCOUNT *sa) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; - -/* - ret = gums_create_object(go, GUMS_OBJ_NORMAL_USER); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("sam_account_to_gums_object: error occurred while creating gums object!\n")); - goto error; - } -*/ - - /* sec_desc */ - - SET_OR_FAIL(gums_set_object_name(go, pdb_get_username(sa)), error); - - SET_OR_FAIL(gums_set_object_sid(go, pdb_get_user_sid(sa)), error); - SET_OR_FAIL(gums_set_user_pri_group(go, pdb_get_group_sid(sa)), error); - - if (pdb_get_acct_desc(sa)) - SET_OR_FAIL(gums_set_object_description(go, pdb_get_acct_desc(sa)), error); - if (pdb_get_fullname(sa)) - SET_OR_FAIL(gums_set_user_fullname(go, pdb_get_fullname(sa)), error); - if (pdb_get_homedir(sa)) - SET_OR_FAIL(gums_set_user_homedir(go, pdb_get_homedir(sa)), error); - if (pdb_get_dir_drive(sa)) - SET_OR_FAIL(gums_set_user_dir_drive(go, pdb_get_dir_drive(sa)), error); - if (pdb_get_logon_script(sa)) - SET_OR_FAIL(gums_set_user_logon_script(go, pdb_get_logon_script(sa)), error); - if (pdb_get_profile_path(sa)) - SET_OR_FAIL(gums_set_user_profile_path(go, pdb_get_profile_path(sa)), error); - if (pdb_get_workstations(sa)) - SET_OR_FAIL(gums_set_user_workstations(go, pdb_get_workstations(sa)), error); - if (pdb_get_unknown_str(sa)) - SET_OR_FAIL(gums_set_user_unknown_str(go, pdb_get_unknown_str(sa)), error); - if (pdb_get_munged_dial(sa)) - SET_OR_FAIL(gums_set_user_munged_dial(go, pdb_get_munged_dial(sa)), error); - SET_OR_FAIL(gums_set_user_logon_divs(go, pdb_get_logon_divs(sa)), error); - if (pdb_get_hours(sa)) - SET_OR_FAIL(gums_set_user_hours(go, pdb_get_hours_len(sa), pdb_get_hours(sa)), error); - SET_OR_FAIL(gums_set_user_bad_password_count(go, pdb_get_bad_password_count(sa)), error); - SET_OR_FAIL(gums_set_user_unknown_6(go, pdb_get_unknown_6(sa)), error); - - unix_to_nt_time(&nt_time, pdb_get_logon_time(sa)); - SET_OR_FAIL(gums_set_user_logon_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_logoff_time(sa)); - SET_OR_FAIL(gums_set_user_logoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_kickoff_time(sa)); - SET_OR_FAIL(gums_set_user_kickoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_last_set_time(sa)); - SET_OR_FAIL(gums_set_user_pass_last_set_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_can_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_can_change_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_must_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_must_change_time(go, nt_time), error); - - pwd = data_blob(pdb_get_nt_passwd(sa), NT_HASH_LEN); - ret = gums_set_user_nt_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set nt password!\n")); - goto error; - } - pwd = data_blob(pdb_get_lanman_passwd(sa), LM_HASH_LEN); - ret = gums_set_user_lm_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set lanman password!\n")); - goto error; - } - - SET_OR_FAIL(gums_set_user_acct_ctrl(go, pdb_get_acct_ctrl(sa)), error); - - return NT_STATUS_OK; - -error: - gums_reset_object(go); - return ret; -} - -static NTSTATUS gums_setsampwent(struct pdb_methods *methods, BOOL update) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - return ggwd->fns->enumerate_objects_start(&(ggwd->handle), NULL, GUMS_OBJ_NORMAL_USER); -} - -static NTSTATUS gums_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->enumerate_objects_get_next(&go, ggwd->handle))) { - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -static void gums_endsampwent(struct pdb_methods *methods) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - ggwd->fns->enumerate_objects_stop(ggwd->handle); -} - -/****************************************************************** - Lookup a name in the SAM database - ******************************************************************/ - -static NTSTATUS gums_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *account, const char *name) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_name(&go, global_myname(), name, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwnam: unable to find account with name %s", name)); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by SID - **************************************************************************/ - -static NTSTATUS gums_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT *account, const DOM_SID *sid) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, sid, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwsid: unable to find account with sid %s", sid_string_static(sid))); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by rid - **************************************************************************/ - -#if 0 - -static NTSTATUS gums_getsampwrid (struct pdb_methods *methods, - SAM_ACCOUNT *account, uint32 rid) -{ - DOM_SID sid; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - gums_getsampwsid(methods, account, &sid); - - return NT_STATUS_OK; -} - -#endif - -/*************************************************************************** - Updates a SAM_ACCOUNT - - This isn't a particulary practical option for pdb_guest. We certainly don't - want to twidde the filesystem, so what should we do? - - Current plan is to transparently add the account. It should appear - as if the pdb_guest version was modified, but its actually stored somehwere. - ****************************************************************************/ - -static NTSTATUS gums_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_add_sam_account: error occurred while creating gums object!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_add_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, pdb_get_user_sid(account), GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_update_sam_account: update on invalid account!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_update_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_update_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->delete_object(pdb_get_user_sid(account)))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - } - - return ret; -} - - -static void free_gw_private_data(void **vp) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)vp; - ggwd->fns->free_private_data(&(ggwd->fns->private_data)); - ggwd->fns = NULL; - ggwd->handle = NULL; - SAFE_FREE(vp); -} - -NTSTATUS pdb_init_gums_gateway(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd; - - if (!pdb_context) { - DEBUG(0, ("invalid pdb_context specified\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(ret = gums_setup_backend(lp_gums_backend()))) { - DEBUG(0, ("pdb_init_gums_gateway: initialization error!\n")); - return ret; - } - - ggwd = (struct gums_gw_data *)malloc(sizeof(struct gums_gw_data)); - if (!ggwd) - return NT_STATUS_NO_MEMORY; - memset(ggwd, 0, sizeof(struct gums_gw_data)); - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&(ggwd->fns)))) { - goto error; - } - - if (!NT_STATUS_IS_OK(ret = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { - goto error; - } - - (*pdb_method)->name = "gums_gateway"; - - (*pdb_method)->setsampwent = gums_setsampwent; - (*pdb_method)->getsampwent = gums_getsampwent; - (*pdb_method)->endsampwent = gums_endsampwent; - (*pdb_method)->getsampwnam = gums_getsampwnam; - (*pdb_method)->getsampwsid = gums_getsampwsid; - (*pdb_method)->add_sam_account = gums_add_sam_account; - (*pdb_method)->update_sam_account = gums_update_sam_account; - (*pdb_method)->delete_sam_account = gums_delete_sam_account; - - /* we should do no group mapping here */ -/* (*pdb_method)->getgrsid = gums_getgrsid; - (*pdb_method)->getgrgid = gums_getgrgid; - (*pdb_method)->getgrnam = gums_getgrnam; - (*pdb_method)->add_group_mapping_entry = gums_add_group_mapping_entry; - (*pdb_method)->update_group_mapping_entry = gums_update_group_mapping_entry; - (*pdb_method)->delete_group_mapping_entry = gums_delete_group_mapping_entry; - (*pdb_method)->enum_group_mapping = gums_enum_group_mapping;*/ - - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = gums_get_group_info_by_sid; - (*pdb_method)->get_group_list = gums_get_group_list; - (*pdb_method)->get_group_sids = gums_get_group_sids; - (*pdb_method)->add_group = gums_add_group; - (*pdb_method)->update_group = gums_update_group; - (*pdb_method)->delete_group = gums_delete_group; - (*pdb_method)->add_sid_to_group = gums_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = gums_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = gums_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = gums_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = gums_get_group_uids; -*/ - - (*pdb_method)->private_data = ggwd; - (*pdb_method)->free_private_data = free_gw_private_data; - - return NT_STATUS_OK; - -error: - SAFE_FREE(ggwd); - return ret; -} - -NTSTATUS pdb_gums_init(void) -{ - return smb_register_passdb(PASSDB_INTERFACE_VERSION, "gums", pdb_init_gums_gateway); -} - diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index e4a275fe08..06097d3557 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -232,12 +232,25 @@ static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sa static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if ((!context) || (!context->pdb_methods)) { DEBUG(0, ("invalid pdb_context specified!\n")); return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on add' should be done */ /* We now add a new account to the first database listed. * Should we? */ @@ -248,6 +261,8 @@ static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); @@ -259,6 +274,17 @@ static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCO return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on update' should be done */ return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct); @@ -426,388 +452,6 @@ static NTSTATUS context_enum_group_mapping(struct pdb_context *context, num_entries, unix_only); } -static NTSTATUS context_find_alias(struct pdb_context *context, - const char *name, DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->find_alias(context->pdb_methods, - name, sid); -} - -static NTSTATUS context_create_alias(struct pdb_context *context, - const char *name, uint32 *rid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->create_alias(context->pdb_methods, - name, rid); -} - -static NTSTATUS context_delete_alias(struct pdb_context *context, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->delete_alias(context->pdb_methods, sid); -} - -static NTSTATUS context_enum_aliases(struct pdb_context *context, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliases(context->pdb_methods, - sid, start_idx, max_entries, - num_aliases, info); -} - -static NTSTATUS context_get_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->get_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_set_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->set_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_add_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_del_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->del_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_enum_aliasmem(struct pdb_context *context, - const DOM_SID *alias, DOM_SID **members, - int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliasmem(context->pdb_methods, - alias, members, num); -} - -static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods-> - enum_alias_memberships(context->pdb_methods, sid, aliases, - num); -} - -static NTSTATUS context_settrustpwent(struct pdb_context *context) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->settrustpwent(cur_methods); - if (NT_STATUS_IS_OK(ret)) { - context->pdb_methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwent(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwent(cur_methods, trust); - if (!NT_STATUS_IS_ERR(ret)) { - /* prevent from segfaulting when gettrustpwent - was called just to rewind enumeration */ - if (trust) trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwnam(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwnam(cur_methods, trust, name); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwsid(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwsid(cur_methods, trust, sid); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_add_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_trust_passwd(context->pdb_methods, trust); -} - -static NTSTATUS context_update_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->update_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_delete_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->delete_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_add_sid_to_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->add_sid_to_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_remove_sid_from_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->remove_sid_from_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_set(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privset) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_set(curmethods, token, privset))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_entry(struct pdb_context *context, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_entry(curmethods, privname, sid_list))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - /****************************************************************** Free and cleanup a pdb context, any associated data and anything that the attached modules might have associated. @@ -923,27 +567,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry; (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry; (*context)->pdb_enum_group_mapping = context_enum_group_mapping; - (*context)->pdb_find_alias = context_find_alias; - (*context)->pdb_create_alias = context_create_alias; - (*context)->pdb_delete_alias = context_delete_alias; - (*context)->pdb_enum_aliases = context_enum_aliases; - (*context)->pdb_get_aliasinfo = context_get_aliasinfo; - (*context)->pdb_set_aliasinfo = context_set_aliasinfo; - (*context)->pdb_add_aliasmem = context_add_aliasmem; - (*context)->pdb_del_aliasmem = context_del_aliasmem; - (*context)->pdb_enum_aliasmem = context_enum_aliasmem; - (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships; - (*context)->pdb_settrustpwent = context_settrustpwent; - (*context)->pdb_gettrustpwent = context_gettrustpwent; - (*context)->pdb_gettrustpwnam = context_gettrustpwnam; - (*context)->pdb_gettrustpwsid = context_gettrustpwsid; - (*context)->pdb_add_trust_passwd = context_add_trust_passwd; - (*context)->pdb_update_trust_passwd = context_update_trust_passwd; - (*context)->pdb_delete_trust_passwd = context_delete_trust_passwd; - (*context)->pdb_add_sid_to_privilege = context_add_sid_to_privilege; - (*context)->pdb_remove_sid_from_privilege = context_remove_sid_from_privilege; - (*context)->pdb_get_privilege_set = context_get_privilege_set; - (*context)->pdb_get_privilege_entry = context_get_privilege_entry; (*context)->free_fn = free_pdb_context; @@ -1111,48 +734,22 @@ BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid) BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct)); } BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct)); } @@ -1253,183 +850,6 @@ BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, rmap, num_entries, unix_only)); } -BOOL pdb_find_alias(const char *name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context, - name, sid)); -} - -BOOL pdb_create_alias(const char *name, uint32 *rid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_create_alias(pdb_context, - name, rid)); -} - -BOOL pdb_delete_alias(const DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context, - sid)); - -} - -BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, struct acct_info **info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid, - start_idx, - max_entries, - num_aliases, - info)); -} - -BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_del_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_enum_aliasmem(const DOM_SID *alias, - DOM_SID **members, int *num_members) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_aliasmem(pdb_context, alias, - members, num_members)); -} - -BOOL pdb_enum_alias_memberships(const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_alias_memberships(pdb_context, sid, - aliases, num)); -} - -BOOL pdb_add_sid_to_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_sid_to_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_remove_sid_from_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_remove_sid_from_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_get_privilege_set(NT_USER_TOKEN *token, PRIVILEGE_SET *privset) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_set(pdb_context, token, privset)); -} - -BOOL pdb_get_privilege_entry(const char *privname, char **sid_list) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_entry(pdb_context, privname, sid_list)); -} - /*************************************************************** Initialize the static context (at smbd startup etc). @@ -1487,66 +907,6 @@ static void pdb_default_endsampwent(struct pdb_methods *methods) return; /* NT_STATUS_NOT_IMPLEMENTED; */ } -static NTSTATUS pdb_default_settrustpwent(struct pdb_methods *methods) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const char* name) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const DOM_SID* sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_sid_to_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_remove_sid_from_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_get_privilege_set(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset) -{ - /* by default return the empty privilege set as otherwise login will - * be denied if a backend does not support privilege sets */ - return NT_STATUS_OK; -} - -static NTSTATUS pdb_default_get_privilege_entry(struct pdb_methods *methods, const char *privname, char **sid_list) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - - NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) { *methods = talloc(mem_ctx, sizeof(struct pdb_methods)); @@ -1573,29 +933,6 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry; (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry; (*methods)->enum_group_mapping = pdb_default_enum_group_mapping; - (*methods)->find_alias = pdb_default_find_alias; - (*methods)->create_alias = pdb_default_create_alias; - (*methods)->delete_alias = pdb_default_delete_alias; - (*methods)->enum_aliases = pdb_default_enum_aliases; - (*methods)->get_aliasinfo = pdb_default_get_aliasinfo; - (*methods)->set_aliasinfo = pdb_default_set_aliasinfo; - (*methods)->add_aliasmem = pdb_default_add_aliasmem; - (*methods)->del_aliasmem = pdb_default_del_aliasmem; - (*methods)->enum_aliasmem = pdb_default_enum_aliasmem; - (*methods)->enum_alias_memberships = pdb_default_alias_memberships; - - (*methods)->settrustpwent = pdb_default_settrustpwent; - (*methods)->gettrustpwent = pdb_default_gettrustpwent; - (*methods)->gettrustpwnam = pdb_default_gettrustpwnam; - (*methods)->gettrustpwsid = pdb_default_gettrustpwsid; - (*methods)->add_trust_passwd = pdb_default_add_trust_passwd; - (*methods)->update_trust_passwd = pdb_default_update_trust_passwd; - (*methods)->delete_trust_passwd = pdb_default_delete_trust_passwd; - - (*methods)->add_sid_to_privilege = pdb_default_add_sid_to_privilege; - (*methods)->remove_sid_from_privilege = pdb_default_remove_sid_from_privilege; - (*methods)->get_privilege_set = pdb_default_get_privilege_set; - (*methods)->get_privilege_entry = pdb_default_get_privilege_entry; return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index da5bfbecbb..2141f2a3f1 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2330,318 +2330,6 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, } /********************************************************************** - Privileges related functions - *********************************************************************/ - -static NTSTATUS ldapsam_modify_sid_list_for_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid, int ldap_op) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - LDAPMod **mods = NULL; - fstring sid_str; - fstring filter; - char **attr_list, *dn; - int rc, i; - - if ((sid == NULL) || (!sid_to_string(sid_str, sid))) { - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Invalid SID\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - /* if the privilege does not exist and we are adding then - * create it */ - if (ldap_op == LDAP_MOD_ADD) { - - DEBUG(3, ("Privilege not found on ldap tree, creating a new entry\n")); - if (asprintf(&dn, "sambaPrivName=%s,%s", privname, lp_ldap_privilege_suffix()) < 0) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: Out of memory\n")); - goto done; - } - - smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaPrivName", privname); - - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_PRIVILEGE); - - rc = smbldap_add(ldap_state->smbldap_state, dn, mods); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to add privilege (%s) dn= %s with: %s\n\t%s\n", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - - SAFE_FREE(ld_error); - goto done; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - } else { - goto done; - } - } - /* entry found */ - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - /* retrieve the dn */ - dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!dn) { - goto done; - } - - /* prepare the modification */ - smbldap_set_mod(&mods, ldap_op, "sambaSIDList", sid_str); - - /* modify the privilege */ - rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); - - /* free used structures */ - ldap_mods_free(mods, True); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to %s sid for privilege (%s) dn= %s with: %s\n\t%s\n", - (ldap_op == LDAP_MOD_ADD) ? "add" : "remove", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - SAFE_FREE(ld_error); - goto done; - } - - ret = NT_STATUS_OK; - -done: - return ret; -} - -static NTSTATUS ldapsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_ADD); -} - -static NTSTATUS ldapsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_DELETE); -} - -static NTSTATUS ldapsam_get_privilege_set(struct pdb_methods *my_methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring sid_str; - fstring filter; - char **sid_list; - char **attr_list; - int rc, i; - - sid_list = (char **)malloc(sizeof(char *) * (token->num_sids + 1)); - for (i = 0; i < token->num_sids; i++) { - sid_to_string(sid_str, &token->user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pstr_sprintf(filter, "(objectclass=%s)", LDAP_OBJ_PRIVILEGE); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_set: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_set: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_set: No privileges in ldap tree\n")); - ret = NT_STATUS_OK; - goto done; - } - - DEBUG(2, ("ldapsam_get_privilege_set: %d entries in the base!\n", - ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result))); - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - while (entry != NULL) { - char **values = NULL; - - for(i=0; sid_list[i] != NULL; i++) { - char *c, *s; - pstring privname; - int j; - - if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, "sambaPrivName", privname, sizeof(pstring))) { - goto loop; - } - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_set: SID List not found skipping privilege\n")); - goto loop; - } - - j = 0; - while (values[j] != 0) { - if (strcmp(values[j], sid_list[i]) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", privname)); - add_privilege_by_name(privset, privname); - goto loop; - } - j++; - } - - if (values) { - ldap_value_free(values); - values = NULL; - } - } - loop: - if (values) { - ldap_value_free(values); - } - - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, entry); - } - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - return ret; -} - -static NTSTATUS ldapsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, - char **sid_list) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring sid_str; - fstring filter; - char **attr_list, **values; - int rc, i, len; - - *sid_list = NULL; - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_entry: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_entry: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_entry: No such privilege (%s) in ldap tree\n", privname)); - goto done; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_entry: SID List not found skipping privilege\n")); - ret = NT_STATUS_OK; - goto done; - } - - for (i = 0, len = 0; values[i] != 0; i++ ) { - len = len + strlen(values[i]) + 1; - } - - *sid_list = (char *)malloc(len); - if ((*sid_list) == NULL) { - DEBUG(0, ("ldapsam_get_privilege_entry: Out of memory!\n")); - ldap_value_free(values); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - (*sid_list)[0] = '\0'; - - for (i = 0; values[i] != 0; i++ ) { - if (i != 0) { - strlcat(*sid_list, ",", len); - } - DEBUG(0, ("sid_list = [%s]\n", *sid_list)); - DEBUG(0, ("values = [%s]\n", values[i])); - DEBUG(0, ("len = [%d]\n", len)); - strlcat(*sid_list, values[i], len); - DEBUG(0, ("sid_list = [%s]\n", *sid_list)); - } - - ldap_value_free(values); - ret = NT_STATUS_OK; -done: - return ret; -} - - -/********************************************************************** Housekeeping *********************************************************************/ @@ -2694,11 +2382,6 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS ** (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; - (*pdb_method)->add_sid_to_privilege = ldapsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = ldapsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = ldapsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = ldapsam_get_privilege_entry; - /* TODO: Setup private data and free */ ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state)); diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 8f2fe7651f..9bfb10c400 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -42,7 +42,6 @@ static int tdbsam_debug_level = DBGC_ALL; #define PASSDB_FILE_NAME "passdb.tdb" #define USERPREFIX "USER_" #define RIDPREFIX "RID_" -#define PRIVPREFIX "PRIV_" #define tdbsamver_t int32 struct tdbsam_privates { @@ -698,620 +697,6 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } -/** - * Start trust passwords enumeration. This function is a simple - * wrapper for calling gettrustpwent with null pointer passed. - * - * @param methods methods belonging in pdb context (module) - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_settrustpwent(struct pdb_methods *methods) -{ - /* rewind enumeration from beginning */ - return methods->gettrustpwent(methods, NULL); -} - - -/** - * Enumerate across trust passwords (machine and interdomain nt/ads) - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct trust_passwd_data t; - TALLOC_CTX *mem_ctx; - - TRUSTDOM **trustdom; - static int enum_ctx; - int num_domains = 0; - unsigned int max_domains = 1; - char *dom_name, *dom_pass; - - smb_ucs2_t *uni_dom_name; - uint8 mach_pass[16]; - uint32 sec_chan; - - if (!methods) return NT_STATUS_UNSUCCESSFUL; - - /* - * NT domain trust passwords - */ - - /* rewind enumeration when passed NULL pointer as a trust */ - if (!trust) { - enum_ctx = 0; - return NT_STATUS_OK; - } - - mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration"); - - /* fetch next trusted domain (one at a time) and its full information */ - nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains, - &trustdom); - if (num_domains) { - pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name); - if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid, - &t.mod_time)) { - - t.uni_name_len = strnlen_w(trustdom[0]->name, 32); - strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len); - safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1); - t.flags = PASS_DOMAIN_TRUST_NT; - - SAFE_FREE(dom_pass); - talloc_destroy(mem_ctx); - trust->private = t; - return nt_status; - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* - * NT machine trust password - */ - - if (secrets_lock_trust_account_password(lp_workgroup(), True)) { - sec_chan = get_default_sec_channel(); - if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time, - &sec_chan)) { - - t.uni_name_len = strlen(lp_workgroup()); - push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup()); - strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len); - safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1); - t.flags = PASS_MACHINE_TRUST_NT; - if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - talloc_destroy(mem_ctx); - trust->private = t; - return NT_STATUS_NO_MORE_ENTRIES; - } - secrets_lock_trust_account_password(lp_workgroup(), False); - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - /* - * ADS machine trust password (TODO) - */ - - - /* - * if nothing is to be returned then reset domain name - * and return "no more entries" - */ - nt_status = NT_STATUS_NO_MORE_ENTRIES; - trust->private.uni_name_len = 0; - trust->private.uni_name[t.uni_name_len] = 0; - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Get trust password by trusted party name - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party name - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char domain_name[32]; - - if (!methods || !trust || !name) return nt_status; - - do { - /* get trust password (next in turn) */ - nt_status = tdbsam_gettrustpwent(methods, trust); - - /* convert unicode name and do case insensitive compare */ - pull_ucs2(NULL, domain_name, trust->private.uni_name, sizeof(domain_name), - trust->private.uni_name_len, STR_TERMINATE); - if (!StrnCaseCmp(domain_name, name, sizeof(domain_name))) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Get trust password by trusted party sid - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party sid - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - if (!methods || !trust || !sid) return nt_status; - - do { - nt_status = tdbsam_gettrustpwent(methods, trust); - - if (sid_equal(&trust->private.domain_sid, sid)) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Add new trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - BOOL status = False; - TALLOC_CTX *mem_ctx; - - char* domain = NULL; - struct trust_passwd_data t = trust->private; - uint32 sec_chan; - - mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password"); - - /* convert unicode name to char* (used to form the key) */ - pull_ucs2_talloc(mem_ctx, &domain, t.uni_name); - - /* add nt machine trust password */ - if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) { - sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC; - status = secrets_store_machine_password(t.pass, domain, sec_chan); - if (status) - status = secrets_store_domain_sid(domain, &t.domain_sid); - - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add nt domain trust password */ - } else if (t.flags & PASS_DOMAIN_TRUST_NT) { - status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len, - t.pass, t.domain_sid); - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add ads machine trust password (TODO) */ - } else if (t.flags & PASS_MACHINE_TRUST_ADS) { - } - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Update trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/** - * Delete trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/*************************************************************************** - Add sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - size_t str_size; - int flag; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdb_add_sid_to_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - if (data.dptr) { - /* check the list is not empty */ - if (*(data.dptr)) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - goto done; - } - } - SAFE_FREE(data.dptr); - - flag = TDB_MODIFY; - } else { - /* if privilege does not exist create one */ - flag = TDB_INSERT; - } - - /* add the given sid */ - sid_to_string(sid_str, sid); - - if (sid_list) { - str_size = strlen(sid_list) + strlen(sid_str) + 2; - s = realloc(sid_list, str_size); - if (!s) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - sid_list = s; - s = &sid_list[strlen(sid_list)]; - snprintf(s, strlen(sid_str) + 2, ",%s", sid_str); - - } else { - sid_list = strdup(sid_str); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - Reomve sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - /* if privilege does not exist, just leave */ - if (!data.dptr) { - ret = NT_STATUS_OK; - goto done; - } - - if (data.dptr) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Out of Memory!\n")); - goto done; - } - SAFE_FREE(data.dptr); - } - - /* remove the given sid */ - sid_to_string(sid_str, sid); - - s = strstr(sid_list, sid_str); - if (s) { - char *p; - p = strstr(s, ","); - if (p) { - size_t l = strlen(sid_list) + 1 - (s - sid_list); - memmove(s, ++p, l); - } else { - if (s != sid_list) - s--; - *s = '\0'; - } - } else { - /* sid not found */ - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - get the privilege list for the given token -****************************************************************************/ - -struct priv_traverse { - char **sid_list; - PRIVILEGE_SET *privset; -}; - -static int tdbsam_traverse_privilege(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) -{ - struct priv_traverse *pt = (struct priv_traverse *)state; - int prefixlen = strlen(PRIVPREFIX); - - if (strncmp(key.dptr, PRIVPREFIX, prefixlen) == 0) { - - /* add to privilege_set if any of the sid in the token - * is contained in the privilege */ - int i; - - for(i=0; pt->sid_list[i] != NULL; i++) { - char *c, *s; - int len; - - s = data.dptr; - while ((c=strchr(s, ',')) !=NULL) { - len = MAX((c - s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - s = c + 1; - } - len = MAX(strlen(s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - } - } - - return 0; -} - -static NTSTATUS tdbsam_get_privilege_set(struct pdb_methods *my_methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - struct priv_traverse pt; - fstring sid_str; - char **sid_list; - int i; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY ))) - return NT_STATUS_UNSUCCESSFUL; - - sid_list = (char **)malloc(sizeof(char *) * (token->num_sids + 1)); - for (i = 0; i < token->num_sids; i++) { - sid_to_string(sid_str, &token->user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pt.sid_list = sid_list; - pt.privset = privset; - tdb_traverse(pwd_tdb, tdbsam_traverse_privilege, &pt); - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - tdb_close(pwd_tdb); - - return ret; -} - -static NTSTATUS tdbsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring name; - fstring keystr; - - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) - return ret; - - /* setup the PRIV index key */ - fstrcpy(name, privname); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(pwd_tdb, key); - if (!data.dptr) - goto done; - - *sid_list = strdup(data.dptr); - SAFE_FREE(data.dptr); - - if (!*sid_list) - goto done; - - ret = NT_STATUS_OK; -done: - tdb_close(pwd_tdb); - return ret; -} - - - - - - static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { @@ -1332,17 +717,6 @@ static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_meth (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; - (*pdb_method)->settrustpwent = tdbsam_settrustpwent; - (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent; - (*pdb_method)->gettrustpwnam = tdbsam_gettrustpwnam; - (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid; - (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd; - (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd; - (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd; - (*pdb_method)->add_sid_to_privilege = tdbsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = tdbsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = tdbsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = tdbsam_get_privilege_entry; tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates)); @@ -1372,3 +746,4 @@ NTSTATUS pdb_tdbsam_init(void) { return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam); } + diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c index 2738ad40e2..64cb73ba5a 100644 --- a/source3/passdb/pdb_xml.c +++ b/source3/passdb/pdb_xml.c @@ -534,17 +534,13 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method (*pdb_method)->getsampwsid = NULL; (*pdb_method)->update_sam_account = NULL; (*pdb_method)->delete_sam_account = NULL; - (*pdb_method)->get_group_info_by_sid = NULL; - (*pdb_method)->get_group_list = NULL; - (*pdb_method)->get_group_sids = NULL; - (*pdb_method)->add_group = NULL; - (*pdb_method)->update_group = NULL; - (*pdb_method)->delete_group = NULL; - (*pdb_method)->add_sid_to_group = NULL; - (*pdb_method)->remove_sid_from_group = NULL; - (*pdb_method)->get_group_info_by_name = NULL; - (*pdb_method)->get_group_info_by_nt_name = NULL; - (*pdb_method)->get_group_uids = NULL; + (*pdb_method)->getgrsid = NULL; + (*pdb_method)->getgrgid = NULL; + (*pdb_method)->getgrnam = NULL; + (*pdb_method)->add_group_mapping_entry = NULL; + (*pdb_method)->update_group_mapping_entry = NULL; + (*pdb_method)->delete_group_mapping_entry = NULL; + (*pdb_method)->enum_group_mapping = NULL; data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml)); data->location = talloc_strdup(pdb_context->mem_ctx, (location ? location : "passdb.xml")); diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 7531435e84..308f95f395 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -4,7 +4,7 @@ Copyright (C) Andrew Bartlett 2002 Copyright (C) Rafal Szczesniak 2002 Copyright (C) Tim Potter 2001 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -135,38 +135,39 @@ BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid) return True; } -BOOL secrets_store_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_store_domain_guid(const char *domain, GUID *guid) { fstring key; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - return secrets_store(key, guid, sizeof(struct uuid)); + return secrets_store(key, guid, sizeof(GUID)); } -BOOL secrets_fetch_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid) { - struct uuid *dyn_guid; + GUID *dyn_guid; fstring key; size_t size; - struct uuid new_guid; + GUID new_guid; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); + + DEBUG(6,("key is %s, size is %d\n", key, (int)size)); - if ((!dyn_guid) && (lp_server_role() == ROLE_DOMAIN_PDC)) { + if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) { smb_uuid_generate_random(&new_guid); if (!secrets_store_domain_guid(domain, &new_guid)) return False; - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); if (dyn_guid == NULL) return False; } - if (size != sizeof(struct uuid)) + if (size != sizeof(GUID)) { - DEBUG(1,("UUID size %d is wrong!\n", (int)size)); SAFE_FREE(dyn_guid); return False; } @@ -244,7 +245,7 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. The user of this function must have locked the trust password file using - the above secrets_lock_trust_account_password(). + the above call. ************************************************************************/ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], @@ -332,6 +333,19 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd, return True; } +/************************************************************************ + Routine to set the trust account password for a domain. +************************************************************************/ + +BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16]) +{ + struct machine_acct_pass pass; + + pass.mod_time = time(NULL); + memcpy(pass.hash, new_pwd, 16); + + return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)); +} /** * Routine to store the password for trusted domain @@ -555,8 +569,7 @@ BOOL secrets_store_ldap_pw(const char* dn, char* pw) * @return nt status code of rpc response **/ -NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, - int *num_domains, TRUSTDOM ***domains) +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, int *num_domains, TRUSTDOM ***domains) { TDB_LIST_NODE *keys, *k; TRUSTDOM *dom = NULL; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 128904800b..a0649d0a0b 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2576,8 +2576,7 @@ static BOOL map_nt_printer_info2_to_dsspooler(NT_PRINTER_INFO_LEVEL_2 *info2) return True; } -static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, - struct uuid guid) +static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, GUID guid) { int i; REGVAL_CTR *ctr=NULL; @@ -2589,7 +2588,7 @@ static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, regval_ctr_delvalue(ctr, "objectGUID"); regval_ctr_addvalue(ctr, "objectGUID", REG_BINARY, - (char *) &guid, sizeof(struct uuid)); + (char *) &guid, sizeof(GUID)); } static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer) @@ -2602,7 +2601,7 @@ static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer) void *res = NULL; ADS_STRUCT *ads; const char *attrs[] = {"objectGUID", NULL}; - struct uuid guid; + GUID guid; WERROR win_rc = WERR_OK; ZERO_STRUCT(guid); @@ -2786,8 +2785,7 @@ WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action) return win_rc; } -BOOL is_printer_published(Printer_entry *print_hnd, int snum, - struct uuid *guid) +BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid) { NT_PRINTER_INFO_LEVEL *printer = NULL; REGVAL_CTR *ctr; @@ -2815,8 +2813,8 @@ BOOL is_printer_published(Printer_entry *print_hnd, int snum, return False; } - if (regval_size(guid_val) == sizeof(struct uuid)) - memcpy(guid, regval_data_p(guid_val), sizeof(struct uuid)); + if (regval_size(guid_val) == sizeof(GUID)) + memcpy(guid, regval_data_p(guid_val), sizeof(GUID)); return True; } @@ -2826,8 +2824,7 @@ WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action) { return WERR_OK; } -BOOL is_printer_published(Printer_entry *print_hnd, int snum, - struct uuid *guid) +BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid) { return False; } diff --git a/source3/rpc_client/cli_epmapper.c b/source3/rpc_client/cli_epmapper.c deleted file mode 100644 index 66362f1620..0000000000 --- a/source3/rpc_client/cli_epmapper.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -NTSTATUS cli_epm_map(struct cli_state *cli, TALLOC_CTX *mem_ctx, - EPM_HANDLE *handle, EPM_TOWER **tower, - EPM_HANDLE *entry_handle, uint32 *num_towers) -{ - prs_struct qbuf, rbuf; - EPM_Q_MAP q; - EPM_R_MAP r; - BOOL result = False; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_epm_q_map(mem_ctx, &q, *tower, *num_towers); - - if (!epm_io_q_map("map_query", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, EPM_MAP_PIPE_NAME, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!epm_io_r_map("map_reply", &r, &rbuf, 0)) - goto done; - - result = True; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 40b83c5c0c..eaf3109381 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -538,7 +538,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, char **domain_name, char **dns_name, - char **forest_name, struct uuid **domain_guid, + char **forest_name, GUID **domain_guid, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; @@ -602,7 +602,7 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, *domain_guid = talloc(mem_ctx, sizeof(**domain_guid)); memcpy(*domain_guid, &r.info.dns_dom_info.dom_guid, - sizeof(struct uuid)); + sizeof(GUID)); } if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 82a4b21754..72546947e4 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1443,7 +1443,7 @@ BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx) cli->nt_pipe_fnum = (uint16)fnum; } else { if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) { - DEBUG(1,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n", + DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n", pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli))); return False; } diff --git a/source3/rpc_parse/parse_ds.c b/source3/rpc_parse/parse_ds.c index 8d894b6c6a..26dcdb34b8 100644 --- a/source3/rpc_parse/parse_ds.c +++ b/source3/rpc_parse/parse_ds.c @@ -48,8 +48,8 @@ static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSR return False; if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) ) return False; - - if ( !smb_io_uuid("domain_guid", &p->domain_guid, ps, depth) ) + + if ( !prs_uint8s(False, "domain_guid", ps, depth, p->domain_guid.info, GUID_SIZE) ) return False; if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) ) @@ -179,7 +179,7 @@ static BOOL ds_io_domain_trusts( const char *desc, prs_struct *ps, int depth, DS if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) ) return False; - if ( !smb_io_uuid("guid", &trust->guid, ps, depth) ) + if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) ) return False; return True; diff --git a/source3/rpc_parse/parse_epmapper.c b/source3/rpc_parse/parse_epmapper.c deleted file mode 100644 index bc2cd17503..0000000000 --- a/source3/rpc_parse/parse_epmapper.c +++ /dev/null @@ -1,482 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba end point mapper functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_RPC_PARSE - -static uint32 internal_referent_id = 0; - - -/******************************************************************* - Reads or writes a handle. -********************************************************************/ -BOOL epm_io_handle(const char *desc, EPM_HANDLE *handle, prs_struct *ps, - int depth) -{ - if (!prs_align(ps)) - return False; - - if (!prs_uint8s(False, "data", ps, depth, handle->data, - sizeof(handle->data))) - return False; - - return True; -} - -/******************************************************************* - inits an EPM_FLOOR structure. -********************************************************************/ -NTSTATUS init_epm_floor(EPM_FLOOR *efloor, uint8 protocol) -{ - /* handle lhs */ - efloor->lhs.protocol = protocol; - efloor->lhs.length = sizeof(efloor->lhs.protocol); - - switch(efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - efloor->lhs.length += sizeof(efloor->lhs.uuid.uuid); - efloor->lhs.length += sizeof(efloor->lhs.uuid.version); - break; - default: - break; - } - - /* handle rhs */ - switch(efloor->lhs.protocol) { - case EPM_FLOOR_RPC: - case EPM_FLOOR_UUID: - efloor->rhs.length = sizeof(efloor->rhs.unknown); - break; - case EPM_FLOOR_TCP: - efloor->rhs.length = sizeof(efloor->rhs.tcp.port); - break; - case EPM_FLOOR_IP: - efloor->rhs.length = sizeof(efloor->rhs.ip.addr); - break; - case EPM_FLOOR_NMPIPES: - case EPM_FLOOR_LRPC: - case EPM_FLOOR_NETBIOS: - efloor->rhs.length = strlen(efloor->rhs.string) + 1; - break; - default: - break; - } - - return NT_STATUS_OK; -} - -/******************************************************************* - inits an EPM_FLOOR structure with a UUID -********************************************************************/ -NTSTATUS init_epm_floor_uuid(EPM_FLOOR *efloor, - const struct uuid uuid, uint16 version) -{ - memcpy(&efloor->lhs.uuid.uuid, &uuid, sizeof(uuid)); - efloor->lhs.uuid.version = version; - efloor->rhs.unknown = 0; - return init_epm_floor(efloor, EPM_FLOOR_UUID); -} - -/******************************************************************* - inits an EPM_FLOOR structure for RPC -********************************************************************/ -NTSTATUS init_epm_floor_rpc(EPM_FLOOR *efloor) -{ - efloor->rhs.unknown = 0; - return init_epm_floor(efloor, EPM_FLOOR_RPC); -} - -/******************************************************************* - inits an EPM_FLOOR structure for TCP -********************************************************************/ -NTSTATUS init_epm_floor_tcp(EPM_FLOOR *efloor, uint16 port) -{ - efloor->rhs.tcp.port = htons(port); - return init_epm_floor(efloor, EPM_FLOOR_TCP); -} - -/******************************************************************* - inits an EPM_FLOOR structure for IP -********************************************************************/ -NTSTATUS init_epm_floor_ip(EPM_FLOOR *efloor, uint8 addr[4]) -{ - memcpy(&efloor->rhs.ip.addr, addr, sizeof(addr)); - return init_epm_floor(efloor, EPM_FLOOR_IP); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_np(EPM_FLOOR *efloor, const char *pipe_name) -{ - safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_NMPIPES); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_lrpc(EPM_FLOOR *efloor, const char *pipe_name) -{ - safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_LRPC); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_nb(EPM_FLOOR *efloor, char *host_name) -{ - safe_strcpy(efloor->rhs.string, host_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_NETBIOS); -} - -/******************************************************************* - reads and writes EPM_FLOOR. -********************************************************************/ -BOOL epm_io_floor(const char *desc, EPM_FLOOR *efloor, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "epm_io_floor"); - depth++; - - if (!prs_uint16("lhs_length", ps, depth, &efloor->lhs.length)) - return False; - if (!prs_uint8("protocol", ps, depth, &efloor->lhs.protocol)) - return False; - - switch (efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - if (!smb_io_uuid("uuid", &efloor->lhs.uuid.uuid, ps, depth)) - return False; - if (!prs_uint16("version", ps, depth, - &efloor->lhs.uuid.version)) - return False; - break; - } - - if (!prs_uint16("rhs_length", ps, depth, &efloor->rhs.length)) - return False; - - switch (efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - case EPM_FLOOR_RPC: - if (!prs_uint16("unknown", ps, depth, &efloor->rhs.unknown)) - return False; - break; - case EPM_FLOOR_TCP: - if (!prs_uint16("tcp_port", ps, depth, &efloor->rhs.tcp.port)) - return False; - break; - case EPM_FLOOR_IP: - if (!prs_uint8s(False, "ip_addr", ps, depth, - efloor->rhs.ip.addr, - sizeof(efloor->rhs.ip.addr))) - return False; - break; - case EPM_FLOOR_NMPIPES: - case EPM_FLOOR_LRPC: - case EPM_FLOOR_NETBIOS: - if (!prs_uint8s(False, "string", ps, depth, - efloor->rhs.string, - efloor->rhs.length)) - return False; - break; - default: - break; - } - - return True; -} - -/******************************************************************* - Inits a EPM_TOWER structure. -********************************************************************/ -NTSTATUS init_epm_tower(TALLOC_CTX *ctx, EPM_TOWER *tower, - const EPM_FLOOR *floors, int num_floors) -{ - int size = 0; - int i; - - DEBUG(5, ("init_epm_tower\n")); - - size += sizeof(uint16); /* number of floors is in tower length */ - for (i = 0; i < num_floors; i++) { - size += (sizeof(uint16) * 2); - size += floors[i].lhs.length; - size += floors[i].rhs.length; - } - - tower->max_length = tower->length = size; - tower->num_floors = num_floors; - tower->floors = talloc(ctx, sizeof(EPM_FLOOR) * num_floors); - if (!tower->floors) { - return NT_STATUS_NO_MEMORY; - } - memcpy(tower->floors, floors, sizeof(EPM_FLOOR) * num_floors); - tower->unknown = 0x7e; - - return NT_STATUS_OK; -} - -/******************************************************************* - Reads or writes an EPM_TOWER structure. -********************************************************************/ -BOOL epm_io_tower(const char *desc, EPM_TOWER *tower, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "epm_io_tower"); - depth++; - - if (!prs_align(ps)) - return False; - - if (!prs_uint32("max_length", ps, depth, &tower->max_length)) - return False; - if (!prs_uint32("length", ps, depth, &tower->length)) - return False; - if (!prs_uint16("num_floors", ps, depth, &tower->num_floors)) - return False; - - if (UNMARSHALLING(ps)) { - tower->floors = talloc(ps->mem_ctx, - sizeof(EPM_FLOOR) * tower->num_floors); - if (!tower->floors) - return False; - } - - for (i = 0; i < tower->num_floors; i++) { - if (!epm_io_floor("floor", tower->floors + i, ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* - Initialize an EPM_TOWER_ARRAY structure -********************************************************************/ -NTSTATUS init_epm_tower_array(TALLOC_CTX *ctx, EPM_TOWER_ARRAY *array, - const EPM_TOWER *towers, int num_towers) -{ - int i; - - array->max_count = num_towers; - array->offset = 0; - array->count = num_towers; - array->tower_ref_ids = talloc(ctx, sizeof(uint32) * num_towers); - if (!array->tower_ref_ids) { - return NT_STATUS_NO_MEMORY; - } - for (i=0;i<num_towers;i++) - array->tower_ref_ids[i] = ++internal_referent_id; - - array->towers = talloc(ctx, sizeof(EPM_TOWER) * num_towers); - if (!array->towers) { - return NT_STATUS_NO_MEMORY; - } - memcpy(array->towers, towers, sizeof(EPM_TOWER) * num_towers); - - return NT_STATUS_OK; -} - -/******************************************************************* - Reads or writes an EPM_TOWER_ARRAY structure. -********************************************************************/ -BOOL epm_io_tower_array(const char *desc, EPM_TOWER_ARRAY *array, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "epm_io_tower_array"); - depth++; - - if (!prs_uint32("max_count", ps, depth, &array->max_count)) - return False; - if (!prs_uint32("offset", ps, depth, &array->offset)) - return False; - if (!prs_uint32("count", ps, depth, &array->count)) - return False; - - - if (UNMARSHALLING(ps)) { - array->tower_ref_ids = talloc(ps->mem_ctx, - sizeof(uint32) * array->count); - if (!array->tower_ref_ids) { - return False; - } - } - for (i=0; i < array->count; i++) { - if (!prs_uint32("ref_id", ps, depth, &array->tower_ref_ids[i])) { - return False; - } else { - if (array->tower_ref_ids[i] > internal_referent_id) { - internal_referent_id = array->tower_ref_ids[i]; - } - } - } - - - - if (!prs_set_offset(ps, prs_offset(ps) + array->offset)) - return False; - - if (UNMARSHALLING(ps)) { - array->towers = talloc(ps->mem_ctx, - sizeof(EPM_TOWER) * array->count); - if (!array->towers) { - return False; - } - } - - for (i = 0; i < array->count; i++) { - if (!epm_io_tower("tower", &array->towers[i], ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* - Initialize EPM_R_MAP structure -******************************************************************/ -NTSTATUS init_epm_r_map(TALLOC_CTX *ctx, EPM_R_MAP *r_map, - const EPM_HANDLE *handle, const EPM_TOWER_ARRAY *array, - int num_elements, uint32 status) -{ - memcpy(&r_map->handle, handle, sizeof(*handle)); - r_map->num_results = num_elements; - r_map->results = talloc(ctx, sizeof(EPM_TOWER_ARRAY) * num_elements); - if (!r_map->results) { - return NT_STATUS_NO_MEMORY; - } - memcpy(r_map->results, array, sizeof(EPM_TOWER_ARRAY) * num_elements); - r_map->status = status; - return NT_STATUS_OK; -} - -/************************************************************************* - Inits a EPM_Q_MAP structure. -************************************************************************** -* We attempt to hide the ugliness of the wire format by taking a EPM_TOWER -* array with a defined size -**************************************************************************/ -NTSTATUS init_epm_q_map(TALLOC_CTX *ctx, EPM_Q_MAP *q_map, - const EPM_TOWER *towers, int num_towers) -{ - static uint32 handle = 1; - - ZERO_STRUCTP(q_map); - - DEBUG(5, ("init_epm_q_map\n")); - q_map->handle.data[0] = (handle >> 0) & 0xFF; - q_map->handle.data[1] = (handle >> 8) & 0xFF; - q_map->handle.data[2] = (handle >> 16) & 0xFF; - q_map->handle.data[3] = (handle >> 24) & 0xFF; - - q_map->tower = talloc(ctx, sizeof(EPM_TOWER) * (num_towers + 1)); - if (!q_map->tower) { - return NT_STATUS_NO_MEMORY; - } - - memcpy(q_map->tower, towers, sizeof(EPM_TOWER) * num_towers); - - ZERO_STRUCT(q_map->tower[num_towers]); - - /* For now let's not take more than 4 towers per result */ - q_map->max_towers = num_towers * 4; - - q_map->tower_ref_id = ++internal_referent_id; - - handle++; - - return NT_STATUS_OK; -} - -/***************************************************************** - epm_io_q_map - read or write EPM_Q_MAP structure -******************************************************************/ -BOOL epm_io_q_map(const char *desc, EPM_Q_MAP *io_map, prs_struct *ps, - int depth) -{ - prs_debug(ps, depth, desc, "epm_io_q_map"); - depth++; - - if (!epm_io_handle("handle", &io_map->handle, ps, depth)) - return False; - - if (!prs_uint32("referent_id", ps, 0, &io_map->tower_ref_id)) - return False; - if (io_map->tower_ref_id > internal_referent_id) - internal_referent_id = io_map->tower_ref_id; - - /* HACK: We need a more elegant way of doing this */ - if (UNMARSHALLING(ps)) { - io_map->tower = talloc(ps->mem_ctx, sizeof(EPM_TOWER)); - if (!io_map->tower) - return False; - } - if (!epm_io_tower("tower", io_map->tower, ps, depth)) - return False; - if (!epm_io_handle("term_handle", &io_map->term_handle, ps, depth)) - return False; - - if (!prs_uint32("max_towers", ps, 0, &io_map->max_towers)) - return False; - - return True; -} - -/******************************************************************* - epm_io_r_map - Read/Write EPM_R_MAP structure -******************************************************************/ -BOOL epm_io_r_map(const char *desc, EPM_R_MAP *io_map, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "epm_io_r_map"); - depth++; - - if (!epm_io_handle("handle", &io_map->handle, ps, depth)) - return False; - if (!prs_uint32("num_results", ps, depth, &io_map->num_results)) - return False; - - if (UNMARSHALLING(ps)) { - io_map->results = talloc(ps->mem_ctx, - sizeof(EPM_TOWER_ARRAY) * - io_map->num_results); - if (!io_map->results) - return False; - } - if (!epm_io_tower_array("results", io_map->results, ps, depth)) - return False; - - if (!prs_align(ps)) - return False; - - if (!prs_uint32("status", ps, depth, &io_map->status)) - return False; - - return True; -} diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 5fff1fea37..d29b7bc580 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -2142,7 +2142,7 @@ BOOL lsa_io_dns_dom_info(const char *desc, LSA_DNS_DOM_INFO *info, if(!prs_align(ps)) return False; - if ( !smb_io_uuid("dom_guid", &info->dom_guid, ps, depth) ) + if (!prs_uint8s(False, "dom_guid", ps, depth, info->dom_guid.info, GUID_SIZE)) return False; if(!prs_align(ps)) diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index cea31c88a8..efb2bfa97f 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -323,34 +323,6 @@ BOOL smb_io_dom_sid2(const char *desc, DOM_SID2 *sid, prs_struct *ps, int depth) } /******************************************************************* - Reads or writes a struct uuid -********************************************************************/ - -BOOL smb_io_uuid(const char *desc, struct uuid *uuid, - prs_struct *ps, int depth) -{ - if (uuid == NULL) - return False; - - prs_debug(ps, depth, desc, "smb_io_uuid"); - depth++; - - if(!prs_uint32 ("data ", ps, depth, &uuid->time_low)) - return False; - if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid)) - return False; - if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version)) - return False; - - if(!prs_uint8s (False, "data ", ps, depth, uuid->clock_seq, sizeof(uuid->clock_seq))) - return False; - if(!prs_uint8s (False, "data ", ps, depth, uuid->node, sizeof(uuid->node))) - return False; - - return True; -} - -/******************************************************************* creates a STRHDR structure. ********************************************************************/ diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c index 696f258e5d..e2781b2008 100644 --- a/source3/rpc_parse/parse_rpc.c +++ b/source3/rpc_parse/parse_rpc.c @@ -34,9 +34,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } \ + { 0x9f, 0xe8, 0x08, 0x00, \ + 0x2b, 0x10, 0x48, 0x60 } \ }, 0x02 \ } @@ -44,9 +43,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } \ + { 0x9f, 0xe8, 0x08, 0x00, \ + 0x2b, 0x10, 0x48, 0x60 } \ }, 0x02 \ } @@ -54,9 +52,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x6bffd098, 0xa112, 0x3610, \ - { 0x98, 0x33 }, \ - { 0x46, 0xc3, \ - 0xf8, 0x7e, 0x34, 0x5a } \ + { 0x98, 0x33, 0x46, 0xc3, \ + 0xf8, 0x7e, 0x34, 0x5a } \ }, 0x01 \ } @@ -64,9 +61,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x4b324fc8, 0x1670, 0x01d3, \ - { 0x12, 0x78 }, \ - { 0x5a, 0x47, \ - 0xbf, 0x6e, 0xe1, 0x88 } \ + { 0x12, 0x78, 0x5a, 0x47, \ + 0xbf, 0x6e, 0xe1, 0x88 } \ }, 0x03 \ } @@ -74,9 +70,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345778, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xab } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xab } \ }, 0x00 \ } @@ -84,9 +79,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x3919286a, 0xb10c, 0x11d0, \ - { 0x9b, 0xa8 }, \ - { 0x00, 0xc0, \ - 0x4f, 0xd9, 0x2e, 0xf5 } \ + { 0x9b, 0xa8, 0x00, 0xc0, \ + 0x4f, 0xd9, 0x2e, 0xf5 } \ }, 0x00 \ } @@ -94,9 +88,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345778, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xac } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xac } \ }, 0x01 \ } @@ -104,9 +97,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345678, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0xcf, 0xfb } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0xcf, 0xfb } \ }, 0x01 \ } @@ -114,9 +106,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x338cd001, 0x2244, 0x31f1, \ - { 0xaa, 0xaa }, \ - { 0x90, 0x00, \ - 0x38, 0x00, 0x10, 0x03 } \ + { 0xaa, 0xaa, 0x90, 0x00, \ + 0x38, 0x00, 0x10, 0x03 } \ }, 0x01 \ } @@ -124,9 +115,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345678, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xab } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xab } \ }, 0x01 \ } @@ -134,9 +124,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x0, 0x0, 0x0, \ - { 0x00, 0x00 }, \ - { 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 } \ + { 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00 } \ }, 0x00 \ } @@ -144,8 +133,7 @@ interface/version dce/rpc pipe identification { \ { \ 0x4fc742e0, 0x4a10, 0x11cf, \ - { 0x82, 0x73 }, \ - { 0x00, 0xaa, \ + { 0x82, 0x73, 0x00, 0xaa, \ 0x00, 0x4a, 0xe6, 0x73 } \ }, 0x03 \ } @@ -154,8 +142,7 @@ interface/version dce/rpc pipe identification { \ { \ 0x60a15ec5, 0x4de8, 0x11d7, \ - { 0xa6, 0x37 }, \ - { 0x00, 0x50, \ + { 0xa6, 0x37, 0x00, 0x50, \ 0x56, 0xa2, 0x01, 0x82 } \ }, 0x01 \ } @@ -164,22 +151,11 @@ interface/version dce/rpc pipe identification { \ { \ 0x894de0c0, 0x0d55, 0x11d3, \ - { 0xa3, 0x22 }, \ - { 0x00, 0xc0, \ + { 0xa3, 0x22, 0x00, 0xc0, \ 0x4f, 0xa3, 0x21, 0xa1 } \ }, 0x01 \ } -#define SYNT_EPM_V3 \ -{ \ - { \ - 0xe1af8308, 0x5d1f, 0x11c9, \ - { 0x91, 0xa4 }, \ - { 0x08, 0x00, \ - 0x2b, 0x14, 0xa0, 0xfa } \ - }, 0x03 \ -} - /* * IMPORTANT!! If you update this structure, make sure to * update the index #defines in smb.h. @@ -199,7 +175,6 @@ const struct pipe_id_info pipe_names [] = { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 }, { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 }, { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 }, - { PIPE_EPM , SYNT_EPM_V3 , PIPE_EPM , TRANS_SYNT_V2 }, { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 } }; @@ -278,6 +253,34 @@ BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth) } /******************************************************************* + Reads or writes an RPC_UUID structure. +********************************************************************/ + +static BOOL smb_io_rpc_uuid(const char *desc, RPC_UUID *uuid, prs_struct *ps, int depth) +{ + if (uuid == NULL) + return False; + + prs_debug(ps, depth, desc, "smb_io_rpc_uuid"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32 ("data ", ps, depth, &uuid->time_low)) + return False; + if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid)) + return False; + if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version)) + return False; + + if(!prs_uint8s (False, "data ", ps, depth, uuid->remaining, sizeof(uuid->remaining))) + return False; + + return True; +} + +/******************************************************************* Reads or writes an RPC_IFACE structure. ********************************************************************/ @@ -289,10 +292,7 @@ static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, i prs_debug(ps, depth, desc, "smb_io_rpc_iface"); depth++; - if (!prs_align(ps)) - return False; - - if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth)) + if (!smb_io_rpc_uuid( "uuid", &ifc->uuid, ps, depth)) return False; if(!prs_uint32 ("version", ps, depth, &ifc->version)) diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 287dc3bd7f..34b0cf2848 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -5315,6 +5315,10 @@ static BOOL sam_io_user_info11(const char *desc, SAM_USER_INFO_11 * usr, /************************************************************************* init_sam_user_infoa + + unknown_5 = 0x0001 0000 + unknown_6 = 0x0000 04ec + *************************************************************************/ void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len) diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index a78627650a..bf43ef288a 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -83,11 +83,11 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) return False; if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) - if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) + if (!prs_uint8s(False, "obj_guid", ps, depth, psa->obj_guid.info, GUID_SIZE)) return False; if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) - if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) + if (!prs_uint8s(False, "inh_guid", ps, depth, psa->inh_guid.info, GUID_SIZE)) return False; if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) diff --git a/source3/rpc_server/srv_epmapper.c b/source3/rpc_server/srv_epmapper.c deleted file mode 100644 index 70de092850..0000000000 --- a/source3/rpc_server/srv_epmapper.c +++ /dev/null @@ -1,88 +0,0 @@ - -/* - Unix SMB/CIFS implementation. - Samba end point mapper utility and mapping functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/***************************************************************** - api_handle_map_req - handles standard epm mapping request -******************************************************************/ -static BOOL api_handle_map_req(pipes_struct * p) -{ - - EPM_Q_MAP q_in; - EPM_R_MAP q_out; - - prs_struct *in_data = &p->in_data.data; - prs_struct *ret_data = &p->out_data.rdata; - - ZERO_STRUCT(q_in); - ZERO_STRUCT(q_out); - - /* process input request and parse packet */ - - if (!epm_io_q_map("", &q_in, in_data, 0)) { - DEBUG(0, - ("api_handle_map_request: unable to unmarshall EPMD_MAP\n")); - return False; - } - - _epm_map(p, &q_in, &q_out); - - if (!epm_io_r_map("", &q_out, ret_data, 0)) { - DEBUG(0, - ("api_handle_map_req: unable to marshall EPMD_MAP\n")); - return False; - } - - return True; -} - -/*******************************************************************/ -/* \pipe\epmapper commands */ -/*******************************************************************/ -/* opnum is 3 on map request */ - -struct api_struct api_epmapper_cmds[] = { - {"MAP_PIPE_NAME", EPM_MAP_PIPE_NAME, api_handle_map_req}, -}; - -/*******************************************************************/ -/* */ -/*******************************************************************/ - -void epm_get_pipe_fns(struct api_struct **funcs, int *n_funcs) -{ - *funcs = api_epmapper_cmds; - *n_funcs = sizeof(api_epmapper_cmds) / sizeof(struct api_struct); -} - -/*******************************************************************/ -/* */ -/*******************************************************************/ - -NTSTATUS rpc_epmapper_init(void) -{ - return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, - EPM_PIPE_NM, EPM_PIPE_NM, - api_epmapper_cmds, - sizeof(api_epmapper_cmds) / - sizeof(struct api_struct)); -} diff --git a/source3/rpc_server/srv_epmapper_nt.c b/source3/rpc_server/srv_epmapper_nt.c deleted file mode 100644 index e82484af4a..0000000000 --- a/source3/rpc_server/srv_epmapper_nt.c +++ /dev/null @@ -1,70 +0,0 @@ - -/* - Unix SMB/CIFS implementation. - Samba end point mapper utility and mapping functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*******************************************************************/ -/* _epm_map - fill out mapping on input and output structs */ -/*******************************************************************/ -void _epm_map(pipes_struct *ps, const EPM_Q_MAP *q_u, EPM_R_MAP *r_u) -{ - int i; - uint8 target_address[] = { 9, 53, 95, 27 }; - EPM_FLOOR *floors = talloc(ps->mem_ctx, sizeof(EPM_FLOOR) * - q_u->tower->num_floors); - EPM_TOWER *towers = talloc(ps->mem_ctx, - sizeof(EPM_TOWER) * MAX_TOWERS); - EPM_TOWER_ARRAY array; - - if (!floors || !towers) { - DEBUG(0, ("_epm_map: talloc failed!\n")); - return; - } - - for (i = 0; i < q_u->tower->num_floors; i++) { - switch (q_u->tower->floors[i].lhs.protocol) { - case EPM_FLOOR_UUID: - init_epm_floor_uuid(&floors[i], - q_u->tower->floors[i]. - lhs.uuid.uuid, - q_u->tower->floors[i]. - lhs.uuid.version); - break; - case EPM_FLOOR_RPC: - init_epm_floor_rpc(&floors[i]); - break; - case EPM_FLOOR_TCP: - /* for now map all requests to port 135 */ - init_epm_floor_tcp(&floors[i], 135); - break; - case EPM_FLOOR_IP: - init_epm_floor_ip(&floors[i], target_address); - break; - } - } - - init_epm_tower(ps->mem_ctx, &towers[0], floors, 5); - init_epm_tower_array(ps->mem_ctx, &array, towers, 1); - init_epm_r_map(ps->mem_ctx, r_u, &q_u->term_handle, &array, 1, 0); - - return; - -} diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 95cf188d67..07c024e1ca 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -165,11 +165,6 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, status = lookup_name(dom_name, user, &sid, &name_type); - if (name_type == SID_NAME_WKN_GRP) { - /* BUILTIN aliases are still aliases :-) */ - name_type = SID_NAME_ALIAS; - } - DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : "not found")); @@ -344,7 +339,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, const char *dns_name, const char *forest_name, - struct uuid *dom_guid, DOM_SID *dom_sid) + GUID *dom_guid, DOM_SID *dom_sid) { if (nb_name && *nb_name) { init_unistr2(&r_l->uni_nb_dom_name, nb_name, UNI_FLAGS_NONE); @@ -369,7 +364,7 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, /* how do we init the guid ? probably should write an init fn */ if (dom_guid) { - memcpy(&r_l->dom_guid, dom_guid, sizeof(struct uuid)); + memcpy(&r_l->dom_guid, dom_guid, sizeof(GUID)); } if (dom_sid) { @@ -824,10 +819,10 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L DEBUG(10,("_lsa_priv_get_dispname: %s", name_asc)); - while (privs[i].se_priv!=SE_ALL_PRIVS && strcmp(name_asc, privs[i].priv)) + while (privs[i].se_priv!=SE_PRIV_ALL && strcmp(name_asc, privs[i].priv)) i++; - if (privs[i].se_priv!=SE_ALL_PRIVS) { + if (privs[i].se_priv!=SE_PRIV_ALL) { DEBUG(10,(": %s\n", privs[i].description)); init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE); init_uni_hdr(&r_u->hdr_desc, &r_u->desc); @@ -844,17 +839,16 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L /*************************************************************************** _lsa_enum_accounts. - - This call lists all sids that have been granted privileges. I think it would - be ok not to return anything here, or only return BUILTIN\Administrators. ***************************************************************************/ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u) { - extern DOM_SID global_sid_Builtin_Administrators; struct lsa_info *handle; + GROUP_MAP *map=NULL; int num_entries=0; LSA_SID_ENUM *sids=&r_u->sids; + int i=0,j=0; + BOOL ret; if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) return NT_STATUS_INVALID_HANDLE; @@ -867,8 +861,15 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) return NT_STATUS_ACCESS_DENIED; - - num_entries = 1; + /* get the list of mapped groups (domain, local, builtin) */ + become_root(); + ret = pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED); + unbecome_root(); + if( !ret ) { + DEBUG(3,("_lsa_enum_accounts: enumeration of groups failed!\n")); + return NT_STATUS_OK; + } + if (q_u->enum_context >= num_entries) return NT_STATUS_NO_MORE_ENTRIES; @@ -877,11 +878,19 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2)); if (sids->ptr_sid==NULL || sids->sid==NULL) { + SAFE_FREE(map); return NT_STATUS_NO_MEMORY; } - init_dom_sid2( &(*sids).sid[0], &global_sid_Builtin_Administrators); - init_lsa_r_enum_accounts(r_u, 1); + for (i=q_u->enum_context, j=0; i<num_entries; i++) { + init_dom_sid2( &(*sids).sid[j], &map[i].sid); + (*sids).ptr_sid[j]=1; + j++; + } + + SAFE_FREE(map); + + init_lsa_r_enum_accounts(r_u, j); return NT_STATUS_OK; } @@ -1220,7 +1229,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I char *dns_name = NULL; char *forest_name = NULL; DOM_SID *sid = NULL; - struct uuid guid; + GUID guid; fstring dnsdomname; ZERO_STRUCT(guid); diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index f06a2002e3..9c10d86379 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -317,42 +317,6 @@ static BOOL api_net_logon_ctrl(pipes_struct *p) return True; } -/************************************************************************* - api_ds_enum_dom_trusts: - *************************************************************************/ - -#if 0 /* JERRY */ -static BOOL api_ds_enum_dom_trusts(pipes_struct *p) -{ - DS_Q_ENUM_DOM_TRUSTS q_u; - DS_R_ENUM_DOM_TRUSTS r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - if ( !ds_io_q_enum_domain_trusts("", data, 0, &q_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to unmarshall DS_Q_ENUM_DOM_TRUSTS.\n")); - return False; - } - - r_u.status = _ds_enum_dom_trusts(p, &q_u, &r_u); - - if ( !ds_io_r_enum_domain_trusts("", rdata, 0, &r_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to marshall DS_R_ENUM_DOM_TRUSTS.\n")); - return False; - } - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - return True; -} -#endif /* JERRY */ - /******************************************************************* array of \PIPE\NETLOGON operations ********************************************************************/ @@ -366,10 +330,7 @@ static struct api_struct api_net_cmds [] = { "NET_SAMLOGOFF" , NET_SAMLOGOFF , api_net_sam_logoff }, { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 }, { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list }, - { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl }, -#if 0 /* JERRY */ - { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts } -#endif /* JERRY */ + { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl } }; void netlog_get_pipe_fns( struct api_struct **fns, int *n_fns ) diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 51ed79980c..bf0e81f5c8 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -775,21 +775,4 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * return status; } -/************************************************************************* - _ds_enum_dom_trusts - *************************************************************************/ -#if 0 /* JERRY -- not correct */ -NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u, - DS_R_ENUM_DOM_TRUSTS *r_u) -{ - NTSTATUS status = NT_STATUS_OK; - /* TODO: According to MSDN, the can only be executed against a - DC or domain member running Windows 2000 or later. Need - to test against a standalone 2k server and see what it - does. A windows 2000 DC includes its own domain in the - list. --jerry */ - - return status; -} -#endif /* JERRY */ diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 90c20a97fa..fa24efe589 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -737,9 +737,9 @@ BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract, { if ( strequal(pipe_names[i].client_pipe, pname) && (abstract->version == pipe_names[i].abstr_syntax.version) - && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0) + && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) == 0) && (transfer->version == pipe_names[i].trans_syntax.version) - && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) ) + && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) == 0) ) { struct api_struct *fns = NULL; int n_fns = 0; @@ -1609,9 +1609,6 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns ) echo_get_pipe_fns( &cmds, &n_cmds ); break; #endif - case PI_EPM: - epm_get_pipe_fns( &cmds, &n_cmds ); - break; default: DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx)); } diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 64ca8388d7..514c22d471 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -344,8 +344,6 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); - init_privilege(&p->pipe_user.privs); - dup_priv_set(p->pipe_user.privs, vuser->privs); } /* diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index b1147e50ef..70ae4d170e 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -40,7 +40,6 @@ extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; extern rid_name builtin_alias_rids[]; -extern PRIVS privs[]; typedef struct _disp_info { BOOL user_dbloaded; @@ -880,7 +879,7 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST Get the group entries - similar to get_sampwd_entries(). ******************************************************************/ -static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, +static NTSTATUS get_group_entries( enum SID_NAME_USE type, TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, uint32 *p_num_entries, uint32 max_entries ) { @@ -895,8 +894,7 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, needed for some passdb backends to enumerate groups */ become_root(); - pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, - ENUM_ONLY_MAPPED); + pdb_enum_group_mapping(type, &map, (int *)&group_entries, ENUM_ONLY_MAPPED); unbecome_root(); num_entries=group_entries-start_idx; @@ -917,54 +915,51 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name); fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment); sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid); - (*d_grp)[i].attr=SID_NAME_DOM_GRP; + (*d_grp)[i].attr=type; } SAFE_FREE(map); *p_num_entries = num_entries; - DEBUG(10,("get_group_domain_entries: returning %d entries\n", - *p_num_entries)); + DEBUG(10,("get_group_entries: returning %d entries\n", *p_num_entries)); return NT_STATUS_OK; } /******************************************************************* - Wrapper for enumerating local groups + Wrapper for enuemrating domain groups ******************************************************************/ -static NTSTATUS get_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, - const DOM_SID *sid, uint32 start_idx, - uint32 *p_num_entries, uint32 max_entries ) +static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, + DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries ) { - struct acct_info *info; - int i; - BOOL res; - - become_root(); - res = pdb_enum_aliases(sid, start_idx, max_entries, - p_num_entries, &info); - unbecome_root(); - - if (!res) - return NT_STATUS_ACCESS_DENIED; + return get_group_entries( SID_NAME_DOM_GRP, ctx, d_grp, sid, start_idx, + p_num_entries, max_entries ); +} - *d_grp = talloc(ctx, sizeof(DOMAIN_GRP) * (*p_num_entries)); +/******************************************************************* + Wrapper for enumerating local groups + ******************************************************************/ - if (*d_grp == NULL) { - SAFE_FREE(info); - return NT_STATUS_NO_MEMORY; +static NTSTATUS get_group_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, + DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries) +{ + if ( sid_equal(sid, &global_sid_Builtin) ) { + return get_group_entries( SID_NAME_WKN_GRP, ctx, d_grp, + sid, start_idx, p_num_entries, max_entries ); } - - for (i=0; i<*p_num_entries; i++) { - fstrcpy((*d_grp)[i].name, info[i].acct_name); - fstrcpy((*d_grp)[i].comment, info[i].acct_desc); - (*d_grp)[i].rid = info[i].rid; - (*d_grp)[i].attr = SID_NAME_ALIAS; + else if ( sid_equal(sid, get_global_sam_sid()) ) { + return get_group_entries( SID_NAME_ALIAS, ctx, d_grp, + sid, start_idx, p_num_entries, max_entries ); } - SAFE_FREE(info); + /* can't do anything with this SID */ + + *p_num_entries = 0; + return NT_STATUS_OK; } @@ -1030,8 +1025,8 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S sid_to_string(sid_str, &sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); - status = get_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, - &num_entries, MAX_SAM_ENTRIES); + status = get_group_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, + &num_entries, MAX_SAM_ENTRIES); if (NT_STATUS_IS_ERR(status)) return status; make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); @@ -1249,7 +1244,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u) { DOM_SID sid; - struct acct_info info; + GROUP_MAP map; uint32 acc_granted; BOOL ret; @@ -1264,8 +1259,12 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM return r_u->status; } + if (!sid_check_is_in_our_domain(&sid) && + !sid_check_is_in_builtin(&sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + become_root(); - ret = pdb_get_aliasinfo(&sid, &info); + ret = pdb_getgrsid(&map, sid); unbecome_root(); if ( !ret ) @@ -1275,13 +1274,12 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM case 1: r_u->ptr = 1; r_u->ctr.switch_value1 = 1; - init_samr_alias_info1(&r_u->ctr.alias.info1, - info.acct_name, 1, info.acct_desc); + init_samr_alias_info1(&r_u->ctr.alias.info1, map.nt_name, 1, map.comment); break; case 3: r_u->ptr = 1; r_u->ctr.switch_value1 = 3; - init_samr_alias_info3(&r_u->ctr.alias.info3, info.acct_desc); + init_samr_alias_info3(&r_u->ctr.alias.info3, map.comment); break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -2139,15 +2137,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA return NT_STATUS_INVALID_HANDLE; if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT))) { - DEBUG(3, ("_samr_create_user: User should be denied access but was overridden by %s\n", privs[SE_MACHINE_ACCOUNT].priv)); - } else { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS))) { - DEBUG(3, ("_samr_create_user: User should be denied access but was overridden by %s\n", privs[SE_ADD_USERS].priv)); - } else { - return nt_status; - } - } + return nt_status; } if (!(acb_info == ACB_NORMAL || acb_info == ACB_DOMTRUST || acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) { @@ -2210,33 +2200,6 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* the passdb lookup has failed; check to see if we need to run the add user/machine script */ - - /* - * we can't check both the ending $ and the acb_info. - * - * UserManager creates trust accounts (ending in $, - * normal that hidden accounts) with the acb_info equals to ACB_NORMAL. - * JFM, 11/29/2001 - */ - if (account[strlen(account)-1] == '$') { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT)) || geteuid() == 0) { - DEBUG(3, ("user [%s] has been granted Add Machines privilege!\n", p->user_name)); - become_root(); - pstrcpy(add_script, lp_addmachine_script()); - } else { - DEBUG(3, ("user [%s] doesn't have Add Machines privilege!\n", p->user_name)); - return NT_STATUS_ACCESS_DENIED; - } - } else { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS)) || geteuid() == 0) { - DEBUG(3, ("user [%s] has been granted Add Users privilege!\n", p->user_name)); - become_root(); - pstrcpy(add_script, lp_adduser_script()); - } else { - DEBUG(3, ("user [%s] doesn't have Add Users privilege!\n", p->user_name)); - return NT_STATUS_ACCESS_DENIED; - } - } pw = Get_Pwnam(account); @@ -2252,6 +2215,17 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA *********************************************************************/ if ( !pw ) { + /* + * we can't check both the ending $ and the acb_info. + * + * UserManager creates trust accounts (ending in $, + * normal that hidden accounts) with the acb_info equals to ACB_NORMAL. + * JFM, 11/29/2001 + */ + if (account[strlen(account)-1] == '$') + pstrcpy(add_script, lp_addmachine_script()); + else + pstrcpy(add_script, lp_adduser_script()); if (*add_script) { int add_ret; @@ -2261,7 +2235,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA } else /* no add user script -- ask winbindd to do it */ { - if (!winbind_create_user(account, &new_rid)) { + if ( !winbind_create_user( account, &new_rid ) ) { DEBUG(3,("_samr_create_user: winbind_create_user(%s) failed\n", account)); } @@ -2272,16 +2246,15 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* implicit call to getpwnam() next. we have a valid SID coming out of this call */ if ( !NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pass, account, new_rid)) ) - goto done; + return nt_status; pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); if (!pdb_add_sam_account(sam_pass)) { pdb_free_sam(&sam_pass); - DEBUG(0, ("could not add user/computer %s to passdb !?\n", + DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n", account)); - nt_status = NT_STATUS_ACCESS_DENIED; - goto done; + return NT_STATUS_ACCESS_DENIED; } /* Get the user's SID */ @@ -2292,14 +2265,13 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA if (!NT_STATUS_IS_OK(nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, "_samr_create_user"))) { - goto done; + return nt_status; } /* associate the user's SID with the new handle. */ if ((info = get_samr_info_by_sid(&sid)) == NULL) { pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_NO_MEMORY; - goto done; + return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(info); @@ -2309,8 +2281,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) { pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_OBJECT_NAME_NOT_FOUND; - goto done; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; } r_u->user_rid=pdb_get_user_rid(sam_pass); @@ -2319,11 +2290,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_OK; - -done: - unbecome_root(); - return nt_status; + return NT_STATUS_OK; } /******************************************************************* @@ -3224,11 +3191,15 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ { int i; + GROUP_MAP map; int num_sids = 0; DOM_SID2 *sid; DOM_SID *sids=NULL; DOM_SID alias_sid; + DOM_SID als_sid; + uint32 alias_rid; + fstring alias_sid_str; uint32 acc_granted; @@ -3240,12 +3211,35 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) { return r_u->status; } + + sid_copy(&als_sid, &alias_sid); + sid_to_string(alias_sid_str, &alias_sid); + sid_split_rid(&alias_sid, &alias_rid); + + DEBUG(10, ("sid is %s\n", alias_sid_str)); - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + if (sid_equal(&alias_sid, &global_sid_Builtin)) { + DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n")); + if(!get_builtin_group_from_sid(&als_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + } else { + if (sid_equal(&alias_sid, get_global_sam_sid())) { + DEBUG(10, ("lookup on Server SID\n")); + if(!get_local_group_from_sid(&als_sid, &map)) { + fstring alias_sid_string; + DEBUG(10, ("Alias %s not found\n", sid_to_string(alias_sid_string, &als_sid))); + return NT_STATUS_NO_SUCH_ALIAS; + } + } + } - if (!pdb_enum_aliasmem(&alias_sid, &sids, &num_sids)) + if (!get_sid_list_of_group(map.gid, &sids, &num_sids)) { + fstring alias_sid_string; + DEBUG(10, ("Alias %s found, but member list unavailable\n", sid_to_string(alias_sid_string, &als_sid))); return NT_STATUS_NO_SUCH_ALIAS; + } + DEBUG(10, ("sid is %s\n", alias_sid_str)); sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_SID2) * num_sids); if (num_sids!=0 && sid == NULL) { SAFE_FREE(sids); @@ -3256,6 +3250,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ init_dom_sid2(&sid[i], &sids[i]); } + DEBUG(10, ("sid is %s\n", alias_sid_str)); init_samr_r_query_aliasmem(r_u, num_sids, sid, NT_STATUS_OK); SAFE_FREE(sids); @@ -3341,6 +3336,15 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u) { DOM_SID alias_sid; + fstring alias_sid_str; + uid_t uid; + struct passwd *pwd; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + NTSTATUS ret; + SAM_ACCOUNT *sam_user = NULL; + BOOL check; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ @@ -3351,11 +3355,74 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD return r_u->status; } - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!pdb_add_aliasmem(&alias_sid, &q_u->sid.sid)) - return NT_STATUS_ACCESS_DENIED; + if (sid_compare(&alias_sid, get_global_sam_sid())>0) { + DEBUG(10, ("adding member on Server SID\n")); + if(!get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else { + if (sid_compare(&alias_sid, &global_sid_Builtin)>0) { + DEBUG(10, ("adding member on BUILTIN SID\n")); + if( !get_builtin_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else + return NT_STATUS_NO_SUCH_ALIAS; + } + + ret = pdb_init_sam(&sam_user); + if (!NT_STATUS_IS_OK(ret)) + return ret; + + check = pdb_getsampwsid(sam_user, &q_u->sid.sid); + + if (check != True) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + /* check a real user exist before we run the script to add a user to a group */ + if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { + return NT_STATUS_NO_SUCH_USER; + } + + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); + return NT_STATUS_NO_SUCH_ALIAS; + } + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + /* if the user is already in the group */ + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_IN_ALIAS; + } + + /* + * ok, the group exist, the user exist, the user is not in the group, + * we can (finally) add it to the group ! + */ + smb_add_user_group(grp_name, pwd->pw_name); + + /* check if the user has been added then ... */ + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + passwd_free(&pwd); return NT_STATUS_OK; } @@ -3366,6 +3433,11 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u) { DOM_SID alias_sid; + fstring alias_sid_str; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + SAM_ACCOUNT *sam_pass=NULL; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ @@ -3376,12 +3448,47 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE return r_u->status; } - DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", - sid_string_static(&alias_sid))); + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", alias_sid_str)); - if (!pdb_del_aliasmem(&alias_sid, &q_u->sid.sid)) - return NT_STATUS_ACCESS_DENIED; - + if (!sid_check_is_in_our_domain(&alias_sid) && + !sid_check_is_in_builtin(&alias_sid)) { + DEBUG(10, ("_samr_del_aliasmem:invalid alias group\n")); + return NT_STATUS_NO_SUCH_ALIAS; + } + + if( !get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* check if the user exists before trying to remove it from the group */ + pdb_init_sam(&sam_pass); + if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) { + DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + /* if the user is not in the group */ + if(!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; + } + + smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); + + /* check if the user has been removed then ... */ + if(user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + pdb_free_sam(&sam_pass); return NT_STATUS_OK; } @@ -3708,6 +3815,12 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u) { DOM_SID alias_sid; + DOM_SID dom_sid; + uint32 alias_rid; + fstring alias_sid_str; + gid_t gid; + struct group *grp; + GROUP_MAP map; uint32 acc_granted; DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__)); @@ -3719,18 +3832,38 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) { return r_u->status; } + + sid_copy(&dom_sid, &alias_sid); + sid_to_string(alias_sid_str, &dom_sid); + sid_split_rid(&dom_sid, &alias_rid); - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!sid_check_is_in_our_domain(&alias_sid)) + /* we check if it's our SID before deleting */ + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_ALIAS; - + DEBUG(10, ("lookup on Local SID\n")); - /* Have passdb delete the alias */ - if (!pdb_delete_alias(&alias_sid)) + if(!get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + gid=map.gid; + + /* check if group really exists */ + if ( (grp=getgrgid(gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we can delete the UNIX group */ + smb_delete_group(grp->gr_name); + + /* check if the group has been successfully deleted */ + if ( (grp=getgrgid(gid)) != NULL) return NT_STATUS_ACCESS_DENIED; + /* don't check if we removed it as it could be an un-mapped group */ + pdb_delete_group_mapping_entry(alias_sid); + if (!close_policy_hnd(p, &q_u->alias_pol)) return NT_STATUS_OBJECT_NAME_INVALID; @@ -3808,6 +3941,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S DOM_SID dom_sid; DOM_SID info_sid; fstring name; + fstring sid_string; struct group *grp; struct samr_info *info; uint32 acc_granted; @@ -3828,20 +3962,28 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); - /* Have passdb create the alias */ - if (!pdb_create_alias(name, &r_u->rid)) - return NT_STATUS_ACCESS_DENIED; - - sid_copy(&info_sid, get_global_sam_sid()); - sid_append_rid(&info_sid, r_u->rid); + /* check if group already exists */ + if ( (grp=getgrnam(name)) != NULL) + return NT_STATUS_ALIAS_EXISTS; - if (!NT_STATUS_IS_OK(sid_to_gid(&info_sid, &gid))) + /* we can create the UNIX group */ + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; /* check if the group has been successfully created */ if ((grp=getgrgid(gid)) == NULL) return NT_STATUS_ACCESS_DENIED; + r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); + + sid_copy(&info_sid, get_global_sam_sid()); + sid_append_rid(&info_sid, r_u->rid); + sid_to_string(sid_string, &info_sid); + + /* add the group to the mapping table */ + if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL)) + return NT_STATUS_ACCESS_DENIED; + if ((info = get_samr_info_by_sid(&info_sid)) == NULL) return NT_STATUS_NO_MEMORY; @@ -3963,7 +4105,7 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u) { DOM_SID group_sid; - struct acct_info info; + GROUP_MAP map; ALIAS_INFO_CTR *ctr; uint32 acc_granted; @@ -3974,20 +4116,22 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ return r_u->status; } + if (!get_local_group_from_sid(&group_sid, &map) && + !get_builtin_group_from_sid(&group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + ctr=&q_u->ctr; switch (ctr->switch_value1) { case 3: - unistr2_to_ascii(info.acct_desc, - &(ctr->alias.info3.uni_acct_desc), - sizeof(info.acct_desc)-1); + unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1); break; default: return NT_STATUS_INVALID_INFO_CLASS; } - if(!pdb_set_aliasinfo(&group_sid, &info)) { - return NT_STATUS_ACCESS_DENIED; + if(!pdb_update_group_mapping_entry(&map)) { + return NT_STATUS_NO_SUCH_GROUP; } return NT_STATUS_OK; diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index ae0fe84e02..dd92e0d90a 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -280,25 +280,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { - pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pass_last_set_time(to); - new_time = old_time + expire; - if ((new_time) < time(0)) { - new_time = time(0) + expire; - } - } - if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { - DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); - } - } + pdb_set_pass_must_change_time(to,0, PDB_CHANGED); } DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2)); @@ -528,24 +510,6 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pass_last_set_time(to); - new_time = old_time + expire; - if ((new_time) < time(0)) { - new_time = time(0) + expire; - } - } - if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { - DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); - } - } } DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2)); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index edd62fa8f6..c971ff3631 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -4283,11 +4283,10 @@ static BOOL construct_printer_info_5(Printer_entry *print_hnd, PRINTER_INFO_5 *p static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *printer, int snum) { char *guid_str = NULL; - UUID_FLAT guid; + GUID guid; if (is_printer_published(print_hnd, snum, &guid)) { - asprintf(&guid_str, "{%s}", - smb_uuid_string_static(smb_uuid_unpack_static(guid))); + asprintf(&guid_str, "{%s}", smb_uuid_string_static(guid)); strupper_m(guid_str); init_unistr(&printer->guid, guid_str); printer->action = SPOOL_DS_PUBLISH; diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 7487e106bc..40d3a43bef 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1405,7 +1405,10 @@ WERROR _srv_net_share_get_info(pipes_struct *p, SRV_Q_NET_SHARE_GET_INFO *q_u, S static char *valid_share_pathname(char *dos_pathname) { + pstring saved_pathname; + pstring unix_pathname; char *ptr; + int ret; /* Convert any '\' paths to '/' */ unix_format(dos_pathname); @@ -1420,29 +1423,21 @@ static char *valid_share_pathname(char *dos_pathname) if (*ptr != '/') return NULL; - return ptr; -} - -static BOOL exist_share_pathname(char *unix_pathname) -{ - pstring saved_pathname; - int ret; - /* Can we cd to it ? */ /* First save our current directory. */ if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL) return False; + pstrcpy(unix_pathname, ptr); + ret = chdir(unix_pathname); /* We *MUST* be able to chdir back. Abort if we can't. */ if (chdir(saved_pathname) == -1) smb_panic("valid_share_pathname: Unable to restore current directory.\n"); - if (ret == -1) return False; - - return True; + return (ret != -1) ? ptr : NULL; } /******************************************************************* @@ -1459,7 +1454,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S int type; int snum; int ret; - char *path; + char *ptr; SEC_DESC *psd = NULL; DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); @@ -1554,12 +1549,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S return WERR_ACCESS_DENIED; /* Check if the pathname is valid. */ - if (!(path = valid_share_pathname( pathname ))) + if (!(ptr = valid_share_pathname( pathname ))) return WERR_OBJECT_PATH_INVALID; /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); - string_replace(path, '"', ' '); + string_replace(ptr, '"', ' '); string_replace(comment, '"', ' '); DEBUG(10,("_srv_net_share_set_info: change share command = %s\n", @@ -1567,12 +1562,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S /* Only call modify function if something changed. */ - if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) { + if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) { if (!lp_change_share_cmd() || !*lp_change_share_cmd()) return WERR_ACCESS_DENIED; slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command )); if ((ret = smbrun(command, NULL)) != 0) { @@ -1580,12 +1575,6 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S return WERR_ACCESS_DENIED; } - /* Check if the new share pathname exist, if not return an error */ - if (!exist_share_pathname(path)) { - DEBUG(1, ("_srv_net_share_set_info: change share command was ok but path (%s) has not been created!\n", path)); - return WERR_OBJECT_PATH_INVALID; - } - /* Tell everyone we updated smb.conf. */ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); @@ -1626,7 +1615,7 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S int type; int snum; int ret; - char *path; + char *ptr; SEC_DESC *psd = NULL; DEBUG(5,("_srv_net_share_add: %d\n", __LINE__)); @@ -1700,16 +1689,16 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S return WERR_ACCESS_DENIED; /* Check if the pathname is valid. */ - if (!(path = valid_share_pathname( pathname ))) + if (!(ptr = valid_share_pathname( pathname ))) return WERR_OBJECT_PATH_INVALID; /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); - string_replace(path, '"', ' '); + string_replace(ptr, '"', ' '); string_replace(comment, '"', ' '); slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_add_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); if ((ret = smbrun(command, NULL)) != 0) { @@ -1717,33 +1706,10 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S return WERR_ACCESS_DENIED; } - /* Check if the new share pathname exist, if not try to delete the - * share and return an error */ - if (!exist_share_pathname(path)) { - DEBUG(1, ("_srv_net_share_add: add share command was ok but path (%s) has not been created!\n", path)); - DEBUG(1, ("_srv_net_share_add: trying to rollback and delete the share\n")); - - if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { - DEBUG(1, ("_srv_net_share_add: Error! delete share command is not defined! Please check share (%s) in the config file\n", share_name)); - return WERR_OBJECT_PATH_INVALID; - } - - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - lp_delete_share_cmd(), dyn_CONFIGFILE, share_name); - - DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); - if ((ret = smbrun(command, NULL)) != 0) { - DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret )); - DEBUG(1, ("_srv_net_share_add: Error! delete share command failed! Please check share (%s) in the config file\n", share_name)); - } - - return WERR_OBJECT_PATH_INVALID; - } - if (psd) { - if (!set_share_security(p->mem_ctx, share_name, psd)) { - DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", share_name )); - } + if (!set_share_security(p->mem_ctx, share_name, psd)) + DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", + share_name )); } /* Tell everyone we updated smb.conf. */ diff --git a/source3/rpcclient/cmd_epmapper.c b/source3/rpcclient/cmd_epmapper.c deleted file mode 100644 index 4998286194..0000000000 --- a/source3/rpcclient/cmd_epmapper.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "rpcclient.h" - - -static NTSTATUS cmd_epm_map(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - int argc, const char **argv) -{ - EPM_HANDLE handle, entry_handle; - EPM_TOWER *towers; - EPM_FLOOR floors[5]; - uint8 addr[4] = {0,0,0,0}; - uint32 numtowers; - /* need to allow all this stuff to be passed in, but - for now, it demonstrates the call */ - struct uuid if_uuid = {0xe3514235, 0x4b06, 0x11d1, \ - { 0xab, 0x04 }, \ - { 0x00, 0xc0, \ - 0x4f, 0xc2, 0xdc, 0xd2 } }, - syn_uuid = {0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } }; - - NTSTATUS result; - - ZERO_STRUCT(handle); - numtowers = 1; - init_epm_floor_uuid(&floors[0], if_uuid, 4); - init_epm_floor_uuid(&floors[1], syn_uuid, 2); - init_epm_floor_rpc(&floors[2]); - - /* sample for netbios named pipe query - init_epm_floor_np(&floors[3], "\\PIPE\\lsass"); - init_epm_floor_nb(&floors[4], "\\\\psflinux"); - */ - init_epm_floor_tcp(&floors[3], 135); - init_epm_floor_ip(&floors[4], addr); - towers = talloc(mem_ctx, sizeof(EPM_TOWER)); - init_epm_tower(mem_ctx, towers, floors, 5); - - result = cli_epm_map(cli, mem_ctx, &handle, &towers, &entry_handle, &numtowers); - - return result; -} - -struct cmd_set epm_commands[] = { - - { "EPMAPPER" }, - - { "map", RPC_RTYPE_NTSTATUS, cmd_epm_map, NULL, PI_EPM, "map endpoint", "" }, - { NULL } -}; - - diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index d9afde465d..1b1ea31c96 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -69,7 +69,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *dom_sid; - struct uuid *dom_guid; + GUID *dom_guid; fstring sid_str; char *domain_name = NULL; char *dns_name = NULL; @@ -128,7 +128,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, if (info_class == 12) { printf("domain GUID is "); - smb_uuid_string_static(*dom_guid); + print_guid(&dom_guid); } done: return result; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 8372b75b4b..bac11f7435 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -465,7 +465,6 @@ extern struct cmd_set reg_commands[]; extern struct cmd_set ds_commands[]; extern struct cmd_set echo_commands[]; extern struct cmd_set shutdown_commands[]; -extern struct cmd_set epm_commands[]; static struct cmd_set *rpcclient_command_list[] = { rpcclient_commands, @@ -479,7 +478,6 @@ static struct cmd_set *rpcclient_command_list[] = { reg_commands, echo_commands, shutdown_commands, - epm_commands, NULL }; diff --git a/source3/sam/account.c b/source3/sam/account.c deleted file mode 100644 index b8336146cd..0000000000 --- a/source3/sam/account.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Jeremy Allison 1996-2001 - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - Copyright (C) Gerald (Jerry) Carter 2000-2001 - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_ACCOUNT_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account) -{ - ZERO_STRUCT(account->private); /* Don't touch the talloc context */ - - /* Don't change these timestamp settings without a good reason. - They are important for NT member server compatibility. */ - - /* FIXME: We should actually call get_nt_time_max() or sthng - * here */ - unix_to_nt_time(&(account->private.logoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max()); - account->private.unknown_1 = 0x00ffffff; /* don't know */ - account->private.logon_divs = 168; /* hours per week */ - account->private.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */ - account->private.unknown_2 = 0x00000000; /* don't know */ - account->private.unknown_3 = 0x000004ec; /* don't know */ -} - -static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account) -{ - if (*account) { - data_blob_clear_free(&((*account)->private.lm_pw)); - data_blob_clear_free(&((*account)->private.nt_pw)); - if((*account)->private.plaintext_pw!=NULL) - memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw)); - - talloc_destroy((*account)->mem_ctx); - *account = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE)); - - if (*account==NULL) { - DEBUG(0,("sam_init_account_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*account)->mem_ctx = mem_ctx; - - (*account)->free_fn = NULL; - - sam_fill_default_account(*account); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct sam_passwd. - ************************************************************/ - -NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*account)->free_fn = destroy_sam_talloc; - - return NT_STATUS_OK; -} - -/** - * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure. - * - * Also wipes the LM and NT hashes and plaintext password from - * memory. - * - * @param account SAM_ACCOUNT_HANDLE to free members of. - **/ - -static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account) -{ - - /* Kill off sensitive data. Free()ed by the - talloc mechinism */ - - data_blob_clear_free(&(account->private.lm_pw)); - data_blob_clear_free(&(account->private.nt_pw)); - if (account->private.plaintext_pw) - memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw)); -} - - -/************************************************************ - Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes. - ***********************************************************/ - -NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account) -{ - SMB_ASSERT(account != NULL); - - sam_free_account_contents(account); - - sam_fill_default_account(account); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_ACCOUNT_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - sam_free_account_contents(*account); - - if ((*account)->free_fn) { - (*account)->free_fn(account); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) - acct_str[i] = ' '; - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - **********************************************************/ - -uint16 sam_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return acct_ctrl; -} - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ - -void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) { - int i; - for (i = 0; i < 16; i++) - slprintf(&p[i*2], 3, "%02X", pwd[i]); - } else { - if (acct_ctrl & ACB_PWNOTREQ) - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - else - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ - -BOOL sam_gethexpwd(const char *p, unsigned char *pwd) -{ - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - if (!p) - return (False); - - for (i = 0; i < 32; i += 2) { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - return (False); - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); -} diff --git a/source3/sam/group.c b/source3/sam/group.c deleted file mode 100644 index 101e3dd7ce..0000000000 --- a/source3/sam/group.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers - - Copyright (C) Stefan (metze) Metzmacher 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_GROUP_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_group(SAM_GROUP_HANDLE *group) -{ - ZERO_STRUCT(group->private); /* Don't touch the talloc context */ - -} - -static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group) -{ - if (*group) { - - talloc_destroy((*group)->mem_ctx); - *group = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE)); - - if (*group==NULL) { - DEBUG(0,("sam_init_group_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*group)->mem_ctx = mem_ctx; - - (*group)->free_fn = NULL; - - sam_fill_default_group(*group); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct SAM_GROUP_HANDLE. - ************************************************************/ - -NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*group)->free_fn = destroy_sam_group_handle_talloc; - - return NT_STATUS_OK; -} - - -/************************************************************ - Reset the SAM_GROUP_HANDLE. - ***********************************************************/ - -NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group) -{ - SMB_ASSERT(group != NULL); - - sam_fill_default_group(group); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_GROUP_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if ((*group)->free_fn) { - (*group)->free_fn(group); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the group control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length) -{ - static fstring group_str; - size_t i = 0; - - group_str[i++] = '['; - - if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L'; - if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G'; - - for ( ; i < length - 2 ; i++ ) - group_str[i] = ' '; - - i = length - 2; - group_str[i++] = ']'; - group_str[i++] = '\0'; - - return group_str; -} - -/********************************************************** - Decode the group control bits from a string. - **********************************************************/ - -uint16 sam_decode_group_ctrl(const char *p) -{ - uint16 group_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ } - case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ } - - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return group_ctrl; -} - diff --git a/source3/sam/gums.c b/source3/sam/gums.c deleted file mode 100644 index b719153584..0000000000 --- a/source3/sam/gums.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Grops and Users Management System initializations. - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -#define GMV_MAJOR 0 -#define GMV_MINOR 1 - -static GUMS_FUNCTIONS *gums_backend = NULL; - -static struct gums_init_function_entry *backends = NULL; - -static void lazy_initialize_gums(void) -{ - static BOOL initialized = False; - - if (initialized) - return; - - static_init_gums; - initialized = True; -} - -static struct gums_init_function_entry *gums_find_backend_entry(const char *name); - -NTSTATUS gums_register_module(int version, const char *name, gums_init_function init_fn) -{ - struct gums_init_function_entry *entry = backends; - - if (version != GUMS_INTERFACE_VERSION) { - DEBUG(0,("Can't register gums backend!\n" - "You tried to register a gums module with" - "GUMS_INTERFACE_VERSION %d, while this version" - "of samba uses version %d\n", version, - GUMS_INTERFACE_VERSION)); - - return NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - if (!name || !init_fn) { - return NT_STATUS_INVALID_PARAMETER; - } - - DEBUG(5,("Attempting to register gums backend %s\n", name)); - - /* Check for duplicates */ - if (gums_find_backend_entry(name)) { - DEBUG(0,("There already is a gums backend registered" - "with the name %s!\n", name)); - return NT_STATUS_OBJECT_NAME_COLLISION; - } - - entry = smb_xmalloc(sizeof(struct gums_init_function_entry)); - entry->name = smb_xstrdup(name); - entry->init_fn = init_fn; - - DLIST_ADD(backends, entry); - DEBUG(5,("Successfully added gums backend '%s'\n", name)); - return NT_STATUS_OK; -} - -static struct gums_init_function_entry *gums_find_backend_entry(const char *name) -{ - struct gums_init_function_entry *entry = backends; - - while (entry) { - if (strcmp(entry->name, name) == 0) - return entry; - entry = entry->next; - } - - return NULL; -} - -NTSTATUS gums_setup_backend(const char *backend) -{ - - TALLOC_CTX *mem_ctx; - char *module_name = smb_xstrdup(backend); - char *p, *module_data = NULL; - struct gums_init_function_entry *entry; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - lazy_initialize_gums(); - - p = strchr(module_name, ':'); - if (p) { - *p = 0; - module_data = p+1; - trim_string(module_data, " ", " "); - } - - trim_string(module_name, " ", " "); - - DEBUG(5,("Attempting to find a gums backend to match %s (%s)\n", backend, module_name)); - - entry = gums_find_backend_entry(module_name); - - /* Try to find a module that contains this module */ - if (!entry) { - DEBUG(2,("No builtin backend found, trying to load plugin\n")); - if(NT_STATUS_IS_OK(smb_probe_module("gums", module_name)) && !(entry = gums_find_backend_entry(module_name))) { - DEBUG(0,("Plugin is available, but doesn't register gums backend %s\n", module_name)); - SAFE_FREE(module_name); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* No such backend found */ - if(!entry) { - DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name)); - SAFE_FREE(module_name); - return NT_STATUS_INVALID_PARAMETER; - } - - DEBUG(5,("Found gums backend %s\n", module_name)); - - /* free current functions structure if any */ - if (gums_backend) { - gums_backend->free_private_data(gums_backend->private_data); - talloc_destroy(gums_backend->mem_ctx); - gums_backend = NULL; - } - - /* allocate a new GUMS_FUNCTIONS structure and memory context */ - mem_ctx = talloc_init("gums_backend (%s)", module_name); - if (!mem_ctx) - return NT_STATUS_NO_MEMORY; - gums_backend = talloc(mem_ctx, sizeof(GUMS_FUNCTIONS)); - if (!gums_backend) - return NT_STATUS_NO_MEMORY; - gums_backend->mem_ctx = mem_ctx; - - /* init the requested backend module */ - if (NT_STATUS_IS_OK(ret = entry->init_fn(gums_backend, module_data))) { - DEBUG(5,("gums backend %s has a valid init\n", backend)); - } else { - DEBUG(0,("gums backend %s did not correctly init (error was %s)\n", backend, nt_errstr(ret))); - } - SAFE_FREE(module_name); - return ret; -} - -NTSTATUS get_gums_fns(GUMS_FUNCTIONS **fns) -{ - if (gums_backend != NULL) { - *fns = gums_backend; - return NT_STATUS_OK; - } - - DEBUG(2, ("get_gums_fns: unable to get gums functions! backend uninitialized?\n")); - return NT_STATUS_UNSUCCESSFUL; -} diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c deleted file mode 100644 index 5aafa7695f..0000000000 --- a/source3/sam/gums_api.c +++ /dev/null @@ -1,1426 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Functions to get/set info from a GUMS object */ - -NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) -{ - TALLOC_CTX *mem_ctx; - GUMS_OBJECT *go; - NTSTATUS ret; - - mem_ctx = talloc_init("gums_create_object"); - if (!mem_ctx) { - DEBUG(0, ("gums_create_object: Out of memory!\n")); - *obj = NULL; - return NT_STATUS_NO_MEMORY; - } - - go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - if (!go) { - DEBUG(0, ("gums_create_object: Out of memory!\n")); - talloc_destroy(mem_ctx); - *obj = NULL; - return NT_STATUS_NO_MEMORY; - } - - go->mem_ctx = mem_ctx; - go->type = type; - go->version = GUMS_OBJECT_VERSION; - - switch(type) { - case GUMS_OBJ_DOMAIN: - go->domain = (GUMS_DOMAIN *)talloc_zero(mem_ctx, sizeof(GUMS_DOMAIN)); - if (!(go->domain)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - go->user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER)); - if (!(go->user)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - gums_set_user_acct_ctrl(go, ACB_NORMAL); - gums_set_user_hours(go, 0, NULL); - - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - go->group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); - if (!(go->group)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - break; - - default: - /* TODO: throw error */ - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto error; - } - - *obj = go; - return NT_STATUS_OK; - -error: - talloc_destroy(go->mem_ctx); - *obj = NULL; - return ret; -} - -NTSTATUS gums_create_privilege(GUMS_PRIVILEGE **priv) -{ - TALLOC_CTX *mem_ctx; - GUMS_PRIVILEGE *pri; - - mem_ctx = talloc_init("gums_create_privilege"); - if (!mem_ctx) { - DEBUG(0, ("gums_create_privilege: Out of memory!\n")); - *priv = NULL; - return NT_STATUS_NO_MEMORY; - } - - pri = talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE)); - if (!pri) { - DEBUG(0, ("gums_create_privilege: Out of memory!\n")); - talloc_destroy(mem_ctx); - *priv = NULL; - return NT_STATUS_NO_MEMORY; - } - - pri->mem_ctx = mem_ctx; - pri->version = GUMS_PRIVILEGE_VERSION; - - *priv = pri; - return NT_STATUS_OK; -} - -NTSTATUS gums_destroy_object(GUMS_OBJECT **obj) -{ - if (!obj || !(*obj)) - return NT_STATUS_INVALID_PARAMETER; - - if ((*obj)->mem_ctx) - talloc_destroy((*obj)->mem_ctx); - *obj = NULL; - - return NT_STATUS_OK; -} - -NTSTATUS gums_destroy_privilege(GUMS_PRIVILEGE **priv) -{ - if (!priv || !(*priv)) - return NT_STATUS_INVALID_PARAMETER; - - if ((*priv)->mem_ctx) - talloc_destroy((*priv)->mem_ctx); - *priv = NULL; - - return NT_STATUS_OK; -} - -void gums_reset_object(GUMS_OBJECT *go) -{ - go->seq_num = 0; - go->sid = NULL; - go->name = NULL; - go->description = NULL; - - switch(go->type) { - case GUMS_OBJ_DOMAIN: - memset(go->domain, 0, sizeof(GUMS_DOMAIN)); - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - memset(go->user, 0, sizeof(GUMS_USER)); - gums_set_user_acct_ctrl(go, ACB_NORMAL); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - memset(go->group, 0, sizeof(GUMS_GROUP)); - break; - - default: - return; - } -} - -uint32 gums_get_object_type(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->type; -} - -uint32 gums_get_object_seq_num(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->seq_num; -} - -uint32 gums_get_object_version(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->version; -} - -const SEC_DESC *gums_get_sec_desc(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->sec_desc; -} - -const DOM_SID *gums_get_object_sid(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->sid; -} - -const char *gums_get_object_name(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->name; -} - -const char *gums_get_object_description(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->description; -} - -NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 seq_num) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->seq_num = seq_num; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_version(GUMS_OBJECT *obj, uint32 version) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->version = version; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc) -{ - if (!obj || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc); - if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - obj->sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name) -{ - if (!obj || !name) - return NT_STATUS_INVALID_PARAMETER; - - obj->name = (char *)talloc_strdup(obj->mem_ctx, name); - if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description) -{ - if (!obj || !description) - return NT_STATUS_INVALID_PARAMETER; - - obj->description = (char *)talloc_strdup(obj->mem_ctx, description); - if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj) -{ - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; - - *priv_set = obj->priv_set; - return NT_STATUS_OK; -} -*/ - -uint32 gums_get_domain_next_rid(const GUMS_OBJECT *obj) -{ - if (obj->type != GUMS_OBJ_DOMAIN) - return -1; - - return obj->domain->next_rid; -} - -NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->domain->next_rid = rid; - return NT_STATUS_OK; -} - -/* User specific functions */ - -const DOM_SID *gums_get_user_pri_group(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->group_sid; -} - -const DATA_BLOB gums_get_user_nt_pwd(const GUMS_OBJECT *obj) -{ - fstring p; - - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return data_blob(NULL, 0); - - pdb_sethexpwd(p, (unsigned char *)(obj->user->nt_pw.data), 0); - DEBUG(100, ("Reading NT Password=[%s]\n", p)); - - return obj->user->nt_pw; -} - -const DATA_BLOB gums_get_user_lm_pwd(const GUMS_OBJECT *obj) -{ - fstring p; - - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return data_blob(NULL, 0); - - pdb_sethexpwd(p, (unsigned char *)(obj->user->lm_pw.data), 0); - DEBUG(100, ("Reading LM Password=[%s]\n", p)); - - return obj->user->lm_pw; -} - -const char *gums_get_user_fullname(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->full_name; -} - -const char *gums_get_user_homedir(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->home_dir; -} - -const char *gums_get_user_dir_drive(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->dir_drive; -} - -const char *gums_get_user_profile_path(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->profile_path; -} - -const char *gums_get_user_logon_script(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->logon_script; -} - -const char *gums_get_user_workstations(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->workstations; -} - -const char *gums_get_user_unknown_str(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->unknown_str; -} - -const char *gums_get_user_munged_dial(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->munged_dial; -} - -NTTIME gums_get_user_logon_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->logon_time; -} - -NTTIME gums_get_user_logoff_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->logoff_time; -} - -NTTIME gums_get_user_kickoff_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->kickoff_time; -} - -NTTIME gums_get_user_pass_last_set_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_last_set_time; -} - -NTTIME gums_get_user_pass_can_change_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_can_change_time; -} - -NTTIME gums_get_user_pass_must_change_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_must_change_time; -} - -uint16 gums_get_user_acct_ctrl(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->acct_ctrl; -} - -uint16 gums_get_user_logon_divs(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->logon_divs; -} - -uint32 gums_get_user_hours_len(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->hours_len; -} - -const uint8 *gums_get_user_hours(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->hours; -} - -uint32 gums_get_user_unknown_3(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->unknown_3; -} - -uint16 gums_get_user_bad_password_count(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->bad_password_count; -} - -uint16 gums_get_user_logon_count(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->logon_count; -} - -uint32 gums_get_user_unknown_6(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->unknown_6; -} - -NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->group_sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->user->group_sid)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) -{ - fstring p; - unsigned char r[16]; - - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); - - memcpy(r, nt_pwd.data, 16); - pdb_sethexpwd(p, r, 0); - DEBUG(100, ("Setting NT Password=[%s]\n", p)); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) -{ - fstring p; - unsigned char r[16]; - - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); - - memcpy(r, lm_pwd.data, 16); - pdb_sethexpwd(p, r, 0); - DEBUG(100, ("Setting LM Password=[%s]\n", p)); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname) -{ - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname); - if (!(obj->user->full_name)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir) -{ - if (!obj || !homedir) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir); - if (!(obj->user->home_dir)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive) -{ - if (!obj || !dir_drive) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive); - if (!(obj->user->dir_drive)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script) -{ - if (!obj || !logon_script) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script); - if (!(obj->user->logon_script)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path) -{ - if (!obj || !profile_path) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path); - if (!(obj->user->profile_path)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations) -{ - if (!obj || !workstations) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations); - if (!(obj->user->workstations)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str) -{ - if (!obj || !unknown_str) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str); - if (!(obj->user->unknown_str)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial) -{ - if (!obj || !munged_dial) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial); - if (!(obj->user->munged_dial)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_time = logon_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logoff_time = logoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->kickoff_time = kickoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_last_set_time = pass_last_set_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_can_change_time = pass_can_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_must_change_time = pass_must_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_acct_ctrl(GUMS_OBJECT *obj, uint16 acct_ctrl) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->acct_ctrl = acct_ctrl; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_divs = logon_divs; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, uint32 hours_len, const uint8 *hours) -{ - if (!obj || !hours) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->hours_len = hours_len; - if (hours_len == 0) - DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n")); - - obj->user->hours = (uint8 *)talloc(obj->mem_ctx, MAX_HOURS_LEN); - if (!(obj->user->hours)) - return NT_STATUS_NO_MEMORY; - if (hours_len) - memcpy(obj->user->hours, hours, hours_len); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_3 = unknown_3; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_bad_password_count(GUMS_OBJECT *obj, uint16 bad_password_count) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->bad_password_count = bad_password_count; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_count(GUMS_OBJECT *obj, uint16 logon_count) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_count = logon_count; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_6 = unknown_6; - return NT_STATUS_OK; -} - -/* Group specific functions */ - -const DOM_SID *gums_get_group_members(int *count, const GUMS_OBJECT *obj) -{ - if (!count || !obj || !(obj->type == GUMS_OBJ_GROUP || obj->type == GUMS_OBJ_ALIAS)) { - *count = -1; - return NULL; - } - - *count = obj->group->count; - return obj->group->members; -} - -NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members) -{ - uint32 n; - - if (!obj || ((count > 0) && !members)) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->group->count = count; - - if (count) { - obj->group->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID)); - if (!(obj->group->members)) { - return NT_STATUS_NO_MEMORY; - } - - - n = 0; - do { - sid_copy(&(obj->group->members[n]), &(members[n])); - n++; - } while (n < count); - } else { - obj->group->members = 0; - } - - return NT_STATUS_OK; -} - -/* Privilege specific functions */ - -const LUID_ATTR *gums_get_priv_luid_attr(const GUMS_PRIVILEGE *priv) -{ - if (!priv) { - return NULL; - } - - return priv->privilege; -} - -const DOM_SID *gums_get_priv_members(int *count, const GUMS_PRIVILEGE *priv) -{ - if (!count || !priv) { - *count = -1; - return NULL; - } - - *count = priv->count; - return priv->members; -} - -NTSTATUS gums_set_priv_luid_attr(GUMS_PRIVILEGE *priv, LUID_ATTR *luid_attr) -{ - if (!luid_attr || !priv) - return NT_STATUS_INVALID_PARAMETER; - - priv->privilege = (LUID_ATTR *)talloc_memdup(priv->mem_ctx, luid_attr, sizeof(LUID_ATTR)); - if (!(priv->privilege)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_priv_members(GUMS_PRIVILEGE *priv, uint32 count, DOM_SID *members) -{ - uint32 n; - - if (!priv || !members || !members) - return NT_STATUS_INVALID_PARAMETER; - - priv->count = count; - priv->members = (DOM_SID *)talloc(priv->mem_ctx, count * sizeof(DOM_SID)); - if (!(priv->members)) - return NT_STATUS_NO_MEMORY; - - n = 0; - do { - sid_copy(&(priv->members[n]), &(members[n])); - n++; - } while (n < count); - - return NT_STATUS_OK; -} - -/* data_store set functions */ - -NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, DOM_SID *sid, uint32 type) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("commit_set"); - if (mem_ctx == NULL) - return NT_STATUS_NO_MEMORY; - - *com_set = (GUMS_COMMIT_SET *)talloc_zero(mem_ctx, sizeof(GUMS_COMMIT_SET)); - if (*com_set == NULL) { - talloc_destroy(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - - (*com_set)->mem_ctx = mem_ctx; - (*com_set)->type = type; - sid_copy(&((*com_set)->sid), sid); - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_grow_data_set(GUMS_COMMIT_SET *com_set, int size) -{ - GUMS_DATA_SET *data_set; - - com_set->count = com_set->count + size; - if (com_set->count == size) { /* data set is empty*/ - data_set = (GUMS_DATA_SET *)talloc_zero(com_set->mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(com_set->mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data = data_set; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_sec_desc(GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - SEC_DESC *new_sec_desc; - - if (!com_set || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SEC_DESC; - new_sec_desc = dup_sec_desc(com_set->mem_ctx, sec_desc); - if (new_sec_desc == NULL) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_sec_desc; - - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_cs_add_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!com_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_del_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!com_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_privilege_set(GUMS_PRIV_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - PRIVILEGE_SET *new_priv_set; - - if (!com_set || !priv_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = init_priv_set_with_ctx(com_set->mem_ctx, &new_priv_set))) - return ret; - - if (!NT_STATUS_IS_OK(ret = dup_priv_set(new_priv_set, priv_set))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv_set; - - return NT_STATUS_OK; -} -*/ - -NTSTATUS gums_cs_set_string(GUMS_COMMIT_SET *com_set, uint32 type, char *str) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - char *new_str; - - if (!com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_str = talloc_strdup(com_set->mem_ctx, str); - if (new_str == NULL) - return NT_STATUS_NO_MEMORY; - - (char *)(data_set->data) = new_str; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_name(GUMS_COMMIT_SET *com_set, char *name) -{ - return gums_cs_set_string(com_set, GUMS_SET_NAME, name); -} - -NTSTATUS gums_cs_set_description(GUMS_COMMIT_SET *com_set, char *desc) -{ - return gums_cs_set_string(com_set, GUMS_SET_DESCRIPTION, desc); -} - -NTSTATUS gums_cs_set_full_name(GUMS_COMMIT_SET *com_set, char *full_name) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, full_name); -} - -NTSTATUS gums_cs_set_home_directory(GUMS_COMMIT_SET *com_set, char *home_dir) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, home_dir); -} - -NTSTATUS gums_cs_set_drive(GUMS_COMMIT_SET *com_set, char *drive) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, drive); -} - -NTSTATUS gums_cs_set_logon_script(GUMS_COMMIT_SET *com_set, char *logon_script) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, logon_script); -} - -NTSTATUS gums_cs_set_profile_path(GUMS_COMMIT_SET *com_set, char *prof_path) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, prof_path); -} - -NTSTATUS gums_cs_set_workstations(GUMS_COMMIT_SET *com_set, char *wks) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, wks); -} - -NTSTATUS gums_cs_set_unknown_string(GUMS_COMMIT_SET *com_set, char *unkn_str) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, unkn_str); -} - -NTSTATUS gums_cs_set_munged_dial(GUMS_COMMIT_SET *com_set, char *munged_dial) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, munged_dial); -} - -NTSTATUS gums_cs_set_nttime(GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - NTTIME *new_time; - - if (!com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_time = talloc(com_set->mem_ctx, sizeof(NTTIME)); - if (new_time == NULL) - return NT_STATUS_NO_MEMORY; - - new_time->low = nttime->low; - new_time->high = nttime->high; - (char *)(data_set->data) = new_time; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_logon_time(GUMS_COMMIT_SET *com_set, NTTIME *logon_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, logon_time); -} - -NTSTATUS gums_cs_set_logoff_time(GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGOFF_TIME, logoff_time); -} - -NTSTATUS gums_cs_set_kickoff_time(GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); -} - -NTSTATUS gums_cs_set_pass_last_set_time(GUMS_COMMIT_SET *com_set, NTTIME *pls_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pls_time); -} - -NTSTATUS gums_cs_set_pass_can_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pcc_time); -} - -NTSTATUS gums_cs_set_pass_must_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pmc_time); -} - -NTSTATUS gums_cs_add_sids_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_add_users_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(com_set, sids, count); -} - -NTSTATUS gums_cs_add_groups_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(com_set, sids, count); -} - -NTSTATUS gums_cs_del_sids_from_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_ds_set_sids_in_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) -{ - NTSTATUS ret; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) { - DEBUG(0, ("gums_commit_data: unable to get gums functions! backend uninitialized?\n")); - return ret; - } - return fns->set_object_values(&(set->sid), set->count, set->data); -} - -NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set) -{ - talloc_destroy((*com_set)->mem_ctx); - *com_set = NULL; - - return NT_STATUS_OK; -} - diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c deleted file mode 100644 index fcb9366cda..0000000000 --- a/source3/sam/gums_helper.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS backends helper functions - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -extern DOM_SID global_sid_World; -extern DOM_SID global_sid_Builtin; -extern DOM_SID global_sid_Builtin_Administrators; -extern DOM_SID global_sid_Builtin_Power_Users; -extern DOM_SID global_sid_Builtin_Account_Operators; -extern DOM_SID global_sid_Builtin_Server_Operators; -extern DOM_SID global_sid_Builtin_Print_Operators; -extern DOM_SID global_sid_Builtin_Backup_Operators; -extern DOM_SID global_sid_Builtin_Replicator; -extern DOM_SID global_sid_Builtin_Users; -extern DOM_SID global_sid_Builtin_Guests; - - -/* defines */ - -#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define NTSTATUS_CHECK(err, label, str1, str2) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s\n", str1, str2)); } } while(0) - -/**************************************************************************** - Check if a user is a mapped group. - - This function will check if the group SID is mapped onto a - system managed gid or onto a winbind manged sid. - In the first case it will be threated like a mapped group - and the backend should take the member list with a getgrgid - and ignore any user that have been possibly set into the group - object. - - In the second case, the group is a fully SAM managed group - served back to the system through winbind. In this case the - members of a Local group are "unrolled" to cope with the fact - that unix cannot contain groups inside groups. - The backend MUST never call any getgr* / getpw* function or - loops with winbind may happen. - ****************************************************************************/ - -#if 0 -NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) -{ - NTSTATUS result; - gid_t id; - - /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ - result = idmap_get_gid_from_sid(&id, sid, False); - if (NT_STATUS_IS_OK(result)) { - *mapped = gid_is_in_winbind_range(id); - } else { - *mapped = False; - } - - return result; -} -#endif - -#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013 -#define ALIAS_DEFAULT_DACL_SA_RIGHTS \ - (READ_CONTROL_ACCESS | \ - SA_RIGHT_ALIAS_LOOKUP_INFO | \ - SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */ - -#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ - - -NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) -{ - DOM_SID *world = &global_sid_World; - DOM_SID *admins = &global_sid_Builtin_Administrators; - SEC_ACCESS sa; - SEC_ACE sacl_ace; - SEC_ACE dacl_aces[2]; - SEC_ACL *sacl = NULL; - SEC_ACL *dacl = NULL; - size_t psize; - - init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS); - init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG); - - sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS); - init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS); - init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - - dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, admins, admins, sacl, dacl, &psize); - if (!(*sec_desc)) { - DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - -NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask) -{ - NTSTATUS result; - SEC_ACE *new_aces; - unsigned num_aces; - int i; - - num_aces = sec_desc->dacl->num_aces + 1; - result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask); - if (NT_STATUS_IS_OK(result)) { - sec_desc->dacl->ace = new_aces; - sec_desc->dacl->num_aces = num_aces; - sec_desc->dacl->size = SEC_ACL_HEADER_SIZE; - for (i = 0; i < num_aces; i++) { - sec_desc->dacl->size += sec_desc->dacl->ace[i].size; - } - } - return result; -} - -NTSTATUS gums_make_domain(DOM_SID *sid, const char *name, const char *description) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) - return ret; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_DOMAIN))) - return ret; - - ret = gums_set_object_sid(go, sid); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - - ret = gums_set_object_name(go, name); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - - if (description) { - ret = gums_set_object_description(go, description); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); - } - - /* make security descriptor * / - ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); - NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); - */ - - ret = fns->set_object(go); - - gums_destroy_object(&go); - return ret; -} - -NTSTATUS gums_make_alias(DOM_SID *sid, const char *name, const char *description) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) - return ret; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_ALIAS))) - return ret; - - ret = gums_set_object_sid(go, sid); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - - ret = gums_set_object_name(go, name); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - - if (description) { - ret = gums_set_object_description(go, description); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); - } - - /* make security descriptor * / - ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); - NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); - */ - - ret = fns->set_object(go); - - gums_destroy_object(&go); - return ret; -} - -NTSTATUS gums_init_domain(DOM_SID *sid, const char *name, const char * description) -{ - NTSTATUS ret; - - /* Add the weelknown Builtin Domain */ - if (!NT_STATUS_IS_OK(ret = gums_make_domain( - sid, - name, - description - ))) { - return ret; - } - - /* Add default users and groups */ - /* Administrator - Guest - Domain Administrators - Domain Users - Domain Guests - */ - - return ret; -} - -NTSTATUS gums_init_builtin_domain(void) -{ - NTSTATUS ret; - - generate_wellknown_sids(); - - /* Add the weelknown Builtin Domain */ - if (!NT_STATUS_IS_OK(ret = gums_make_domain( - &global_sid_Builtin, - "BUILTIN", - "Builtin Domain" - ))) { - return ret; - } - - /* Add the well known Builtin Local Groups */ - - /* Administrators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Administrators, - "Administrators", - "Members can fully administer the computer/domain" - ))) { - return ret; - } - /* Administrator privilege set */ - /* From BDC join trace: - SeSecurityPrivilege, SeBackupPrivilege, SeRestorePrivilege, - SeSystemtimePrivilege, SeShutdownPrivilege, - SeRemoteShutdownPrivilege, SeTakeOwnershipPrivilege, - SeDebugPrivilege, SeSystemEnvironmentPrivilege, - SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, - SeIncreaseBasePriorityPrivilege, SeLocalDriverPrivilege, - SeCreatePagefilePrivilege, SeIncreaseQuotaPrivilege - */ - - /* Power Users */ - /* Domain Controllers Does NOT have Power Users (?) */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Power_Users, - "Power Users", - "Power Users" - ))) { - return ret; - } - - /* Power Users privilege set */ - /* (?) */ - - /* Account Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Account_Operators, - "Account Operators", - "Members can administer domain user and group accounts" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* Server Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Server_Operators, - "Server Operators", - "Members can administer domain servers" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeSystemtimePrivilege, - SeShutdownPrivilege, SeRemoteShutdownPrivilege - */ - - /* Print Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Print_Operators, - "Print Operators", - "Members can administer domain printers" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* Backup Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Backup_Operators, - "Backup Operators", - "Members can bypass file security to backup files" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege - */ - - /* Replicator */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Replicator, - "Replicator", - "Supports file replication in a domain" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege - */ - - /* Users */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Users, - "Users", - "Ordinary users" - ))) { - return ret; - } - - /* Users specific ACEs * / - sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); - sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); - */ - - /* Guests */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Guests, - "Guests", - "Users granted guest access to the computer/domain" - ))) { - return ret; - } - - return ret; -} - diff --git a/source3/sam/gums_tdbsam2.c b/source3/sam/gums_tdbsam2.c deleted file mode 100644 index 7fb9a1a997..0000000000 --- a/source3/sam/gums_tdbsam2.c +++ /dev/null @@ -1,1220 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * tdbsam2 - sam backend - * Copyright (C) Simo Sorce 2002-2003 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" -#include "tdbsam2_parse_info.h" - -#if 0 -static int gums_tdbsam2_debug_class = DBGC_ALL; -#endif -/* -#undef DBGC_CLASS -#define DBGC_CLASS gums_tdbsam2_debug_class -*/ - -#define TDBSAM_VERSION 20021215 -#define TDB_FILE_NAME "tdbsam2.tdb" -#define NAMEPREFIX "NAME_" -#define SIDPREFIX "SID_" -#define PRIVILEGEPREFIX "PRIV_" - -#define TDB_BASIC_OBJ_STRING "ddd" -#define TDB_FORMAT_STRING "dddB" -#define TDB_PRIV_FORMAT_STRING "ddB" - -#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - - - -struct tdbsam2_enum_objs { - uint32 type; - DOM_SID *dom_sid; - TDB_CONTEXT *db; - TDB_DATA key; - struct tdbsam2_enum_objs *next; -}; - -struct tdbsam2_private_data { - - const char *storage; - struct tdbsam2_enum_objs *teo_handlers; -}; - -static struct tdbsam2_private_data *ts2_privs; - -static NTSTATUS init_object_from_buffer(GUMS_OBJECT **go, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx; - int iret; - char *obj_data = NULL; - int data_size = 0; - int version, type, seqnum; - int len; - - mem_ctx = talloc_init("init_object_from_buffer"); - if (!mem_ctx) { - DEBUG(0, ("init_object_from_buffer: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - len = tdb_unpack (buffer, size, TDB_FORMAT_STRING, - &version, - &type, - &seqnum, - &data_size, &obj_data); - - if (len == -1 || data_size <= 0) - goto done; - - /* version is checked inside this function so that backward - compatibility code can be called eventually. - This way we can easily handle database format upgrades */ - if (version != TDBSAM_VERSION) { - DEBUG(3,("init_object_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - *go = (GUMS_OBJECT *)talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - TALLOC_CHECK(*go, ret, done); - - switch (type) { - - case GUMS_OBJ_DOMAIN: - iret = gen_parse(mem_ctx, pinfo_gums_domain, (char *)(*go), obj_data); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - iret = gen_parse(mem_ctx, pinfo_gums_group, (char *)(*go), obj_data); - break; - - case GUMS_OBJ_NORMAL_USER: - iret = gen_parse(mem_ctx, pinfo_gums_user, (char *)(*go), obj_data); - break; - - default: - DEBUG(3,("init_object_from_buffer: Error, wrong object type number!\n")); - goto done; - } - - if (iret != 0) { - DEBUG(0, ("init_object_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0, ("init_object_from_buffer: DB Corrupt ?")); - goto done; - } - - (*go)->mem_ctx = mem_ctx; - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_privilege_from_buffer(GUMS_PRIVILEGE **priv, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx; - int iret; - char *obj_data = NULL; - int data_size = 0; - int version, seqnum; - int len; - - mem_ctx = talloc_init("init_privilege_from_buffer"); - if (!mem_ctx) { - DEBUG(0, ("init_privilege_from_buffer: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - len = tdb_unpack (buffer, size, TDB_PRIV_FORMAT_STRING, - &version, - &seqnum, - &data_size, &obj_data); - - if (len == -1 || data_size <= 0) - goto done; - - /* version is checked inside this function so that backward - compatibility code can be called eventually. - This way we can easily handle database format upgrades */ - if (version != TDBSAM_VERSION) { - DEBUG(3,("init_privilege_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - *priv = (GUMS_PRIVILEGE *)talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE)); - TALLOC_CHECK(*priv, ret, done); - - iret = gen_parse(mem_ctx, pinfo_gums_privilege, (char *)(*priv), obj_data); - - if (iret != 0) { - DEBUG(0, ("init_privilege_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0, ("init_privilege_from_buffer: DB Corrupt ?")); - goto done; - } - - (*priv)->mem_ctx = mem_ctx; - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_buffer_from_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_OBJECT *object) -{ - - NTSTATUS ret; - char *genbuf = NULL; - size_t buflen; - - if (!buffer) - return NT_STATUS_INVALID_PARAMETER; - - switch (gums_get_object_type(object)) { - - case GUMS_OBJ_DOMAIN: - genbuf = gen_dump(mem_ctx, pinfo_gums_domain, (char *)object, 0); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - genbuf = gen_dump(mem_ctx, pinfo_gums_group, (char *)object, 0); - break; - - case GUMS_OBJ_NORMAL_USER: - genbuf = gen_dump(mem_ctx, pinfo_gums_user, (char *)object, 0); - break; - - default: - DEBUG(3,("init_buffer_from_object: Error, wrong object type number!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (genbuf == NULL) { - DEBUG(0, ("init_buffer_from_object: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - object->seq_num, - strlen(genbuf) + 1, genbuf); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - object->seq_num, - strlen(genbuf) + 1, genbuf); - - if (*len != buflen) { - DEBUG(0, ("init_buffer_from_object: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS init_buffer_from_privilege(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_PRIVILEGE *priv) -{ - - NTSTATUS ret; - char *genbuf = NULL; - size_t buflen; - - if (!buffer || !len || !mem_ctx || !priv) - return NT_STATUS_INVALID_PARAMETER; - - genbuf = gen_dump(mem_ctx, pinfo_gums_privilege, (char *)priv, 0); - - if (genbuf == NULL) { - DEBUG(0, ("init_buffer_from_privilege: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_PRIV_FORMAT_STRING, - TDBSAM_VERSION, - priv->seq_num, - strlen(genbuf) + 1, genbuf); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_PRIV_FORMAT_STRING, - TDBSAM_VERSION, - priv->seq_num, - strlen(genbuf) + 1, genbuf); - - if (*len != buflen) { - DEBUG(0, ("init_buffer_from_privilege: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS opentdb(TDB_CONTEXT **tdb, BOOL readonly) -{ - if (!tdb) - return NT_STATUS_INVALID_PARAMETER; - - *tdb = tdb_open_log(ts2_privs->storage, 0, TDB_DEFAULT, readonly?(O_RDONLY):(O_RDWR | O_CREAT), 0600); - if (!(*tdb)) - { - DEBUG(0, ("opentdb: Unable to open database (%s)!\n", ts2_privs->storage)); - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -static NTSTATUS get_object_by_sid(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const DOM_SID *sid) -{ - NTSTATUS ret; - TDB_DATA data, key; - fstring keystr; - - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_sid: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - if (!NT_STATUS_IS_OK(init_object_from_buffer(obj, data.dptr, data.dsize))) { - DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; - -done: - SAFE_FREE(data.dptr); - return ret; -} - -static NTSTATUS make_full_object_name(TDB_CONTEXT *tdb, fstring objname, GUMS_OBJECT *object) -{ - NTSTATUS ret; - - objname[0] = '\0'; - - if (gums_get_object_type(object) == GUMS_OBJ_DOMAIN) { - - fstrcpy(objname, gums_get_object_name(object)); - - } else { - GUMS_OBJECT *domain_object; - DOM_SID domain_sid; - uint32 *discard_rid; - - sid_copy(&domain_sid, gums_get_object_sid(object)); - sid_split_rid(&domain_sid, discard_rid); - - if (!NT_STATUS_IS_OK(get_object_by_sid(tdb, - &domain_object, - &domain_sid))) { - - DEBUG(3, ("Object's domain not found!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - fstrcpy(objname, gums_get_object_name(domain_object)); - fstrcat(objname, "\\"); - fstrcat(objname, gums_get_object_name(object)); - } - - ret = NT_STATUS_OK; - -done: - return ret; -} - -/* name should be in DOMAIN\NAME format */ -static NTSTATUS get_object_by_name(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const char *fullname) -{ - - NTSTATUS ret = NT_STATUS_OK; - TDB_DATA data, key; - fstring keystr; - fstring objname; - DOM_SID sid; - fstring sidstr; - int sidstr_len; - - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - /* Data is stored in all lower-case */ - fstrcpy(objname, fullname); - strlower_m(objname); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_name: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - fstrcpy(sidstr, data.dptr); - sidstr_len = data.dsize; - - SAFE_FREE(data.dptr); - - if (sidstr_len <= 0) { - DEBUG(5, ("get_object_by_name: Error unpacking database object!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!string_to_sid(&sid, sidstr)) { - DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -done: - if (NT_STATUS_IS_OK(ret)) - return get_object_by_sid(tdb, obj, &sid); - return ret; -} - -/* Get object's sequence number */ - -static NTSTATUS get_object_seq_num(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int *seq_num) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_DATA data, key; - fstring keystr; - fstring sidstr; - int version, type, seqnum; - - if (!object || !seq_num) - return NT_STATUS_INVALID_PARAMETER; - - fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object))); - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_seq_num: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - if (tdb_unpack (data.dptr, data.dsize, TDB_BASIC_OBJ_STRING, &version, &type, &seqnum) == -1) - goto done; - - *seq_num = seqnum; - ret = NT_STATUS_OK; - -done: - SAFE_FREE(data.dptr); - return ret; -} - -/* store a gums object - * flag: TDB_REPLACE or TDB_MODIFY or TDB_INSERT - */ - -static NTSTATUS store_object(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int flag) -{ - NTSTATUS ret = NT_STATUS_OK; - TDB_DATA data, data2, key, key2; - TALLOC_CTX *mem_ctx; - fstring keystr; - fstring sidstr; - fstring namestr; - fstring objname; - int r; - - /* TODO: on object renaming/replacing this function should - * check name->sid record and delete the old one - */ - - mem_ctx = talloc_init("store_object"); - if (!mem_ctx) { - DEBUG(0, ("store_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - make_full_object_name(tdb, objname, object); - - /* Data is stored in all lower-case */ - strlower_m(objname); - - if (flag == TDB_MODIFY) { - if (!NT_STATUS_IS_OK(ret = get_object_seq_num(tdb, object, &(object->seq_num)))) - goto done; - object->seq_num += 1; - } - - if (!NT_STATUS_IS_OK(ret = init_buffer_from_object(&(data.dptr), &(data.dsize), mem_ctx, object))) - goto done; - - fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object))); - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sidstr); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, objname); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if ((r = tdb_store(tdb, key, data, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify TDBSAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb))); - DEBUGADD(0, (" occured while storing sid record (%s)\n", keystr)); - if (r == TDB_ERR_EXISTS) - ret = NT_STATUS_UNSUCCESSFUL; - else - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - data2.dptr = sidstr; - data2.dsize = strlen(sidstr) + 1; - key2.dptr = namestr; - key2.dsize = strlen(namestr) + 1; - - if ((r = tdb_store(tdb, key2, data2, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify TDBSAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb))); - DEBUGADD(0, (" occured while storing name record (%s)\n", keystr)); - DEBUGADD(0, (" attempting rollback operation.\n")); - if ((tdb_delete(tdb, key)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to rollback! Check database consitency!\n")); - } - if (r == TDB_ERR_EXISTS) - ret = NT_STATUS_UNSUCCESSFUL; - else - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - -/* TODO: update the general database counter */ -/* TODO: update this entry counter too */ - -done: - talloc_destroy(mem_ctx); - return ret; -} - -/* GUMM object functions */ - -static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name) -{ - - NTSTATUS ret; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - fstring domname; - - if (!sid || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - /* Data is stored in all lower-case */ - fstrcpy(domname, name); - strlower_m(domname); - - if (!NT_STATUS_IS_OK(ret = get_object_by_name(tdb, &go, domname))) { - go = NULL; - DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); - goto done; - } - - if (gums_get_object_type(go) != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto done; - } - - sid_copy(sid, gums_get_object_sid(go)); - - ret = NT_STATUS_OK; - -done: - if (go) - gums_destroy_object(&go); - tdb_close(tdb); - return ret; -} - -static NTSTATUS get_next_sid(TDB_CONTEXT *tdb, DOM_SID *sid) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - DOM_SID dom_sid; - TDB_DATA dom_sid_key; - fstring dom_sid_str; - uint32 new_rid; - - /* Find the domain SID */ - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) { - DEBUG(0, ("get_next_sid: cannot found the domain sid!!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Lock the domain record */ - sid_to_string(dom_sid_str, &dom_sid); - dom_sid_key.dptr = dom_sid_str; - dom_sid_key.dsize = strlen(dom_sid_key.dptr) + 1; - - if(tdb_chainlock(tdb, dom_sid_key) != 0) { - DEBUG(0, ("get_next_sid: unable to lock domain record!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Get the domain object */ - ret = get_object_by_sid(tdb, &go, &dom_sid); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("get_next_sid: unable to get root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - new_rid = gums_get_domain_next_rid(go); - - /* Increment the RID Counter */ - gums_set_domain_next_rid(go, new_rid+1); - - /* Store back Domain object */ - ret = store_object(tdb, go, TDB_MODIFY); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("get_next_sid: unable to update root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - /* Build the Domain SID to return */ - sid_copy(sid, &dom_sid); - - if (!sid_append_rid(sid, new_rid)) { - DEBUG(0, ("get_next_sid: unable to build new SID !?!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* Unlock the Domain object */ - tdb_chainunlock(tdb, dom_sid_key); - - return ret; -} - -/* TODO */ - NTSTATUS (*get_sequence_number) (void); - - -extern DOM_SID global_sid_NULL; - -static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type) -{ - - NTSTATUS ret = NT_STATUS_OK; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - NTTIME null_time; - DATA_BLOB pw; - const char *defpw = "NOPASSWORDXXXXXX"; - uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}; - - if (!name) { - DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, obj_type))) { - go = NULL; - goto done; - } - - if (obj_type == GUMS_OBJ_DOMAIN) { - sid_copy(sid, get_global_sam_sid()); - } else { - if (!NT_STATUS_IS_OK(ret = get_next_sid(tdb, sid))) - goto done; - } - - gums_set_object_sid(go, sid); - gums_set_object_name(go, name); - gums_set_object_seq_num(go, 1); - - /*obj.domain->sec_desc*/ - - switch (obj_type) { - case GUMS_OBJ_NORMAL_USER: - - init_nt_time(&null_time); - - gums_set_user_logon_time(go, null_time); - gums_set_user_logoff_time(go, null_time); - gums_set_user_kickoff_time(go, null_time); - gums_set_user_pass_last_set_time(go, null_time); - gums_set_user_pass_can_change_time(go, null_time); - gums_set_user_pass_must_change_time(go, null_time); - - pw = data_blob(defpw, NT_HASH_LEN); - gums_set_user_nt_pwd(go, pw); - gums_set_user_lm_pwd(go, pw); - data_blob_free(&pw); - - gums_set_user_logon_divs(go, 168); - gums_set_user_hours(go, 21, defhours); - - gums_set_user_bad_password_count(go, 0); - gums_set_user_logon_count(go, 0); - gums_set_user_unknown_6(go, 0x000004ec); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - - break; - - case GUMS_OBJ_DOMAIN: - - gums_set_domain_next_rid(go, 0x3e9); - - break; - - default: - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto done; - } - - ret = store_object(tdb, go, TDB_INSERT); - -done: - if (go) - gums_destroy_object(&go); - tdb_close(tdb); - return ret; -} - -/* TODO: handle privileges objects */ - -static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) -{ - /* TODO: need to address privilege deletion */ - NTSTATUS ret = NT_STATUS_OK; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - TDB_DATA data, key; - fstring keystr; - - if (!sid) { - DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (tdb_delete(tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!NT_STATUS_IS_OK(init_object_from_buffer(&go, data.dptr, data.dsize))) { - DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, gums_get_object_name(go)); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if (tdb_delete(tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -/* TODO: update the general database counter */ - -done: - gums_destroy_object(&go); - SAFE_FREE(data.dptr); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - - if (!object || !sid) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - ret = get_object_by_sid(tdb, object, sid); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: %s\n", nt_errstr(ret))); - goto error; - } - if (obj_type && gums_get_object_type(*object) != obj_type) { - DEBUG(0, ("tdbsam2_get_object_from_sid: the object is not of the rerquested type!\n")); - goto error; - } - - tdb_close(tdb); - return NT_STATUS_OK; - -error: - gums_destroy_object(object); - tdb_close(tdb); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - fstring objname; - - if (!object || !name) { - DEBUG(0, ("tdbsam2_get_object_from_name: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - if (obj_type == GUMS_OBJ_DOMAIN) { - fstrcpy(objname, name); - } else { - if (!domain) { - domain = global_myname(); - } - fstrcpy(objname, domain); - fstrcat(objname, "\\"); - fstrcat(objname, name); - } - - *object = NULL; - ret = get_object_by_name(tdb, object, name); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_name: %s\n", nt_errstr(ret))); - goto error; - } - if (obj_type && gums_get_object_type(*object) != obj_type) { - DEBUG(0, ("tdbsam2_get_object_from_name: the object is not of the rerquested type!\n")); - goto error; - } - - tdb_close(tdb); - return NT_STATUS_OK; - -error: - gums_destroy_object(object); - tdb_close(tdb); - return ret; -} - - /* This function is used to get the list of all objects changed since base_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - -static NTSTATUS tdbsam2_enumerate_objects_start(void **handle, const DOM_SID *sid, const int obj_type) -{ - struct tdbsam2_enum_objs *teo, *t; - - teo = (struct tdbsam2_enum_objs *)malloc(sizeof(struct tdbsam2_enum_objs)); - if (!teo) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - memset(teo, 0, sizeof(struct tdbsam2_enum_objs)); - - teo->type = obj_type; - if (sid) { - teo->dom_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - if (!teo->dom_sid) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - sid_copy(teo->dom_sid, sid); - } - - if (!NT_STATUS_IS_OK(opentdb(&(teo->db), True))) - { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", ts2_privs->storage)); - SAFE_FREE(teo); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!ts2_privs->teo_handlers) { - ts2_privs->teo_handlers = teo; - } else { - t = ts2_privs->teo_handlers; - while (t->next) { - t = t->next; - } - t->next = teo; - } - - *handle = teo; - - teo->key = tdb_firstkey(teo->db); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle) -{ - NTSTATUS ret; - TDB_DATA data; - struct tdbsam2_enum_objs *teo; - const char *prefix = SIDPREFIX; - const int preflen = strlen(prefix); - fstring dom_sid_str; - int dom_sid_str_len = 0; - - if (!object || !handle) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - teo = (struct tdbsam2_enum_objs *)handle; - - if (teo->dom_sid) { - sid_to_string(dom_sid_str, teo->dom_sid); - dom_sid_str_len = strlen(dom_sid_str); - } - - while ((teo->key.dptr != NULL)) { - int len, version, type, size, seqnum; - char *ptr; - - if (strncmp(teo->key.dptr, prefix, preflen)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - if (dom_sid_str_len != 0) { - if (strncmp(&(teo->key.dptr[preflen]), dom_sid_str, dom_sid_str_len)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - } - - data = tdb_fetch(teo->db, teo->key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db))); - DEBUGADD(5, (" Key: %s\n", teo->key.dptr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING, - &version, - &type, - &seqnum, - &size, &ptr); - - if (len == -1) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(ptr); - - if (teo->type && type != teo->type) { - SAFE_FREE(data.dptr); - data.dsize = 0; - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - break; - } - - if (teo->key.dptr == NULL) { /* no more objs */ - ret = NT_STATUS_NO_MORE_ENTRIES; - goto done; - } - - if (!NT_STATUS_IS_OK(ret = init_object_from_buffer(object, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(data.dptr); - - /* prepare next run */ - teo->key = tdb_nextkey(teo->db, teo->key); - -done: - return ret; -} - -static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle) -{ - struct tdbsam2_enum_objs *teo, *t, *p; - - teo = (struct tdbsam2_enum_objs *)handle; - - if (ts2_privs->teo_handlers == teo) { - ts2_privs->teo_handlers = teo->next; - } else { - t = ts2_privs->teo_handlers; - while (t != teo) { - p = t; - t = t->next; - if (t == NULL) { - DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - } - p = t->next; - } - - tdb_close(teo->db); - SAFE_FREE(teo->dom_sid); - SAFE_FREE(teo); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_set_object(GUMS_OBJECT *go) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - - if (!go) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - ret = store_object(tdb, go, TDB_REPLACE); - - tdb_close(tdb); - return ret; -} - -#if 0 - /* set object values function */ -static NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ -static NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); -static NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - -static NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - -static NTSTATUS (*lock_sid) (const DOM_SID *sid); -static NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - -static NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name); -static NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members); -static NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members); -static NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members); -static NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs); - - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ -static NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); -#endif - -static void free_tdbsam2_private_data(void **vp) -{ - struct tdbsam2_private_data **tdb_privs = (struct tdbsam2_private_data **)vp; - while (ts2_privs->teo_handlers) - tdbsam2_enumerate_objects_stop(ts2_privs->teo_handlers); - *tdb_privs = NULL; - /* No need to free any further, as it is talloc()ed */ -} - -static NTSTATUS init_tdbsam2(GUMS_FUNCTIONS *fns, const char *storage) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - DOM_SID dom_sid; - - fns->name = talloc_strdup(fns->mem_ctx, "tdbsam2"); - - fns->get_domain_sid = tdbsam2_get_domain_sid; - /* fns->get_sequence_number = tdbsam2_get_sequence_number; */ - fns->new_object = tdbsam2_new_object; - fns->delete_object = tdbsam2_delete_object; - fns->get_object_from_sid = tdbsam2_get_object_from_sid; - fns->get_object_from_name = tdbsam2_get_object_from_name; - /* fns->get_updated_objects = tdbsam2_get_updated_objects; */ - fns->enumerate_objects_start = tdbsam2_enumerate_objects_start; - fns->enumerate_objects_get_next = tdbsam2_enumerate_objects_get_next; - fns->enumerate_objects_stop = tdbsam2_enumerate_objects_stop; - fns->set_object = tdbsam2_set_object; - /* fns->set_object_values = tdbsam2_set_object_values; - fns->add_members_to_group = tdbsam2_add_members_to_group; - fns->delete_members_from_group = tdbsam2_delete_members_from_group; - fns->enumerate_group_members = tdbsam2_enumerate_group_members; - fns->get_sid_groups = tdbsam2_get_sid_groups; - fns->lock_sid = tdbsam2_lock_sid; - fns->unlock_sid = tdbsam2_unlock_sid; - fns->get_privilege = tdbsam2_get_privilege; - fns->add_members_to_privilege = tdbsam2_add_members_to_privilege; - fns->delete_members_from_privilege = tdbsam2_delete_members_from_privilege; - fns->enumerate_privilege_members = tdbsam2_enumerate_privilege_members; - fns->get_sid_privileges = tdbsam2_get_sid_privileges; - fns->set_privilege = tdbsam2_set_privilege; */ - - ts2_privs = talloc_zero(fns->mem_ctx, sizeof(struct tdbsam2_private_data)); - if (!ts2_privs) { - DEBUG(0, ("talloc() failed for tdbsam2 private_data!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (storage) { - ts2_privs->storage = talloc_strdup(fns->mem_ctx, storage); - } else { - pstring tdbfile; - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, TDB_FILE_NAME); - ts2_privs->storage = talloc_strdup(fns->mem_ctx, tdbfile); - } - - /* check tdb exist (or create it) */ - - /* Find the domain SID */ - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) { - /* db file does not exist or it is not inited */ - /* make the tdb file */ - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - tdb_close(tdb); - - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, "BUILTIN"))) { - gums_init_builtin_domain(); - } - - gums_init_domain(get_global_sam_sid(), global_myname(), "The Domain"); - } - - fns->private_data = &ts2_privs; - fns->free_private_data = free_tdbsam2_private_data; - - return NT_STATUS_OK; -} - -NTSTATUS gums_tdbsam2_init(void) -{ - /* - if ((gums_tdbsam2_debug_class = debug_add_class("gums_tdbsam2")) == -1) { - DEBUG(0, ("gums_tdbsam2: unable to register my own debug class! going on ...\n")); - gums_tdbsam2_debug_class = DBGC_ALL; - } - */ - return gums_register_module(GUMS_INTERFACE_VERSION, "tdbsam2", init_tdbsam2); -} diff --git a/source3/sam/interface.c b/source3/sam/interface.c deleted file mode 100644 index 51ae561999..0000000000 --- a/source3/sam/interface.c +++ /dev/null @@ -1,1338 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Kai Krüger 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -extern DOM_SID global_sid_Builtin; - -/** List of various built-in sam modules */ - -const struct sam_init_function_entry builtin_sam_init_functions[] = { - { "plugin", sam_init_plugin }, -#ifdef HAVE_LDAP - { "ads", sam_init_ads }, -#endif - { "skel", sam_init_skel }, - { NULL, NULL} -}; - - -static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (sid_equal(domainsid, &(tmp_methods->domain_sid))) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid))); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (strequal(domainname, tmp_methods->domain_name)) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname)); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods) -{ - *methods = talloc(mem_ctx, sizeof(SAM_METHODS)); - - if (!*methods) { - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*methods); - - return NT_STATUS_OK; -} - -/****************************************************************** - Free and cleanup a sam context, any associated data and anything - that the attached modules might have associated. - *******************************************************************/ - -void free_sam_context(SAM_CONTEXT **context) -{ - SAM_METHODS *sam_selected = (*context)->methods; - - while (sam_selected) { - if (sam_selected->free_private_data) { - sam_selected->free_private_data(&(sam_selected->private_data)); - } - sam_selected = sam_selected->next; - } - - talloc_destroy((*context)->mem_ctx); - *context = NULL; -} - -/****************************************************************** - Make a backend_entry from scratch - *******************************************************************/ - -static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string) -{ - char *tmp = NULL; - char *tmp_string = sam_backend_string; - - DEBUG(5,("make_backend_entry: %d\n", __LINE__)); - - SAM_ASSERT(sam_backend_string && backend_entry); - - backend_entry->module_name = sam_backend_string; - - DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name)); - - if ((tmp = strrchr(tmp_string, '|')) != NULL) { - DEBUGADD(20,("a domain name has been specified\n")); - *tmp = 0; - backend_entry->domain_name = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if ((tmp = strchr(tmp_string, ':')) != NULL) { - DEBUG(20,("options for the backend have been specified\n")); - *tmp = 0; - backend_entry->module_params = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if (backend_entry->domain_name == NULL) { - DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n", - backend_entry->module_name, lp_workgroup())); - backend_entry->domain_name = smb_xstrdup(lp_workgroup()); - } - - if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) { - DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n")); - return NT_STATUS_NO_MEMORY; - } - - DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name)); - - if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) { - DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n", - backend_entry->domain_name)); - DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__)); - ZERO_STRUCTP(backend_entry->domain_sid); - } - - DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n", - backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid))); - - return NT_STATUS_OK; -} - -/****************************************************************** - create sam_methods struct based on sam_backend_entry - *****************************************************************/ - -static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SAM_METHODS *methods; - int i; - - DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__)); - - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) { - return nt_status; - } - - methods = *methods_ptr; - methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name); - methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name); - sid_copy(&methods->domain_sid, backend_entry->domain_sid); - methods->parent = context; - - DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name)); - for (i = 0; builtin_sam_init_functions[i].module_name; i++) - { - if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name)) - { - DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i)); - DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid))); - nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params); - if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name)); - } else { - DEBUG(2,("sam backend %s did not correctly init (error was %s)\n", - backend_entry->module_name, nt_errstr(nt_status))); - } - return nt_status; - } - } - - DEBUG(2,("could not find backend %s\n", backend_entry->module_name)); - - return NT_STATUS_INVALID_PARAMETER; -} - -static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context) -{ - SAM_BACKEND_ENTRY entry; - DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */ - SAM_METHODS *methods, *tmpmethods; - NTSTATUS ntstatus; - - DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__)); - - /* Make sure domain lp_workgroup() is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n", - lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND)); - - SAM_ASSERT(global_sam_sid); - - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = lp_workgroup(); - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, global_sam_sid); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup())); - return ntstatus; - } - - /* Make sure the BUILTIN domain is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n", - SAM_DEFAULT_BACKEND)); - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = "BUILTIN"; - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, &global_sid_Builtin); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n")); - return ntstatus; - } - - return NT_STATUS_OK; -} - -static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends) -{ - int i, j; - - DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__)); - - for (i = 0; i < *nBackends; i++) { - for (j = i + 1; j < *nBackends; j++) { - if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) { - DEBUG(0,("two backend modules claim the same domain %s\n", - sid_string_static((*backend_entries)[j].domain_sid))); - return NT_STATUS_INVALID_PARAMETER; - } - } - } - - return NT_STATUS_OK; -} - -NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param) -{ - int i = 0, j = 0; - SAM_METHODS *curmethods, *tmpmethods; - int nBackends = 0; - SAM_BACKEND_ENTRY *backends = NULL; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__)); - - if (!sam_backends_param) { - DEBUG(1, ("no SAM backeds specified!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) { - DEBUG(4,("make_sam_context failed\n")); - return nt_status; - } - - while (sam_backends_param[nBackends]) - nBackends++; - - DEBUG(6,("There are %d domains listed with their backends\n", nBackends)); - - if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) { - DEBUG(0,("make_sam_context_list: failed to allocate backends\n")); - return NT_STATUS_NO_MEMORY; - } - - memset(backends, '\0', sizeof(*backends)*nBackends); - - for (i = 0; i < nBackends; i++) { - DEBUG(8,("processing %s\n",sam_backends_param[i])); - if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) { - DEBUG(4,("make_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - } - - if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) { - DEBUG(4,("check_duplicate_backend_entries failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - - for (i = 0; i < nBackends; i++) { - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - DLIST_ADD_END((*context)->methods, curmethods, tmpmethods); - } - - for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid); - - SAFE_FREE(backends); - return NT_STATUS_OK; -} - -/****************************************************************** - Make a sam_context from scratch. - *******************************************************************/ - -NTSTATUS make_sam_context(SAM_CONTEXT **context) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("sam_context internal allocation context"); - - if (!mem_ctx) { - DEBUG(0, ("make_sam_context: talloc init failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - *context = talloc(mem_ctx, sizeof(**context)); - if (!*context) { - DEBUG(0, ("make_sam_context: talloc failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*context); - - (*context)->mem_ctx = mem_ctx; - - (*context)->free_fn = free_sam_context; - - return NT_STATUS_OK; -} - -/****************************************************************** - Return an already initialised sam_context, to facilitate backward - compatibility (see functions below). - *******************************************************************/ - -static struct sam_context *sam_get_static_context(BOOL reload) -{ - static SAM_CONTEXT *sam_context = NULL; - - if ((sam_context) && (reload)) { - sam_context->free_fn(&sam_context); - sam_context = NULL; - } - - if (!sam_context) { - if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) { - DEBUG(4,("make_sam_context_list failed\n")); - return NULL; - } - - /* Make sure the required domains (default domain, builtin) are available */ - if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) { - DEBUG(4,("sam_context_check_default_backends failed\n")); - return NULL; - } - } - - return sam_context; -} - -/*************************************************************** - Initialize the static context (at smbd startup etc). - - If uninitialised, context will auto-init on first use. - ***************************************************************/ - -BOOL initialize_sam(BOOL reload) -{ - return (sam_get_static_context(reload) != NULL); -} - - -/************************************************************** - External API. This is what the rest of the world calls... -***************************************************************/ - -/****************************************************************** - sam_* functions are used to link the external SAM interface - with the internal backends. These functions lookup the appropriate - backends for the domain and pass on to the function in sam_methods - in the selected backend - - When the context parmater is NULL, the default is used. - *******************************************************************/ - -#define SAM_SETUP_CONTEXT if (!context) \ - context = sam_get_static_context(False);\ - if (!context) {\ - return NT_STATUS_UNSUCCESSFUL; \ - }\ - - - -NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_sec_desc) { - DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_set_sec_desc) { - DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_lookup_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_name) { - DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) { - DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n", - tmp_methods->domain_name, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_lookup_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - sid_copy(&domainsid, sid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_lookup_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_sid) { - DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) { - DEBUG(4,("sam_lookup_name for %s in backend %s failed\n", - sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid domain specified */ - SAM_ASSERT(domain && domain->current_sam_methods); - - tmp_methods = domain->current_sam_methods; - - if (!tmp_methods->sam_update_domain) { - DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){ - DEBUG(4,("sam_update_domain in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - int i = 0; - - DEBUG(5,("sam_enum_domains: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters specified */ - SAM_ASSERT(domain_count && domains && domain_names); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) { - DEBUG(3,("sam_enum_domains: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - *domain_count = 0; - - while (tmp_methods) { - (*domain_count)++; - tmp_methods= tmp_methods->next; - } - - DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count))); - - tmp_methods = context->methods; - - if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n")); - return NT_STATUS_NO_MEMORY; - } - - if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n")); - SAFE_FREE((*domains)); - return NT_STATUS_NO_MEMORY; - } - - while (tmp_methods) { - DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid))); - sid_copy(domains[i],&tmp_methods->domain_sid); - *domain_names[i] = smb_xstrdup(tmp_methods->domain_name); - i++; - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - - DEBUG(5,("sam_lookup_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid paramters */ - SAM_ASSERT(access_token && domain && domainsid); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) { - DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - - while (tmp_methods) { - if (strcmp(domain, tmp_methods->domain_name) == 0) { - (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy((*domainsid), &tmp_methods->domain_sid); - return NT_STATUS_OK; - } - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_NO_SUCH_DOMAIN; -} - - -NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && domain); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_domain_handle) { - DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) { - DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n", - sid_string_static(domainsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(access_token && domainsid && account_name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_account) { - DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) { - DEBUG(4,("sam_create_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - DOM_SID domainsid; - const DOM_SID *accountsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) { - DEBUG(0,("Can't get account SID\n")); - return nt_status; - } - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_account) { - DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){ - DEBUG(4,("sam_add_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_update_account) { - DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){ - DEBUG(4,("sam_update_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_delete_account) { - DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){ - DEBUG(4,("sam_delete_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_accounts: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && account_count && accounts); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) { - DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - DOM_SID domainsid; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && accountsid && account); - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_sid) { - DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) { - DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n", - sid_string_static(accountsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_name) { - DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) { - DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && group_name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_group) { - DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) { - DEBUG(4,("sam_create_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - DOM_SID domainsid; - const DOM_SID *groupsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) { - DEBUG(0,("Can't get group SID\n")); - return nt_status; - } - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_group) { - DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){ - DEBUG(4,("sam_add_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_update_group) { - DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){ - DEBUG(4,("sam_update_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_group) { - DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){ - DEBUG(4,("sam_delete_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_groups: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && groups_count && groups); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) { - DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && groupsid && group); - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_sid) { - DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) { - DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n", - sid_string_static(groupsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_name) { - DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) { - DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_add_member_to_group) { - DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) { - DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; - -} - -NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_member_from_group) { - DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) { - DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods && members_count && members); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_enum_groupmembers) { - DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) { - DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - uint32 tmp_group_count; - SAM_GROUP_ENUM *tmp_groups; - - DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid sam_context specified */ - SAM_ASSERT(access_token && sids && context && context->methods); - - *group_count = 0; - - *groups = NULL; - - tmp_methods= context->methods; - - while (tmp_methods) { - DEBUG(5,("getting groups from domain \n")); - if (!tmp_methods->sam_get_groups_of_sid) { - DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n")); - SAFE_FREE(*groups); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) { - DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname)); - SAFE_FREE(*groups); - return nt_status; - } - - *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM)); - - memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count); - - SAFE_FREE(tmp_groups); - - *group_count += tmp_group_count; - - tmp_methods = tmp_methods->next; - } - - return NT_STATUS_OK; -} - - diff --git a/source3/script/genstruct.pl b/source3/script/genstruct.pl deleted file mode 100755 index a6abd718c9..0000000000 --- a/source3/script/genstruct.pl +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/perl -w -# a simple system for generating C parse info -# this can be used to write generic C structer load/save routines -# Copyright 2002 Andrew Tridgell <genstruct@tridgell.net> -# released under the GNU General Public License v2 or later - -use strict; - -my(%enum_done) = (); -my(%struct_done) = (); - -################################################### -# general handler -sub handle_general($$$$$$$$) -{ - my($name) = shift; - my($ptr_count) = shift; - my($size) = shift; - my($element) = shift; - my($flags) = shift; - my($dump_fn) = shift; - my($parse_fn) = shift; - my($tflags) = shift; - my($array_len) = 0; - my($dynamic_len) = "NULL"; - - # handle arrays, currently treat multidimensional arrays as 1 dimensional - while ($element =~ /(.*)\[(.*?)\]$/) { - $element = $1; - if ($array_len == 0) { - $array_len = $2; - } else { - $array_len = "$2 * $array_len"; - } - } - - if ($flags =~ /_LEN\((\w*?)\)/) { - $dynamic_len = "\"$1\""; - } - - if ($flags =~ /_NULLTERM/) { - $tflags = "FLAG_NULLTERM"; - } - - print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n"; -} - - -#################################################### -# parse one element -sub parse_one($$$$) -{ - my($name) = shift; - my($type) = shift; - my($element) = shift; - my($flags) = shift; - my($ptr_count) = 0; - my($size) = "sizeof($type)"; - my($tflags) = "0"; - - # enums get the FLAG_ALWAYS flag - if ($type =~ /^enum /) { - $tflags = "FLAG_ALWAYS"; - } - - - # make the pointer part of the base type - while ($element =~ /^\*(.*)/) { - $ptr_count++; - $element = $1; - } - - # convert spaces to _ - $type =~ s/ /_/g; - - my($dump_fn) = "gen_dump_$type"; - my($parse_fn) = "gen_parse_$type"; - - handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags); -} - -#################################################### -# parse one element -sub parse_element($$$) -{ - my($name) = shift; - my($element) = shift; - my($flags) = shift; - my($type); - my($data); - - # pull the base type - if ($element =~ /^struct (\S*) (.*)/) { - $type = "struct $1"; - $data = $2; - } elsif ($element =~ /^enum (\S*) (.*)/) { - $type = "enum $1"; - $data = $2; - } elsif ($element =~ /^unsigned (\S*) (.*)/) { - $type = "unsigned $1"; - $data = $2; - } elsif ($element =~ /^(\S*) (.*)/) { - $type = $1; - $data = $2; - } else { - die "Can't parse element '$element'"; - } - - # handle comma separated lists - while ($data =~ /(\S*),[\s]?(.*)/) { - parse_one($name, $type, $1, $flags); - $data = $2; - } - parse_one($name, $type, $data, $flags); -} - - -my($first_struct) = 1; - -#################################################### -# parse the elements of one structure -sub parse_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_struct) { - $first_struct = 0; - print "Parsing structs: $name"; - } else { - print ", $name"; - } - - print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n"; - print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n"; - - print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n"; - - - while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) { - my($element) = $1; - my($flags) = $2; - $elements = $3; - parse_element($name, $element, $flags); - } - - print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n"; - - print OFILE " -int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent); -} -int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) { - return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str); -} - -"; -} - -my($first_enum) = 1; - -#################################################### -# parse out the enum declarations -sub parse_enum_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_enum) { - $first_enum = 0; - print "Parsing enums: $name"; - } else { - print ", $name"; - } - - print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n"; - - my(@enums) = split(/,/s, $elements); - for (my($i)=0; $i <= $#{@enums}; $i++) { - my($enum) = $enums[$i]; - if ($enum =~ /\s*(\w*)/) { - my($e) = $1; - print OFILE "{\"$e\", $e},\n"; - } - } - - print OFILE "{NULL, 0}};\n"; - - print OFILE " -int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_enum(einfo_$name, p, ptr, indent); -} - -int gen_parse_enum_$name(char *ptr, const char *str) { - return gen_parse_enum(einfo_$name, ptr, str); -} - -"; -} - -#################################################### -# parse out the enum declarations -sub parse_enums($) -{ - my($data) = shift; - - while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - - if (!defined($enum_done{$name})) { - $enum_done{$name} = 1; - parse_enum_elements($name, $elements); - } - } - - if (! $first_enum) { - print "\n"; - } -} - -#################################################### -# parse all the structures -sub parse_structs($) -{ - my($data) = shift; - - # parse into structures - while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - if (!defined($struct_done{$name})) { - $struct_done{$name} = 1; - parse_elements($name, $elements); - } - } - - if (! $first_struct) { - print "\n"; - } else { - print "No GENSTRUCT structures found?\n"; - } -} - - -#################################################### -# parse a header file, generating a dumper structure -sub parse_data($) -{ - my($data) = shift; - - # collapse spaces - $data =~ s/[\t ]+/ /sg; - $data =~ s/\s*\n\s+/\n/sg; - # strip debug lines - $data =~ s/^\#.*?\n//smg; - - parse_enums($data); - parse_structs($data); -} - - -######################################### -# display help text -sub ShowHelp() -{ - print " -generator for C structure dumpers -Copyright Andrew Tridgell <genstruct\@tridgell.net> - -Sample usage: - genstruct -o output.h gcc -E -O2 -g test.h - -Options: - --help this help page - -o OUTPUT place output in OUTPUT -"; - exit(0); -} - -######################################## -# main program -if ($ARGV[0] ne "-o" || $#ARGV < 2) { - ShowHelp(); -} - -shift; -my($opt_ofile)=shift; - -print "creating $opt_ofile\n"; - -open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile"; - -print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n"; - -parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`); -exit(0); diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 4192cc3a23..d928445d94 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -991,7 +991,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw if (!push_sec_ctx()) return NT_STATUS_UNSUCCESSFUL; - set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL); + set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL); set_re_uid(); } diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index 0805f8e690..9bac0acdb9 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -249,14 +249,6 @@ void conn_free(connection_struct *conn) conn->ngroups = 0; } - if (conn->nt_user_token) { - delete_nt_token(&(conn->nt_user_token)); - } - - if (conn->privs) { - destroy_privilege(&(conn->privs)); - } - free_namearray(conn->veto_list); free_namearray(conn->hide_list); free_namearray(conn->veto_oplock_list); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index d715ab4ddc..c4df84e76c 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1557,87 +1557,87 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - fstring sharename; - fstring comment; - pstring pathname; - char *command, *cmdname; - unsigned int offset; - int snum; - int res = ERRunsup; + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel = SVAL(p,0); + fstring sharename; + fstring comment; + pstring pathname; + char *command, *cmdname; + unsigned int offset; + int snum; + int res = ERRunsup; - /* check it's a supported varient */ - if (!prefix_ok(str1, RAP_WShareAdd_REQ)) return False; - if (!check_share_info(uLevel, str2)) return False; - if (uLevel != 2) return False; - - pull_ascii_fstring(sharename, data); - snum = find_service(sharename); - if (snum >= 0) { /* already exists */ - res = ERRfilexists; - goto error_exit; - } + /* check it's a supported varient */ + if (!prefix_ok(str1,RAP_WShareAdd_REQ)) return False; + if (!check_share_info(uLevel,str2)) return False; + if (uLevel != 2) return False; - /* only support disk share adds */ - if (SVAL(data,14) != STYPE_DISKTREE) return False; + pull_ascii_fstring(sharename,data); + snum = find_service(sharename); + if (snum >= 0) { /* already exists */ + res = ERRfilexists; + goto error_exit; + } - offset = IVAL(data, 16); - if (offset >= mdrcnt) { - res = ERRinvalidparam; - goto error_exit; - } - pull_ascii_fstring(comment, offset? (data+offset) : ""); + /* only support disk share adds */ + if (SVAL(data,14)!=STYPE_DISKTREE) return False; - offset = IVAL(data, 26); - if (offset >= mdrcnt) { - res = ERRinvalidparam; - goto error_exit; - } - pull_ascii_pstring(pathname, offset? (data+offset) : ""); + offset = IVAL(data, 16); + if (offset >= mdrcnt) { + res = ERRinvalidparam; + goto error_exit; + } + pull_ascii_fstring(comment, offset? (data+offset) : ""); - string_replace(sharename, '"', ' '); - string_replace(pathname, '"', ' '); - string_replace(comment, '"', ' '); + offset = IVAL(data, 26); + if (offset >= mdrcnt) { + res = ERRinvalidparam; + goto error_exit; + } + pull_ascii_pstring(pathname, offset? (data+offset) : ""); - cmdname = lp_add_share_cmd(); + string_replace(sharename, '"', ' '); + string_replace(pathname, '"', ' '); + string_replace(comment, '"', ' '); - if (!cmdname || *cmdname == '\0') return False; + cmdname = lp_add_share_cmd(); - asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment); + if (!cmdname || *cmdname == '\0') return False; - if (command) { - DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command )); - if ((res = smbrun(command, NULL)) != 0) { - DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res )); - SAFE_FREE(command); - res = ERRnoaccess; - goto error_exit; - } else { - SAFE_FREE(command); - message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); - } - } else return False; + asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"", + lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment); - *rparam_len = 6; - *rparam = REALLOC(*rparam, *rparam_len); - SSVAL(*rparam, 0, NERR_Success); - SSVAL(*rparam, 2, 0); /* converter word */ - SSVAL(*rparam, 4, *rdata_len); - *rdata_len = 0; + if (command) { + DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command )); + if ((res = smbrun(command, NULL)) != 0) { + DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res )); + SAFE_FREE(command); + res = ERRnoaccess; + goto error_exit; + } else { + SAFE_FREE(command); + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + } + } else return False; + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,4,*rdata_len); + *rdata_len = 0; - return True; + return True; -error_exit: - *rparam_len = 4; - *rparam = REALLOC(*rparam, *rparam_len); - *rdata_len = 0; - SSVAL(*rparam, 0, res); - SSVAL(*rparam, 2, 0); - return True; + error_exit: + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); + *rdata_len = 0; + SSVAL(*rparam,0,res); + SSVAL(*rparam,2,0); + return True; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 4a9db06c87..21b6db8b46 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -43,7 +43,6 @@ static const char *known_nt_pipes[] = { "\\spoolss", "\\netdfs", "\\rpcecho", - "\\epmapper", NULL }; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index ba57fecd51..10c6aadb1f 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -87,7 +87,6 @@ void invalidate_vuid(uint16 vuid) SAFE_FREE(vuser->groups); delete_nt_token(&vuser->nt_user_token); - destroy_privilege(&vuser->privs); SAFE_FREE(vuser); num_validated_vuids--; } @@ -235,11 +234,6 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, return UID_FIELD_INVALID; } - if (server_info->privs) { - init_privilege(&(vuser->privs)); - dup_priv_set(vuser->privs, server_info->privs); - } - /* use this to keep tabs on all our info from the authentication */ vuser->server_info = server_info; @@ -275,7 +269,7 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, vuser->homes_snum = -1; } - if (srv_is_signing_negotiated() && !vuser->guest && !srv_signing_started()) { + if (lp_server_signing() && !vuser->guest && !srv_is_signing_active()) { /* Try and turn on server signing on the first non-guest sessionsetup. */ srv_set_signing(vuser->session_key, response_blob); } diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 97fe2dfaee..8a85792ead 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -28,7 +28,6 @@ struct sec_ctx { int ngroups; gid_t *groups; NT_USER_TOKEN *token; - PRIVILEGE_SET *privs; }; /* A stack of security contexts. We include the current context as being @@ -257,16 +256,12 @@ BOOL push_sec_ctx(void) (unsigned int)ctx_p->uid, (unsigned int)ctx_p->gid, sec_ctx_stack_ndx )); ctx_p->token = dup_nt_token(sec_ctx_stack[sec_ctx_stack_ndx-1].token); - if (! ctx_p->token) { - DEBUG(0, ("Out of memory on dup_nt_token() in push_sec_ctx()\n")); - return False; - } ctx_p->ngroups = sys_getgroups(0, NULL); if (ctx_p->ngroups != 0) { if (!(ctx_p->groups = malloc(ctx_p->ngroups * sizeof(gid_t)))) { - DEBUG(0, ("Out of memory on malloc() in push_sec_ctx()\n")); + DEBUG(0, ("Out of memory in push_sec_ctx()\n")); delete_nt_token(&ctx_p->token); return False; } @@ -276,14 +271,6 @@ BOOL push_sec_ctx(void) ctx_p->groups = NULL; } - init_privilege(&ctx_p->privs); - if (! NT_STATUS_IS_OK(dup_priv_set(ctx_p->privs, sec_ctx_stack[sec_ctx_stack_ndx-1].privs))) { - DEBUG(0, ("Out of memory on dup_priv_set() in push_sec_ctx()\n")); - delete_nt_token(&ctx_p->token); - destroy_privilege(&ctx_p->privs); - return False; - } - return True; } @@ -291,7 +278,7 @@ BOOL push_sec_ctx(void) Set the current security context to a given user. ****************************************************************************/ -void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token, PRIVILEGE_SET *privs) +void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token) { struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; @@ -316,14 +303,9 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN smb_panic("DUPLICATE_TOKEN"); delete_nt_token(&ctx_p->token); - if (ctx_p->privs) - reset_privilege(ctx_p->privs); - else - init_privilege(&ctx_p->privs); ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups); ctx_p->token = dup_nt_token(token); - dup_priv_set(ctx_p->privs, privs); become_id(uid, gid); @@ -337,7 +319,6 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN current_user.ngroups = ngroups; current_user.groups = groups; current_user.nt_user_token = ctx_p->token; - current_user.privs = ctx_p->privs; } /**************************************************************************** @@ -348,7 +329,7 @@ void set_root_sec_ctx(void) { /* May need to worry about supplementary groups at some stage */ - set_sec_ctx(0, 0, 0, NULL, NULL, NULL); + set_sec_ctx(0, 0, 0, NULL, NULL); } /**************************************************************************** @@ -378,7 +359,6 @@ BOOL pop_sec_ctx(void) ctx_p->ngroups = 0; delete_nt_token(&ctx_p->token); - destroy_privilege(&ctx_p->privs); /* Pop back previous user */ @@ -401,7 +381,6 @@ BOOL pop_sec_ctx(void) current_user.ngroups = prev_ctx_p->ngroups; current_user.groups = prev_ctx_p->groups; current_user.nt_user_token = prev_ctx_p->token; - current_user.privs = prev_ctx_p->privs; DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", (unsigned int)geteuid(), (unsigned int)getegid(), sec_ctx_stack_ndx)); @@ -434,7 +413,6 @@ void init_sec_ctx(void) get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups); ctx_p->token = NULL; /* Maps to guest user. */ - ctx_p->privs = NULL; /* Initialise current_user global */ @@ -449,5 +427,4 @@ void init_sec_ctx(void) current_user.conn = NULL; current_user.vuid = UID_FIELD_INVALID; current_user.nt_user_token = NULL; - current_user.privs = NULL; } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index adbed67b33..08b6648249 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -363,7 +363,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, string_set(&conn->dirpath,""); string_set(&conn->user,user); conn->nt_user_token = NULL; - conn->privs = NULL; conn->read_only = lp_readonly(conn->service); conn->admin_user = False; @@ -472,9 +471,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, guest); - - init_privilege(&(conn->privs)); - pdb_get_privilege_set(conn->nt_user_token, conn->privs); } /* diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 864d69653c..d91aa94728 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -291,14 +291,14 @@ static int reply_spnego_kerberos(connection_struct *conn, SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info->guest && !srv_signing_started()) { + if (!server_info->guest) { /* We need to start the signing engine * here but a W2K client sends the old * "BSRSPYL " signature instead of the * correct one. Subsequent packets will * be correct. */ - srv_check_sign_mac(inbuf, False); + srv_check_sign_mac(inbuf); } } @@ -364,15 +364,14 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info->guest && !srv_signing_started()) { + if (!server_info->guest) { /* We need to start the signing engine * here but a W2K client sends the old * "BSRSPYL " signature instead of the * correct one. Subsequent packets will * be correct. */ - - srv_check_sign_mac(inbuf, False); + srv_check_sign_mac(inbuf); } } } @@ -912,7 +911,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } - if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) { + if (!server_info->guest && !srv_check_sign_mac(inbuf)) { exit_server("reply_sesssetup_and_X: bad smb signature"); } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index d43bf301e8..3859298055 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -44,7 +44,7 @@ BOOL change_to_guest(void) initgroups(pass->pw_name, pass->pw_gid); #endif - set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL); + set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL); current_user.conn = NULL; current_user.vuid = UID_FIELD_INVALID; @@ -161,9 +161,8 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) gid_t gid; uid_t uid; char group_c; - BOOL must_free_token_priv = False; + BOOL must_free_token = False; NT_USER_TOKEN *token = NULL; - PRIVILEGE_SET *privs = NULL; if (!conn) { DEBUG(2,("change_to_user: Connection not open\n")); @@ -196,14 +195,12 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) current_user.groups = conn->groups; current_user.ngroups = conn->ngroups; token = conn->nt_user_token; - privs = conn->privs; } else if ((vuser) && check_user_ok(conn, vuser, snum)) { uid = conn->admin_user ? 0 : vuser->uid; gid = vuser->gid; current_user.ngroups = vuser->n_groups; current_user.groups = vuser->groups; token = vuser->nt_user_token; - privs = vuser->privs; } else { DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid)); return False; @@ -251,20 +248,17 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) DEBUG(1, ("change_to_user: create_nt_token failed!\n")); return False; } - pdb_get_privilege_set(token, privs); - must_free_token_priv = True; + must_free_token = True; } - set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token, privs); + set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token); /* * Free the new token (as set_sec_ctx copies it). */ - if (must_free_token_priv) { + if (must_free_token) delete_nt_token(&token); - destroy_privilege(&privs); - } current_user.conn = conn; current_user.vuid = vuid; @@ -305,7 +299,7 @@ BOOL become_authenticated_pipe_user(pipes_struct *p) return False; set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token, p->pipe_user.privs); + p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token); return True; } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 9947e22c4f..07d568e879 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -3326,7 +3326,7 @@ static BOOL run_rename(int dummy) const char *fname = "\\test.txt"; const char *fname1 = "\\test1.txt"; BOOL correct = True; - int fnum1, fnum2; + int fnum1; printf("starting rename test\n"); diff --git a/source3/utils/net.c b/source3/utils/net.c index e4484488b6..f6d6de0a74 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -647,7 +647,6 @@ static struct functable net_func[] = { #ifdef WITH_FAKE_KASERVER {"AFSKEY", net_afskey}, #endif - {"PRIV", net_priv}, {"HELP", net_help}, {NULL, NULL} diff --git a/source3/utils/net_ads_cldap.c b/source3/utils/net_ads_cldap.c index 1903172cf7..44de9cb891 100644 --- a/source3/utils/net_ads_cldap.c +++ b/source3/utils/net_ads_cldap.c @@ -29,7 +29,7 @@ struct cldap_netlogon_reply { uint32 type; uint32 flags; - UUID_FLAT guid; + GUID guid; char forest[MAX_DNS_LABEL]; char domain[MAX_DNS_LABEL]; @@ -241,8 +241,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) reply->type = IVAL(p, 0); p += 4; reply->flags = IVAL(p, 0); p += 4; - memcpy(&reply->guid.info, p, UUID_FLAT_SIZE); - p += UUID_FLAT_SIZE; + memcpy(&reply->guid.info, p, GUID_SIZE); + p += GUID_SIZE; p += pull_netlogon_string(reply->forest, p, (const char *)os3.data); p += pull_netlogon_string(reply->domain, p, (const char *)os3.data); @@ -316,8 +316,8 @@ int ads_cldap_netlogon(ADS_STRUCT *ads) d_printf("0x%x\n", reply.type); break; } - d_printf("GUID: %s\n", - smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); + d_printf("GUID: "); + print_guid(&reply.guid); d_printf("Flags:\n" "\tIs a PDC: %s\n" "\tIs a GC of the forest: %s\n" diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c index 48406f72b8..2b487ef17b 100644 --- a/source3/utils/net_groupmap.c +++ b/source3/utils/net_groupmap.c @@ -608,104 +608,6 @@ static int net_groupmap_cleanup(int argc, const char **argv) return 0; } -static int net_groupmap_addmem(int argc, const char **argv) -{ - DOM_SID alias, member; - NTSTATUS result; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap addmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_add_aliasmem(&alias, &member)) { - d_printf("Could not add sid %s to alias %s: %s\n", - argv[1], argv[0], nt_errstr(result)); - return -1; - } - - return 0; -} - -static int net_groupmap_delmem(int argc, const char **argv) -{ - DOM_SID alias, member; - NTSTATUS result; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap delmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_del_aliasmem(&alias, &member)) { - d_printf("Could not delete sid %s from alias %s: %s\n", - argv[1], argv[0], nt_errstr(result)); - return -1; - } - - return 0; -} - -static int net_groupmap_listmem(int argc, const char **argv) -{ - DOM_SID alias; - DOM_SID *members; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&alias, argv[0]) ) { - d_printf("Usage: net groupmap listmem alias-sid\n"); - return -1; - } - - if (!pdb_enum_aliasmem(&alias, &members, &num)) { - d_printf("Could not list members for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(members[i]))); - } - - SAFE_FREE(members); - - return 0; -} - -static int net_groupmap_memberships(int argc, const char **argv) -{ - DOM_SID member; - DOM_SID *aliases; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&member, argv[0]) ) { - d_printf("Usage: net groupmap memberof sid\n"); - return -1; - } - - if (!pdb_enum_alias_memberships(&member, &aliases, &num)) { - d_printf("Could not list memberships for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(aliases[i]))); - } - - SAFE_FREE(aliases); - - return 0; -} - int net_help_groupmap(int argc, const char **argv) { d_printf("net groupmap add"\ @@ -714,14 +616,6 @@ int net_help_groupmap(int argc, const char **argv) "\n Update a group mapping\n"); d_printf("net groupmap delete"\ "\n Remove a group mapping\n"); - d_printf("net groupmap addmember"\ - "\n Add a foreign alias member\n"); - d_printf("net groupmap delmember"\ - "\n Delete a foreign alias member\n"); - d_printf("net groupmap listmembers"\ - "\n List foreign group members\n"); - d_printf("net groupmap memberships"\ - "\n List foreign group memberships\n"); d_printf("net groupmap list"\ "\n List current group map\n"); d_printf("net groupmap set"\ @@ -744,22 +638,16 @@ int net_groupmap(int argc, const char **argv) {"delete", net_groupmap_delete}, {"set", net_groupmap_set}, {"cleanup", net_groupmap_cleanup}, - {"addmem", net_groupmap_addmem}, - {"delmem", net_groupmap_delmem}, - {"listmem", net_groupmap_listmem}, - {"memberships", net_groupmap_memberships}, {"list", net_groupmap_list}, {"help", net_help_groupmap}, {NULL, NULL} }; /* we shouldn't have silly checks like this */ -#if 0 if (getuid() != 0) { d_printf("You must be root to edit group mappings.\nExiting...\n"); return -1; } -#endif if ( argc ) return net_run_function(argc, argv, func, net_help_groupmap); diff --git a/source3/utils/net_privileges.c b/source3/utils/net_privileges.c deleted file mode 100644 index 62f2da33ee..0000000000 --- a/source3/utils/net_privileges.c +++ /dev/null @@ -1,354 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. - * Copyright (C) Gerald Carter 2003. - * Copyright (C) Simo Sorce 2003. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -#include "includes.h" -#include "../utils/net.h" - -extern PRIVS privs[]; - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static uint32 get_int_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return 0; - - return atoi(p+1); -} - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static char* get_string_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return NULL; - - return (p+1); -} - -/********************************************************* - Dump a GROUP_MAP entry to stdout (long or short listing) -**********************************************************/ - -static void print_priv_entry(const char *privname, const char *description, const char *sid_list) -{ - - if (!sid_list) { - d_printf("Error getting privilege list!\n"); - return; - } - - d_printf("%s\n", privname); - - if (description) { - d_printf("\tdescription: %s\n", description); - } - - d_printf("\tSIDS: %s\n", sid_list); -} - -/********************************************************* - List the groups. -**********************************************************/ -static int net_priv_list(int argc, const char **argv) -{ - fstring privname = ""; - fstring sid_string = ""; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (!StrnCaseCmp(argv[i], "privname", strlen("privname"))) { - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (*sid_string) { - /* list all privileges of a single sid */ - - } else { - char *sid_list = NULL; - - if (*privname) { - const char *description = NULL; - - BOOL found = False; - - for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - if (!StrCaseCmp(privs[i].priv, privname)) { - description = privs[i].description; - found = True; - break; - } - } - if (!found) { - d_printf("No such privilege!\n"); - return -1; - } - - /* Get the current privilege from the database */ - pdb_get_privilege_entry(privname, &sid_list); - print_priv_entry(privname, description, sid_list); - - SAFE_FREE(sid_list); - - } else for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - - if (!pdb_get_privilege_entry(privs[i].priv, &sid_list)) - continue; - - print_priv_entry(privs[i].priv, privs[i].description, sid_list); - - SAFE_FREE(sid_list); - } - } - - return 0; -} - -/********************************************************* - Add a sid to a privilege entry -**********************************************************/ - -static int net_priv_add(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) { - BOOL found; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (!StrCaseCmp(privs[j].priv, privname)) { - found = True; - break; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (!privname[0]) { - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (!sid_string[0]) { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } - - if (!pdb_add_sid_to_privilege(privname, &sid)) { - d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully added SID %s to privilege %s\n", sid_string, privname); - return 0; -} - -/********************************************************* - Remove a SID froma privilege entry -**********************************************************/ - -static int net_priv_remove(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) { - BOOL found; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (!StrCaseCmp(privs[j].priv, privname)) { - found = True; - break; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (!privname[0]) { - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (!sid_string[0]) { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } - - if (!pdb_remove_sid_from_privilege(privname, &sid)) { - d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully removed SID %s from privilege %s\n", sid_string, privname); - return 0; -} - -int net_help_priv(int argc, const char **argv) -{ - d_printf("net priv add sid\n" \ - " Add sid to privilege\n"); - d_printf("net priv remove sid\n"\ - " Remove sid from privilege\n"); - d_printf("net priv list\n"\ - " List sids per privilege\n"); - - return -1; -} - - -/*********************************************************** - migrated functionality from smbgroupedit - **********************************************************/ -int net_priv(int argc, const char **argv) -{ - struct functable func[] = { - {"add", net_priv_add}, - {"remove", net_priv_remove}, - {"list", net_priv_list}, - {"help", net_help_priv}, - {NULL, NULL} - }; - - /* we shouldn't have silly checks like this */ - if (getuid() != 0) { - d_printf("You must be root to edit privilege mappings.\nExiting...\n"); - return -1; - } - - if ( argc ) - return net_run_function(argc, argv, func, net_help_priv); - - return net_help_priv(argc, argv); -} - diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index af96413c5a..3f7aba8366 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -49,10 +49,6 @@ #define BIT_EXPORT 0x02000000 #define BIT_FIX_INIT 0x04000000 #define BIT_BADPWRESET 0x08000000 -#define BIT_TRUSTDOM 0x10000000 -#define BIT_TRUSTPW 0x20000000 -#define BIT_TRUSTSID 0x40000000 -#define BIT_TRUSTFLAGS 0x80000000 #define MASK_ALWAYS_GOOD 0x0000001F #define MASK_USER_GOOD 0x00401F00 @@ -228,121 +224,6 @@ static int print_user_info (struct pdb_context *in, const char *username, BOOL v return ret; } - - -/** - * Trust password flag name to flag conversion - * - * @param flag_name SAM_TRUST_PASSWD structure flag name - * @return flag value - **/ - -static int trustpw_flag(const char* flag_name) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (!StrCaseCmp(flags[i].name, flag_name)) { - return flags[i].val; - } - } - - return 0; -} - - -/** - * Trust password flag to flag name conversion - * - * @param val SAM_TRUST_PASSWD structure flag - * @return passed flag name - **/ - -static char* trustpw_flag_name(const int val) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (flags[i].val == val) { - return strdup(flags[i].name); - } - } - - return strdup("unknown flag"); -} - - -/** - * Print trust password structure information - * - * @param mem_ctx memory context (for unicode name conversion) - * @param trust SAM_TRUST_PASSWD structure - * @param verbose verbose mode on/off - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_info(TALLOC_CTX *mem_ctx, SAM_TRUST_PASSWD *trust, BOOL verbose) -{ - char *dom_name; - if (!mem_ctx || !trust) return -1; - - /* convert unicode domain name to char* */ - if (!pull_ucs2_talloc(mem_ctx, &dom_name, trust->private.uni_name)) return -1; - dom_name[trust->private.uni_name_len] = 0; - - /* different output depending on level of verbosity */ - if (verbose) { - printf("Domain name: %s\n", dom_name); - printf("Domain SID: %s\n", sid_string_static(&trust->private.domain_sid)); - printf("Trust password %s\n", trust->private.pass); - printf("Trust type: %s\n", trustpw_flag_name(trust->private.flags)); - printf("Last modified %s\n", trust->private.mod_time ? http_timestring(trust->private.mod_time) : "0"); - - } else { - printf("%s:%s\n", dom_name, sid_string_static(&trust->private.domain_sid)); - } - - return 0; -} - - -/** - * Print trust password information by given name - * - * @param in initialised pdb_context - * @param name domain name of the trust password - * @param verbose verbose mode on/off - * @param smbpwdstyle smbpassword-style output (ignored here) - * @return 0 on success, otherwise failure - **/ - -static int print_trust_info(struct pdb_context *in, const char *name, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - if (NT_STATUS_IS_OK(in->pdb_gettrustpwnam(in, &trust, name))) { - return print_trustpw_info(mem_ctx, &trust, verbose); - } - - return -1; -} /********************************************************* List Users @@ -373,47 +254,6 @@ static int print_users_list (struct pdb_context *in, BOOL verbosity, BOOL smbpwd return 0; } - -/** - * List trust passwords - * - * @param in initialised pdb context - * @param verbose turn on/off verbose mode - * @param smbpwdstyle ignored here (there was no trust passwords in smbpasswd file) - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_list(struct pdb_context *in, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - - /* start enumeration and initialise memory context */ - status = in->pdb_settrustpwent(in); - if (NT_STATUS_IS_ERR(status)) return -1; - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - /* small separation to make it clear these are not regular accounts */ - if (!verbose) printf("---\n"); - - do { - /* fetch next trust password */ - status = in->pdb_gettrustpwent(in, &trust); - - if (trust.private.uni_name_len) { - /* print trust password info */ - if (verbose) printf ("---------------\n"); - print_trustpw_info(mem_ctx, &trust, verbose); - } - - } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) || NT_STATUS_EQUAL(status, NT_STATUS_OK)); - - talloc_destroy(mem_ctx); - return 0; -} - - /********************************************************* Fix a list of Users for uninitialised passwords **********************************************************/ @@ -698,129 +538,6 @@ static int new_machine (struct pdb_context *in, const char *machine_in) return 0; } - -/** - * Add new trusting domain account - * - * @param in initialised pdb_context - * @param dom_name trusted domain name given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustdom(struct pdb_context *in, const char *dom_name) -{ - /* TODO */ - return -1; -} - - -/** - * Add new trust relationship password - * - * @param in initialised pdb_context - * @param dom_name trusting domain name given in command line - * @param dom_sid domain sid given in command line - * @param flag trust password type flag given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustpw(struct pdb_context *in, const char *dom_name, - const char *dom_sid, const char* flag) -{ - TALLOC_CTX *mem_ctx = NULL; - SAM_TRUST_PASSWD trust; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - POLICY_HND connect_hnd; - DOM_SID *domain_sid = NULL; - smb_ucs2_t *uni_name = NULL; - char *givenpass, *domain_name = NULL; - struct in_addr srv_ip; - fstring srv_name, myname; - struct cli_state *cli; - time_t lct; - - if (!dom_name) return -1; - - mem_ctx = talloc_init("pdbedit: adding new trust password"); - - /* unicode name */ - trust.private.uni_name_len = strnlen(dom_name, 32); - push_ucs2_talloc(mem_ctx, &uni_name, dom_name); - strncpy_w(trust.private.uni_name, uni_name, 32); - - /* flags */ - trust.private.flags = trustpw_flag(flag); - - /* trusting SID */ - if (!dom_sid) { - /* if sid is not specified in command line, do our best - to establish it */ - - /* find domain PDC */ - if (!get_pdc_ip(dom_name, &srv_ip)) - return -1; - if (is_zero_ip(srv_ip)) - return -1; - if (!name_status_find(dom_name, 0x1b, 0x20, srv_ip, srv_name)) - return -1; - - get_myname(myname); - - /* Connect the domain pdc... */ - nt_status = cli_full_connection(&cli, myname, srv_name, &srv_ip, 139, - "IPC$", "IPC", "", "", "", 0, Undefined, NULL); - if (NT_STATUS_IS_ERR(nt_status)) - return -1; - if (!cli_nt_session_open(cli, PI_LSARPC)) - return -1; - - /* ...and query the domain sid */ - nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, - &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd, - 5, &domain_name, &domain_sid); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - cli_nt_session_close(cli); - cli_shutdown(cli); - - /* copying sid to trust password structure */ - sid_copy(&trust.private.domain_sid, domain_sid); - - } else { - if (!string_to_sid(&trust.private.domain_sid, dom_sid)) { - printf("Error: wrong SID specified !\n"); - return -1; - } - } - - /* password */ - givenpass = getpass("password:"); - memset(trust.private.pass, '\0', FSTRING_LEN); - strncpy(trust.private.pass, givenpass, FSTRING_LEN); - - /* last change time */ - lct = time(NULL); - trust.private.mod_time = lct; - - /* store trust password in passdb */ - nt_status = in->pdb_add_trust_passwd(in, &trust); - - talloc_destroy(mem_ctx); - if (NT_STATUS_IS_OK(nt_status)) - return 0; - - return -1; -} - - /********************************************************* Delete user entry **********************************************************/ @@ -886,7 +603,6 @@ int main (int argc, char **argv) static BOOL verbose = False; static BOOL spstyle = False; static BOOL machine = False; - static BOOL trustdom = False; static BOOL add_user = False; static BOOL delete_user = False; static BOOL modify_user = False; @@ -910,10 +626,6 @@ int main (int argc, char **argv) static long int account_policy_value = 0; BOOL account_policy_value_set = False; static BOOL badpw_reset = False; - /* trust password parameters */ - static char *trustpw = NULL; - static char *trustsid = NULL; - static char *trustflags = NULL; struct pdb_context *bin; struct pdb_context *bout; @@ -934,12 +646,8 @@ int main (int argc, char **argv) {"group SID", 'G', POPT_ARG_STRING, &group_sid, 0, "set group SID or RID", NULL}, {"create", 'a', POPT_ARG_NONE, &add_user, 0, "create user", NULL}, {"modify", 'r', POPT_ARG_NONE, &modify_user, 0, "modify user", NULL}, - {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"machine", 'm', POPT_ARG_NONE, &machine, 0, "account is a machine account", NULL}, - {"trustdom", 'I', POPT_ARG_NONE, &trustdom, 0, "account is a domain trust account", NULL}, - {"trustpw", 'N', POPT_ARG_STRING, &trustpw, 0, "trust password's domain name", NULL}, - {"trustsid", 'T', POPT_ARG_STRING, &trustsid, 0, "trust password's domain sid", NULL}, - {"trustflags", 'F', POPT_ARG_STRING, &trustflags, 0, "trust password flags", NULL}, + {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"backend", 'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL}, {"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL}, {"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL}, @@ -991,10 +699,6 @@ int main (int argc, char **argv) (logon_script ? BIT_LOGSCRIPT : 0) + (profile_path ? BIT_PROFILE : 0) + (machine ? BIT_MACHINE : 0) + - (trustdom ? BIT_TRUSTDOM : 0) + - (trustpw ? BIT_TRUSTPW : 0) + - (trustsid ? BIT_TRUSTSID : 0) + - (trustflags ? BIT_TRUSTFLAGS : 0) + (user_name ? BIT_USER : 0) + (list_users ? BIT_LIST : 0) + (force_initialised_password ? BIT_FIX_INIT : 0) + @@ -1094,14 +798,10 @@ int main (int argc, char **argv) /* list users operations */ if (checkparms & BIT_LIST) { if (!(checkparms & ~BIT_LIST)) { - print_users_list (bdef, verbose, spstyle); - return print_trustpw_list(bdef, verbose, spstyle); + return print_users_list (bdef, verbose, spstyle); } if (!(checkparms & ~(BIT_USER + BIT_LIST))) { return print_user_info (bdef, user_name, verbose, spstyle); - - } else if (!(checkparms & ~(BIT_TRUSTPW + BIT_LIST))) { - return print_trust_info(bdef, trustpw, verbose, spstyle); } } @@ -1117,21 +817,15 @@ int main (int argc, char **argv) /* account operation */ if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { /* check use of -u option */ - if (!(checkparms & (BIT_USER + BIT_TRUSTPW))) { + if (!(checkparms & BIT_USER)) { fprintf (stderr, "Username not specified! (use -u option)\n"); return -1; } /* account creation operations */ - if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE + BIT_TRUSTDOM))) { - /* machine trust account */ + if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE))) { if (checkparms & BIT_MACHINE) { return new_machine (bdef, user_name); - /* interdomain trust account */ - } else if (checkparms & BIT_TRUSTDOM) { - return new_trustdom(bdef, user_name); - - /* ordinary user account */ } else { return new_user (bdef, user_name, full_name, home_dir, home_drive, logon_script, @@ -1160,15 +854,6 @@ int main (int argc, char **argv) } } - /* trust password operation */ - if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { - /* trust password creation */ - if (!(checkparms & ~(BIT_CREATE + BIT_TRUSTPW + BIT_TRUSTSID + BIT_TRUSTFLAGS))) { - return new_trustpw(bdef, trustpw, trustsid, trustflags); - } - } - - if (setparms >= 0x20) { fprintf (stderr, "Incompatible or insufficient options on command line!\n"); } @@ -1176,4 +861,3 @@ int main (int argc, char **argv) return 1; } - |