diff options
Diffstat (limited to 'source3')
146 files changed, 3877 insertions, 16959 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 7f9c2a8b93..1454c65e34 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -119,15 +119,15 @@ PATH_FLAGS = $(PATH_FLAGS6) $(PASSWD_FLAGS) # Note that all executable programs now provide for an optional executable suffix. SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ bin/swat@EXEEXT@ \ - bin/wrepld@EXEEXT@ @EXTRA_SBIN_PROGS@ + @EXTRA_SBIN_PROGS@ BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \ bin/testparm@EXEEXT@ bin/testprns@EXEEXT@ bin/smbstatus@EXEEXT@ BIN_PROGS2 = bin/smbcontrol@EXEEXT@ bin/smbtree@EXEEXT@ bin/tdbbackup@EXEEXT@ \ - bin/nmblookup@EXEEXT@ bin/pdbedit@EXEEXT@ + bin/nmblookup@EXEEXT@ bin/pdbedit@EXEEXT@ bin/editreg@EXEEXT@ BIN_PROGS3 = bin/smbpasswd@EXEEXT@ bin/rpcclient@EXEEXT@ bin/smbcacls@EXEEXT@ \ bin/profiles@EXEEXT@ bin/ntlm_auth@EXEEXT@ \ - bin/editreg@EXEEXT@ bin/smbcquotas@EXEEXT@ + bin/smbcquotas@EXEEXT@ TORTURE_PROGS = bin/smbtorture@EXEEXT@ bin/msgtest@EXEEXT@ \ bin/masktest@EXEEXT@ bin/locktest@EXEEXT@ \ @@ -175,8 +175,7 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \ nsswitch/wb_client.o nsswitch/wb_common.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ - lib/module.o lib/genparser.o lib/genparser_samba.o \ - lib/ldap_escape.o @CHARSET_STATIC@ + lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o @@ -279,26 +278,17 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ passdb/machine_sid.o passdb/util_sam_sid.o passdb/pdb_compat.o \ - passdb/privileges.o @LDAP_OBJ@ @PDB_STATIC@ + @PDB_STATIC@ XML_OBJ = passdb/pdb_xml.o MYSQL_OBJ = passdb/pdb_mysql.o -DEVEL_HELP_OBJ = modules/developer.o - -SAM_STATIC_MODULES = sam/sam_plugin.o sam/sam_skel.o sam/sam_ads.o - -IDMAP_OBJ = sam/idmap.o sam/idmap_util.o sam/idmap_tdb.o - -SAM_OBJ = sam/account.o sam/get_set_account.o sam/get_set_group.o \ - sam/get_set_domain.o sam/interface.o $(SAM_STATIC_MODULES) - -SAMTEST_OBJ = torture/samtest.o torture/cmd_sam.o $(PARAM_OBJ) $(SAM_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(READLINE_OBJ) lib/util_seaccess.o $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(GROUPDB_OBJ) +DEVEL_HELP_OBJ = modules/weird.o GROUPDB_OBJ = groupdb/mapping.o PROFILE_OBJ = profile/profile.o PROFILES_OBJ = utils/profiles.o -EDITREG_OBJ = utils/editreg.o lib/snprintf.o +EDITREG_OBJ = utils/editreg.o OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o @@ -306,9 +296,9 @@ NOTIFY_OBJ = smbd/notify.o smbd/notify_hash.o smbd/notify_kernel.o VFS_AUDIT_OBJ = modules/vfs_audit.o VFS_EXTD_AUDIT_OBJ = modules/vfs_extd_audit.o +VFS_FAKE_PERMS_OBJ = modules/vfs_fake_perms.o VFS_RECYCLE_OBJ = modules/vfs_recycle.o VFS_NETATALK_OBJ = modules/vfs_netatalk.o -VFS_FAKE_PERMS_OBJ = modules/vfs_fake_perms.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -353,9 +343,7 @@ SMBD_OBJ_BASE = $(PARAM_OBJ) $(SMBD_OBJ_SRV) $(MSDFS_OBJ) $(LIBSMB_OBJ) \ $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(LIBADS_SERVER_OBJ) \ - $(LIB_SMBD_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \ - $(IDMAP_OBJ) - + $(LIB_SMBD_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) PRINTING_OBJ = printing/pcap.o printing/print_svid.o \ printing/print_cups.o printing/print_generic.o \ @@ -393,9 +381,9 @@ SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ web/swat.o web/neg_lang.o SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(LIBSMB_OBJ) \ - $(LOCKING_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(KRBCLIENT_OBJ) \ + $(LOCKING_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(KRBCLIENT_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \ - $(POPT_LIB_OBJ) $(IDMAP_OBJ) + $(POPT_LIB_OBJ) SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) @@ -419,15 +407,11 @@ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(SECRETS_OBJ) \ $(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\ - $(UBIQX_OBJ) $(LIB_OBJ) $(KRBCLIENT_OBJ) \ - $(IDMAP_OBJ) + $(UBIQX_OBJ) $(LIB_OBJ) $(KRBCLIENT_OBJ) PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ - $(POPT_LIB_OBJ) $(IDMAP_OBJ) - -SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \ - $(LIBSAMBA_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) $(IDMAP_OBJ) + $(POPT_LIB_OBJ) RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \ @@ -440,8 +424,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \ $(READLINE_OBJ) $(GROUPDB_OBJ) $(KRBCLIENT_OBJ) \ - $(LIBADS_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) \ - $(IDMAP_OBJ) + $(LIBADS_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po @@ -488,8 +471,7 @@ NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ $(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ - $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \ - $(IDMAP_OBJ) + $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(LIB_OBJ) $(KRBCLIENT_OBJ) @@ -568,7 +550,7 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \ $(LIB_SMBD_OBJ) $(SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \ $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \ $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \ - $(IDMAP_OBJ) $(RPC_ECHO_OBJ) + $(RPC_ECHO_OBJ) NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \ $(LIB_OBJ) $(NSSWINS_OBJ) @@ -583,7 +565,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \ libsmb/smbencrypt.o libsmb/smbdes.o libsmb/nterr.o \ $(PARAM_OBJ) $(LIB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(SECRETS_OBJ) $(UBIQX_OBJ) $(IDMAP_OBJ) + $(SECRETS_OBJ) $(UBIQX_OBJ) PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po) @@ -591,6 +573,8 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd.o \ nsswitch/winbindd_user.o \ nsswitch/winbindd_group.o \ + nsswitch/winbindd_idmap.o \ + nsswitch/winbindd_idmap_tdb.o \ nsswitch/winbindd_util.o \ nsswitch/winbindd_cache.o \ nsswitch/winbindd_pam.o \ @@ -600,14 +584,13 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_wins.o \ nsswitch/winbindd_rpc.o \ nsswitch/winbindd_ads.o \ - nsswitch/winbindd_dual.o \ - nsswitch/winbindd_passdb.o + nsswitch/winbindd_dual.o WINBINDD_OBJ = \ - $(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + $(WINBINDD_OBJ1) $(PASSDB_GET_SET_OBJ) \ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ - $(PROFILE_OBJ) $(UNIGRP_OBJ) $(IDMAP_OBJ) \ + $(PROFILE_OBJ) $(UNIGRP_OBJ) \ $(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o $(POPT_LIB_OBJ) @@ -663,7 +646,7 @@ wins : SHOWFLAGS nsswitch/libnss_wins.@SHLIBEXT@ modules: SHOWFLAGS proto_exists $(MODULES) -everything: all libsmbclient debug2html smbfilter talloctort torture +everything: all libsmbclient debug2html smbfilter talloctort modules torture .SUFFIXES: .SUFFIXES: .c .o .po .po32 .lo @@ -710,6 +693,14 @@ dynconfig.po: dynconfig.c Makefile @BROKEN_CC@ -mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po$$%.o%'` $@ @POBAD_CC@ @mv $*.po.o $@ +smbd/build_options.o: smbd/build_options.c Makefile include/config.h include/build_env.h include/proto.h + @echo Compiling $*.c + @$(CC) $(FLAGS) $(PATH_FLAGS) -c $< -o $@ + +smbd/build_options.c: include/config.h.in script/mkbuildoptions.awk + @echo Generating $@ + @$(AWK) -f $(srcdir)/script/mkbuildoptions.awk > $(builddir)/smbd/build_options.c < $(srcdir)/include/config.h.in + .c.po: @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @@ -819,10 +810,6 @@ bin/samtest@EXEEXT@: $(SAMTEST_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDBLIBS) $(ADSLIBS) -bin/smbgroupedit@EXEEXT@: $(SMBGROUPEDIT_OBJ) bin/.dummy - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(PASSDBLIBS) $(LDFLAGS) $(DYNEXP) $(LIBS) - bin/nmblookup@EXEEXT@: $(NMBLOOKUP_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ @@ -975,7 +962,7 @@ nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ) @SONAMEFLAG@`basename $@` bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy - @echo Linking $@ + @echo "Linking $@" @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) @LDAP_LIBS@ nsswitch/@WINBIND_NSS@: $(WINBIND_NSS_PICOBJS) @@ -984,7 +971,7 @@ nsswitch/@WINBIND_NSS@: $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@ @SONAMEFLAG@`basename $@` nsswitch/pam_winbind.@SHLIBEXT@: $(PAM_WINBIND_OBJ) bin/.dummy - @echo Linking $@ + @echo "Linking $@" @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) \ @SONAMEFLAG@`basename $@` -lpam @@ -1036,11 +1023,6 @@ bin/smbpasswd.@SHLIBEXT@: passdb/pdb_smbpasswd.o @$(SHLD) $(LDSHFLAGS) -o $@ passdb/pdb_smbpasswd.o \ @SONAMEFLAG@`basename $@` -bin/unixsam.@SHLIBEXT@: passdb/pdb_unix.o - @echo "Building plugin $@" - @$(SHLD) $(LDSHFLAGS) -o $@ passdb/pdb_unix.o \ - @SONAMEFLAG@`basename $@` - bin/nisplussam.@SHLIBEXT@: passdb/pdb_nisplus.o @echo "Building plugin $@" @$(SHLD) $(LDSHFLAGS) -o $@ passdb/pdb_nisplus.o \ @@ -1112,14 +1094,14 @@ bin/t_stringoverflow@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_stringove bin/t_doschar@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_doschar.o $(CC) $(FLAGS) -o $@ $(LIBS) torture/t_doschar.o -L ./bin -lbigballofmud - bin/t_push_ucs2@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_push_ucs2.o $(CC) $(FLAGS) -o $@ $(LIBS) torture/t_push_ucs2.o -L ./bin -lbigballofmud bin/t_snprintf@EXEEXT@: lib/snprintf.c $(CC) $(FLAGS) -o $@ -DTEST_SNPRINTF lib/snprintf.c -lm +install: installbin installman installscripts installdat installswat -install: installbin installman installscripts installdat installswat installmodules installclientlib +install-everything: install installmodules # DESTDIR is used here to prevent packagers wasting their time # duplicating the Makefile. Remove it and you will have the privelege @@ -1251,8 +1233,7 @@ modules_clean: # afterwards. proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h \ nsswitch/winbindd_proto.h web/swat_proto.h \ - client/client_proto.h utils/net_proto.h -# include/tdbsam2_parse_info.h + client/client_proto.h utils/net_proto.h smbd/build_options.c delheaders: @echo Removing prototype headers @@ -1260,20 +1241,19 @@ delheaders: @/bin/rm -f $(srcdir)/include/wrepld_proto.h $(srcdir)/nsswitch/winbindd_proto.h @/bin/rm -f $(srcdir)/web/swat_proto.h @/bin/rm -f $(srcdir)/client/client_proto.h $(srcdir)/utils/net_proto.h - @/bin/rm -f $(srcdir)/include/tdbsam2_parse_info.h + @/bin/rm -f $(srcdir)/smbd/build_options.c @/bin/rm -f include/proto.h include/build_env.h include/wrepld_proto.h \ nsswitch/winbindd_proto.h web/swat_proto.h \ - client/client_proto.h utils/net_proto.h -# include/tdbsam2_parse_info.h + client/client_proto.h utils/net_proto.h smbd/build_options.c -include/proto.h: +include/proto.h: smbd/build_options.c @echo Building include/proto.h @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ -h _PROTO_H_ $(builddir)/include/proto.h \ $(PROTO_OBJ) -include/build_env.h: +include/build_env.h: script/build_env.sh @echo Building include/build_env.h @cd $(srcdir) && $(SHELL) script/build_env.sh $(srcdir) $(builddir) $(CC) > $(builddir)/include/build_env.h @@ -1303,29 +1283,19 @@ utils/net_proto.h: -h _CLIENT_PROTO_H_ utils/net_proto.h \ $(NET_OBJ1) -# not used yet an perl dependent -#include/tdbsam2_parse_info.h: -# @if test -n "$(PERL)"; then \ -# cd $(srcdir) && @PERL@ -w script/genstruct.pl \ -# -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \ -# include/tdbsam2.h; \ -# else \ -# echo Unable to build $@, continuing; \ -# fi - # "make headers" or "make proto" calls a subshell because we need to # make sure these commands are executed in sequence even for a # parallel make. headers: $(MAKE) delheaders; \ + $(MAKE) smbd/build_options.c; \ $(MAKE) include/proto.h; \ $(MAKE) include/build_env.h; \ $(MAKE) include/wrepld_proto.h; \ $(MAKE) nsswitch/winbindd_proto.h; \ $(MAKE) web/swat_proto.h; \ $(MAKE) client/client_proto.h; \ - $(MAKE) utils/net_proto.h; -# $(MAKE) include/tdbsam2_parse_info.h + $(MAKE) utils/net_proto.h proto: headers @@ -1375,7 +1345,10 @@ Makefile: $(srcdir)/Makefile.in config.status check: check-programs LD_LIBRARY_PATH="`pwd`/bin:$$LD_LIBRARY_PATH" \ PATH="`pwd`/bin:$$PATH" \ - python stf/standardcheck.py + python stf/standardcheck.py; \ + if test -n "$(PYTHON)"; then \ + python stf/pythoncheck.py; \ + fi # These are called by the test suite and need to be built before # running it. For the time being we don't build all of BIN_PROGS, diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index 3411083116..0875c48280 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -135,20 +135,17 @@ check for a possible hosts equiv or rhosts entry for the user static BOOL check_hosts_equiv(SAM_ACCOUNT *account) { - uid_t uid; - char *fname = NULL; + char *fname = NULL; - fname = lp_hosts_equiv(); - if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(account), &uid))) - return False; + fname = lp_hosts_equiv(); - /* note: don't allow hosts.equiv on root */ - if (fname && *fname && uid != 0) { - if (check_user_equiv(pdb_get_username(account),client_name(),fname)) - return True; - } + /* note: don't allow hosts.equiv on root */ + if (IS_SAM_UNIX_USER(account) && fname && *fname && (pdb_get_uid(account) != 0)) { + if (check_user_equiv(pdb_get_username(account),client_name(),fname)) + return(True); + } - return False; + return(False); } diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 33ea9bc73e..9a619f81f6 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -500,8 +500,6 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context unless it is one of our aliases. */ if (!is_myname(user_info->domain.str)) { - DEBUG(7,("The requested user domain is not the local server name. [%s]\\[%s]\n", - user_info->domain.str,user_info->internal_username.str)); return NT_STATUS_NO_SUCH_USER; } @@ -520,52 +518,8 @@ NTSTATUS auth_init_samstrict(struct auth_context *auth_context, const char *para return NT_STATUS_OK; } -/**************************************************************************** -Check SAM security (above) but with a few extra checks if we're a DC. -****************************************************************************/ - -static NTSTATUS check_samstrict_dc_security(const struct auth_context *auth_context, - void *my_private_data, - TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) -{ - - if (!user_info || !auth_context) { - return NT_STATUS_LOGON_FAILURE; - } - - /* If we are a domain member, we must not - attempt to check the password locally, - unless it is one of our aliases, empty - or our domain if we are a logon server.*/ - - - if ((!is_myworkgroup(user_info->domain.str))&& - (!is_myname(user_info->domain.str))) { - DEBUG(7,("The requested user domain is not the local server name or our domain. [%s]\\[%s]\n", - user_info->domain.str,user_info->internal_username.str)); - return NT_STATUS_NO_SUCH_USER; - } - - return check_sam_security(auth_context, my_private_data, mem_ctx, user_info, server_info); -} - -/* module initialisation */ -NTSTATUS auth_init_samstrict_dc(struct auth_context *auth_context, const char *param, auth_methods **auth_method) -{ - if (!make_auth_methods(auth_context, auth_method)) { - return NT_STATUS_NO_MEMORY; - } - - (*auth_method)->auth = check_samstrict_dc_security; - (*auth_method)->name = "samstrict_dc"; - return NT_STATUS_OK; -} - NTSTATUS auth_sam_init(void) { - smb_register_auth(AUTH_INTERFACE_VERSION, "samstrict_dc", auth_init_samstrict_dc); smb_register_auth(AUTH_INTERFACE_VERSION, "samstrict", auth_init_samstrict); smb_register_auth(AUTH_INTERFACE_VERSION, "sam", auth_init_sam); return NT_STATUS_OK; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index e8f2af41f3..a3ca0b226f 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -611,21 +611,21 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token; int i; - if (NT_STATUS_IS_ERR(uid_to_sid(&user_sid, uid))) { + if (!uid_to_sid(&user_sid, uid)) { return NULL; } - if (NT_STATUS_IS_ERR(gid_to_sid(&group_sid, gid))) { + if (!gid_to_sid(&group_sid, gid)) { return NULL; } - group_sids = malloc(sizeof(DOM_SID) * ngroups); + group_sids = malloc(sizeof(DOM_SID) * ngroups); if (!group_sids) { DEBUG(0, ("create_nt_token: malloc() failed for DOM_SID list!\n")); return NULL; } for (i = 0; i < ngroups; i++) { - if (NT_STATUS_IS_ERR(gid_to_sid(&(group_sids)[i], (groups)[i]))) { + if (!gid_to_sid(&(group_sids)[i], (groups)[i])) { DEBUG(1, ("create_nt_token: failed to convert gid %ld to a sid!\n", (long int)groups[i])); SAFE_FREE(group_sids); return NULL; @@ -648,7 +648,7 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, * If this samba server is a DC of the domain the user belongs to, it returns * both domain groups and local / builtin groups. If the user is in a trusted * domain, or samba is a member server of a domain, then this function returns - * local and builtin groups the user is a member of. + * local and builtin groups the user is a member of. * * currently this is a hack, as there is no sam implementation that is capable * of groups. @@ -661,18 +661,23 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, gid_t gid; int n_unix_groups; int i; + struct passwd *usr; *n_groups = 0; *groups = NULL; - if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &uid)) || NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sampass), &gid))) { - DEBUG(0, ("get_user_groups_from_local_sam: error fetching uid or gid for user!\n")); - return NT_STATUS_UNSUCCESSFUL; + if (!IS_SAM_UNIX_USER(sampass)) { + DEBUG(1, ("user %s does not have a unix identity!\n", pdb_get_username(sampass))); + return NT_STATUS_NO_SUCH_USER; } + + uid = pdb_get_uid(sampass); + gid = pdb_get_gid(sampass); n_unix_groups = groups_max(); if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) { DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n")); + passwd_free(&usr); return NT_STATUS_NO_MEMORY; } @@ -681,6 +686,7 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups); if (!groups_tmp) { SAFE_FREE(*unix_groups); + passwd_free(&usr); return NT_STATUS_NO_MEMORY; } *unix_groups = groups_tmp; @@ -688,6 +694,7 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, if (sys_getgrouplist(pdb_get_username(sampass), gid, *unix_groups, &n_unix_groups) == -1) { DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n")); SAFE_FREE(*unix_groups); + passwd_free(&usr); return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */ } } @@ -706,7 +713,7 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, *n_groups = n_unix_groups; for (i = 0; i < *n_groups; i++) { - if (NT_STATUS_IS_ERR(gid_to_sid(&(*groups)[i], (*unix_groups)[i]))) { + if (!gid_to_sid(&(*groups)[i], (*unix_groups)[i])) { DEBUG(1, ("get_user_groups_from_local_sam: failed to convert gid %ld to a sid!\n", (long int)(*unix_groups)[i+1])); SAFE_FREE(*groups); SAFE_FREE(*unix_groups); @@ -723,8 +730,6 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass) { - NTSTATUS ret; - *server_info = malloc(sizeof(**server_info)); if (!*server_info) { DEBUG(0,("make_server_info: malloc failed!\n")); @@ -734,10 +739,6 @@ static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACC (*server_info)->sam_fill_level = SAM_FILL_ALL; (*server_info)->sam_account = sampass; - if (NT_STATUS_IS_ERR(ret = sid_to_uid(pdb_get_user_sid(sampass), &((*server_info)->uid)))) - return ret; - if (NT_STATUS_IS_ERR(ret = sid_to_gid(pdb_get_group_sid(sampass), &((*server_info)->gid)))) - return ret; return NT_STATUS_OK; } @@ -868,8 +869,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, struct passwd *passwd; - unid_t u_id, g_id; - int u_type, g_type; + uid_t uid; + gid_t gid; int n_lgroupSIDs; DOM_SID *lgroupSIDs = NULL; @@ -906,11 +907,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, domain = domain; } - u_type = ID_USERID; - g_type = ID_GROUPID; - if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&u_id, &u_type, &user_sid)) - && NT_STATUS_IS_OK(idmap_get_id_from_sid(&g_id, &g_type, &group_sid)) - && ((passwd = getpwuid_alloc(u_id.uid)))) { + if (winbind_sid_to_uid(&uid, &user_sid) + && winbind_sid_to_gid(&gid, &group_sid) + && ((passwd = getpwuid_alloc(uid)))) { nt_status = pdb_init_sam_pw(&sam_account, passwd); passwd_free(&passwd); } else { diff --git a/source3/bin/.cvsignore b/source3/bin/.cvsignore index 770100fd31..8188947f75 100644 --- a/source3/bin/.cvsignore +++ b/source3/bin/.cvsignore @@ -41,7 +41,6 @@ swat t_push_ucs2 t_snprintf t_strcmp -t_stringoverflow talloctort tdbbackup testparm diff --git a/source3/change-log b/source3/change-log index 71f5012484..1f7798b541 100644 --- a/source3/change-log +++ b/source3/change-log @@ -2,7 +2,7 @@ SUPERCEDED Change Log for Samba ^^^^^^^^^^ Unless otherwise attributed, all changes were made by -Andrew.Tridgell@anu.edu.au. +Andrew.Tridgell@anu.edu.au. All bugs to samba-bugs@samba.org. NOTE: THIS LOG IS IN CHRONOLOGICAL ORDER diff --git a/source3/client/client.c b/source3/client/client.c index f885106275..f5be4e9859 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -2214,181 +2214,40 @@ static int process_command_string(char *cmd) return rc; } +/**************************************************************************** +handle completion of commands for readline +****************************************************************************/ +static char **completion_fn(char *text, int start, int end) +{ #define MAX_COMPLETIONS 100 - -typedef struct { - pstring dirmask; char **matches; - int count, samelen; - const char *text; - int len; -} completion_remote_t; + int i, count=0; -static void completion_remote_filter(file_info *f, const char *mask, void *state) -{ - completion_remote_t *info = (completion_remote_t *)state; + /* for words not at the start of the line fallback to filename completion */ + if (start) return NULL; - if ((info->count < MAX_COMPLETIONS - 1) && (strncmp(info->text, f->name, info->len) == 0) && (strcmp(f->name, ".") != 0) && (strcmp(f->name, "..") != 0)) { - if ((info->dirmask[0] == 0) && !(f->mode & aDIR)) - info->matches[info->count] = strdup(f->name); - else { - pstring tmp; + matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS); + if (!matches) return NULL; - if (info->dirmask[0] != 0) - pstrcpy(tmp, info->dirmask); - else - tmp[0] = 0; - pstrcat(tmp, f->name); - if (f->mode & aDIR) - pstrcat(tmp, "/"); - info->matches[info->count] = strdup(tmp); - } - if (info->matches[info->count] == NULL) - return; - if (f->mode & aDIR) - smb_readline_ca_char(0); + matches[count++] = strdup(text); + if (!matches[0]) return NULL; - if (info->count == 1) - info->samelen = strlen(info->matches[info->count]); - else - while (strncmp(info->matches[info->count], info->matches[info->count-1], info->samelen) != 0) - info->samelen--; - info->count++; + for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) { + if (strncmp(text, commands[i].name, strlen(text)) == 0) { + matches[count] = strdup(commands[i].name); + if (!matches[count]) return NULL; + count++; + } } -} - -static char **remote_completion(const char *text, int len) -{ - pstring dirmask; - int i; - completion_remote_t info = { "", NULL, 1, len, text, len }; - - if (len >= PATH_MAX) - return(NULL); - - info.matches = (char **)malloc(sizeof(info.matches[0])*MAX_COMPLETIONS); - if (!info.matches) return NULL; - info.matches[0] = NULL; - - for (i = len-1; i >= 0; i--) - if ((text[i] == '/') || (text[i] == '\\')) - break; - info.text = text+i+1; - info.samelen = info.len = len-i-1; - if (i > 0) { - strncpy(info.dirmask, text, i+1); - info.dirmask[i+1] = 0; - snprintf(dirmask, sizeof(dirmask), "%s%*s*", cur_dir, i-1, text); - } else - snprintf(dirmask, sizeof(dirmask), "%s*", cur_dir); - - if (cli_list(cli, dirmask, aDIR | aSYSTEM | aHIDDEN, completion_remote_filter, &info) < 0) - goto cleanup; - - if (info.count == 2) - info.matches[0] = strdup(info.matches[1]); - else { - info.matches[0] = malloc(info.samelen+1); - if (!info.matches[0]) - goto cleanup; - strncpy(info.matches[0], info.matches[1], info.samelen); - info.matches[0][info.samelen] = 0; + if (count == 2) { + SAFE_FREE(matches[0]); + matches[0] = strdup(matches[1]); } - info.matches[info.count] = NULL; - return info.matches; - -cleanup: - for (i = 0; i < info.count; i++) - free(info.matches[i]); - free(info.matches); - return NULL; + matches[count] = NULL; + return matches; } -static char **completion_fn(const char *text, int start, int end) -{ - smb_readline_ca_char(' '); - - if (start) { - const char *buf, *sp; - int i; - char compl_type; - - buf = smb_readline_get_line_buffer(); - if (buf == NULL) - return NULL; - - sp = strchr(buf, ' '); - if (sp == NULL) - return NULL; - - for (i = 0; commands[i].name; i++) - if ((strncmp(commands[i].name, text, sp - buf) == 0) && (commands[i].name[sp - buf] == 0)) - break; - if (commands[i].name == NULL) - return NULL; - - while (*sp == ' ') - sp++; - - if (sp == (buf + start)) - compl_type = commands[i].compl_args[0]; - else - compl_type = commands[i].compl_args[1]; - - if (compl_type == COMPL_REMOTE) - return remote_completion(text, end - start); - else /* fall back to local filename completion */ - return NULL; - } else { - char **matches; - int i, len, samelen, count=1; - - matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS); - if (!matches) return NULL; - matches[0] = NULL; - - len = strlen(text); - for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) { - if (strncmp(text, commands[i].name, len) == 0) { - matches[count] = strdup(commands[i].name); - if (!matches[count]) - goto cleanup; - if (count == 1) - samelen = strlen(matches[count]); - else - while (strncmp(matches[count], matches[count-1], samelen) != 0) - samelen--; - count++; - } - } - - switch (count) { - case 0: /* should never happen */ - case 1: - goto cleanup; - case 2: - matches[0] = strdup(matches[1]); - break; - default: - matches[0] = malloc(samelen+1); - if (!matches[0]) - goto cleanup; - strncpy(matches[0], matches[1], samelen); - matches[0][samelen] = 0; - } - matches[count] = NULL; - return matches; - -cleanup: - while (i >= 0) { - free(matches[i]); - i--; - } - free(matches); - return NULL; - } -} /**************************************************************************** make sure we swallow keepalives during idle time diff --git a/source3/config.sub b/source3/config.sub index 04baf3d80d..2476310dff 100755 --- a/source3/config.sub +++ b/source3/config.sub @@ -1,9 +1,9 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. -timestamp='2003-01-03' +timestamp='2001-12-03' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -118,7 +118,7 @@ esac # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + nto-qnx* | linux-gnu* | storm-chaos* | os2-emx* | windows32-*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -227,39 +227,26 @@ case $basic_machine in 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ - | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | c4x | clipper \ + | d10v | d30v | dsp16xx \ + | fr30 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ - | ip2k \ | m32r | m68000 | m68k | m88k | mcore \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ + | mips16 | mips64 | mips64el | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el | mips64vr4300 \ + | mips64vr4300el | mips64vr5000 | mips64vr5000el \ + | mipsbe | mipseb | mipsel | mipsle | mipstx39 | mipstx39el \ + | mipsisa32 \ | mn10200 | mn10300 \ - | msp430 \ | ns16k | ns32k \ - | openrisc | or32 \ + | openrisc \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ - | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ + | sh | sh[34] | sh[34]eb | shbe | shle \ + | sparc | sparc64 | sparclet | sparclite | sparcv9 | sparcv9b \ | strongarm \ | tahoe | thumb | tic80 | tron \ | v850 | v850e \ @@ -291,52 +278,38 @@ case $basic_machine in 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | alphapca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armv*-* \ | avr-* \ | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \ - | clipper-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ + | c[123]* | c30-* | [cjt]90-* | c54x-* \ + | clipper-* | cray2-* | cydra-* \ + | d10v-* | d30v-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fr30-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* \ | m32r-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m68000-* | m680[01234]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | mcore-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39-* | mipstx39el-* \ - | msp430-* \ - | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ + | mips-* | mips16-* | mips64-* | mips64el-* | mips64orion-* \ + | mips64orionel-* | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* | mipsbe-* | mipseb-* \ + | mipsle-* | mipsel-* | mipstx39-* | mipstx39el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \ + | sh-* | sh[34]-* | sh[34]eb-* | shbe-* | shle-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* \ + | t3e-* | tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | x86-* | x86_64-* | xmp-* | xps100-* | xscale-* | xstormy16-* \ | xtensa-* \ | ymp-* \ | z8k-*) @@ -402,10 +375,6 @@ case $basic_machine in basic_machine=ns32k-sequent os=-dynix ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -426,8 +395,16 @@ case $basic_machine in basic_machine=c38-convex os=-bsd ;; - cray | j90) - basic_machine=j90-cray + cray | ymp) + basic_machine=ymp-cray + os=-unicos + ;; + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [cjt]90) + basic_machine=${basic_machine}-cray os=-unicos ;; crds | unos) @@ -442,14 +419,6 @@ case $basic_machine in decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola @@ -630,6 +599,14 @@ case $basic_machine in basic_machine=m68k-atari os=-mint ;; + mipsel*-linux*) + basic_machine=mipsel-unknown + os=-linux-gnu + ;; + mips*-linux*) + basic_machine=mips-unknown + os=-linux-gnu + ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; @@ -644,10 +621,6 @@ case $basic_machine in basic_machine=m68k-rom68k os=-coff ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; msdos) basic_machine=i386-pc os=-msdos @@ -720,10 +693,6 @@ case $basic_machine in np1) basic_machine=np1-gould ;; - nv1) - basic_machine=nv1-cray - os=-unicosmp - ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -731,10 +700,6 @@ case $basic_machine in basic_machine=hppa1.1-oki os=-proelf ;; - or32 | or32-*) - basic_machine=or32-unknown - os=-coff - ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose @@ -757,13 +722,13 @@ case $basic_machine in pbb) basic_machine=m68k-tti ;; - pc532 | pc532-*) + pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) + pentiumpro | p6 | 6x86 | athlon) basic_machine=i686-pc ;; pentiumii | pentium2) @@ -784,22 +749,22 @@ case $basic_machine in power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown - ;; + ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown - ;; + ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown - ;; + ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown - ;; + ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; @@ -830,12 +795,6 @@ case $basic_machine in basic_machine=a29k-amd os=-udi ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; sequent) basic_machine=i386-sequent ;; @@ -910,17 +869,9 @@ case $basic_machine in os=-dynix ;; t3e) - basic_machine=alphaev5-cray + basic_machine=t3e-cray os=-unicos ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - tic4x | c4x*) - basic_machine=tic4x-unknown - os=-coff - ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff @@ -931,10 +882,6 @@ case $basic_machine in tx39el) basic_machine=mipstx39el-unknown ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; tower | tower-32) basic_machine=m68k-ncr ;; @@ -959,8 +906,8 @@ case $basic_machine in os=-vms ;; vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; + basic_machine=f301-fujitsu + ;; vxworks960) basic_machine=i960-wrs os=-vxworks @@ -981,13 +928,17 @@ case $basic_machine in basic_machine=hppa1.1-winbond os=-proelf ;; - xps | xps100) - basic_machine=xps100-honeywell + windows32) + basic_machine=i386-pc + os=-windows32-msvcrt ;; - ymp) - basic_machine=ymp-cray + xmp) + basic_machine=xmp-cray os=-unicos ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim @@ -1008,6 +959,13 @@ case $basic_machine in op60c) basic_machine=hppa1.1-oki ;; + mips) + if [ x$os = x-linux-gnu ]; then + basic_machine=mips-unknown + else + basic_machine=mips-mips + fi + ;; romp) basic_machine=romp-ibm ;; @@ -1027,16 +985,13 @@ case $basic_machine in we32k) basic_machine=we32k-att ;; - sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) + sh3 | sh4 | sh3eb | sh4eb) basic_machine=sh-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; sparc | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; - cydra) + cydra) basic_machine=cydra-cydrome ;; orion) @@ -1051,6 +1006,10 @@ case $basic_machine in pmac | pmac-mpw) basic_machine=powerpc-apple ;; + c4x*) + basic_machine=c4x-none + os=-coff + ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; @@ -1113,12 +1072,10 @@ case $os in | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -microbsd*) + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1130,10 +1087,8 @@ case $os in ;; esac ;; - -nto-qnx*) - ;; -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` + os=-nto-qnx ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ @@ -1181,11 +1136,8 @@ case $os in -ctix* | -uts*) os=-sysv ;; - -nova*) - os=-rtmk-nova - ;; -ns2 ) - os=-nextstep2 + os=-nextstep2 ;; -nsk*) os=-nsk @@ -1224,8 +1176,8 @@ case $os in -xenix) os=-xenix ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint ;; -none) ;; @@ -1258,11 +1210,10 @@ case $basic_machine in arm*-semi) os=-aout ;; - # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; - pdp11-*) + pdp11-*) os=-none ;; *-dec | vax-*) @@ -1289,9 +1240,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or32-*) - os=-coff - ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; @@ -1355,19 +1303,19 @@ case $basic_machine in *-next) os=-nextstep3 ;; - *-gould) + *-gould) os=-sysv ;; - *-highlevel) + *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; - *-sgi) + *-sgi) os=-irix ;; - *-siemens) + *-siemens) os=-sysv4 ;; *-masscomp) @@ -1439,7 +1387,7 @@ case $basic_machine in -ptx*) vendor=sequent ;; - -vxsim* | -vxworks* | -windiss*) + -vxsim* | -vxworks*) vendor=wrs ;; -aux*) diff --git a/source3/configure.in b/source3/configure.in index 77d160e4cb..18284c5c15 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -172,11 +172,13 @@ AC_ARG_ENABLE(debug, AC_ARG_ENABLE(developer, [ --enable-developer Turn on developer warnings and debugging (default=no)], [if eval "test x$enable_developer = xyes"; then - CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER" + developer=yes + CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER" fi]) AC_ARG_ENABLE(krb5developer, [ --enable-krb5developer Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)], [if eval "test x$enable_krb5developer = xyes"; then + developer=yes CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER" fi]) @@ -248,9 +250,9 @@ dnl These have to be built static: default_static_modules="pdb_smbpasswd pdb_tdbsam pdb_unix rpc_lsa rpc_samr rpc_reg rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin idmap_winbind" dnl These are preferably build shared, and static if dlopen() is not available -default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_fake_perms vfs_netatalk" +default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms" -if test "x$enable_developer" = xyes; then +if test "x$developer" = xyes; then default_static_modules="$default_static_modules rpc_echo" default_shared_modules="$default_shared_modules charset_weird" fi @@ -2278,10 +2280,14 @@ LIBS="" ######################################################## # now see if we can find the ldap libs in standard paths if test x$have_ldap != xyes; then - AC_CHECK_LIB(ldap, ldap_domain2hostlist, [LIBS="$LIBS -lldap"; - LDAP_OBJ=lib/ldap.o; - AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])]) - AC_CHECK_HEADERS([ldap.h lber.h], [default_static_modules="$default_static_modules pdb_ldap"]) + AC_CHECK_LIB(ldap, ldap_init, [ + LIBS="$LIBS -lldap"; + AC_CHECK_LIB(ldap, ldap_domain2hostlist, [ + AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available]) + AC_CHECK_HEADERS([ldap.h lber.h], + [default_static_modules="$default_static_modules pdb_ldap"]) + ]) + ]) ######################################################## # If we have LDAP, does it's rebind procedure take 2 or 3 arguments? @@ -2292,6 +2298,7 @@ LIBS="" #include <lber.h> #include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [pam_ldap_cv_ldap_set_rebind_proc=3], [pam_ldap_cv_ldap_set_rebind_proc=2]) ]) AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc]) + AC_CHECK_FUNCS(ldap_initialize) fi LDAP_LIBS="$LIBS"; @@ -2457,27 +2464,6 @@ AC_ARG_WITH(ldapsam, AC_MSG_RESULT(no) ) -################################################# -# check for IDMAP - -AC_DEFINE(WITH_IDMAP,1, [Include IDMAP support]) - -AC_MSG_CHECKING(whether to use IDMAP only for [ug]id mapping) -AC_ARG_WITH(idmap, -[ --with-idmap Include experimental IDMAP support (default=yes)], -[ case "$withval" in - yes) - AC_MSG_RESULT(yes) - AC_DEFINE(WITH_IDMAP,1,[Whether to include experimental IDMAP support]) - ;; - no) - AC_MSG_RESULT(no) - AC_DEFINE(WITH_IDMAP,0,[Whether to include experimental IDMAP support]) - ;; - esac ], - AC_MSG_RESULT(yes) -) - ######################################################################################## ## ## END OF TESTS FOR SAM BACKENDS. @@ -3283,7 +3269,7 @@ if test x"$HAVE_WINBIND" = x"yes"; then EXTRA_BIN_PROGS="$EXTRA_BIN_PROGS bin/wbinfo\$(EXEEXT)" EXTRA_SBIN_PROGS="$EXTRA_SBIN_PROGS bin/winbindd\$(EXEEXT)" if test x"$BLDSHARED" = x"true"; then - SHLIB_PROGS="$SHLIB_PROGS nsswitch/$WINBIND_NSS" + SHLIB_PROGS="$SHLIB_PROGS nsswitch/$WINBIND_NSS" if test x"$with_pam" = x"yes"; then SHLIB_PROGS="$SHLIB_PROGS nsswitch/pam_winbind.$SHLIBEXT" @@ -3294,31 +3280,15 @@ else fi # Solaris has some extra fields in struct passwd that need to be -# initialised otherwise nscd crashes. Unfortunately autoconf < 2.50 -# doesn't have the AC_CHECK_MEMBER macro which would be handy for checking -# this. - -#AC_CHECK_MEMBER(struct passwd.pw_comment, -# AC_DEFINE(HAVE_PASSWD_PW_COMMENT, 1, [Defined if struct passwd has pw_comment field]), -# [#include <pwd.h>]) - -AC_CACHE_CHECK([whether struct passwd has pw_comment],samba_cv_passwd_pw_comment, [ - AC_TRY_COMPILE([#include <pwd.h>],[struct passwd p; p.pw_comment;], - samba_cv_passwd_pw_comment=yes,samba_cv_passwd_pw_comment=no)]) -if test x"$samba_cv_passwd_pw_comment" = x"yes"; then - AC_DEFINE(HAVE_PASSWD_PW_COMMENT,1,[Whether struct passwd has pw_comment]) -fi - -#AC_CHECK_MEMBER(struct passwd.pw_age, -# AC_DEFINE(HAVE_PASSWD_PW_AGE, 1, [Defined if struct passwd has pw_age field]), -# [#include <pwd.h>]) +# initialised otherwise nscd crashes. + +AC_CHECK_MEMBER(struct passwd.pw_comment, + AC_DEFINE(HAVE_PASSWD_PW_COMMENT, 1, [Defined if struct passwd has pw_comment field]),, + [#include <pwd.h>]) -AC_CACHE_CHECK([whether struct passwd has pw_age],samba_cv_passwd_pw_age, [ - AC_TRY_COMPILE([#include <pwd.h>],[struct passwd p; p.pw_age;], - samba_cv_passwd_pw_age=yes,samba_cv_passwd_pw_age=no)]) -if test x"$samba_cv_passwd_pw_age" = x"yes"; then - AC_DEFINE(HAVE_PASSWD_PW_AGE,1,[Whether struct passwd has pw_age]) -fi +AC_CHECK_MEMBER(struct passwd.pw_age, + AC_DEFINE(HAVE_PASSWD_PW_AGE, 1, [Defined if struct passwd has pw_age field]),, + [#include <pwd.h>]) ################################################# # Check to see if we should use the included popt @@ -3430,7 +3400,6 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, "bin/ldapsam.$SHLIBEXT", PDB, SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB) SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB) SMB_MODULE(pdb_nisplussam, passdb/pdb_nisplus.o, "bin/nisplussam.$SHLIBEXT", PDB) -SMB_MODULE(pdb_unix, passdb/pdb_unix.o, "bin/unixsam.$SHLIBEXT", PDB) SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB) SMB_SUBSYSTEM(PDB) @@ -3445,7 +3414,7 @@ SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), "bin/librpc_samr.$SHLIBEXT", RPC) SMB_MODULE(rpc_echo, \$(RPC_ECHO_OBJ), "bin/librpc_echo.$SHLIBEXT", RPC) SMB_SUBSYSTEM(RPC) -SMB_MODULE(charset_weird, modules/developer.o, "bin/weird.$SHLIBEXT", CHARSET) +SMB_MODULE(charset_weird, modules/weird.o, "bin/weird.$SHLIBEXT", CHARSET) SMB_SUBSYSTEM(CHARSET) SMB_MODULE(auth_rhosts, \$(AUTH_RHOSTS_OBJ), "bin/rhosts.$SHLIBEXT", AUTH) @@ -3460,8 +3429,8 @@ SMB_SUBSYSTEM(AUTH) SMB_MODULE(vfs_recycle, \$(VFS_RECYCLE_OBJ), "bin/recycle.$SHLIBEXT", VFS) SMB_MODULE(vfs_audit, \$(VFS_AUDIT_OBJ), "bin/audit.$SHLIBEXT", VFS) SMB_MODULE(vfs_extd_audit, \$(VFS_EXTD_AUDIT_OBJ), "bin/extd_audit.$SHLIBEXT", VFS) -SMB_MODULE(vfs_fake_perms, \$(VFS_FAKE_PERMS_OBJ), "bin/fake_perms.$SHLIBEXT", VFS) SMB_MODULE(vfs_netatalk, \$(VFS_NETATALK_OBJ), "bin/netatalk.$SHLIBEXT", VFS) +SMB_MODULE(vfs_fake_perms, \$(VFS_FAKE_PERMS_OBJ), "bin/fake_perms.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS) AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules]) diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 2b7a852688..b718f42f93 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -170,17 +170,17 @@ static BOOL default_group_mapping(void) /* Add the Wellknown groups */ - add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); - add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); /* Add the defaults domain groups */ @@ -763,7 +763,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; - + dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) continue; @@ -803,7 +803,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, free_privilege(set); continue; } - + if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); free_privilege(set); @@ -838,7 +838,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, free_privilege(&(mapt[entries].priv_set)); entries++; - } *num_entries=entries; diff --git a/source3/include/.cvsignore b/source3/include/.cvsignore index 4bff170b3b..bff248727f 100644 --- a/source3/include/.cvsignore +++ b/source3/include/.cvsignore @@ -3,5 +3,4 @@ config.h stamp-h proto.h wrepld_proto.h -tdbsam2_parse_info.h config.h.in diff --git a/source3/include/auth.h b/source3/include/auth.h index eb80e3c5b4..626b9f3ba0 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -75,9 +75,6 @@ typedef struct auth_usersupplied_info typedef struct auth_serversupplied_info { BOOL guest; - - uid_t uid; - gid_t gid; /* This groups info is needed for when we become_user() for this uid */ int n_groups; diff --git a/source3/include/debug.h b/source3/include/debug.h index 70f9f7706d..d4f45539f4 100644 --- a/source3/include/debug.h +++ b/source3/include/debug.h @@ -88,7 +88,6 @@ extern int DEBUGLEVEL; #define DBGC_AUTH 10 #define DBGC_WINBIND 11 #define DBGC_VFS 12 -#define DBGC_IDMAP 13 /* So you can define DBGC_CLASS before including debug.h */ #ifndef DBGC_CLASS diff --git a/source3/include/genparser.h b/source3/include/genparser.h deleted file mode 100644 index f28cd78249..0000000000 --- a/source3/include/genparser.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_H -#define _GENPARSER_H - -/* these macros are needed for genstruct auto-parsers */ -#ifndef GENSTRUCT -#define GENSTRUCT -#define _LEN(x) -#define _NULLTERM -#endif - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -/* flag to mark a fixed size array as actually being null terminated */ -#define FLAG_NULLTERM 1 -#define FLAG_ALWAYS 2 - -struct enum_struct { - const char *name; - unsigned value; -}; - -/* intermediate dumps are stored in one of these */ -struct parse_string { - unsigned allocated; - unsigned length; - char *s; -}; - -typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent); -typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str); - -/* genstruct.pl generates arrays of these */ -struct parse_struct { - const char *name; - unsigned ptr_count; - unsigned size; - unsigned offset; - unsigned array_len; - const char *dynamic_len; - unsigned flags; - gen_dump_fn dump_fn; - gen_parse_fn parse_fn; -}; - -#define DUMP_PARSE_DECL(type) \ - int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \ - int gen_parse_ ## type(TALLOC_CTX *, char *, const char *); - -DUMP_PARSE_DECL(char) -DUMP_PARSE_DECL(int) -DUMP_PARSE_DECL(unsigned) -DUMP_PARSE_DECL(double) -DUMP_PARSE_DECL(float) - -#define gen_dump_unsigned_char gen_dump_char -#define gen_parse_unsigned_char gen_parse_char - -#endif /* _GENPARSER_H */ diff --git a/source3/include/genparser_samba.h b/source3/include/genparser_samba.h deleted file mode 100644 index 172ff2362c..0000000000 --- a/source3/include/genparser_samba.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_SAMBA_H -#define _GENPARSER_SAMBA_H - -const struct parse_struct pinfo_security_ace_info[] = { -{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS}, -{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_acl_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_descriptor_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_luid_attr_info[] = { -{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -#endif /* _GENPARSER_SAMBA_H */ diff --git a/source3/include/gums.h b/source3/include/gums.h deleted file mode 100644 index 789acc269f..0000000000 --- a/source3/include/gums.h +++ /dev/null @@ -1,240 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GUMS_H -#define _GUMS_H - -#define GUMS_VERSION_MAJOR 0 -#define GUMS_VERSION_MINOR 1 -#define GUMS_OBJECT_VERSION 1 - -#define GUMS_OBJ_DOMAIN 1 -#define GUMS_OBJ_NORMAL_USER 2 -#define GUMS_OBJ_GROUP 3 -#define GUMS_OBJ_ALIAS 4 -#define GUMS_OBJ_WORKSTATION_TRUST 5 -#define GUMS_OBJ_SERVER_TRUST 6 -#define GUMS_OBJ_DOMAIN_TRUST 7 - -typedef struct gums_user -{ - DOM_SID *group_sid; /* Primary Group SID */ - - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - char *full_name; /* user's full name string */ - char *home_dir; /* home directory string */ - char *dir_drive; /* home directory drive string */ - char *logon_script; /* logon script string */ - char *profile_path; /* profile path string */ - char *workstations; /* login from workstations string */ - char *unknown_str; /* don't know what this is, yet. */ - char *munged_dial; /* munged path name and dial-back tel number */ - - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - - uint32 unknown_3; /* 0x00ff ffff */ - - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 *hours; - - uint32 unknown_5; /* 0x0002 0000 */ - uint32 unknown_6; /* 0x0000 04ec */ - -} GUMS_USER; - -typedef struct gums_group -{ - uint32 count; /* Number of SIDs */ - DOM_SID **members; /* SID array */ - -} GUMS_GROUP; - -typedef struct gums_domain -{ - uint32 next_rid; - -} GUMS_DOMAIN; - -union gums_obj_p { - GUMS_USER *user; - GUMS_GROUP *group; - GUMS_DOMAIN *domain; -}; - -typedef struct gums_object -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object Type */ - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - SEC_DESC *sec_desc; /* Security Descriptor */ - - DOM_SID *sid; /* Object Sid */ - char *name; /* Object Name */ - char *description; /* Object Description */ - - union gums_obj_p data; /* Object Specific data */ - -} GUMS_OBJECT; - -typedef struct gums_data_set -{ - int type; /* GUMS_SET_xxx */ - void *data; - -} GUMS_DATA_SET; - -typedef struct gums_commit_set -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object type */ - DOM_SID sid; /* Object Sid */ - uint32 count; /* number of changes */ - GUMS_DATA_SET **data; - -} GUMS_COMMIT_SET; - -typedef struct gums_privilege -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object Type */ - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - LUID_ATTR *privilege; /* Privilege Type */ - char *name; /* Object Name */ - char *description; /* Object Description */ - - uint32 count; - DOM_SID **members; - -} GUMS_PRIVILEGE; - - -typedef struct gums_functions -{ - /* Generic object functions */ - - NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name); - NTSTATUS (*set_domain_sid) (const DOM_SID *sid); - - NTSTATUS (*get_sequence_number) (void); - - NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type); - NTSTATUS (*delete_object) (const DOM_SID *sid); - - NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type); - NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int onj_type); - /* This function is used to get the list of all objects changed since b_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - - NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type); - NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle); - NTSTATUS (*enumerate_objects_stop) (void *handle); - - /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. - Never use this function to update an object in the database, use set_object_values() */ - NTSTATUS (*set_object) (const GUMS_OBJECT *object); - - /* set object values function */ - NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET **data_set); - - /* Group related functions */ - NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - - NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - - NTSTATUS (*lock_sid) (const DOM_SID *sid); - NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - - NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members); - NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members); - NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv); - NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid); - - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ - NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); - -} GUMS_FUNCTIONS; - -/* define value types */ -#define GUMS_SET_PRIMARY_GROUP 0x1 -#define GUMS_SET_SEC_DESC 0x2 - -#define GUMS_SET_NAME 0x10 -#define GUMS_SET_DESCRIPTION 0x11 -#define GUMS_SET_FULL_NAME 0x12 - -/* user specific type values */ -#define GUMS_SET_LOGON_TIME 0x20 -#define GUMS_SET_LOGOFF_TIME 0x21 -#define GUMS_SET_KICKOFF_TIME 0x23 -#define GUMS_SET_PASS_LAST_SET_TIME 0x24 -#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25 -#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26 - - -#define GUMS_SET_HOME_DIRECTORY 0x31 -#define GUMS_SET_DRIVE 0x32 -#define GUMS_SET_LOGON_SCRIPT 0x33 -#define GUMS_SET_PROFILE_PATH 0x34 -#define GUMS_SET_WORKSTATIONS 0x35 -#define GUMS_SET_UNKNOWN_STRING 0x36 -#define GUMS_SET_MUNGED_DIAL 0x37 - -#define GUMS_SET_LM_PASSWORD 0x40 -#define GUMS_SET_NT_PASSWORD 0x41 -#define GUMS_SET_PLAINTEXT_PASSWORD 0x42 -#define GUMS_SET_UNKNOWN_3 0x43 -#define GUMS_SET_LOGON_DIVS 0x44 -#define GUMS_SET_HOURS_LEN 0x45 -#define GUMS_SET_HOURS 0x46 -#define GUMS_SET_UNKNOWN_5 0x47 -#define GUMS_SET_UNKNOWN_6 0x48 - -#define GUMS_SET_MUST_CHANGE_PASS 0x50 -#define GUMS_SET_CANNOT_CHANGE_PASS 0x51 -#define GUMS_SET_PASS_NEVER_EXPIRE 0x52 -#define GUMS_SET_ACCOUNT_DISABLED 0x53 -#define GUMS_SET_ACCOUNT_LOCKOUT 0x54 - -/*group specific type values */ -#define GUMS_ADD_SID_LIST 0x60 -#define GUMS_DEL_SID_LIST 0x61 -#define GUMS_SET_SID_LIST 0x62 - -#endif /* _GUMS_H */ diff --git a/source3/include/includes.h b/source3/include/includes.h index 8fc09c2cae..9e4c508477 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -767,38 +767,22 @@ extern int errno; #include "debugparse.h" #include "version.h" - #include "smb.h" -/* #include "smbw.h" -*/ - #include "nameserv.h" #include "secrets.h" #include "byteorder.h" -#include "privileges.h" - -#include "rpc_creds.h" - -#include "mapping.h" - -#include "passdb.h" - #include "ntdomain.h" -#include "rpc_misc.h" - -#include "rpc_secdes.h" - -#include "nt_printing.h" - #include "msdfs.h" #include "smbprofile.h" +#include "mapping.h" + #include "rap.h" #include "md5.h" @@ -808,14 +792,8 @@ extern int errno; #include "auth.h" -#include "sam.h" - -#include "gums.h" - -#include "idmap.h" +#include "passdb.h" -#include "client.h" -#include "smbw.h" #include "session.h" #include "asn_1.h" @@ -824,9 +802,9 @@ extern int errno; #include "mangle.h" -#include "nsswitch/winbind_client.h" +#include "module.h" -#include "genparser.h" +#include "nsswitch/winbind_client.h" /* * Type for wide character dirent structure. @@ -872,8 +850,6 @@ struct functable { struct printjob; -struct smb_ldap_privates; - /***** automatically generated prototypes *****/ #ifndef NO_PROTO_H #include "proto.h" @@ -921,7 +897,7 @@ struct smb_ldap_privates; #define MAP_FILE 0 #endif -#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP) && !defined(WITH_TDB_SAM)) +#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP)) #define USE_SMBPASS_DB 1 #endif diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 0cb31aa040..d4f2d28e6a 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -43,6 +43,7 @@ typedef struct _GROUP_MAP { + struct pdb_methods *methods; gid_t gid; DOM_SID sid; enum SID_NAME_USE sid_name_use; diff --git a/source3/include/module.h b/source3/include/module.h new file mode 100644 index 0000000000..759ea5bb38 --- /dev/null +++ b/source3/include/module.h @@ -0,0 +1,44 @@ +/* + Unix SMB/CIFS implementation. + Handling of idle/exit events + Copyright (C) Stefan (metze) Metzmacher 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _MODULE_H +#define _MODULE_H + +/* Module support */ +typedef NTSTATUS (init_module_function) (void); + +#define SMB_IDLE_EVENT_DEFAULT_INTERVAL 180 +#define SMB_IDLE_EVENT_MIN_INTERVAL 30 + +typedef struct smb_idle_event_struct { + struct smb_idle_event_struct *prev,*next; + time_t interval; + time_t last_run; + void *data; + void (*fn)(struct smb_idle_event_struct **event, time_t now); +} smb_idle_event_struct; + +typedef struct smb_exit_event_struct { + struct smb_exit_event_struct *prev,*next; + void *data; + void (*fn)(struct smb_exit_event_struct **event); +} smb_exit_event_struct; + +#endif /* _MODULE_H */ diff --git a/source3/include/passdb.h b/source3/include/passdb.h index e14e250d34..06409aa34e 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -3,8 +3,6 @@ passdb structures and parameters Copyright (C) Gerald Carter 2001 Copyright (C) Luke Kenneth Casson Leighton 1998 - 2000 - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Simo Sorce 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -25,149 +23,6 @@ #define _PASSDB_H -/* - * bit flags representing initialized fields in SAM_ACCOUNT - */ -enum pdb_elements { - PDB_UNINIT, - PDB_SMBHOME, - PDB_PROFILE, - PDB_DRIVE, - PDB_LOGONSCRIPT, - PDB_LOGONTIME, - PDB_LOGOFFTIME, - PDB_KICKOFFTIME, - PDB_CANCHANGETIME, - PDB_MUSTCHANGETIME, - PDB_PLAINTEXT_PW, - PDB_USERNAME, - PDB_FULLNAME, - PDB_DOMAIN, - PDB_NTUSERNAME, - PDB_HOURSLEN, - PDB_LOGONDIVS, - PDB_USERSID, - PDB_GROUPSID, - PDB_ACCTCTRL, - PDB_PASSLASTSET, - PDB_UNIXHOMEDIR, - PDB_ACCTDESC, - PDB_WORKSTATIONS, - PDB_UNKNOWNSTR, - PDB_MUNGEDDIAL, - PDB_HOURS, - PDB_UNKNOWN3, - PDB_UNKNOWN5, - PDB_UNKNOWN6, - PDB_LMPASSWD, - PDB_NTPASSWD, - - /* this must be the last element */ - PDB_COUNT -}; - -enum pdb_group_elements { - PDB_GROUP_NAME, - PDB_GROUP_SID, - PDB_GROUP_SID_NAME_USE, - PDB_GROUP_MEMBERS, - - /* this must be the last element */ - PDB_GROUP_COUNT -}; - - -enum pdb_value_state { - PDB_DEFAULT=0, - PDB_SET, - PDB_CHANGED -}; - -#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET) -#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED) -#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT) - -typedef struct sam_passwd -{ - TALLOC_CTX *mem_ctx; - - void (*free_fn)(struct sam_passwd **); - - struct pdb_methods *methods; - - struct user_data { - /* initiailization flags */ - struct bitmap *change_flags; - struct bitmap *set_flags; - - time_t logon_time; /* logon time */ - time_t logoff_time; /* logoff time */ - time_t kickoff_time; /* kickoff time */ - time_t pass_last_set_time; /* password last set time */ - time_t pass_can_change_time; /* password can change time */ - time_t pass_must_change_time; /* password must change time */ - - const char * username; /* UNIX username string */ - const char * domain; /* Windows Domain name */ - const char * nt_username; /* Windows username string */ - const char * full_name; /* user's full name string */ - const char * unix_home_dir; /* UNIX home directory string */ - const char * home_dir; /* home directory string */ - const char * dir_drive; /* home directory drive string */ - const char * logon_script; /* logon script string */ - const char * profile_path; /* profile path string */ - const char * acct_desc ; /* user description string */ - const char * workstations; /* login from workstations string */ - const char * unknown_str ; /* don't know what this is, yet. */ - const char * munged_dial ; /* munged path name and dial-back tel number */ - - DOM_SID user_sid; /* Primary User SID */ - DOM_SID group_sid; /* Primary Group SID */ - - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - char* plaintext_pw; /* is Null if not available */ - - uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ - uint32 unknown_3; /* 0x00ff ffff */ - - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 hours[MAX_HOURS_LEN]; - - uint32 unknown_5; /* 0x0002 0000 */ - uint32 unknown_6; /* 0x0000 04ec */ - } private; - - /* Lets see if the remaining code can get the hint that you - are meant to use the pdb_...() functions. */ - -} SAM_ACCOUNT; - -typedef struct sam_group { - TALLOC_CTX *mem_ctx; - - void (*free_fn)(struct sam_group **); - - struct pdb_methods *methods; - - struct group_data { - /* initiailization flags */ - struct bitmap *change_flags; - struct bitmap *set_flags; - - const char *name; /* Windows group name string */ - - DOM_SID sid; /* Group SID */ - enum SID_NAME_USE sid_name_use; /* Group type */ - - uint32 mem_num; /* Number of member SIDs */ - DOM_SID *members; /* SID array */ - } private; - -} SAM_GROUP; - - /***************************************************************** Functions to be implemented by the new (v2) passdb API ****************************************************************/ @@ -196,7 +51,7 @@ typedef struct pdb_context NTSTATUS (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); NTSTATUS (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid); - + NTSTATUS (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); @@ -249,7 +104,7 @@ typedef struct pdb_methods NTSTATUS (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username); - NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid); + NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *Sid); NTSTATUS (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); diff --git a/source3/include/rpc_client_proto.h b/source3/include/rpc_client_proto.h deleted file mode 100644 index 0ecb195691..0000000000 --- a/source3/include/rpc_client_proto.h +++ /dev/null @@ -1,231 +0,0 @@ -#ifndef _RPC_CLIENT_PROTO_H_ -#define _RPC_CLIENT_PROTO_H_ -/* This file is automatically generated with "make proto". DO NOT EDIT */ - - -/*The following definitions come from lib/util_list.c */ - -BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src); -BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x, - const RPC_HND_NODE *y); -BOOL RpcHndList_set_connection(const POLICY_HND *hnd, - struct cli_connection *con); -BOOL RpcHndList_del_connection(const POLICY_HND *hnd); -struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd); - -/*The following definitions come from rpc_client/cli_connect.c */ - -void init_connections(void); -void free_connections(void); -void cli_connection_free(struct cli_connection *con); -void cli_connection_unlink(struct cli_connection *con); -BOOL cli_connection_init(const char *srv_name, char *pipe_name, - struct cli_connection **con); -BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name, - struct cli_connection **con, - cli_auth_fns * auth, void *auth_creds); -struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con); -void *cli_conn_get_auth_creds(struct cli_connection *con); -BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num, - prs_struct * data, prs_struct * rdata); -BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num, - prs_struct * data, prs_struct * rdata); -BOOL rpc_con_ok(struct cli_connection *con); - -/*The following definitions come from rpc_client/cli_login.c */ - -BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]); -BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd); -BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char *password, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); -BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char lm_chal[8], - char *lm_chal_resp, char *nt_chal_resp, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); -BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); - -/*The following definitions come from rpc_client/cli_lsarpc.c */ - -BOOL do_lsa_open_policy(struct cli_state *cli, - char *system_name, POLICY_HND *hnd, - BOOL sec_qos); -BOOL do_lsa_query_info_pol(struct cli_state *cli, - POLICY_HND *hnd, uint16 info_class, - fstring domain_name, DOM_SID *domain_sid); -BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd); -BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server); -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access); -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names); -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids); - -/*The following definitions come from rpc_client/cli_netlogon.c */ - -BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level); -BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan, - uint32 neg_flags, DOM_CHAL *srv_chal); -BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal); -BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]); -BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); -BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); -BOOL change_trust_account_password( char *domain, char *remote_machine_list); - -/*The following definitions come from rpc_client/cli_pipe.c */ - -BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num, - prs_struct *data, prs_struct *rdata); -BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name); -void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs); -BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name); -void cli_nt_session_close(struct cli_state *cli); - -/*The following definitions come from rpc_client/cli_reg.c */ - -BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name, - POLICY_HND *reg_hnd); -BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level, - POLICY_HND *hnd); -BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level, - POLICY_HND *hnd); -BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd); -BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd, - char *class, uint32 *class_len, - uint32 *num_subkeys, uint32 *max_subkeylen, - uint32 *max_subkeysize, uint32 *num_values, - uint32 *max_valnamelen, uint32 *max_valbufsize, - uint32 *sec_desc, NTTIME *mod_time); -BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk); -BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd, - char *key_value, uint32* key_type); -BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf); -BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf); -BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name); -BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name); -BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd, - char *key_name, char *key_class, - SEC_ACCESS *sam_access, - POLICY_HND *key); -BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd, - int key_index, char *key_name, - uint32 *unk_1, uint32 *unk_2, - time_t *mod_time); -BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd, - char *val_name, uint32 type, BUFFER3 *data); -BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd, - int val_index, int max_valnamelen, int max_valbufsize, - fstring val_name, - uint32 *val_type, BUFFER2 *value); -BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd, - char *key_name, uint32 unk_0, - POLICY_HND *key_hnd); -BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd); - -/*The following definitions come from rpc_client/cli_samr.c */ - -BOOL get_samr_query_usergroups(struct cli_state *cli, - POLICY_HND *pol_open_domain, uint32 user_rid, - uint32 *num_groups, DOM_GID *gid); -BOOL get_samr_query_userinfo(struct cli_state *cli, - POLICY_HND *pol_open_domain, - uint32 info_level, - uint32 user_rid, SAM_USER_INFO_21 *usr); -BOOL do_samr_chgpasswd_user(struct cli_state *cli, - char *srv_name, char *user_name, - char nt_newpass[516], uchar nt_oldhash[16], - char lm_newpass[516], uchar lm_oldhash[16]); -BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name); -BOOL do_samr_query_dom_info(struct cli_state *cli, - POLICY_HND *domain_pol, uint16 switch_value); -BOOL do_samr_enum_dom_users(struct cli_state *cli, - POLICY_HND *pol, uint16 num_entries, uint16 unk_0, - uint16 acb_mask, uint16 unk_1, uint32 size, - struct acct_info **sam, - int *num_sam_users); -BOOL do_samr_connect(struct cli_state *cli, - char *srv_name, uint32 unknown_0, - POLICY_HND *connect_pol); -BOOL do_samr_open_user(struct cli_state *cli, - POLICY_HND *pol, uint32 unk_0, uint32 rid, - POLICY_HND *user_pol); -BOOL do_samr_open_domain(struct cli_state *cli, - POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid, - POLICY_HND *domain_pol); -BOOL do_samr_query_unknown_12(struct cli_state *cli, - POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids, - uint32 *num_aliases, - fstring als_names [MAX_LOOKUP_SIDS], - uint32 num_als_users[MAX_LOOKUP_SIDS]); -BOOL do_samr_query_usergroups(struct cli_state *cli, - POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid); -BOOL do_samr_query_userinfo(struct cli_state *cli, - POLICY_HND *pol, uint16 switch_value, void* usr); -BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd); - -/*The following definitions come from rpc_client/cli_spoolss_notify.c */ - -BOOL spoolss_disconnect_from_client( struct cli_state *cli); -BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine); -BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle); -BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle, - uint32 change_low, uint32 change_high, uint32 *status); -BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status); - -/*The following definitions come from rpc_client/cli_srvsvc.c */ - -BOOL do_srv_net_srv_conn_enum(struct cli_state *cli, - char *server_name, char *qual_name, - uint32 switch_value, SRV_CONN_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd); -BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, - char *server_name, char *qual_name, - uint32 switch_value, SRV_SESS_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd); -BOOL do_srv_net_srv_share_enum(struct cli_state *cli, - char *server_name, - uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o, - uint32 preferred_len, ENUM_HND *hnd); -BOOL do_srv_net_srv_file_enum(struct cli_state *cli, - char *server_name, char *qual_name, - uint32 switch_value, SRV_FILE_INFO_CTR *ctr, - uint32 preferred_len, - ENUM_HND *hnd); -BOOL do_srv_net_srv_get_info(struct cli_state *cli, - char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr); - -/*The following definitions come from rpc_client/cli_use.c */ - -void init_cli_use(void); -void free_cli_use(void); -struct cli_state *cli_net_use_add(const char *srv_name, - const struct ntuser_creds *usr_creds, - BOOL reuse, BOOL *is_new); -BOOL cli_net_use_del(const char *srv_name, - const struct ntuser_creds *usr_creds, - BOOL force_close, BOOL *connection_closed); -void cli_net_use_enum(uint32 *num_cons, struct use_info ***use); -void cli_use_wait_keyboard(void); - -/*The following definitions come from rpc_client/cli_wkssvc.c */ - -BOOL do_wks_query_info(struct cli_state *cli, - char *server_name, uint32 switch_value, - WKS_INFO_100 *wks100); - -/*The following definitions come from rpc_client/ncacn_np_use.c */ - -BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name, - const vuser_key * key, - BOOL force_close, BOOL *connection_closed); -struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc, - const vuser_key * key); -struct ncacn_np *ncacn_np_use_add(const char *pipe_name, - const vuser_key * key, - const char *srv_name, - const struct ntuser_creds *ntc, - BOOL reuse, BOOL *is_new_connection); -#endif /* _PROTO_H_ */ diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index d4136a9fde..33dde6e3cb 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -237,7 +237,7 @@ typedef struct r_lsa_query_sec_obj_info typedef struct lsa_query_info { POLICY_HND pol; /* policy handle */ - uint16 info_class; /* info class */ + uint16 info_class; /* info class */ } LSA_Q_QUERY_INFO; @@ -537,6 +537,7 @@ typedef struct POLICY_HND pol; /* policy handle */ DOM_SID2 sid; UNISTR2_ARRAY rights; + uint32 count; } LSA_Q_ADD_ACCT_RIGHTS; /* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */ @@ -553,6 +554,7 @@ typedef struct DOM_SID2 sid; uint32 removeall; UNISTR2_ARRAY rights; + uint32 count; } LSA_Q_REMOVE_ACCT_RIGHTS; /* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */ @@ -561,22 +563,6 @@ typedef struct NTSTATUS status; } LSA_R_REMOVE_ACCT_RIGHTS; -/* LSA_Q_ENUM_ACCT_WITH_RIGHT - LSA enum accounts with right */ -typedef struct -{ - POLICY_HND pol; - STRHDR right_hdr; - UNISTR2 right; -} LSA_Q_ENUM_ACCT_WITH_RIGHT; - -/* LSA_R_ENUM_ACCT_WITH_RIGHT - LSA enum accounts with right */ -typedef struct -{ - uint32 count; - SID_ARRAY sids; - NTSTATUS status; -} LSA_R_ENUM_ACCT_WITH_RIGHT; - /* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */ typedef struct lsa_q_priv_get_dispname @@ -661,6 +647,26 @@ typedef struct lsa_q_enumprivsaccount POLICY_HND pol; /* policy handle */ } LSA_Q_ENUMPRIVSACCOUNT; + +typedef struct LUID +{ + uint32 low; + uint32 high; +} LUID; + +typedef struct LUID_ATTR +{ + LUID luid; + uint32 attr; +} LUID_ATTR ; + +typedef struct privilege_set +{ + uint32 count; + uint32 control; + LUID_ATTR *set; +} PRIVILEGE_SET; + typedef struct lsa_r_enumprivsaccount { uint32 ptr; diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index a0572a0bfd..d04a84d508 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -227,22 +227,6 @@ typedef struct UNISTR2_ARRAY_EL *strings; } UNISTR2_ARRAY; - -/* an element in a sid array */ -typedef struct -{ - uint32 ref_id; - DOM_SID2 sid; -} SID_ARRAY_EL; - -/* an array of sids */ -typedef struct -{ - uint32 ref_id; - uint32 count; - SID_ARRAY_EL *sids; -} SID_ARRAY; - /* DOM_RID2 - domain RID structure for ntlsa pipe */ typedef struct domrid2_info { diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index a6b352b02e..df3633d91d 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -113,24 +113,24 @@ size_t __unsafe_string_function_usage_here_char__(void); #endif /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */ -/* the addition of the DEVELOPER checks in safe_strcpy means we must - * update a lot of code. To make this a little easier here are some - * functions that provide the lengths with less pain */ -#define pstrcpy_base(dest, src, pstring_base) \ - safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) - #define safe_strcpy_base(dest, src, base, size) \ safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1) -/* String copy functions - macro hell below adds 'type checking' - (limited, but the best we can do in C) and may tag with function - name/number to record the last 'clobber region' on that string */ +/* String copy functions - macro hell below adds 'type checking' (limited, + but the best we can do in C) and may tag with function name/number to + record the last 'clobber region' on that string */ #define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) #define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) #define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) +/* the addition of the DEVELOPER checks in safe_strcpy means we must + * update a lot of code. To make this a little easier here are some + * functions that provide the lengths with less pain */ +#define pstrcpy_base(dest, src, pstring_base) \ + safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1) + /* Inside the _fn variants of these is a call to clobber_region(), - * which might destroy the stack on a buggy function. We help the diff --git a/source3/include/sam.h b/source3/include/sam.h deleted file mode 100644 index f46a6e7bcb..0000000000 --- a/source3/include/sam.h +++ /dev/null @@ -1,238 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM structures - Copyright (C) Kai Krueger 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Simo Sorce 2002 - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _SAM_H -#define _SAM_H - -/* We want to track down bugs early */ -#if 1 -#define SAM_ASSERT(x) SMB_ASSERT(x) -#else -#define SAM_ASSERT(x) while (0) { \ - if (!(x)) { - DEBUG(0, ("SAM_ASSERT failed!\n")) - return NT_STATUS_FAIL_CHECK;\ - } \ - } -#endif - - -/* let it be 0 until we have a stable interface --metze */ -#define SAM_INTERFACE_VERSION 0 - -/* use this inside a passdb module */ -#define SAM_MODULE_VERSIONING_MAGIC \ -int sam_version(void)\ -{\ - return SAM_INTERFACE_VERSION;\ -} - -/* Backend to use by default when no backend was specified */ -#define SAM_DEFAULT_BACKEND "plugin" - -typedef struct sam_domain_handle { - TALLOC_CTX *mem_ctx; - uint32 access_granted; - const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */ - void (*free_fn)(struct sam_domain_handle **); - struct domain_data { - DOM_SID sid; /*SID of the domain. Should not be changed */ - char *name; /* Name of the domain */ - char *servername; /* */ - NTTIME max_passwordage; /* time till next password expiration */ - NTTIME min_passwordage; /* time till password can be changed again */ - NTTIME lockout_duration; /* time till login is allowed again after lockout*/ - NTTIME reset_count; /* time till bad login counter is reset */ - uint16 min_passwordlength; /* minimum number of characters for a password */ - uint16 password_history; /* number of passwords stored in history */ - uint16 lockout_count; /* number of bad login attempts before lockout */ - BOOL force_logoff; /* force logoff after logon hours have expired */ - BOOL login_pwdchange; /* Users need to logon to change their password */ - uint32 num_accounts; /* number of accounts in the domain */ - uint32 num_groups; /* number of global groups */ - uint32 num_aliases; /* number of local groups */ - uint32 sam_sequence_number; /* global sequence number */ - } private; -} SAM_DOMAIN_HANDLE; - -typedef struct sam_account_handle { - TALLOC_CTX *mem_ctx; - uint32 access_granted; - const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */ - void (*free_fn)(struct sam_account_handle **); - struct sam_account_data { - uint32 init_flag; - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - char * account_name; /* account_name string */ - SAM_DOMAIN_HANDLE * domain; /* domain of account */ - char *full_name; /* account's full name string */ - char *unix_home_dir; /* UNIX home directory string */ - char *home_dir; /* home directory string */ - char *dir_drive; /* home directory drive string */ - char *logon_script; /* logon script string */ - char *profile_path; /* profile path string */ - char *acct_desc; /* account description string */ - char *workstations; /* login from workstations string */ - char *unknown_str; /* don't know what this is, yet. */ - char *munged_dial; /* munged path name and dial-back tel number */ - DOM_SID account_sid; /* Primary Account SID */ - DOM_SID group_sid; /* Primary Group SID */ - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - char *plaintext_pw; /* if Null not available */ - uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ - uint32 unknown_1; /* 0x00ff ffff */ - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 hours[MAX_HOURS_LEN]; - uint32 unknown_2; /* 0x0002 0000 */ - uint32 unknown_3; /* 0x0000 04ec */ - } private; -} SAM_ACCOUNT_HANDLE; - -typedef struct sam_group_handle { - TALLOC_CTX *mem_ctx; - uint32 access_granted; - const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */ - void (*free_fn)(struct sam_group_handle **); - struct sam_group_data { - char *group_name; - char *group_desc; - DOM_SID sid; - uint16 group_ctrl; /* specifies if the group is a local group or a global group */ - uint32 num_members; - } private; -} SAM_GROUP_HANDLE; - - -typedef struct sam_group_member { - DOM_SID sid; - BOOL group; /* specifies if it is a group or a account */ -} SAM_GROUP_MEMBER; - -typedef struct sam_account_enum { - DOM_SID sid; - char *account_name; - char *full_name; - char *account_desc; - uint16 acct_ctrl; -} SAM_ACCOUNT_ENUM; - -typedef struct sam_group_enum { - DOM_SID sid; - char *group_name; - char *group_desc; - uint16 group_ctrl; -} SAM_GROUP_ENUM; - - -/* bits for group_ctrl: to spezify if the group is global group or alias */ -#define GCB_LOCAL_GROUP 0x0001 -#define GCB_ALIAS_GROUP (GCB_LOCAL_GROUP |GCB_BUILTIN) -#define GCB_GLOBAL_GROUP 0x0002 -#define GCB_BUILTIN 0x1000 - -typedef struct sam_context -{ - struct sam_methods *methods; - TALLOC_CTX *mem_ctx; - - void (*free_fn)(struct sam_context **); -} SAM_CONTEXT; - -typedef struct sam_methods -{ - struct sam_context *parent; - struct sam_methods *next; - struct sam_methods *prev; - const char *backendname; - const char *domain_name; - DOM_SID domain_sid; - void *private_data; - - /* General API */ - - NTSTATUS (*sam_get_sec_desc) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd); - NTSTATUS (*sam_set_sec_desc) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd); - - NTSTATUS (*sam_lookup_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type); - NTSTATUS (*sam_lookup_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type); - - /* Domain API */ - - NTSTATUS (*sam_update_domain) (const struct sam_methods *, const SAM_DOMAIN_HANDLE *domain); - NTSTATUS (*sam_get_domain_handle) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain); - - /* Account API */ - - NTSTATUS (*sam_create_account) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account); - NTSTATUS (*sam_add_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account); - NTSTATUS (*sam_update_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account); - NTSTATUS (*sam_delete_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account); - NTSTATUS (*sam_enum_accounts) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts); - - NTSTATUS (*sam_get_account_by_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account); - NTSTATUS (*sam_get_account_by_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account); - - /* Group API */ - - NTSTATUS (*sam_create_group) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group); - NTSTATUS (*sam_add_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group); - NTSTATUS (*sam_update_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group); - NTSTATUS (*sam_delete_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group); - NTSTATUS (*sam_enum_groups) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups); - NTSTATUS (*sam_get_group_by_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group); - NTSTATUS (*sam_get_group_by_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group); - - NTSTATUS (*sam_add_member_to_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member); - NTSTATUS (*sam_delete_member_from_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member); - NTSTATUS (*sam_enum_groupmembers) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members); - - NTSTATUS (*sam_get_groups_of_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups); - - void (*free_private_data)(void **); -} SAM_METHODS; - -typedef NTSTATUS (*sam_init_function)(SAM_METHODS *, const char *); - -struct sam_init_function_entry { - char *module_name; - /* Function to create a member of the sam_methods list */ - sam_init_function init; -}; - -typedef struct sam_backend_entry { - char *module_name; - char *module_params; - char *domain_name; - DOM_SID *domain_sid; -} SAM_BACKEND_ENTRY; - - -#endif /* _SAM_H */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 2ca65ec275..8595dfa1b1 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -251,7 +251,7 @@ enum SID_NAME_USE SID_NAME_DELETED, /* deleted account: needed for c2 rating */ SID_NAME_INVALID, /* invalid account */ SID_NAME_UNKNOWN, /* unknown sid type */ - SID_NAME_COMPUTER, /* sid for a computer */ + SID_NAME_COMPUTER /* sid for a computer */ }; /** @@ -586,6 +586,122 @@ typedef struct { #define LM_HASH_LEN 16 /* + * bit flags representing initialized fields in SAM_ACCOUNT + */ +enum pdb_elements { + PDB_UNINIT, + PDB_UID, + PDB_GID, + PDB_SMBHOME, + PDB_PROFILE, + PDB_DRIVE, + PDB_LOGONSCRIPT, + PDB_LOGONTIME, + PDB_LOGOFFTIME, + PDB_KICKOFFTIME, + PDB_CANCHANGETIME, + PDB_MUSTCHANGETIME, + PDB_PLAINTEXT_PW, + PDB_USERNAME, + PDB_FULLNAME, + PDB_DOMAIN, + PDB_NTUSERNAME, + PDB_HOURSLEN, + PDB_LOGONDIVS, + PDB_USERSID, + PDB_GROUPSID, + PDB_ACCTCTRL, + PDB_PASSLASTSET, + PDB_UNIXHOMEDIR, + PDB_ACCTDESC, + PDB_WORKSTATIONS, + PDB_UNKNOWNSTR, + PDB_MUNGEDDIAL, + PDB_HOURS, + PDB_UNKNOWN3, + PDB_UNKNOWN5, + PDB_UNKNOWN6, + PDB_LMPASSWD, + PDB_NTPASSWD, + + /* this must be the last element */ + PDB_COUNT +}; + +enum pdb_value_state { + PDB_DEFAULT=0, + PDB_SET, + PDB_CHANGED +}; + +#define IS_SAM_UNIX_USER(x) \ + (( pdb_get_init_flags(x, PDB_UID) != PDB_DEFAULT ) \ + && ( pdb_get_init_flags(x,PDB_GID) != PDB_DEFAULT )) + +#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET) +#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED) +#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT) + +typedef struct sam_passwd +{ + TALLOC_CTX *mem_ctx; + + void (*free_fn)(struct sam_passwd **); + + struct pdb_methods *methods; + + struct user_data { + /* initiailization flags */ + struct bitmap *change_flags; + struct bitmap *set_flags; + + time_t logon_time; /* logon time */ + time_t logoff_time; /* logoff time */ + time_t kickoff_time; /* kickoff time */ + time_t pass_last_set_time; /* password last set time */ + time_t pass_can_change_time; /* password can change time */ + time_t pass_must_change_time; /* password must change time */ + + const char * username; /* UNIX username string */ + const char * domain; /* Windows Domain name */ + const char * nt_username; /* Windows username string */ + const char * full_name; /* user's full name string */ + const char * unix_home_dir; /* UNIX home directory string */ + const char * home_dir; /* home directory string */ + const char * dir_drive; /* home directory drive string */ + const char * logon_script; /* logon script string */ + const char * profile_path; /* profile path string */ + const char * acct_desc ; /* user description string */ + const char * workstations; /* login from workstations string */ + const char * unknown_str ; /* don't know what this is, yet. */ + const char * munged_dial ; /* munged path name and dial-back tel number */ + + uid_t uid; /* this is a unix uid_t */ + gid_t gid; /* this is a unix gid_t */ + DOM_SID user_sid; /* Primary User SID */ + DOM_SID group_sid; /* Primary Group SID */ + + DATA_BLOB lm_pw; /* .data is Null if no password */ + DATA_BLOB nt_pw; /* .data is Null if no password */ + char* plaintext_pw; /* is Null if not available */ + + uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ + uint32 unknown_3; /* 0x00ff ffff */ + + uint16 logon_divs; /* 168 - number of hours in a week */ + uint32 hours_len; /* normally 21 bytes */ + uint8 hours[MAX_HOURS_LEN]; + + uint32 unknown_5; /* 0x0002 0000 */ + uint32 unknown_6; /* 0x0000 04ec */ + } private; + + /* Lets see if the remaining code can get the hint that you + are meant to use the pdb_...() functions. */ + +} SAM_ACCOUNT; + +/* * Flags for account policy. */ #define AP_MIN_PASSWORD_LEN 1 @@ -1516,6 +1632,11 @@ struct pwd_info uchar sess_key[16]; }; +#include "rpc_creds.h" +#include "rpc_misc.h" +#include "rpc_secdes.h" +#include "nt_printing.h" + typedef struct user_struct { struct user_struct *next, *prev; @@ -1555,11 +1676,9 @@ struct unix_error_map { NTSTATUS nt_error; }; -/* #include "ntdomain.h" #include "client.h" -*/ /* * Size of new password account encoding string. This is enough space to @@ -1616,7 +1735,4 @@ typedef struct { #include "popt_common.h" -/* Module support */ -typedef NTSTATUS (init_module_function) (void); - #endif /* _SMB_H */ diff --git a/source3/include/smb_ldap.h b/source3/include/smb_ldap.h deleted file mode 100644 index 1a30b853e7..0000000000 --- a/source3/include/smb_ldap.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - Unix SMB/CIFS implementation. - LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 - Copyright (C) Gerald Carter 2001 - Copyright (C) Shahms King 2001 - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jim McDonough 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#ifndef SMB_LDAP_H -#define SMB_LDAP_H - -#ifdef HAVE_LDAP - -#include <lber.h> -#include <ldap.h> - -struct smb_ldap_privates { - - /* Former statics */ - LDAP *ldap_struct; - LDAPMessage *result; - LDAPMessage *entry; - int index; - - time_t last_ping; - /* retrive-once info */ - const char *uri; - - BOOL permit_non_unix_accounts; - - uint32 low_nua_rid; - uint32 high_nua_rid; - - char *bind_dn; - char *bind_secret; - - struct smb_ldap_privates *next; -}; - -#endif -#endif diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 8e2cb1c818..b39c7a0ebc 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -77,12 +77,15 @@ #define OPEN_CONN(conn) ((conn) && (conn)->open) #define IS_IPC(conn) ((conn) && (conn)->ipc) #define IS_PRINT(conn) ((conn) && (conn)->printer) -#define FNUM_OK(fsp,c) (OPEN_FSP(fsp) && (c)==(fsp)->conn) +#define FNUM_OK(fsp,c) (OPEN_FSP(fsp) && (c)==(fsp)->conn && current_user.vuid==(fsp)->vuid) -#define CHECK_FSP(fsp,conn) if (!FNUM_OK(fsp,conn)) \ +#define CHECK_FSP(fsp,conn) do {\ + extern struct current_user current_user;\ + if (!FNUM_OK(fsp,conn)) \ return(ERROR_DOS(ERRDOS,ERRbadfid)); \ else if((fsp)->fd == -1) \ - return(ERROR_DOS(ERRDOS,ERRbadaccess)) + return(ERROR_DOS(ERRDOS,ERRbadaccess));\ + } while(0) #define CHECK_READ(fsp) if (!(fsp)->can_read) \ return(ERROR_DOS(ERRDOS,ERRbadaccess)) diff --git a/source3/include/tdbsam2.h b/source3/include/tdbsam2.h deleted file mode 100644 index 047b4e7c90..0000000000 --- a/source3/include/tdbsam2.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * tdbsam2 genstruct enabled header file - * Copyright (C) Simo Sorce 2002 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -/* ALL strings assumes UTF8 as encoding */ - -GENSTRUCT struct tdbsam2_domain_data { - uint32 xcounter; /* counter to be updated at any change */ - - SEC_DESC *sec_desc; /* Security Descriptor */ - DOM_SID *dom_sid; /* The Domain SID */ - char *name; _NULLTERM /* NT Domain Name */ - char *description; _NULLTERM /* Descritpion (Gecos) */ - - uint32 next_rid; /* The Next free RID */ -}; - -GENSTRUCT struct tdbsam2_user_data { - uint32 xcounter; /* counter to be updated at any change */ - - SEC_DESC *sec_desc; /* Security Descriptor */ - DOM_SID *user_sid; /* The User SID */ - char *name; _NULLTERM /* NT User Name */ - char *description; _NULLTERM /* Descritpion (Gecos) */ - - DOM_SID *group_sid; /* The Primary Group SID */ - - NTTIME *logon_time; - NTTIME *logoff_time; - NTTIME *kickoff_time; - NTTIME *pass_last_set_time; - NTTIME *pass_can_change_time; - NTTIME *pass_must_change_time; - - char *full_name; _NULLTERM /* The Full Name */ - char *home_dir; _NULLTERM /* Home Directory */ - char *dir_drive; _NULLTERM /* Drive Letter the home should be mapped to */ - char *logon_script; _NULLTERM /* Logon script path */ - char *profile_path; _NULLTERM /* Profile is stored here */ - char *workstations; _NULLTERM /* List of Workstation names the user is allowed to LogIn */ - char *unknown_str; _NULLTERM /* Guess ... Unknown */ - char *munged_dial; _NULLTERM /* Callback Number */ - - /* passwords are 16 byte leght, pointer is null if no password */ - uint8 *lm_pw_ptr; _LEN(16) /* Lanman hashed password */ - uint8 *nt_pw_ptr; _LEN(16) /* NT hashed password */ - - uint16 logon_divs; /* 168 - num of hours in a week */ - uint32 hours_len; /* normally 21 */ - uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */ - - uint32 unknown_3; /* 0x00ff ffff */ - uint32 unknown_5; /* 0x0002 0000 */ - uint32 unknown_6; /* 0x0000 04ec */ -}; - -GENSTRUCT struct tdbsam2_group_data { - uint32 xcounter; /* counter to be updated at any change */ - - SEC_DESC *sec_desc; /* Security Descriptor */ - DOM_SID *group_sid; /* The Group SID */ - char *name; _NULLTERM /* NT Group Name */ - char *description; _NULLTERM /* Descritpion (Gecos) */ - - uint32 count; /* number of sids */ - DOM_SID **members; _LEN(count) /* SID array */ -}; - -GENSTRUCT struct tdbsam2_privilege_data { - uint32 xcounter; /* counter to be updated at any change */ - - LUID_ATTR *privilege; /* Privilege */ - char *name; _NULLTERM /* NT User Name */ - char *description; _NULLTERM /* Descritpion (Gecos) */ - - uint32 count; /* number of sids */ - DOM_SID **members; _LEN(count) /* SID array */ -}; - diff --git a/source3/include/version.h b/source3/include/version.h index c0a1c702f2..3ee1d8db59 100644 --- a/source3/include/version.h +++ b/source3/include/version.h @@ -1 +1 @@ -#define VERSION "post3.0-HEAD" +#define VERSION "3.0alpha24" diff --git a/source3/lib/debug.c b/source3/lib/debug.c index fdbd54fafb..dc675037a0 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -154,7 +154,6 @@ static const char *default_classname_table[] = { "auth", /* DBGC_AUTH */ "winbind", /* DBGC_WINBIND */ "vfs", /* DBGC_VFS */ - "idmap", /* DBGC_IDMAP */ NULL }; diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c deleted file mode 100644 index 988f5e5d65..0000000000 --- a/source3/lib/domain_namemap.c +++ /dev/null @@ -1,1317 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Groupname handling - Copyright (C) Jeremy Allison 1998. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - * UNIX gid and Local or Domain SID resolution. This module resolves - * only those entries in the map files, it is *NOT* responsible for - * resolving UNIX groups not listed: that is an entirely different - * matter, altogether... - */ - -/* - * - * - - format of the file is: - - unixname NT Group name - unixname Domain Admins (well-known Domain Group) - unixname DOMAIN_NAME\NT Group name - unixname OTHER_DOMAIN_NAME\NT Group name - unixname DOMAIN_NAME\Domain Admins (well-known Domain Group) - .... - - if the DOMAIN_NAME\ component is left off, then your own domain is assumed. - - * - * - */ - - -#include "includes.h" -extern int DEBUGLEVEL; - -extern fstring global_myworkgroup; -extern DOM_SID global_member_sid; -extern fstring global_sam_name; -extern DOM_SID global_sam_sid; -extern DOM_SID global_sid_S_1_5_20; - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uid_t pwdb_user_rid_to_uid(uint32 user_rid) -{ - return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_group_rid_to_gid(uint32 group_rid) -{ - return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid) -{ - return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_gid_to_group_rid(uint32 gid) -{ - uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); - return grp_rid; -} - -/****************************************************************** - converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_gid_to_alias_rid(uint32 gid) -{ - uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); - return alias_rid; -} - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_uid_to_user_rid(uint32 uid) -{ - uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); - return user_rid; -} - -/****************************************************************** - converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is, - and can only be, our own SID. - ********************************************************************/ -static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id) -{ - DOM_SID tmp_sid; - uint32 rid; - - sid_copy(&tmp_sid, sid); - sid_split_rid(&tmp_sid, &rid); - if (!sid_equal(&global_sam_sid, &tmp_sid)) - { - return False; - } - - switch (type) - { - case SID_NAME_USER: - { - *id = pwdb_user_rid_to_uid(rid); - return True; - } - case SID_NAME_ALIAS: - { - *id = pwdb_alias_rid_to_gid(rid); - return True; - } - case SID_NAME_DOM_GRP: - case SID_NAME_WKN_GRP: - { - *id = pwdb_group_rid_to_gid(rid); - return True; - } - } - return False; -} - -/****************************************************************** - converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is, - and can only be, our own SID. - ********************************************************************/ -static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid) -{ - sid_copy(sid, &global_sam_sid); - switch (type) - { - case SID_NAME_USER: - { - sid_append_rid(sid, pwdb_uid_to_user_rid(id)); - return True; - } - case SID_NAME_ALIAS: - { - sid_append_rid(sid, pwdb_gid_to_alias_rid(id)); - return True; - } - case SID_NAME_DOM_GRP: - case SID_NAME_WKN_GRP: - { - sid_append_rid(sid, pwdb_gid_to_group_rid(id)); - return True; - } - } - return False; -} - -/******************************************************************* - Decides if a RID is a well known RID. - ********************************************************************/ -static BOOL pwdb_rid_is_well_known(uint32 rid) -{ - return (rid < 1000); -} - -/******************************************************************* - determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_rid_type(uint32 rid) -{ - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type: SID_ENUM_TYPE. - */ - if (pwdb_rid_is_well_known(rid)) - { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - { - return RID_TYPE_USER; - } - if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) - { - return RID_TYPE_GROUP; - } - if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) - { - return RID_TYPE_ALIAS; - } - } - return (rid & RID_TYPE_MASK); -} - -/******************************************************************* - checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -BOOL pwdb_rid_is_user(uint32 rid) -{ - return pwdb_rid_type(rid) == RID_TYPE_USER; -} - -/************************************************************************** - Groupname map functionality. The code loads a groupname map file and - (currently) loads it into a linked list. This is slow and memory - hungry, but can be changed into a more efficient storage format - if the demands on it become excessive. -***************************************************************************/ - -typedef struct name_map -{ - ubi_slNode next; - DOM_NAME_MAP grp; - -} name_map_entry; - -static ubi_slList groupname_map_list; -static ubi_slList aliasname_map_list; -static ubi_slList ntusrname_map_list; - -static void delete_name_entry(name_map_entry *gmep) -{ - if (gmep->grp.nt_name) - { - free(gmep->grp.nt_name); - } - if (gmep->grp.nt_domain) - { - free(gmep->grp.nt_domain); - } - if (gmep->grp.unix_name) - { - free(gmep->grp.unix_name); - } - free((char*)gmep); -} - -/************************************************************************** - Delete all the entries in the name map list. -***************************************************************************/ - -static void delete_map_list(ubi_slList *map_list) -{ - name_map_entry *gmep; - - while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL) - { - delete_name_entry(gmep); - } -} - - -/************************************************************************** - makes a group sid out of a domain sid and a _unix_ gid. -***************************************************************************/ -static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) -{ - int ret = False; - fstring sid_str; - - if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) - { - DEBUG(0,("make_mydomain_sid: unknown domain %s\n", - grp->nt_domain)); - return False; - } - - if (sid_equal(&grp->sid, &global_sid_S_1_5_20)) - { - /* - * only builtin aliases are recognised in S-1-5-20 - */ - DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n", - grp->nt_name)); - - if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0) - { - DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n", - grp->unix_name, grp->nt_name)); - return False; - } - ret = True; - } - else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) - { - if (type != DOM_MAP_USER) - { - DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); - return False; - } - ret = True; - } - else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0) - { - if (type != DOM_MAP_DOMAIN) - { - DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n", - grp->nt_domain, grp->nt_name)); - return False; - } - ret = True; - } - else - { - switch (type) - { - case DOM_MAP_USER: - { - grp->type = SID_NAME_USER; - break; - } - case DOM_MAP_DOMAIN: - { - grp->type = SID_NAME_DOM_GRP; - break; - } - case DOM_MAP_LOCAL: - { - grp->type = SID_NAME_ALIAS; - break; - } - } - - ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid); - } - - sid_to_string(sid_str, &grp->sid); - DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n", - grp->nt_domain, grp->nt_name, grp->unix_id, sid_str)); - return ret; -} - -/************************************************************************** - makes a group sid out of an nt domain, nt group name or a unix group name. -***************************************************************************/ -static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type) -{ - /* - * Attempt to get the unix gid_t for this name. - */ - - DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name)); - - if (type == DOM_MAP_USER) - { - const struct passwd *pwptr = Get_Pwnam(map->unix_name, False); - if (pwptr == NULL) - { - DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); - return False; - } - - map->unix_id = (uint32)pwptr->pw_uid; - } - else - { - struct group *gptr = getgrnam(map->unix_name); - if (gptr == NULL) - { - DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\ -failed. Error was %s.\n", map->unix_name, strerror(errno) )); - return False; - } - - map->unix_id = (uint32)gptr->gr_gid; - } - - DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id)); - - /* - * Now map the name to an NT SID+RID. - */ - - if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name)) - { - /* Must add client-call lookup code here, to - * resolve remote domain's sid and the group's rid, - * in that domain. - * - * NOTE: it is _incorrect_ to put code here that assumes - * we are responsible for lookups for foriegn domains' RIDs. - * - * for foriegn domains for which we are *NOT* the PDC, all - * we can be responsible for is the unix gid_t to which - * the foriegn SID+rid maps to, on this _local_ machine. - * we *CANNOT* make any short-cuts or assumptions about - * RIDs in a foriegn domain. - */ - - if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain))) - { - DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n", - map->nt_domain)); - return False; - } - } - - return make_mydomain_sid(map, type); -} - -static BOOL make_name_entry(name_map_entry **new_ep, - char *nt_domain, char *nt_group, char *unix_group, - DOM_MAP_TYPE type) -{ - /* - * Create the list entry and add it onto the list. - */ - - DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group)); - - (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry)); - if ((*new_ep) == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n")); - return False; - } - - ZERO_STRUCTP(*new_ep); - - (*new_ep)->grp.nt_name = strdup(nt_group ); - (*new_ep)->grp.nt_domain = strdup(nt_domain ); - (*new_ep)->grp.unix_name = strdup(unix_group); - - if ((*new_ep)->grp.nt_name == NULL || - (*new_ep)->grp.unix_name == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n")); - delete_name_entry((*new_ep)); - return False; - } - - /* - * look up the group names, make the Group-SID and unix gid - */ - - if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type)) - { - delete_name_entry((*new_ep)); - return False; - } - - return True; -} - -/************************************************************************** - Load a name map file. Sets last accessed timestamp. -***************************************************************************/ -static ubi_slList *load_name_map(DOM_MAP_TYPE type) -{ - static time_t groupmap_file_last_modified = (time_t)0; - static time_t aliasmap_file_last_modified = (time_t)0; - static time_t ntusrmap_file_last_modified = (time_t)0; - static BOOL initialised_group = False; - static BOOL initialised_alias = False; - static BOOL initialised_ntusr = False; - char *groupname_map_file = lp_groupname_map(); - char *aliasname_map_file = lp_aliasname_map(); - char *ntusrname_map_file = lp_ntusrname_map(); - - FILE *fp; - char *s; - pstring buf; - name_map_entry *new_ep; - - time_t *file_last_modified = NULL; - int *initialised = NULL; - char *map_file = NULL; - ubi_slList *map_list = NULL; - - switch (type) - { - case DOM_MAP_DOMAIN: - { - file_last_modified = &groupmap_file_last_modified; - initialised = &initialised_group; - map_file = groupname_map_file; - map_list = &groupname_map_list; - - break; - } - case DOM_MAP_LOCAL: - { - file_last_modified = &aliasmap_file_last_modified; - initialised = &initialised_alias; - map_file = aliasname_map_file; - map_list = &aliasname_map_list; - - break; - } - case DOM_MAP_USER: - { - file_last_modified = &ntusrmap_file_last_modified; - initialised = &initialised_ntusr; - map_file = ntusrname_map_file; - map_list = &ntusrname_map_list; - - break; - } - } - - if (!(*initialised)) - { - DEBUG(10,("initialising map %s\n", map_file)); - ubi_slInitList(map_list); - (*initialised) = True; - } - - if (!*map_file) - { - return map_list; - } - - /* - * Load the file. - */ - - fp = open_file_if_modified(map_file, "r", file_last_modified); - if (!fp) - { - return map_list; - } - - /* - * Throw away any previous list. - */ - delete_map_list(map_list); - - DEBUG(4,("load_name_map: Scanning name map %s\n",map_file)); - - while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL) - { - pstring unixname; - pstring nt_name; - fstring nt_domain; - fstring ntname; - char *p; - - DEBUG(10,("Read line |%s|\n", s)); - - memset(nt_name, 0, sizeof(nt_name)); - - if (!*s || strchr("#;",*s)) - continue; - - if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) - continue; - - if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name))) - continue; - - trim_string(unixname, " ", " "); - trim_string(nt_name, " ", " "); - - if (!*nt_name) - continue; - - if (!*unixname) - continue; - - p = strchr(nt_name, '\\'); - - if (p == NULL) - { - memset(nt_domain, 0, sizeof(nt_domain)); - fstrcpy(ntname, nt_name); - } - else - { - *p = 0; - p++; - fstrcpy(nt_domain, nt_name); - fstrcpy(ntname , p); - } - - if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type)) - { - ubi_slAddTail(map_list, (ubi_slNode *)new_ep); - DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n", - new_ep->grp.unix_name, - new_ep->grp.nt_domain, - new_ep->grp.nt_name, - new_ep->grp.type)); - } - } - - DEBUG(10,("load_name_map: Added %ld entries to name map.\n", - ubi_slCount(map_list))); - - fclose(fp); - - return map_list; -} - -static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from) -{ - sid_copy(&grp->sid, &from->sid); - grp->unix_id = from->unix_id; - grp->nt_name = from->nt_name; - grp->nt_domain = from->nt_domain; - grp->unix_name = from->unix_name; - grp->type = from->type; -} - -#if 0 -/*********************************************************** - Lookup unix name. -************************************************************/ -static BOOL map_unixname(DOM_MAP_TYPE type, - char *unixname, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (strequal(gmep->grp.unix_name, unixname)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -#endif - -/*********************************************************** - Lookup nt name. -************************************************************/ -static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain, - DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (strequal(gmep->grp.nt_name , ntname) && - strequal(gmep->grp.nt_domain, ntdomain)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - - -/*********************************************************** - Lookup by SID -************************************************************/ -static BOOL map_sid(DOM_MAP_TYPE type, - DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (sid_equal(&gmep->grp.sid, psid)) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -/*********************************************************** - Lookup by gid_t. -************************************************************/ -static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info) -{ - name_map_entry *gmep; - ubi_slList *map_list; - - /* - * Initialise and load if not already loaded. - */ - map_list = load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - fstring sid_str; - sid_to_string(sid_str, &gmep->grp.sid); - DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n", - gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str)); - if (gmep->grp.unix_id == unix_id) - { - copy_grp_map_entry(grp_info, &gmep->grp); - DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n", - gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type)); - return True; - } - } - - return False; -} - -/*********************************************************** - * - * Call four functions to resolve unix group ids and either - * local group SIDs or domain group SIDs listed in the local group - * or domain group map files. - * - * Note that it is *NOT* the responsibility of these functions to - * resolve entries that are not in the map files. - * - * Any SID can be in the map files (i.e from any Domain). - * - ***********************************************************/ - -#if 0 - -/*********************************************************** - Lookup a UNIX Group entry by name. -************************************************************/ -BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info) -{ - return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info); -} - -/*********************************************************** - Lookup a UNIX Alias entry by name. -************************************************************/ -BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info) -{ - return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info); -} - -/*********************************************************** - Lookup an Alias name entry -************************************************************/ -BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info); -} - -/*********************************************************** - Lookup a Group entry -************************************************************/ -BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info); -} - -#endif - -/*********************************************************** - Lookup a Username entry by name. -************************************************************/ -static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info) -{ - return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info); -} - -/*********************************************************** - Lookup a Username entry by SID. -************************************************************/ -static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_USER, sid, grp_info); -} - -/*********************************************************** - Lookup a Username SID entry by uid. -************************************************************/ -static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info); -} - -/*********************************************************** - Lookup an Alias SID entry by name. -************************************************************/ -BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_LOCAL, psid, grp_info); -} - -/*********************************************************** - Lookup a Group entry by sid. -************************************************************/ -BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info) -{ - return map_sid(DOM_MAP_DOMAIN, psid, grp_info); -} - -/*********************************************************** - Lookup an Alias SID entry by gid_t. -************************************************************/ -static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info); -} - -/*********************************************************** - Lookup a Group SID entry by gid_t. -************************************************************/ -static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info) -{ - return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info); -} - - -/************************************************************************ - Routine to look up User details by UNIX name -*************************************************************************/ -BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp) -{ - uid_t uid; - DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name)); - if (nametouid(unix_usr_name, &uid)) - { - return lookupsmbpwuid(uid, grp); - } - else - { - return False; - } -} - -/************************************************************************ - Routine to look up a remote nt name -*************************************************************************/ -static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type) -{ - struct cli_state cli; - POLICY_HND lsa_pol; - fstring srv_name; - extern struct ntuser_creds *usr_creds; - struct ntuser_creds usr; - - BOOL res3 = True; - BOOL res4 = True; - uint32 num_sids; - DOM_SID *sids; - uint8 *types; - char *names[1]; - - usr_creds = &usr; - - ZERO_STRUCT(usr); - pwd_set_nullpwd(&usr.pwd); - - DEBUG(5,("lookup_remote_ntname: %s\n", ntname)); - - if (!cli_connect_serverlist(&cli, lp_passwordserver())) - { - return False; - } - - names[0] = ntname; - - fstrcpy(srv_name, "\\\\"); - fstrcat(srv_name, cli.desthost); - strupper(srv_name); - - /* lookup domain controller; receive a policy handle */ - res3 = res3 ? lsa_open_policy( srv_name, - &lsa_pol, True) : False; - - /* send lsa lookup sids call */ - res4 = res3 ? lsa_lookup_names( &lsa_pol, - 1, names, - &sids, &types, &num_sids) : False; - - res3 = res3 ? lsa_close(&lsa_pol) : False; - - if (res4 && res3 && sids != NULL && types != NULL) - { - sid_copy(sid, &sids[0]); - *type = types[0]; - } - else - { - res3 = False; - } - if (types != NULL) - { - free(types); - } - - if (sids != NULL) - { - free(sids); - } - - return res3 && res4; -} - -/************************************************************************ - Routine to look up a remote nt name -*************************************************************************/ -static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type, - DOM_NAME_MAP *gmep) -{ - /* - * check with the PDC to see if it owns the name. if so, - * the SID is resolved with the PDC database. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type)) - { - if (sid_front_equal(&gmep->sid, &global_member_sid) && - strequal(gmep->nt_domain, global_myworkgroup) && - gmep->type == expected_type) - { - return True; - } - return False; - } - } - - /* - * ... otherwise, it's one of ours. map the sid ourselves, - * which can only happen in our own SAM database. - */ - - if (!strequal(gmep->nt_domain, global_sam_name)) - { - return False; - } - if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid)) - { - return False; - } - - return True; -} - -/* - * used by lookup functions below - */ - -static fstring nt_name; -static fstring unix_name; -static fstring nt_domain; - -/************************************************************************* - looks up a uid, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid)); - if (map_username_uid(uid, gmep)) - { - return True; - } -#if 0 - if (lp_server_role() != ROLE_DOMAIN_NONE) -#endif - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - gmep->unix_id = (uint32)uid; - - /* - * ok, assume it's one of ours. then double-check it - * if we are a member of a domain - */ - - gmep->type = SID_NAME_USER; - fstrcpy(gmep->nt_name, uidtoname(uid)); - fstrcpy(gmep->unix_name, gmep->nt_name); - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); -#endif - } - - /* - * ok, it's one of ours. - */ - - gmep->nt_domain = global_sam_name; - pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid); - - return True; - } - - /* oops. */ - - return False; -} - -/************************************************************************* - looks up by NT name, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname)); - - if (!split_domain_name(fullntname, nt_domain, nt_name)) - { - return False; - } - - if (map_nt_username(nt_name, nt_domain, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - uid_t uid; - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * ok, it's one of ours. we therefore "create" an nt user named - * after the unix user. this is the point where "appliance mode" - * should get its teeth in, as unix users won't really exist, - * they will only be numbers... - */ - - gmep->type = SID_NAME_USER; - fstrcpy(gmep->unix_name, gmep->nt_name); - if (!nametouid(gmep->unix_name, &uid)) - { - return False; - } - gmep->unix_id = (uint32)uid; - - return get_sid_and_type(fullntname, gmep->type, gmep); - } - - /* oops. */ - - return False; -} - -/************************************************************************* - looks up by RID, returns User Information. -*************************************************************************/ -BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep) -{ - fstring sid_str; - sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str)); - - if (map_username_sid(sid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt user named - * after the unix user. this is the point where "appliance mode" - * should get its teeth in, as unix users won't really exist, - * they will only be numbers... - */ - - gmep->type = SID_NAME_USER; - sid_copy(&gmep->sid, sid); - if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id)) - { - return False; - } - fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id)); - fstrcpy(gmep->unix_name, gmep->nt_name); - gmep->nt_domain = global_sam_name; - - return True; - } - - /* oops. */ - - return False; -} - -/************************************************************************ - Routine to look up group / alias / well-known group RID by UNIX name -*************************************************************************/ -BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp) -{ - gid_t gid; - DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name)); - if (nametogid(unix_grp_name, &gid)) - { - return lookupsmbgrpgid(gid, grp); - } - else - { - return False; - } -} - -/************************************************************************* - looks up a SID, returns name map entry -*************************************************************************/ -BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep) -{ - fstring sid_str; - sid_to_string(sid_str, sid); - DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str)); - - if (map_alias_sid(sid, gmep)) - { - return True; - } - if (map_group_sid(sid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...); -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt group or - * alias name named after the unix group. this is the point - * where "appliance mode" should get its teeth in, as unix - * groups won't really exist, they will only be numbers... - */ - - /* name is not explicitly mapped - * with map files or the PDC - * so we are responsible for it... - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - /* ... as a LOCAL group. */ - gmep->type = SID_NAME_ALIAS; - } - else - { - /* ... as a DOMAIN group. */ - gmep->type = SID_NAME_DOM_GRP; - } - - sid_copy(&gmep->sid, sid); - if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id)) - { - return False; - } - fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id)); - fstrcpy(gmep->unix_name, gmep->nt_name); - gmep->nt_domain = global_sam_name; - - return True; - } - - /* oops */ - return False; -} - -/************************************************************************* - looks up a gid, returns RID and type local, domain or well-known domain group -*************************************************************************/ -BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep) -{ - DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid)); - if (map_alias_gid(gid, gmep)) - { - return True; - } - if (map_group_gid(gid, gmep)) - { - return True; - } - if (lp_server_role() != ROLE_DOMAIN_NONE) - { - gmep->nt_name = nt_name; - gmep->unix_name = unix_name; - gmep->nt_domain = nt_domain; - - gmep->unix_id = (uint32)gid; - - /* - * here we should do a LsaLookupNames() call - * to check the status of the name with the PDC. - * if the PDC know nothing of the name, it's ours. - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { -#if 0 - if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...); - { - return True; - } -#endif - } - - /* - * ok, it's one of ours. we therefore "create" an nt group or - * alias name named after the unix group. this is the point - * where "appliance mode" should get its teeth in, as unix - * groups won't really exist, they will only be numbers... - */ - - /* name is not explicitly mapped - * with map files or the PDC - * so we are responsible for it... - */ - - if (lp_server_role() == ROLE_DOMAIN_MEMBER) - { - /* ... as a LOCAL group. */ - gmep->type = SID_NAME_ALIAS; - } - else - { - /* ... as a DOMAIN group. */ - gmep->type = SID_NAME_DOM_GRP; - } - fstrcpy(gmep->nt_name, gidtoname(gid)); - fstrcpy(gmep->unix_name, gmep->nt_name); - - return get_sid_and_type(gmep->nt_name, gmep->type, gmep); - } - - /* oops */ - return False; -} - diff --git a/source3/lib/genparser.c b/source3/lib/genparser.c deleted file mode 100644 index 233050b432..0000000000 --- a/source3/lib/genparser.c +++ /dev/null @@ -1,786 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -#include "includes.h" - -/* see if a range of memory is all zero. Used to prevent dumping of zero elements */ -static int all_zero(const char *ptr, unsigned size) -{ - int i; - if (!ptr) return 1; - for (i=0;i<size;i++) { - if (ptr[i]) return 0; - } - return 1; -} - -/* encode a buffer of bytes into a escaped string */ -static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len) -{ - const char *hexdig = "0123456789abcdef"; - char *ret, *p; - unsigned i; - ret = talloc(mem_ctx, len*3 + 1); /* worst case size */ - if (!ret) return NULL; - for (p=ret,i=0;i<len;i++) { - if (isalnum(ptr[i]) || isspace(ptr[i]) || - (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) { - *p++ = ptr[i]; - } else { - unsigned char c = *(unsigned char *)(ptr+i); - if (c == 0 && all_zero(ptr+i, len-i)) break; - p[0] = '\\'; - p[1] = hexdig[c>>4]; - p[2] = hexdig[c&0xF]; - p += 3; - } - } - - *p = 0; - - return ret; -} - -/* decode an escaped string from encode_bytes() into a buffer */ -static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len) -{ - char *ret, *p; - unsigned i; - int slen = strlen(s) + 1; - - ret = talloc(mem_ctx, slen); /* worst case length */ - if (!ret) - return NULL; - memset(ret, 0, slen); - - if (*s == '{') s++; - - for (p=ret,i=0;s[i];i++) { - if (s[i] == '}') { - break; - } else if (s[i] == '\\') { - unsigned v; - if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) { - return NULL; - } - *(unsigned char *)p = v; - p++; - i += 2; - } else { - *p++ = s[i]; - } - } - *p = 0; - - (*len) = (unsigned)(p - ret); - - return ret; -} - -/* the add*() functions deal with adding things to a struct - parse_string */ - -/* allocate more space if needed */ -static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n) -{ - if (p->length + n <= p->allocated) return 0; - p->allocated = p->length + n + 200; - p->s = talloc_realloc(mem_ctx, p->s, p->allocated); - if (!p->s) { - errno = ENOMEM; - return -1; - } - return 0; -} - -/* add a character to the buffer */ -static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c) -{ - if (addgen_alloc(mem_ctx, p, 2) != 0) { - return -1; - } - p->s[p->length++] = c; - p->s[p->length] = 0; - return 0; -} - -/* add a string to the buffer */ -int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, len+1) != 0) { - return -1; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* add a string to the buffer with a tab prefix */ -static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) { - return -1; - } - while (indent--) { - p->s[p->length++] = '\t'; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* note! this can only be used for results up to 60 chars wide! */ -int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char buf[60]; - int n; - va_list ap; - va_start(ap, fmt); - n = vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - return 0; -} - -/* - this is here to make it easier for people to write dump functions - for their own types - */ -int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char *buf = NULL; - int n; - va_list ap; - va_start(ap, fmt); - n = vasprintf(&buf, fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - if (buf) free(buf); - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - if (buf) free(buf); - return 0; -} - -/* dump a enumerated type */ -int gen_dump_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - unsigned v = *(unsigned *)ptr; - int i; - for (i=0;einfo[i].name;i++) { - if (v == einfo[i].value) { - addstr(mem_ctx, p, einfo[i].name); - return 0; - } - } - /* hmm, maybe we should just fail? */ - return gen_dump_unsigned(mem_ctx, p, ptr, indent); -} - -/* dump a single non-array element, hanlding struct and enum */ -static int gen_dump_one(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - unsigned indent) -{ - if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) { - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addchar(mem_ctx, p,'{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}")) { - return -1; - } - return 0; - } - - return pinfo->dump_fn(mem_ctx, p, ptr, indent); -} - -/* handle dumping of an array of arbitrary type */ -static int gen_dump_array(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - int array_len, - int indent) -{ - int i, count=0; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - char *s = encode_bytes(mem_ctx, ptr, array_len); - if (!s) return -1; - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = {") || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - free(s); - return 0; - } - - for (i=0;i<array_len;i++) { - const char *p2 = ptr; - unsigned size = pinfo->size; - - /* generic pointer dereference */ - if (pinfo->ptr_count) { - p2 = *(const char **)ptr; - size = sizeof(void *); - } - - if ((count || pinfo->ptr_count) && - !(pinfo->flags & FLAG_ALWAYS) && - all_zero(ptr, size)) { - ptr += size; - continue; - } - if (count == 0) { - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addshort(mem_ctx, p, " = %u:", i)) { - return -1; - } - } else { - if (addshort(mem_ctx, p, ", %u:", i) != 0) { - return -1; - } - } - if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) { - return -1; - } - ptr += size; - count++; - } - if (count) { - return addstr(mem_ctx, p, "\n"); - } - return 0; -} - -/* find a variable by name in a loaded structure and return its value - as an integer. Used to support dynamic arrays */ -static int find_var(const struct parse_struct *pinfo, - const char *data, - const char *var) -{ - int i; - const char *ptr; - - /* this allows for constant lengths */ - if (isdigit(*var)) { - return atoi(var); - } - - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, var) == 0) break; - } - if (!pinfo[i].name) return -1; - - ptr = data + pinfo[i].offset; - - switch (pinfo[i].size) { - case sizeof(int): - return *(int *)ptr; - case sizeof(char): - return *(char *)ptr; - } - - return -1; -} - - -int gen_dump_struct(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1); - if (!s) return -1; - if (addstr(mem_ctx, p, "{\n") || - addstr(mem_ctx, p, s) || - addtabbed(mem_ctx, p, "}", indent)) { - return -1; - } - return 0; -} - -static int gen_dump_string(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - const char *ptr = *(char **)data; - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = ") || - addchar(mem_ctx, p, '{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - return 0; -} - -/* - find the length of a nullterm array -*/ -static int len_nullterm(const char *ptr, int size, int array_len) -{ - int len; - - if (size == 1) { - len = strnlen(ptr, array_len); - } else { - for (len=0; len < array_len; len++) { - if (all_zero(ptr+len*size, size)) break; - } - } - - if (len == 0) len = 1; - - return len; -} - - -/* the generic dump routine. Scans the parse information for this structure - and processes it recursively */ -char *gen_dump(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - struct parse_string p; - int i; - - p.length = 0; - p.allocated = 0; - p.s = NULL; - - if (addstr(mem_ctx, &p, "") != 0) { - return NULL; - } - - for (i=0;pinfo[i].name;i++) { - const char *ptr = data + pinfo[i].offset; - unsigned size = pinfo[i].size; - - if (pinfo[i].ptr_count) { - size = sizeof(void *); - } - - /* special handling for array types */ - if (pinfo[i].array_len) { - unsigned len = pinfo[i].array_len; - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(ptr, size, len); - } - if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr, - len, indent)) { - goto failed; - } - continue; - } - - /* and dynamically sized arrays */ - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - struct parse_struct p2 = pinfo[i]; - if (len < 0) { - goto failed; - } - if (len > 0) { - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(*(char **)ptr, - pinfo[i].size, len); - } - p2.ptr_count--; - p2.dynamic_len = NULL; - if (gen_dump_array(mem_ctx, &p, &p2, - *(char **)ptr, - len, indent) != 0) { - goto failed; - } - } - continue; - } - - /* don't dump zero elements */ - if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue; - - /* assume char* is a null terminated string */ - if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 && - pinfo[i].dump_fn == gen_dump_char) { - if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) { - goto failed; - } - continue; - } - - /* generic pointer dereference */ - if (pinfo[i].ptr_count) { - ptr = *(const char **)ptr; - } - - if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) || - addstr(mem_ctx, &p, " = ") || - gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) || - addstr(mem_ctx, &p, "\n")) { - goto failed; - } - } - return p.s; - -failed: - return NULL; -} - -/* search for a character in a string, skipping over sections within - matching braces */ -static char *match_braces(char *s, char c) -{ - int depth = 0; - while (*s) { - switch (*s) { - case '}': - depth--; - break; - case '{': - depth++; - break; - } - if (depth == 0 && *s == c) { - return s; - } - s++; - } - return s; -} - -/* parse routine for enumerated types */ -int gen_parse_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - char *ptr, - const char *str) -{ - unsigned v; - int i; - - if (isdigit(*str)) { - if (sscanf(str, "%u", &v) != 1) { - errno = EINVAL; - return -1; - } - *(unsigned *)ptr = v; - return 0; - } - - for (i=0;einfo[i].name;i++) { - if (strcmp(einfo[i].name, str) == 0) { - *(unsigned *)ptr = einfo[i].value; - return 0; - } - } - - /* unknown enum value?? */ - return -1; -} - - -/* parse all base types */ -static int gen_parse_base(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str) -{ - if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) { - unsigned len; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s) return -1; - *(char **)ptr = s; - return 0; - } - - if (pinfo->ptr_count) { - unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size; - struct parse_struct p2 = *pinfo; - *(void **)ptr = talloc(mem_ctx, size); - if (! *(void **)ptr) { - return -1; - } - memset(*(void **)ptr, 0, size); - ptr = *(char **)ptr; - p2.ptr_count--; - return gen_parse_base(mem_ctx, &p2, ptr, str); - } - - return pinfo->parse_fn(mem_ctx, ptr, str); -} - -/* parse a generic array */ -static int gen_parse_array(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str, - int array_len) -{ - char *p, *p2; - unsigned size = pinfo->size; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - unsigned len = 0; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s || (len > array_len)) return -1; - memset(ptr, 0, array_len); - memcpy(ptr, s, len); - return 0; - } - - if (pinfo->ptr_count) { - size = sizeof(void *); - } - - while (*str) { - unsigned idx; - int done; - - idx = atoi(str); - p = strchr(str,':'); - if (!p) break; - p++; - p2 = match_braces(p, ','); - done = (*p2 != ','); - *p2 = 0; - - if (*p == '{') { - p++; - p[strlen(p)-1] = 0; - } - - if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) { - return -1; - } - - if (done) break; - str = p2+1; - } - - return 0; -} - -/* parse one element, hanlding dynamic and static arrays */ -static int gen_parse_one(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *name, - char *data, - const char *str) -{ - int i; - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, name) == 0) { - break; - } - } - if (pinfo[i].name == NULL) { - return 0; - } - - if (pinfo[i].array_len) { - return gen_parse_array(mem_ctx, &pinfo[i], - data+pinfo[i].offset, - str, pinfo[i].array_len); - } - - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - if (len < 0) { - errno = EINVAL; - return -1; - } - if (len > 0) { - struct parse_struct p2 = pinfo[i]; - char *ptr; - unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size; - ptr = talloc(mem_ctx, len*size); - if (!ptr) { - errno = ENOMEM; - return -1; - } - memset(ptr, 0, len*size); - *((char **)(data + pinfo[i].offset)) = ptr; - p2.ptr_count--; - p2.dynamic_len = NULL; - return gen_parse_array(mem_ctx, &p2, ptr, str, len); - } - return 0; - } - - return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str); -} - -int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str) -{ - return gen_parse(mem_ctx, pinfo, ptr, str); -} - -/* the main parse routine */ -int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s) -{ - char *str, *s0; - - s0 = strdup(s); - str = s0; - - while (*str) { - char *p; - char *name; - char *value; - - /* skip leading whitespace */ - while (isspace(*str)) str++; - - p = strchr(str, '='); - if (!p) break; - value = p+1; - while (p > str && isspace(*(p-1))) { - p--; - } - - *p = 0; - name = str; - - while (isspace(*value)) value++; - - if (*value == '{') { - str = match_braces(value, '}'); - value++; - } else { - str = match_braces(value, '\n'); - } - - *str++ = 0; - - if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) { - free(s0); - return -1; - } - } - - free(s0); - return 0; -} - - - -/* for convenience supply some standard dumpers and parsers here */ - -int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned char *)ptr = atoi(str); - return 0; -} - -int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(int *)ptr = atoi(str); - return 0; -} - -int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(time_t *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(double *)ptr = atof(str); - return 0; -} - -int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(float *)ptr = atof(str); - return 0; -} - -int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr)); -} - -int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%d", *(int *)(ptr)); -} - -int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr)); -} - -int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(time_t *)(ptr)); -} - -int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%lg", *(double *)(ptr)); -} - -int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%g", *(float *)(ptr)); -} diff --git a/source3/lib/genparser_samba.c b/source3/lib/genparser_samba.c deleted file mode 100644 index bece587747..0000000000 --- a/source3/lib/genparser_samba.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "genparser_samba.h" - -/* PARSE functions */ - -int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint8 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint16 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint32 *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - -int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(!string_to_sid((DOM_SID *)ptr, str)) return -1; - return 0; -} - -int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - int info[GUID_SIZE]; - int i; - char *sc; - char *p; - char *m; - - m = strdup(str); - if (!m) return -1; - sc = m; - - memset(info, 0, sizeof(info)); - for (i = 0; i < GUID_SIZE; i++) { - p = strchr(sc, ','); - if (p != NULL) p = '\0'; - info[i] = atoi(sc); - if (p != NULL) sc = p + 1; - } - free(m); - - for (i = 0; i < GUID_SIZE; i++) { - ((GUID *)ptr)->info[i] = info[i]; - } - - return 0; -} - -int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str); -} - -int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str); -} - -int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str); -} - -int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str); -} - -int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - - - -/* DUMP functions */ - -int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr)); -} - -int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr)); -} - -int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr)); -} - -int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((NTTIME *)(ptr))->high; - low = ((NTTIME *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - -int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - fstring sidstr; - - sid_to_string(sidstr, (DOM_SID *)ptr); - return addstr(mem_ctx, p, sidstr); -} - -int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask); -} - -int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - int i, r; - - for (i = 0; i < (GUID_SIZE - 1); i++) { - if (!(r = addshort(mem_ctx, p, "%d,", ((GUID *)ptr)->info[i]))) return r; - } - return addshort(mem_ctx, p, "%d", ((GUID *)ptr)->info[i]); -} - -int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent); -} - -int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent); -} - -int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent); -} - -int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent); -} - -int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((LUID *)(ptr))->high; - low = ((LUID *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c index d9160f0d01..c09bff5fd7 100644 --- a/source3/lib/iconv.c +++ b/source3/lib/iconv.c @@ -2,7 +2,7 @@ Unix SMB/CIFS implementation. minimal iconv implementation Copyright (C) Andrew Tridgell 2001 - Copyright (C) Jelmer Vernooij 2002,2003,2003,2003,2003 + Copyright (C) Jelmer Vernooij 2002,2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/lib/ldap.c b/source3/lib/ldap.c deleted file mode 100644 index 917e03a871..0000000000 --- a/source3/lib/ldap.c +++ /dev/null @@ -1,719 +0,0 @@ -/* - Unix SMB/CIFS implementation. - LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 - Copyright (C) Gerald Carter 2001 - Copyright (C) Shahms King 2001 - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jim McDonough 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include "includes.h" - -#ifdef HAVE_LDAP -/* TODO: -* persistent connections: if using NSS LDAP, many connections are made -* however, using only one within Samba would be nice -* -* Clean up SSL stuff, compile on OpenLDAP 1.x, 2.x, and Netscape SDK -* -* Other LDAP based login attributes: accountExpires, etc. -* (should be the domain of Samba proper, but the sam_password/SAM_ACCOUNT -* structures don't have fields for some of these attributes) -* -* SSL is done, but can't get the certificate based authentication to work -* against on my test platform (Linux 2.4, OpenLDAP 2.x) -*/ - -/* NOTE: this will NOT work against an Active Directory server -* due to the fact that the two password fields cannot be retrieved -* from a server; recommend using security = domain in this situation -* and/or winbind -*/ - -#include "smb_ldap.h" - -/* We need an internal mapping of LDAP * -> smb_ldap_privates so we implement - it in terms of a VK list. It's a little backwards but its quite efficent */ -static struct smb_ldap_privates *head; - -static struct smb_ldap_privates *get_internal(LDAP *ldap_struct) -{ - struct smb_ldap_privates *ret = head; - - while (NULL != ret && ret->ldap_struct != ldap_struct) { - ret = ret->next; - } - - return ret; -} - -#define SMB_LDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */ - -/******************************************************************* - find the ldap password -******************************************************************/ -static BOOL smb_ldap_fetch_pw(char **dn, char** pw) -{ - char *key = NULL; - size_t size; - - *dn = smb_xstrdup(lp_ldap_admin_dn()); - - if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { - SAFE_FREE(*dn); - DEBUG(0, ("smb_ldap_fetch_pw: asprintf failed!\n")); - } - - *pw=secrets_fetch(key, &size); - SAFE_FREE(key); - if (!size) { - /* Upgrade 2.2 style entry */ - char *p; - char* old_style_key = strdup(*dn); - char *data; - fstring old_style_pw; - - if (!old_style_key) { - DEBUG(0, ("smb_ldap_fetch_pw: strdup failed!\n")); - return False; - } - - for (p=old_style_key; *p; p++) - if (*p == ',') *p = '/'; - - data=secrets_fetch(old_style_key, &size); - if (!size && size < sizeof(old_style_pw)) { - DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); - SAFE_FREE(old_style_key); - SAFE_FREE(*dn); - return False; - } - - strncpy(old_style_pw, data, size); - old_style_pw[size] = 0; - - SAFE_FREE(data); - - if (!secrets_store_ldap_pw(*dn, old_style_pw)) { - DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); - SAFE_FREE(old_style_key); - SAFE_FREE(*dn); - return False; - } - if (!secrets_delete(old_style_key)) { - DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n")); - } - - SAFE_FREE(old_style_key); - - *pw = smb_xstrdup(old_style_pw); - } - - return True; -} - -/******************************************************************* - open a connection to the ldap server. -******************************************************************/ -int smb_ldap_open_connection (struct smb_ldap_privates *ldap_state, - LDAP ** ldap_struct) -{ - int rc = LDAP_SUCCESS; - int version; - BOOL ldap_v3 = False; - -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) - DEBUG(10, ("smb_ldap_open_connection: %s\n", ldap_state->uri)); - - if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) { - DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); - return rc; - } - -#else - - /* Parse the string manually */ - - { - int port = 0; - fstring protocol; - fstring host; - const char *p = ldap_state->uri; - SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254); - - /* skip leading "URL:" (if any) */ - if ( strncasecmp( p, "URL:", 4 ) == 0 ) { - p += 4; - } - - sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port); - - if (port == 0) { - if (strequal(protocol, "ldap")) { - port = LDAP_PORT; - } else if (strequal(protocol, "ldaps")) { - port = LDAPS_PORT; - } else { - DEBUG(0, ("unrecognised protocol (%s)!\n", protocol)); - } - } - - if ((*ldap_struct = ldap_init(host, port)) == NULL) { - DEBUG(0, ("ldap_init failed !\n")); - return LDAP_OPERATIONS_ERROR; - } - - if (strequal(protocol, "ldaps")) { -#ifdef LDAP_OPT_X_TLS - int tls = LDAP_OPT_X_TLS_HARD; - if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) - { - DEBUG(0, ("Failed to setup a TLS session\n")); - } - - DEBUG(3,("LDAPS option set...!\n")); -#else - DEBUG(0,("smb_ldap_open_connection: Secure connection not supported by LDAP client libraries!\n")); - return LDAP_OPERATIONS_ERROR; -#endif - } - } -#endif - - if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) - { - if (version != LDAP_VERSION3) - { - version = LDAP_VERSION3; - if (ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { - ldap_v3 = True; - } - } else { - ldap_v3 = True; - } - } - - if (lp_ldap_ssl() == LDAP_SSL_START_TLS) { -#ifdef LDAP_OPT_X_TLS - if (ldap_v3) { - if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS) - { - DEBUG(0,("Failed to issue the StartTLS instruction: %s\n", - ldap_err2string(rc))); - return rc; - } - DEBUG (3, ("StartTLS issued: using a TLS connection\n")); - } else { - - DEBUG(0, ("Need LDAPv3 for Start TLS\n")); - return LDAP_OPERATIONS_ERROR; - } -#else - DEBUG(0,("smb_ldap_open_connection: StartTLS not supported by LDAP client libraries!\n")); - return LDAP_OPERATIONS_ERROR; -#endif - } - - DEBUG(2, ("smb_ldap_open_connection: connection opened\n")); - return rc; -} - - -/******************************************************************* - a rebind function for authenticated referrals - This version takes a void* that we can shove useful stuff in :-) -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -#else -static int rebindproc_with_state (LDAP * ld, char **whop, char **credp, - int *methodp, int freeit, void *arg) -{ - struct smb_ldap_privates *ldap_state = arg; - - /** @TODO Should we be doing something to check what servers we rebind to? - Could we get a referral to a machine that we don't want to give our - username and password to? */ - - if (freeit) { - SAFE_FREE(*whop); - memset(*credp, '\0', strlen(*credp)); - SAFE_FREE(*credp); - } else { - DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", - ldap_state->bind_dn)); - - *whop = strdup(ldap_state->bind_dn); - if (!*whop) { - return LDAP_NO_MEMORY; - } - *credp = strdup(ldap_state->bind_secret); - if (!*credp) { - SAFE_FREE(*whop); - return LDAP_NO_MEMORY; - } - *methodp = LDAP_AUTH_SIMPLE; - } - return 0; -} -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - a rebind function for authenticated referrals - This version takes a void* that we can shove useful stuff in :-) - and actually does the connection. -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -static int rebindproc_connect_with_state (LDAP *ldap_struct, - LDAP_CONST char *url, - ber_tag_t request, - ber_int_t msgid, void *arg) -{ - struct smb_ldap_privates *ldap_state = arg; - int rc; - DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n", - ldap_state->bind_dn)); - - /** @TODO Should we be doing something to check what servers we rebind to? - Could we get a referral to a machine that we don't want to give our - username and password to? */ - - rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret); - - return rc; -} -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - Add a rebind function for authenticated referrals -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -#else -# if LDAP_SET_REBIND_PROC_ARGS == 2 -static int rebindproc (LDAP *ldap_struct, char **whop, char **credp, - int *method, int freeit ) -{ - return rebindproc_with_state(ldap_struct, whop, credp, - method, freeit, get_internal(ldap_struct)); - -} -# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - a rebind function for authenticated referrals - this also does the connection, but no void*. -******************************************************************/ -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -# if LDAP_SET_REBIND_PROC_ARGS == 2 -static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request, - ber_int_t msgid) -{ - return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid, - get_internal(ld)); -} -# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/ -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - -/******************************************************************* - connect to the ldap server under system privilege. -******************************************************************/ -int smb_ldap_connect_system(struct smb_ldap_privates *ldap_state, - LDAP * ldap_struct) -{ - int rc; - char *ldap_dn; - char *ldap_secret; - - if (NULL == get_internal(ldap_struct)) { - ldap_state->next = head; - } - - /* get the password */ - if (!smb_ldap_fetch_pw(&ldap_dn, &ldap_secret)) - { - DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n")); - return LDAP_INVALID_CREDENTIALS; - } - - ldap_state->bind_dn = ldap_dn; - ldap_state->bind_secret = ldap_secret; - - /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite - (OpenLDAP) doesnt' seem to support it */ - - DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n", - ldap_state->uri, ldap_dn)); - -#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -# if LDAP_SET_REBIND_PROC_ARGS == 2 - ldap_set_rebind_proc(ldap_struct, &rebindproc_connect); -# endif -# if LDAP_SET_REBIND_PROC_ARGS == 3 - ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state); -# endif -#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ -# if LDAP_SET_REBIND_PROC_ARGS == 2 - ldap_set_rebind_proc(ldap_struct, &rebindproc); -# endif -# if LDAP_SET_REBIND_PROC_ARGS == 3 - ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state); -# endif -#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/ - - rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret); - - if (rc != LDAP_SUCCESS) { - char *ld_error; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, - &ld_error); - DEBUG(0, - ("failed to bind to server with dn= %s Error: %s\n\t%s\n", - ldap_dn, ldap_err2string(rc), - ld_error)); - free(ld_error); - return rc; - } - - DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n")); - return rc; -} - -/********************************************************************** -Connect to LDAP server -*********************************************************************/ -int smb_ldap_open(struct smb_ldap_privates *ldap_state) -{ - int rc; - SMB_ASSERT(ldap_state); - -#ifndef NO_LDAP_SECURITY - if (geteuid() != 0) { - DEBUG(0, ("smb_ldap_open: cannot access LDAP when not root..\n")); - return LDAP_INSUFFICIENT_ACCESS; - } -#endif - - if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMB_LDAP_DONT_PING_TIME) < time(NULL))) { - struct sockaddr_un addr; - socklen_t len; - int sd; - if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 && - getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { - /* the other end has died. reopen. */ - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); - ldap_state->ldap_struct = NULL; - ldap_state->last_ping = (time_t)0; - } else { - ldap_state->last_ping = time(NULL); - } - } - - if (ldap_state->ldap_struct != NULL) { - DEBUG(5,("smb_ldap_open: allready connected to the LDAP server\n")); - return LDAP_SUCCESS; - } - - if ((rc = smb_ldap_open_connection(ldap_state, &ldap_state->ldap_struct))) { - return rc; - } - - if ((rc = smb_ldap_connect_system(ldap_state, ldap_state->ldap_struct))) { - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); - ldap_state->ldap_struct = NULL; - return rc; - } - - - ldap_state->last_ping = time(NULL); - DEBUG(4,("The LDAP server is succesful connected\n")); - - return LDAP_SUCCESS; -} - -/********************************************************************** -Disconnect from LDAP server -*********************************************************************/ -NTSTATUS smb_ldap_close(struct smb_ldap_privates *ldap_state) -{ - if (!ldap_state) - return NT_STATUS_INVALID_PARAMETER; - - if (ldap_state->ldap_struct != NULL) { - ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL); - ldap_state->ldap_struct = NULL; - } - - DEBUG(5,("The connection to the LDAP server was closed\n")); - /* maybe free the results here --metze */ - - return NT_STATUS_OK; -} - -static int smb_ldap_retry_open(struct smb_ldap_privates *ldap_state, int *attempts) -{ - int rc; - - SMB_ASSERT(ldap_state && attempts); - - if (*attempts != 0) { - /* we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds */ - msleep((((*attempts)*(*attempts))/2)*1000); - } - (*attempts)++; - - if ((rc = smb_ldap_open(ldap_state))) { - DEBUG(0,("Connection to LDAP Server failed for the %d try!\n",*attempts)); - return rc; - } - - return LDAP_SUCCESS; -} - - -int smb_ldap_search(struct smb_ldap_privates *ldap_state, - const char *base, int scope, const char *filter, - const char *attrs[], int attrsonly, - LDAPMessage **res) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - SMB_ASSERT(ldap_state); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_search_s(ldap_state->ldap_struct, base, scope, - filter, (char **)attrs, attrsonly, res); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smb_ldap_close(ldap_state); - } - - return rc; -} - -int smb_ldap_modify(struct smb_ldap_privates *ldap_state, char *dn, - LDAPMod *attrs[]) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_modify_s(ldap_state->ldap_struct, dn, attrs); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smb_ldap_close(ldap_state); - } - - return rc; -} - -int smb_ldap_add(struct smb_ldap_privates *ldap_state, const char *dn, - LDAPMod *attrs[]) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_add_s(ldap_state->ldap_struct, dn, attrs); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smb_ldap_close(ldap_state); - } - - return rc; -} - -int smb_ldap_delete(struct smb_ldap_privates *ldap_state, char *dn) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_delete_s(ldap_state->ldap_struct, dn); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smb_ldap_close(ldap_state); - } - - return rc; -} - -int smb_ldap_extended_operation(struct smb_ldap_privates *ldap_state, - LDAP_CONST char *reqoid, - struct berval *reqdata, - LDAPControl **serverctrls, - LDAPControl **clientctrls, char **retoidp, - struct berval **retdatap) -{ - int rc = LDAP_SERVER_DOWN; - int attempts = 0; - - if (!ldap_state) - return (-1); - - while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) { - - if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS) - continue; - - rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap); - } - - if (rc == LDAP_SERVER_DOWN) { - DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO)); - smb_ldap_close(ldap_state); - } - - return rc; -} - -/******************************************************************* -search an attribute and return the first value found. -******************************************************************/ -BOOL smb_ldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry, - const char *attribute, pstring value) -{ - char **values; - - if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) { - value = NULL; - DEBUG (10, ("smb_ldap_get_single_attribute: [%s] = [<does not exist>]\n", attribute)); - - return False; - } - - pstrcpy(value, values[0]); - ldap_value_free(values); -#ifdef DEBUG_PASSWORDS - DEBUG (100, ("smb_ldap_get_single_attribute: [%s] = [%s]\n", attribute, value)); -#endif - return True; -} - - -/************************************************************************ -Routine to manage the LDAPMod structure array -manage memory used by the array, by each struct, and values - -************************************************************************/ -void smb_ldap_make_a_mod (LDAPMod *** modlist, int modop, - const char *attribute, const char *value) -{ - LDAPMod **mods; - int i; - int j; - - mods = *modlist; - - if (attribute == NULL || *attribute == '\0') - return; - - if (value == NULL || *value == '\0') - return; - - if (mods == NULL) - { - mods = (LDAPMod **) malloc(sizeof(LDAPMod *)); - if (mods == NULL) - { - DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n")); - return; - } - mods[0] = NULL; - } - - for (i = 0; mods[i] != NULL; ++i) { - if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute)) - break; - } - - if (mods[i] == NULL) - { - mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *)); - if (mods == NULL) - { - DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n")); - return; - } - mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod)); - if (mods[i] == NULL) - { - DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n")); - return; - } - mods[i]->mod_op = modop; - mods[i]->mod_values = NULL; - mods[i]->mod_type = strdup(attribute); - mods[i + 1] = NULL; - } - - if (value != NULL) - { - j = 0; - if (mods[i]->mod_values != NULL) { - for (; mods[i]->mod_values[j] != NULL; j++); - } - mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values, - (j + 2) * sizeof (char *)); - - if (mods[i]->mod_values == NULL) { - DEBUG (0, ("smb_ldap_make_a_mod: Memory allocation failure!\n")); - return; - } - mods[i]->mod_values[j] = strdup(value); - mods[i]->mod_values[j + 1] = NULL; - } - *modlist = mods; -} - -#endif diff --git a/source3/lib/module.c b/source3/lib/module.c index 087c964d3c..811efae311 100644 --- a/source3/lib/module.c +++ b/source3/lib/module.c @@ -2,7 +2,8 @@ Unix SMB/CIFS implementation. module loading system - Copyright (C) Jelmer Vernooij 2002 + Copyright (C) Jelmer Vernooij 2002-2003 + Copyright (C) Stefan (metze) Metzmacher 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -80,7 +81,12 @@ NTSTATUS smb_probe_module(const char *subsystem, const char *module) pstring full_path; /* Check for absolute path */ - if(module[0] == '/')return smb_load_module(module); + + /* if we make any 'samba multibyte string' + calls here, we break + for loading string modules */ + if (module[0] == '/') + return smb_load_module(module); pstrcpy(full_path, lib_path(subsystem)); pstrcat(full_path, "/"); @@ -97,19 +103,19 @@ NTSTATUS smb_probe_module(const char *subsystem, const char *module) NTSTATUS smb_load_module(const char *module_name) { - DEBUG(0,("This samba executable has not been built with plugin support")); + DEBUG(0,("This samba executable has not been built with plugin support\n")); return NT_STATUS_NOT_SUPPORTED; } int smb_load_modules(const char **modules) { - DEBUG(0,("This samba executable has not been built with plugin support")); + DEBUG(0,("This samba executable has not been built with plugin support\n")); return -1; } NTSTATUS smb_probe_module(const char *subsystem, const char *module) { - DEBUG(0,("This samba executable has not been built with plugin support, not probing")); + DEBUG(0,("This samba executable has not been built with plugin support, not probing\n")); return NT_STATUS_NOT_SUPPORTED; } @@ -145,3 +151,107 @@ void module_path_get_name(const char *path, pstring name) } } } + + +/*************************************************************************** + * This Function registers a idle event + * + * the registered funtions are run periodically + * and maybe shutdown idle connections (e.g. to an LDAP server) + ***************************************************************************/ +static smb_idle_event_struct *smb_idle_event_list = NULL; +NTSTATUS smb_register_idle_event(smb_idle_event_struct *idle_event) +{ + if (!idle_event) { + return NT_STATUS_INVALID_PARAMETER; + } + + idle_event->last_run = 0; + + DLIST_ADD(smb_idle_event_list,idle_event); + + return NT_STATUS_OK; +} + +NTSTATUS smb_unregister_idle_event(smb_idle_event_struct *idle_event) +{ + if (!idle_event) { + return NT_STATUS_INVALID_PARAMETER; + } + + DLIST_REMOVE(smb_idle_event_list,idle_event); + + return NT_STATUS_OK; +} + +void smb_run_idle_events(time_t now) +{ + smb_idle_event_struct *tmp_event = smb_idle_event_list; + + while (tmp_event) { + time_t interval; + + if (tmp_event->fn) { + if (tmp_event->interval >= SMB_IDLE_EVENT_MIN_INTERVAL) { + interval = tmp_event->interval; + } else { + interval = SMB_IDLE_EVENT_DEFAULT_INTERVAL; + } + if (now >(tmp_event->last_run+interval)) { + tmp_event->fn(&tmp_event,now); + tmp_event->last_run = now; + } + } + + tmp_event = tmp_event->next; + } + + return; +} + +/*************************************************************************** + * This Function registers a exit event + * + * the registered funtions are run on exit() + * and maybe shutdown idle connections (e.g. to an LDAP server) + ***************************************************************************/ +static smb_exit_event_struct *smb_exit_event_list = NULL; +NTSTATUS smb_register_exit_event(smb_exit_event_struct *exit_event) +{ + if (!exit_event) { + return NT_STATUS_INVALID_PARAMETER; + } + + DLIST_ADD(smb_exit_event_list,exit_event); + + return NT_STATUS_OK; +} + +NTSTATUS smb_unregister_exit_event(smb_exit_event_struct *exit_event) +{ + if (!exit_event) { + return NT_STATUS_INVALID_PARAMETER; + } + + DLIST_REMOVE(smb_exit_event_list,exit_event); + + return NT_STATUS_OK; +} + +void smb_run_exit_events(void) +{ + smb_exit_event_struct *tmp_event = smb_exit_event_list; + + while (tmp_event) { + if (tmp_event->fn) { + tmp_event->fn(&tmp_event); + } + tmp_event = tmp_event->next; + } + + /* run exit_events only once */ + smb_exit_event_list = NULL; + + return; +} + diff --git a/source3/lib/readline.c b/source3/lib/readline.c index ceb02ef749..8b90c32c7f 100644 --- a/source3/lib/readline.c +++ b/source3/lib/readline.c @@ -116,29 +116,6 @@ char *smb_readline(char *prompt, void (*callback)(void), } /**************************************************************************** - * return line buffer text - ****************************************************************************/ -const char *smb_readline_get_line_buffer(void) -{ -#if defined(HAVE_LIBREADLINE) - return rl_line_buffer; -#else - return NULL; -#endif -} - - -/**************************************************************************** - * set completion append character - ***************************************************************************/ -void smb_readline_ca_char(char c) -{ -#if defined(HAVE_LIBREADLINE) - rl_completion_append_character = c; -#endif -} - -/**************************************************************************** history ****************************************************************************/ int cmd_history(void) @@ -158,4 +135,3 @@ int cmd_history(void) return 0; } - diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index ef68bce985..7ba8648156 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -40,6 +40,17 @@ void set_local_machine_name(const char* local_name, BOOL perm) static BOOL already_perm = False; fstring tmp_local_machine; + /* + * Windows NT/2k uses "*SMBSERVER" and XP uses "*SMBSERV" + * arrggg!!! + */ + + if (strcasecmp(local_name, "*SMBSERVER")==0) + return; + + if (strcasecmp(local_name, "*SMBSERV")==0) + return; + if (already_perm) return; diff --git a/source3/lib/username.c b/source3/lib/username.c index d8f4ff80ed..b8f33494ee 100644 --- a/source3/lib/username.c +++ b/source3/lib/username.c @@ -339,7 +339,7 @@ static BOOL user_in_winbind_group_list(const char *user, const char *gname, BOOL goto err; } - if (!lp_idmap_gid(&gid_low, &gid_high)) { + if (!lp_winbind_gid(&gid_low, &gid_high)) { DEBUG(4, ("winbind gid range not configured, therefore %s cannot be a winbind group\n", gname)); goto err; } diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 9dc0c8ca18..e239ef56c7 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -642,8 +642,9 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src) if(!src) return NULL; - if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) + if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) { sid_copy( dst, src); + } return dst; } diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index c974050b43..8c171852ab 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -764,6 +764,19 @@ char *client_addr(void) return get_socket_addr(client_fd); } +struct in_addr *client_inaddr(struct sockaddr *sa) +{ + struct sockaddr_in *sockin = (struct sockaddr_in *) (sa); + int length = sizeof(*sa); + + if (getpeername(client_fd, sa, &length) < 0) { + DEBUG(0,("getpeername failed. Error was %s\n", strerror(errno) )); + return NULL; + } + + return &sockin->sin_addr; +} + /******************************************************************* matchname - determine if host name matches IP address. Used to confirm a hostname lookup to prevent spoof attacks diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c index 08bb03986f..5df0828295 100644 --- a/source3/lib/util_unistr.c +++ b/source3/lib/util_unistr.c @@ -229,7 +229,10 @@ char *skip_unibuf(char *src, size_t len) */ int rpcstr_pull(char* dest, void *src, int dest_len, int src_len, int flags) { - if (!src) return 0; + if (!src) { + dest[0] = 0; + return 0; + } if(dest_len==-1) dest_len=MAXUNI-3; return pull_ucs2(NULL, dest, src, dest_len, src_len, flags|STR_UNICODE|STR_NOALIGN); } diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c index 626c177926..750940e336 100644 --- a/source3/libads/ads_utils.c +++ b/source3/libads/ads_utils.c @@ -89,52 +89,6 @@ uint32 ads_uf2atype(uint32 uf) } /* -translated the GROUP_CTRL Flags to GroupType (groupType) -*/ -uint32 ads_gcb2gtype(uint16 gcb) -{ - uint32 gtype = 0x00000000; - - if (gcb & GCB_ALIAS_GROUP) gtype |= GTYPE_SECURITY_BUILTIN_LOCAL_GROUP; - else if(gcb & GCB_LOCAL_GROUP) gtype |= GTYPE_SECURITY_DOMAIN_LOCAL_GROUP; - if (gcb & GCB_GLOBAL_GROUP) gtype |= GTYPE_SECURITY_GLOBAL_GROUP; - - return gtype; -} - -/* -translated the GroupType (groupType) to GROUP_CTRL Flags -*/ -uint16 ads_gtype2gcb(uint32 gtype) -{ - uint16 gcb = 0x0000; - - switch(gtype) { - case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP: - gcb = GCB_ALIAS_GROUP; - break; - case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP: - gcb = GCB_LOCAL_GROUP; - break; - case GTYPE_SECURITY_GLOBAL_GROUP: - gcb = GCB_GLOBAL_GROUP; - break; - - case GTYPE_DISTRIBUTION_GLOBAL_GROUP: - gcb = GCB_GLOBAL_GROUP; - break; - case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP: - gcb = GCB_LOCAL_GROUP; - break; - case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP: - gcb = GCB_GLOBAL_GROUP; - break; - } - - return gcb; -} - -/* get the accountType from the groupType */ uint32 ads_gtype2atype(uint32 gtype) diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 214871b3fb..856809decc 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -677,7 +677,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, we need to use the '$' form of the name here, as otherwise the server might end up setting the password for a user instead */ - asprintf(&principal, "%s$@%s", host, ads->auth.realm); + asprintf(&principal, "%s$@%s", host, ads->config.realm); status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset); diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 4bfa694e63..982cbfff06 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -261,7 +261,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user, server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8)); if (!SMBNTLMv2encrypt(user, workgroup, pass, server_chal, - &lm_response, &nt_response, &session_key)) { + &lm_response, &nt_response, NULL, &session_key)) { data_blob_free(&server_chal); return False; } @@ -810,9 +810,6 @@ BOOL cli_send_tconX(struct cli_state *cli, clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII); - if (strcasecmp(share,"IPC$")==0) - fstrcpy(cli->dev, "IPC"); - if (cli->protocol >= PROTOCOL_NT1 && smb_buflen(cli->inbuf) == 3) { /* almost certainly win95 - enable bug fixes */ diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index d54655d17f..356bb0c4fe 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -501,7 +501,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st if (!SMBNTLMv2encrypt(ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->password, challenge_blob, - &lm_response, &nt_response, &session_key)) { + &lm_response, &nt_response, NULL, &session_key)) { data_blob_free(&challenge_blob); return NT_STATUS_NO_MEMORY; } diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 4e9b895a1b..76e3eb8988 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -21,6 +21,15 @@ #include "includes.h" +/* the SNIA Technical Reference tells us that this is '40 or 44' bytes + long, but NTLM only uses 40, and we don't know what value to use for + NTLMv2 */ + +/* my guess is 64, and other evidence indicates we don't setup the + session key correctly, so that's why it's failing */ + +#define SIMPLE_SMB_SIGNING_MAC_KEY_LEN 64 + struct smb_basic_signing_context { DATA_BLOB mac_key; uint32 send_seq_num; @@ -111,6 +120,9 @@ static void cli_simple_sign_outgoing_message(struct cli_state *cli) /* * Firstly put the sequence number into the first 4 bytes. * and zero out the next 4 bytes. + * + * We put the sequence into the packet, becouse we are going + * to copy over it anyway. */ SIVAL(cli->outbuf, smb_ss_field, data->send_seq_num); @@ -132,7 +144,7 @@ static void cli_simple_sign_outgoing_message(struct cli_state *cli) memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8); /* cli->outbuf[smb_ss_field+2]=0; - Uncomment this to test if the remote server actually verifies signitures...*/ + Uncomment this to test if the remote server actually verifies signatures...*/ data->send_seq_num++; data->reply_seq_num = data->send_seq_num; data->send_seq_num++; @@ -155,6 +167,8 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli) /* * Firstly put the sequence number into the first 4 bytes. * and zero out the next 4 bytes. + * + * We do this here, to avoid modifying the packet. */ SIVAL(sequence_buf, 0, data->reply_seq_num); @@ -163,15 +177,28 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli) /* get a copy of the server-sent mac */ memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac)); - /* Calculate the 16 byte MAC and place first 8 bytes into the field. */ + /* Calculate the 16 byte MAC - but don't alter the data in the + incoming packet. + + This makes for a bit for fussing about, but it's not too bad. + */ MD5Init(&md5_ctx); + + /* intialise with the key */ MD5Update(&md5_ctx, data->mac_key.data, data->mac_key.length); + + /* copy in the first bit of the SMB header */ MD5Update(&md5_ctx, cli->inbuf + 4, smb_ss_field - 4); + + /* copy in the sequence number, instead of the signature */ MD5Update(&md5_ctx, sequence_buf, sizeof(sequence_buf)); - + + /* copy in the rest of the packet in, skipping the signature */ MD5Update(&md5_ctx, cli->inbuf + offset_end_of_sig, smb_len(cli->inbuf) - (offset_end_of_sig - 4)); + + /* caclulate the MD5 sig */ MD5Final(calc_md5_mac, &md5_ctx); good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0); @@ -219,10 +246,10 @@ BOOL cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[ data = smb_xmalloc(sizeof(*data)); cli->sign_info.signing_context = data; - data->mac_key = data_blob(NULL, MIN(response.length + 16, 40)); + data->mac_key = data_blob(NULL, MIN(response.length + 16, SIMPLE_SMB_SIGNING_MAC_KEY_LEN)); memcpy(&data->mac_key.data[0], user_session_key, 16); - memcpy(&data->mac_key.data[16],response.data, MIN(response.length, 40 - 16)); + memcpy(&data->mac_key.data[16],response.data, MIN(response.length, SIMPLE_SMB_SIGNING_MAC_KEY_LEN - 16)); /* Initialise the sequence number */ data->send_seq_num = 0; diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 28160d9609..bab18a07b1 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -76,10 +76,9 @@ void E_deshash(const char *passwd, uchar p16[16]) { fstring dospwd; ZERO_STRUCT(dospwd); - ZERO_STRUCTP(p16); /* Password must be converted to DOS charset - null terminated, uppercase. */ - push_ascii(dospwd, (const char *)passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE); + push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE); /* Only the fisrt 14 chars are considered, password need not be null terminated. */ E_P16(dospwd, p16); @@ -324,7 +323,8 @@ static DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16], BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password, const DATA_BLOB server_chal, DATA_BLOB *lm_response, DATA_BLOB *nt_response, - DATA_BLOB *session_key) + DATA_BLOB *lm_session_key, + DATA_BLOB *nt_session_key) { uchar nt_hash[16]; uchar ntlm_v2_hash[16]; @@ -338,18 +338,30 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password return False; } - *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */); + if (nt_response) { + *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */); + if (nt_session_key) { + *nt_session_key = data_blob(NULL, 16); + + /* The NTLMv2 calculations also provide a session key, for signing etc later */ + /* use only the first 16 bytes of nt_response for session key */ + SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data); + } + } /* LMv2 */ - *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8); - - *session_key = data_blob(NULL, 16); + if (lm_response) { + *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8); + if (lm_session_key) { + *lm_session_key = data_blob(NULL, 16); + + /* The NTLMv2 calculations also provide a session key, for signing etc later */ + /* use only the first 16 bytes of nt_response for session key */ + SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data); + } + } - /* The NTLMv2 calculations also provide a session key, for signing etc later */ - /* use only the first 16 bytes of nt_response for session key */ - SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, session_key->data); - return True; } diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index d5a02bb625..6244c844f2 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ result = cli_nt_setup_creds(cli, sec_channel_type, orig_trust_passwd_hash, &neg_flags, 2); if (!NT_STATUS_IS_OK(result)) { - DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n", + DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", nt_errstr(result))); return result; } diff --git a/source3/mainpage.dox b/source3/mainpage.dox new file mode 100644 index 0000000000..8b72f80462 --- /dev/null +++ b/source3/mainpage.dox @@ -0,0 +1,7 @@ +/** + +@mainpage + +@li \ref CodingSuggestions + +**/ diff --git a/source3/modules/developer.c b/source3/modules/weird.c index 7ffc3ff50d..444853f383 100644 --- a/source3/modules/developer.c +++ b/source3/modules/weird.c @@ -125,8 +125,7 @@ static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft, struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push}; -int charset_weird_init(void) +NTSTATUS charset_weird_init(void) { - smb_register_charset(&weird_functions); - return True; + return smb_register_charset(&weird_functions); } diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c index eec447688f..d9300f4668 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -30,13 +30,13 @@ int global_nmb_port = -1; extern BOOL global_in_nmbd; /* are we running as a daemon ? */ -static BOOL is_daemon = False; +static BOOL is_daemon; /* fork or run in foreground ? */ static BOOL Fork = True; /* log to standard output ? */ -static BOOL log_stdout = False; +static BOOL log_stdout; /* have we found LanMan clients yet? */ BOOL found_lm_clients = False; @@ -573,8 +573,10 @@ static BOOL open_sockets(BOOL isdaemon, int port) **************************************************************************** */ int main(int argc, const char *argv[]) { - static BOOL opt_interactive = False; + pstring logfile; + static BOOL opt_interactive; poptContext pc; + int opt; struct poptOption long_options[] = { POPT_AUTOHELP {"daemon", 'D', POPT_ARG_VAL, &is_daemon, True, "Become a daemon(default)" }, @@ -586,46 +588,47 @@ static BOOL open_sockets(BOOL isdaemon, int port) POPT_COMMON_SAMBA { NULL } }; - pstring logfile; - - global_nmb_port = NMB_PORT; - global_in_nmbd = True; - - StartupTime = time(NULL); - - sys_srandom(time(NULL) ^ sys_getpid()); - slprintf(logfile, sizeof(logfile)-1, "%s/log.nmbd", dyn_LOGFILEBASE); - lp_set_logfile(logfile); + global_nmb_port = NMB_PORT; - fault_setup((void (*)(void *))fault_continue ); - - /* POSIX demands that signals are inherited. If the invoking process has - * these signals masked, we will have problems, as we won't receive them. */ - BlockSignals(False, SIGHUP); - BlockSignals(False, SIGUSR1); - BlockSignals(False, SIGTERM); - - CatchSignal( SIGHUP, SIGNAL_CAST sig_hup ); - CatchSignal( SIGTERM, SIGNAL_CAST sig_term ); + pc = poptGetContext("nmbd", argc, argv, long_options, 0); + while ((opt = poptGetNextOpt(pc)) != -1) ; + poptFreeContext(pc); + global_in_nmbd = True; + + StartupTime = time(NULL); + + sys_srandom(time(NULL) ^ sys_getpid()); + + slprintf(logfile, sizeof(logfile)-1, "%s/log.nmbd", dyn_LOGFILEBASE); + lp_set_logfile(logfile); + + fault_setup((void (*)(void *))fault_continue ); + + /* POSIX demands that signals are inherited. If the invoking process has + * these signals masked, we will have problems, as we won't receive them. */ + BlockSignals(False, SIGHUP); + BlockSignals(False, SIGUSR1); + BlockSignals(False, SIGTERM); + + CatchSignal( SIGHUP, SIGNAL_CAST sig_hup ); + CatchSignal( SIGTERM, SIGNAL_CAST sig_term ); + #if defined(SIGFPE) - /* we are never interested in SIGFPE */ - BlockSignals(True,SIGFPE); + /* we are never interested in SIGFPE */ + BlockSignals(True,SIGFPE); #endif - /* We no longer use USR2... */ + /* We no longer use USR2... */ #if defined(SIGUSR2) - BlockSignals(True, SIGUSR2); + BlockSignals(True, SIGUSR2); #endif - pc = poptGetContext("nmbd", argc, argv, long_options, 0); - - poptFreeContext(pc); - if ( opt_interactive ) { - Fork = False; - log_stdout = True; - } + if ( opt_interactive ) { + Fork = False; + log_stdout = True; + } if ( log_stdout && Fork ) { DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n")); diff --git a/source3/nmbd/nmbd_become_lmb.c b/source3/nmbd/nmbd_become_lmb.c index 6f8e7efb1a..d390bf72e9 100644 --- a/source3/nmbd/nmbd_become_lmb.c +++ b/source3/nmbd/nmbd_become_lmb.c @@ -600,6 +600,5 @@ local_master_browser_name for workgroup %s to workgroup name.\n", } #endif - StrnCpy(work->local_master_browser_name, newname, - sizeof(work->local_master_browser_name)-1); + fstrcpy(work->local_master_browser_name, newname); } diff --git a/source3/nmbd/nmbd_browserdb.c b/source3/nmbd/nmbd_browserdb.c index a4ef98e265..d7c852605e 100644 --- a/source3/nmbd/nmbd_browserdb.c +++ b/source3/nmbd/nmbd_browserdb.c @@ -107,8 +107,8 @@ struct browse_cache_record *create_browser_in_lmb_cache( char *work_name, /* Allow the new lmb to miss an announce period before we remove it. */ browc->death_time = now + ( (CHECK_TIME_MST_ANNOUNCE + 2) * 60 ); - StrnCpy( browc->lmb_name, browser_name, sizeof(browc->lmb_name)-1 ); - StrnCpy( browc->work_group, work_name, sizeof(browc->work_group)-1 ); + pstrcpy( browc->lmb_name, browser_name); + pstrcpy( browc->work_group, work_name); strupper( browc->lmb_name ); strupper( browc->work_group ); diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c index b9082ee1c3..ca8d269cb0 100644 --- a/source3/nmbd/nmbd_browsesync.c +++ b/source3/nmbd/nmbd_browsesync.c @@ -106,6 +106,7 @@ As a local master browser, send an announce packet to the domain master browser. static void announce_local_master_browser_to_domain_master_browser( struct work_record *work) { pstring outbuf; + fstring myname; char *p; if(ismyip(work->dmb_addr)) @@ -125,8 +126,11 @@ static void announce_local_master_browser_to_domain_master_browser( struct work_ SCVAL(p,0,ANN_MasterAnnouncement); p++; - StrnCpy(p,global_myname(),15); - strupper(p); + fstrcpy(myname, global_myname()); + strupper(myname); + myname[15]='\0'; + push_pstring_base(p, myname, outbuf); + p = skip_string(p,1); if( DEBUGLVL( 4 ) ) diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c index cd6954fc62..16fecbccd9 100644 --- a/source3/nmbd/nmbd_incomingdgrams.c +++ b/source3/nmbd/nmbd_incomingdgrams.c @@ -172,7 +172,7 @@ void process_host_announce(struct subnet_record *subrec, struct packet_struct *p /* Update the record. */ servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY; update_server_ttl( servrec, ttl); - StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1); + fstrcpy(servrec->serv.comment,comment); } } else @@ -343,7 +343,7 @@ a local master browser for workgroup %s and we think we are master. Forcing elec /* Update the record. */ servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY; update_server_ttl(servrec, ttl); - StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1); + fstrcpy(servrec->serv.comment,comment); } set_workgroup_local_master_browser_name( work, server_name ); @@ -520,7 +520,7 @@ originate from OS/2 Warp client. Ignoring packet.\n")); /* Update the record. */ servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY; update_server_ttl( servrec, ttl); - StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1); + fstrcpy(servrec->serv.comment,comment); } } else @@ -559,6 +559,7 @@ static void send_backup_list_response(struct subnet_record *subrec, #if 0 struct server_record *servrec; #endif + fstring myname; memset(outbuf,'\0',sizeof(outbuf)); @@ -578,8 +579,11 @@ static void send_backup_list_response(struct subnet_record *subrec, /* We always return at least one name - our own. */ count = 1; - StrnCpy(p,global_myname(),15); - strupper(p); + fstrcpy(myname, global_myname()); + strupper(myname); + myname[15]='\0'; + push_pstring_base(p, myname, outbuf); + p = skip_string(p,1); /* Look for backup browsers in this workgroup. */ diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c index 40d07aae16..8501acf9ba 100644 --- a/source3/nmbd/nmbd_sendannounce.c +++ b/source3/nmbd/nmbd_sendannounce.c @@ -555,6 +555,7 @@ void browse_sync_remote(time_t t) struct work_record *work; pstring outbuf; char *p; + fstring myname; if (last_time && (t < (last_time + REMOTE_ANNOUNCE_INTERVAL))) return; @@ -589,8 +590,11 @@ for workgroup %s on subnet %s.\n", lp_workgroup(), FIRST_SUBNET->subnet_name )); SCVAL(p,0,ANN_MasterAnnouncement); p++; - StrnCpy(p,global_myname(),15); - strupper(p); + fstrcpy(myname, global_myname()); + strupper(myname); + myname[15]='\0'; + push_pstring_base(p, myname, outbuf); + p = skip_string(p,1); for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c index ee0c021d5d..e99599e16f 100644 --- a/source3/nmbd/nmbd_serverlistdb.c +++ b/source3/nmbd/nmbd_serverlistdb.c @@ -153,8 +153,8 @@ workgroup %s. This is a bug.\n", name, work->work_group)); servrec->subnet = work->subnet; - StrnCpy(servrec->serv.name,name,sizeof(servrec->serv.name)-1); - StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1); + fstrcpy(servrec->serv.name,name); + fstrcpy(servrec->serv.comment,comment); strupper(servrec->serv.name); servrec->serv.type = servertype; diff --git a/source3/nmbd/nmbd_workgroupdb.c b/source3/nmbd/nmbd_workgroupdb.c index b8ea60dec0..2357fd637b 100644 --- a/source3/nmbd/nmbd_workgroupdb.c +++ b/source3/nmbd/nmbd_workgroupdb.c @@ -57,7 +57,7 @@ static struct work_record *create_workgroup(const char *name, int ttl) } memset((char *)work, '\0', sizeof(*work)); - StrnCpy(work->work_group,name,sizeof(work->work_group)-1); + fstrcpy(work->work_group,name); work->serverlist = NULL; work->RunningElection = False; diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index da2540f5d9..fb6f67625c 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -128,6 +128,7 @@ static void winbindd_status(void) static void print_winbindd_status(void) { winbindd_status(); + winbindd_idmap_status(); winbindd_cm_status(); } @@ -145,7 +146,7 @@ static void terminate(void) { pstring path; - idmap_close(); + winbindd_idmap_close(); /* Remove socket file */ snprintf(path, sizeof(path), "%s/%s", @@ -729,62 +730,6 @@ static void process_loop(void) } } - -/* - these are split out from the main winbindd for use by the background daemon - */ -BOOL winbind_setup_common(void) -{ - load_interfaces(); - - if (!secrets_init()) { - - DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); - return False; - } - - namecache_enable(); /* Enable netbios namecache */ - - /* Check winbindd parameters are valid */ - - ZERO_STRUCT(server_state); - - if (!winbindd_param_init()) - return False; - - /* Winbind daemon initialisation */ - - if (!idmap_init()) - return False; - - if (!idmap_init_wellknown_sids()) - return False; - - /* Unblock all signals we are interested in as they may have been - blocked by the parent process. */ - - BlockSignals(False, SIGINT); - BlockSignals(False, SIGQUIT); - BlockSignals(False, SIGTERM); - BlockSignals(False, SIGUSR1); - BlockSignals(False, SIGUSR2); - BlockSignals(False, SIGHUP); - - /* Setup signal handlers */ - - CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ - CatchSignal(SIGQUIT, termination_handler); - CatchSignal(SIGTERM, termination_handler); - - CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ - - CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ - CatchSignal(SIGHUP, sighup_handler); - - return True; -} - - /* Main function */ struct winbindd_state server_state; /* Server state information */ @@ -868,6 +813,51 @@ int main(int argc, char **argv) if (!init_names()) exit(1); + load_interfaces(); + + if (!secrets_init()) { + + DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n")); + return False; + } + + /* Enable netbios namecache */ + + namecache_enable(); + + /* Check winbindd parameters are valid */ + + ZERO_STRUCT(server_state); + + if (!winbindd_param_init()) + return 1; + + /* Winbind daemon initialisation */ + + if (!winbindd_idmap_init()) + return 1; + + /* Unblock all signals we are interested in as they may have been + blocked by the parent process. */ + + BlockSignals(False, SIGINT); + BlockSignals(False, SIGQUIT); + BlockSignals(False, SIGTERM); + BlockSignals(False, SIGUSR1); + BlockSignals(False, SIGUSR2); + BlockSignals(False, SIGHUP); + + /* Setup signal handlers */ + + CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ + CatchSignal(SIGQUIT, termination_handler); + CatchSignal(SIGTERM, termination_handler); + + CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */ + + CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */ + CatchSignal(SIGHUP, sighup_handler); + if (!interactive) become_daemon(Fork); @@ -882,10 +872,6 @@ int main(int argc, char **argv) setpgid( (pid_t)0, (pid_t)0); #endif - if (!winbind_setup_common()) { - return 1; - } - if (opt_dual_daemon) { do_dual_daemon(); } diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 27e168b6f9..5eabcfca20 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -100,12 +100,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain) ret = smb_xmalloc(sizeof(*ret)); ZERO_STRUCTP(ret); - - if (!strcmp(domain->name, lp_workgroup()) && (lp_security() == SEC_USER)) { - extern struct winbindd_methods passdb_methods; - ret->backend = &passdb_methods; - - } else switch (lp_security()) { + switch (lp_security()) { #ifdef HAVE_ADS case SEC_ADS: { extern struct winbindd_methods ads_methods; diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c index 3597171005..167630b0e1 100644 --- a/source3/nsswitch/winbindd_dual.c +++ b/source3/nsswitch/winbindd_dual.c @@ -166,9 +166,6 @@ void do_dual_daemon(void) _exit(0); } - if (!winbind_setup_common()) - _exit(0); - dual_daemon_pipe = -1; opt_dual_daemon = False; diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 14ebb78466..b3ded2a2f4 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -193,8 +193,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) enum SID_NAME_USE name_type; fstring name_domain, name_group; char *tmp, *gr_mem; - int gr_mem_len; gid_t gid; + int gr_mem_len; /* Ensure null termination */ state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0'; @@ -210,6 +210,11 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) if (!parse_domain_user(tmp, name_domain, name_group)) return WINBINDD_ERROR; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) + return WINBINDD_ERROR; + /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -233,7 +238,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &gid))) { + if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) { DEBUG(1, ("error converting unix gid to sid\n")); return WINBINDD_ERROR; } @@ -278,7 +283,8 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) return WINBINDD_ERROR; /* Get rid from gid */ - if (NT_STATUS_IS_ERR(uid_to_sid(&group_sid, state->request.data.gid))) { + + if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) { DEBUG(1, ("could not convert gid %d to rid\n", state->request.data.gid)); return WINBINDD_ERROR; @@ -404,6 +410,9 @@ static BOOL get_sam_group_entries(struct getent_state *ent) if (ent->got_sam_entries) return False; + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp(lp_workgroup(), ent->domain_name)) + return False; if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)", ent->domain_name))) { @@ -589,7 +598,9 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state) sid_copy(&group_sid, &domain->sid); sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); - if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &group_gid))) { + if (!winbindd_idmap_get_gid_from_sid( + &group_sid, + &group_gid)) { DEBUG(1, ("could not look up gid for group %s\n", name_list[ent->sam_entry_index].acct_name)); @@ -738,6 +749,11 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) for (domain = domain_list(); domain; domain = domain->next) { struct getent_state groups; + + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) ) + continue; ZERO_STRUCT(groups); @@ -830,6 +846,11 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) name_user)) goto done; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) ) + return WINBINDD_ERROR; + /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -866,16 +887,16 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; for (i = 0; i < num_groups; i++) { - gid_t gid; - - if (NT_STATUS_IS_ERR(sid_to_gid(user_gids[i], &gid))) { + if (!winbindd_idmap_get_gid_from_sid( + user_gids[i], + &gid_list[num_gids])) { fstring sid_string; DEBUG(1, ("unable to convert group sid %s to gid\n", sid_to_string(sid_string, user_gids[i]))); continue; } - gid_list[num_gids] = gid; + num_gids++; } diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c new file mode 100644 index 0000000000..3b23089200 --- /dev/null +++ b/source3/nsswitch/winbindd_idmap.c @@ -0,0 +1,194 @@ +/* + Unix SMB/CIFS implementation. + Winbind ID Mapping + Copyright (C) Tim Potter 2000 + Copyright (C) Anthony Liguori <aliguor@us.ibm.com> 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "winbindd.h" + +static struct { + const char *name; + /* Function to create a member of the idmap_methods list */ + BOOL (*reg_meth)(struct winbindd_idmap_methods **methods); + struct winbindd_idmap_methods *methods; +} builtin_winbindd_idmap_functions[] = { + { "tdb", winbind_idmap_reg_tdb, NULL }, + { NULL, NULL, NULL } +}; + +/* singleton pattern: uberlazy evaluation */ +static struct winbindd_idmap_methods *impl; + +static struct winbindd_idmap_methods *get_impl(const char *name) +{ + int i = 0; + struct winbindd_idmap_methods *ret = NULL; + + while (builtin_winbindd_idmap_functions[i].name && + strcmp(builtin_winbindd_idmap_functions[i].name, name)) { + i++; + } + + if (builtin_winbindd_idmap_functions[i].name) { + if (!builtin_winbindd_idmap_functions[i].methods) { + builtin_winbindd_idmap_functions[i].reg_meth(&builtin_winbindd_idmap_functions[i].methods); + } + + ret = builtin_winbindd_idmap_functions[i].methods; + } + + return ret; +} + +/* Initialize backend */ +BOOL winbindd_idmap_init(void) +{ + BOOL ret = False; + + DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n", + lp_winbind_backend())); + + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } + + if (impl) { + ret = impl->init(); + } + + DEBUG(3, ("winbind_idmap_init: returning %s\n", ret ? "true" : "false")); + + return ret; +} + +/* Get UID from SID */ +BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid) +{ + BOOL ret = False; + + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } + + if (impl) { + ret = impl->get_uid_from_sid(sid, uid); + } + + return ret; +} + +/* Get GID from SID */ +BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid) +{ + BOOL ret = False; + + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } + + if (impl) { + ret = impl->get_gid_from_sid(sid, gid); + } + + return ret; +} + +/* Get SID from UID */ +BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid) +{ + BOOL ret = False; + + if (!impl) { + impl = get_impl(lp_winbind_backend()); + if (!impl) { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + } + + if (impl) { + ret = impl->get_sid_from_uid(uid, sid); + } + + return ret; +} + +/* Get SID from GID */ +BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid) +{ + BOOL ret = False; + + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } + + if (impl) { + ret = impl->get_sid_from_gid(gid, sid); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + + return ret; +} + +/* Close backend */ +BOOL winbindd_idmap_close(void) +{ + BOOL ret = False; + + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } + + if (impl) { + ret = impl->close(); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } + + return ret; +} + +/* Dump backend status */ +void winbindd_idmap_status(void) +{ + if (!impl) { + impl = get_impl(lp_winbind_backend()); + } + + if (impl) { + impl->status(); + } else { + DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n", + lp_winbind_backend())); + } +} diff --git a/source3/nsswitch/winbindd_idmap_tdb.c b/source3/nsswitch/winbindd_idmap_tdb.c new file mode 100644 index 0000000000..12d6972bae --- /dev/null +++ b/source3/nsswitch/winbindd_idmap_tdb.c @@ -0,0 +1,459 @@ +/* + Unix SMB/CIFS implementation. + + Winbind daemon - user related function + + Copyright (C) Tim Potter 2000 + Copyright (C) Anthony Liguori 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "winbindd.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +/* High water mark keys */ +#define HWM_GROUP "GROUP HWM" +#define HWM_USER "USER HWM" + +/* idmap version determines auto-conversion */ +#define IDMAP_VERSION 2 + +/* Globals */ +static TDB_CONTEXT *idmap_tdb; + +/* convert one record to the new format */ +static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data, + void *ignored) +{ + struct winbindd_domain *domain; + char *p; + DOM_SID sid; + uint32 rid; + fstring keystr; + fstring dom_name; + TDB_DATA key2; + + p = strchr(key.dptr, '/'); + if (!p) + return 0; + + *p = 0; + fstrcpy(dom_name, key.dptr); + *p++ = '/'; + + domain = find_domain_from_name(dom_name); + if (!domain) { + /* We must delete the old record. */ + DEBUG(0, + ("winbindd: tdb_convert_fn : Unable to find domain %s\n", + dom_name)); + DEBUG(0, + ("winbindd: tdb_convert_fn : deleting record %s\n", + key.dptr)); + tdb_delete(idmap_tdb, key); + return 0; + } + + rid = atoi(p); + + sid_copy(&sid, &domain->sid); + sid_append_rid(&sid, rid); + + sid_to_string(keystr, &sid); + key2.dptr = keystr; + key2.dsize = strlen(keystr) + 1; + + if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) { + /* not good! */ + DEBUG(0, + ("winbindd: tdb_convert_fn : Unable to update record %s\n", + key2.dptr)); + DEBUG(0, + ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); + return -1; + } + + if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) { + /* not good! */ + DEBUG(0, + ("winbindd: tdb_convert_fn : Unable to update record %s\n", + data.dptr)); + DEBUG(0, + ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n")); + return -1; + } + + tdb_delete(idmap_tdb, key); + + return 0; +} + +/***************************************************************************** + Convert the idmap database from an older version. +*****************************************************************************/ +static BOOL tdb_idmap_convert(void) +{ + int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); + BOOL bigendianheader = + (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False; + + if (vers == IDMAP_VERSION) + return True; + + if (((vers == -1) && bigendianheader) + || (IREV(vers) == IDMAP_VERSION)) { + /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */ + /* + * high and low records were created on a + * big endian machine and will need byte-reversing. + */ + + int32 wm; + + wm = tdb_fetch_int32(idmap_tdb, HWM_USER); + + if (wm != -1) { + wm = IREV(wm); + } else + wm = server_state.uid_low; + + if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) { + DEBUG(0, + ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n")); + return False; + } + + wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP); + if (wm != -1) { + wm = IREV(wm); + } else + wm = server_state.gid_low; + + if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) { + DEBUG(0, + ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); + return False; + } + } + + /* the old format stored as DOMAIN/rid - now we store the SID direct */ + tdb_traverse(idmap_tdb, tdb_convert_fn, NULL); + + if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == + -1) { + DEBUG(0, + ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n")); + return False; + } + + return True; +} + +/* Allocate either a user or group id from the pool */ +static BOOL tdb_allocate_id(uid_t * id, BOOL isgroup) +{ + int hwm; + + /* Get current high water mark */ + if ((hwm = tdb_fetch_int32(idmap_tdb, + isgroup ? HWM_GROUP : HWM_USER)) == + -1) { + return False; + } + + /* Return next available uid in list */ + if ((isgroup && (hwm > server_state.gid_high)) || + (!isgroup && (hwm > server_state.uid_high))) { + DEBUG(0, + ("winbind %sid range full!\n", isgroup ? "g" : "u")); + return False; + } + + if (id) { + *id = hwm; + } + + hwm++; + + /* Store new high water mark */ + tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm); + + return True; +} + +/* Get a sid from an id */ +static BOOL tdb_get_sid_from_id(int id, DOM_SID * sid, BOOL isgroup) +{ + TDB_DATA key, data; + fstring keystr; + BOOL result = False; + + slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", + id); + + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + data = tdb_fetch(idmap_tdb, key); + + if (data.dptr) { + result = string_to_sid(sid, data.dptr); + SAFE_FREE(data.dptr); + } + + return result; +} + +/* Get an id from a sid */ +static BOOL tdb_get_id_from_sid(DOM_SID * sid, uid_t * id, BOOL isgroup) +{ + TDB_DATA data, key; + fstring keystr; + BOOL result = False; + + /* Check if sid is present in database */ + sid_to_string(keystr, sid); + + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + data = tdb_fetch(idmap_tdb, key); + + if (data.dptr) { + fstring scanstr; + int the_id; + + /* Parse and return existing uid */ + fstrcpy(scanstr, isgroup ? "GID" : "UID"); + fstrcat(scanstr, " %d"); + + if (sscanf(data.dptr, scanstr, &the_id) == 1) { + /* Store uid */ + if (id) { + *id = the_id; + } + + result = True; + } + + SAFE_FREE(data.dptr); + } else { + + /* Allocate a new id for this sid */ + if (id && tdb_allocate_id(id, isgroup)) { + fstring keystr2; + + /* Store new id */ + slprintf(keystr2, sizeof(keystr2), "%s %d", + isgroup ? "GID" : "UID", *id); + + data.dptr = keystr2; + data.dsize = strlen(keystr2) + 1; + + tdb_store(idmap_tdb, key, data, TDB_REPLACE); + tdb_store(idmap_tdb, data, key, TDB_REPLACE); + + result = True; + } + } + + return result; +} + +/***************************************************************************** + Initialise idmap database. +*****************************************************************************/ +static BOOL tdb_idmap_init(void) +{ + SMB_STRUCT_STAT stbuf; + + /* move to the new database on first startup */ + if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { + if (file_exist(lock_path("winbindd_idmap.tdb"), &stbuf)) { + char *cmd = NULL; + + /* lazy file copy */ + if (asprintf(&cmd, "cp -p %s/winbindd_idmap.tdb %s/idmap.tdb", lp_lockdir(), lp_lockdir()) != -1) { + system(cmd); + free(cmd); + } + if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { + DEBUG(0, ("idmap_init: Unable to make a new database copy\n")); + return False; + } + } + } + + /* Open tdb cache */ + if (!(idmap_tdb = tdb_open_log(lock_path("idmap.tdb"), 0, + TDB_DEFAULT, O_RDWR | O_CREAT, + 0600))) { + DEBUG(0, + ("winbindd_idmap_init: Unable to open idmap database\n")); + return False; + } + + /* possibly convert from an earlier version */ + if (!tdb_idmap_convert()) { + DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n")); + return False; + } + + /* Create high water marks for group and user id */ + if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) { + if (tdb_store_int32 + (idmap_tdb, HWM_USER, server_state.uid_low) == -1) { + DEBUG(0, + ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n")); + return False; + } + } + + if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) { + if (tdb_store_int32 + (idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) { + DEBUG(0, + ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n")); + return False; + } + } + + return True; +} + +/* Get a sid from a uid */ +static BOOL tdb_get_sid_from_uid(uid_t uid, DOM_SID * sid) +{ + return tdb_get_sid_from_id((int) uid, sid, False); +} + +/* Get a sid from a gid */ +static BOOL tdb_get_sid_from_gid(gid_t gid, DOM_SID * sid) +{ + return tdb_get_sid_from_id((int) gid, sid, True); +} + +/* Get a uid from a sid */ +static BOOL tdb_get_uid_from_sid(DOM_SID * sid, uid_t * uid) +{ + return tdb_get_id_from_sid(sid, uid, False); +} + +/* Get a gid from a group sid */ +static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid) +{ + return tdb_get_id_from_sid(sid, gid, True); +} + +/* Close the tdb */ +static BOOL tdb_idmap_close(void) +{ + if (idmap_tdb) + return (tdb_close(idmap_tdb) == 0); + return True; +} + + +/* Dump status information to log file. Display different stuff based on + the debug level: + + Debug Level Information Displayed + ================================================================= + 0 Percentage of [ug]id range allocated + 0 High water marks (next allocated ids) +*/ + +#define DUMP_INFO 0 + +static void tdb_idmap_status(void) +{ + int user_hwm, group_hwm; + + DEBUG(0, ("winbindd idmap status:\n")); + + /* Get current high water marks */ + + if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) { + DEBUG(DUMP_INFO, + ("\tCould not get userid high water mark!\n")); + } + + if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) { + DEBUG(DUMP_INFO, + ("\tCould not get groupid high water mark!\n")); + } + + /* Display next ids to allocate */ + + if (user_hwm != -1) { + DEBUG(DUMP_INFO, + ("\tNext userid to allocate is %d\n", user_hwm)); + } + + if (group_hwm != -1) { + DEBUG(DUMP_INFO, + ("\tNext groupid to allocate is %d\n", group_hwm)); + } + + /* Display percentage of id range already allocated. */ + + if (user_hwm != -1) { + int num_users = user_hwm - server_state.uid_low; + int total_users = + server_state.uid_high - server_state.uid_low; + + DEBUG(DUMP_INFO, + ("\tUser id range is %d%% full (%d of %d)\n", + num_users * 100 / total_users, num_users, + total_users)); + } + + if (group_hwm != -1) { + int num_groups = group_hwm - server_state.gid_low; + int total_groups = + server_state.gid_high - server_state.gid_low; + + DEBUG(DUMP_INFO, + ("\tGroup id range is %d%% full (%d of %d)\n", + num_groups * 100 / total_groups, num_groups, + total_groups)); + } + + /* Display complete mapping of users and groups to rids */ +} + +struct winbindd_idmap_methods tdb_idmap_methods = { + tdb_idmap_init, + + tdb_get_sid_from_uid, + tdb_get_sid_from_gid, + + tdb_get_uid_from_sid, + tdb_get_gid_from_sid, + + tdb_idmap_close, + + tdb_idmap_status +}; + +BOOL winbind_idmap_reg_tdb(struct winbindd_idmap_methods **meth) +{ + *meth = &tdb_idmap_methods; + + return True; +} diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index f5dd904dc1..41bda7e5bc 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -98,6 +98,11 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) name_domain = state->request.data.name.dom_name; name_user = state->request.data.name.name; + /* fail if we are a PDC and this is our domain; should be done by passdb */ + + if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) ) + return WINBINDD_ERROR; + if ((domain = find_domain_from_name(name_domain)) == NULL) { DEBUG(0, ("could not find domain entry for domain %s\n", name_domain)); @@ -137,7 +142,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state) } /* Find uid for this sid and return it */ - if (NT_STATUS_IS_ERR(sid_to_uid(&sid, &(state->response.data.uid)))) { + if (!winbindd_idmap_get_uid_from_sid(&sid, &state->response.data.uid)) { DEBUG(1, ("Could not get uid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; @@ -166,7 +171,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state) } /* Find gid for this sid and return it */ - if (NT_STATUS_IS_ERR(sid_to_gid(&sid, &(state->response.data.gid)))) { + if (!winbindd_idmap_get_gid_from_sid(&sid, &state->response.data.gid)) { DEBUG(1, ("Could not get gid for sid %s\n", state->request.data.sid)); return WINBINDD_ERROR; @@ -192,7 +197,7 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state) state->request.data.uid)); /* Lookup rid for this uid */ - if (NT_STATUS_IS_ERR(uid_to_sid(&sid, state->request.data.uid))) { + if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, &sid)) { DEBUG(1, ("Could not convert uid %d to rid\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -221,7 +226,7 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) state->request.data.gid)); /* Lookup sid for this uid */ - if (NT_STATUS_IS_ERR(gid_to_sid(&sid, state->request.data.gid))) { + if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &sid)) { DEBUG(1, ("Could not convert gid %d to sid\n", state->request.data.gid)); return WINBINDD_ERROR; diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index dc07bc42e7..d2bd231918 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -41,15 +41,17 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, return False; /* Resolve the uid number */ - - if (NT_STATUS_IS_ERR(sid_to_uid(user_sid, &(pw->pw_uid)))) { + + if (!winbindd_idmap_get_uid_from_sid(user_sid, + &pw->pw_uid)) { DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid))); return False; } /* Resolve the gid number */ - - if (NT_STATUS_IS_ERR(sid_to_gid(group_sid, &(pw->pw_gid)))) { + + if (!winbindd_idmap_get_gid_from_sid(group_sid, + &pw->pw_gid)) { DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid))); return False; } @@ -176,9 +178,9 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) fstring user_name; enum SID_NAME_USE name_type; WINBIND_USERINFO user_info; + gid_t gid; TALLOC_CTX *mem_ctx; NTSTATUS status; - gid_t gid; /* Bug out if the uid isn't in the winbind range */ @@ -191,7 +193,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) /* Get rid from uid */ - if (NT_STATUS_IS_ERR(uid_to_sid(&user_sid, state->request.data.uid))) { + if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, + &user_sid)) { DEBUG(1, ("could not convert uid %d to SID\n", state->request.data.uid)); return WINBINDD_ERROR; @@ -233,9 +236,9 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - /* Check group has a gid number */ + /* Resolve gid number */ - if (NT_STATUS_IS_ERR(sid_to_gid(user_info.group_sid, &gid))) { + if (!winbindd_idmap_get_gid_from_sid(user_info.group_sid, &gid)) { DEBUG(1, ("error getting group id for user %s\n", user_name)); talloc_destroy(mem_ctx); return WINBINDD_ERROR; diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index ac0b317b42..ef030e2c7b 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -126,7 +126,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const /* see if this is a native mode win2k domain, but only for our own domain */ - if ( strequal( lp_workgroup(), domain_name) ) { + if ( lp_server_role() != ROLE_DOMAIN_PDC && strequal( lp_workgroup(), domain_name) ) { domain->native_mode = cm_check_for_native_mode_win2k( domain_name ); DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name, domain->native_mode ? "native" : "mixed" )); @@ -211,6 +211,7 @@ BOOL init_domain_list(void) /* Add ourselves as the first entry */ domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL); + if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) { DEBUG(1, ("Could not fetch sid for our domain %s\n", domain->name)); @@ -219,7 +220,7 @@ BOOL init_domain_list(void) /* get any alternate name for the primary domain */ cache_methods.alternate_name(domain); - + /* do an initial scan for trusted domains */ rescan_trusted_domains(True); @@ -380,12 +381,12 @@ BOOL winbindd_param_init(void) { /* Parse winbind uid and winbind_gid parameters */ - if (!lp_idmap_uid(&server_state.uid_low, &server_state.uid_high)) { + if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) { DEBUG(0, ("winbind uid range missing or invalid\n")); return False; } - if (!lp_idmap_gid(&server_state.gid_low, &server_state.gid_high)) { + if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) { DEBUG(0, ("winbind gid range missing or invalid\n")); return False; } diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index 78b89c60b7..9e75efccf4 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -295,21 +295,14 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = smb_update_db(pamh, ctrl, user, pass_new); if (retval == PAM_SUCCESS) { - uid_t uid; - /* password updated */ - if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &uid))) { - _log_err( LOG_NOTICE, "Unable to get uid for user %s", - pdb_get_username(sampass)); - _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", - user, uidtoname(getuid()), getuid()); - } else { - _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", - user, uid, uidtoname(getuid()), getuid()); - } - } else { - _log_err( LOG_ERR, "password change failed for user %s", user); - } + _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)" + , user, pdb_get_uid(sampass), uidtoname( getuid() ) + , getuid() ); + } else { + _log_err( LOG_ERR, "password change failed for user %s" + , user ); + } pass_old = pass_new = NULL; if (sampass) { diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c index 62cc866fae..11de306d13 100644 --- a/source3/pam_smbpass/support.c +++ b/source3/pam_smbpass/support.c @@ -308,6 +308,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err ) int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, const char *p, unsigned int ctrl ) { + uchar hash_pass[16]; uchar lm_pw[16]; uchar nt_pw[16]; int retval = PAM_AUTH_ERR; @@ -338,8 +339,11 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, const char *service; pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); - _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", - uidtoname(getuid()), service ? service : "**unknown**", name); + _log_err( LOG_NOTICE + , "failed auth request by %s for service %s as %s(%d)" + , uidtoname( getuid() ) + , service ? service : "**unknown**", name + , pdb_get_uid(sampass) ); return PAM_AUTH_ERR; } } @@ -393,34 +397,32 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, retval = PAM_MAXTRIES; } } else { - _log_err(LOG_NOTICE, - "failed auth request by %s for service %s as %s", - uidtoname(getuid()), - service ? service : "**unknown**", name); + _log_err( LOG_NOTICE + , "failed auth request by %s for service %s as %s(%d)" + , uidtoname( getuid() ) + , service ? service : "**unknown**", name + , pdb_get_uid(sampass) ); new->count = 1; } - if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &(new->id)))) { - _log_err(LOG_NOTICE, - "failed auth request by %s for service %s as %s", - uidtoname(getuid()), - service ? service : "**unknown**", name); - } new->user = smbpXstrDup( name ); + new->id = pdb_get_uid(sampass); new->agent = smbpXstrDup( uidtoname( getuid() ) ); pam_set_data( pamh, data_name, new, _cleanup_failures ); } else { _log_err( LOG_CRIT, "no memory for failure recorder" ); - _log_err(LOG_NOTICE, - "failed auth request by %s for service %s as %s(%d)", - uidtoname(getuid()), - service ? service : "**unknown**", name); + _log_err( LOG_NOTICE + , "failed auth request by %s for service %s as %s(%d)" + , uidtoname( getuid() ) + , service ? service : "**unknown**", name + , pdb_get_uid(sampass) ); } } else { - _log_err(LOG_NOTICE, - "failed auth request by %s for service %s as %s(%d)", - uidtoname(getuid()), - service ? service : "**unknown**", name); + _log_err( LOG_NOTICE + , "failed auth request by %s for service %s as %s(%d)" + , uidtoname( getuid() ) + , service ? service : "**unknown**", name + , pdb_get_uid(sampass) ); retval = PAM_AUTH_ERR; } } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 5399969f9f..9b9922d8e9 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -8,7 +8,6 @@ Copyright (C) Simo Sorce 2001 Copyright (C) Alexander Bokovoy 2002 Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Anthony Liguori 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -162,11 +161,10 @@ typedef struct BOOL bUtmp; #endif char *szSourceEnv; - char *szIdmapUID; - char *szIdmapGID; - BOOL *bIdmapOnly; + char *szWinbindUID; + char *szWinbindGID; char *szNonUnixAccountRange; - int AlgorithmicRidBase; + BOOL bAlgorithmicRidBase; char *szTemplateHomedir; char *szTemplateShell; char *szWinbindSeparator; @@ -174,7 +172,6 @@ typedef struct BOOL bWinbindEnumGroups; BOOL bWinbindUseDefaultDomain; char *szWinbindBackend; - char *szIdmapBackend; char *szAddShareCommand; char *szChangeShareCommand; char *szDeleteShareCommand; @@ -339,7 +336,7 @@ typedef struct char **printer_admin; char *volume; char *fstype; - char *szVfsObjectFile; + char **szVfsObjectFile; char *szVfsOptions; char *szVfsPath; char *szMSDfsProxy; @@ -555,8 +552,8 @@ static BOOL handle_include(const char *pszParmValue, char **ptr); static BOOL handle_copy(const char *pszParmValue, char **ptr); static BOOL handle_source_env(const char *pszParmValue, char **ptr); static BOOL handle_netbios_name(const char *pszParmValue, char **ptr); -static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr); -static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr); +static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr); +static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr); static BOOL handle_debug_list( const char *pszParmValue, char **ptr ); static BOOL handle_workgroup( const char *pszParmValue, char **ptr ); static BOOL handle_netbios_aliases( const char *pszParmValue, char **ptr ); @@ -751,8 +748,8 @@ static struct parm_struct parm_table[] = { {"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER}, {"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER}, {"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER}, - {"client schannel", P_ENUM, P_GLOBAL, &Globals.clientSchannel, NULL, enum_bool_auto, FLAG_BASIC}, - {"server schannel", P_ENUM, P_GLOBAL, &Globals.serverSchannel, NULL, enum_bool_auto, FLAG_BASIC}, + {"client schannel", P_ENUM, P_GLOBAL, &Globals.clientSchannel, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER}, + {"server schannel", P_ENUM, P_GLOBAL, &Globals.serverSchannel, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER}, {"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, @@ -763,8 +760,8 @@ static struct parm_struct parm_table[] = { {"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER}, {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER}, + {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE | FLAG_DEVELOPER}, @@ -804,12 +801,12 @@ static struct parm_struct parm_table[] = { {"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, {"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, - {"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, + {"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL}, {"force create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, {"security mask", P_OCTAL, P_LOCAL, &sDefault.iSecurity_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, {"force security mode", P_OCTAL, P_LOCAL, &sDefault.iSecurity_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, {"directory mask", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, - {"directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, + {"directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL}, {"force directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, {"directory security mask", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, {"force directory security mode", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, @@ -856,11 +853,11 @@ static struct parm_struct parm_table[] = { {"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, FLAG_DEVELOPER}, {"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"acl compatibility", P_STRING, P_GLOBAL, &Globals.szAclCompat, handle_acl_compatibility, NULL, FLAG_SHARE | FLAG_GLOBAL | FLAG_ADVANCED}, - {"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD}, + {"acl compatibility", P_STRING, P_GLOBAL, &Globals.szAclCompat, handle_acl_compatibility, NULL, FLAG_SHARE | FLAG_GLOBAL | FLAG_ADVANCED | FLAG_DEVELOPER}, + {"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_DEVELOPER}, {"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"profile acls", P_BOOL, P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD}, + {"profile acls", P_BOOL, P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED}, {"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_DEVELOPER}, {"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_DEVELOPER}, @@ -1004,6 +1001,7 @@ static struct parm_struct parm_table[] = { {"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL, FLAG_DEVELOPER | FLAG_ADVANCED}, {"WINS Options", P_SEP, P_SEPARATOR}, + {"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, @@ -1028,7 +1026,7 @@ static struct parm_struct parm_table[] = { {"oplock contention limit", P_INTEGER, P_LOCAL, &sDefault.iOplockContentionLimit, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, {"posix locking", P_BOOL, P_LOCAL, &sDefault.bPosixLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, {"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, - {"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE|FLAG_GLOBAL}, + {"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, {"Ldap Options", P_SEP, P_SEPARATOR}, @@ -1117,12 +1115,8 @@ static struct parm_struct parm_table[] = { {"Winbind options", P_SEP, P_SEPARATOR}, - {"idmap only", P_BOOL, P_GLOBAL, &Globals.bIdmapOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE}, - {"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, - {"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE}, + {"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, @@ -1130,6 +1124,7 @@ static struct parm_struct parm_table[] = { {"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"winbind backend", P_STRING, P_GLOBAL, &Globals.szWinbindBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} }; @@ -1318,7 +1313,7 @@ static void init_globals(void) string_set(&Globals.szNameResolveOrder, "lmhosts wins host bcast"); string_set(&Globals.szPasswordServer, "*"); - Globals.AlgorithmicRidBase = BASE_RID; + Globals.bAlgorithmicRidBase = BASE_RID; Globals.bLoadPrinters = True; Globals.mangled_stack = 50; @@ -1342,8 +1337,8 @@ static void init_globals(void) Globals.paranoid_server_security = True; Globals.bEncryptPasswords = True; Globals.bUpdateEncrypt = False; - Globals.clientSchannel = False; - Globals.serverSchannel = False; + Globals.clientSchannel = Auto; + Globals.serverSchannel = Auto; Globals.bReadRaw = True; Globals.bWriteRaw = True; Globals.bReadPrediction = False; @@ -1411,7 +1406,7 @@ static void init_globals(void) #ifdef WITH_LDAP_SAMCONFIG string_set(&Globals.szLdapServer, "localhost"); Globals.ldap_port = 636; - Globals.szPassdbBackend = str_list_make("ldapsam guest", NULL); + Globals.szPassdbBackend = str_list_make("ldapsam_compat guest", NULL); #else Globals.szPassdbBackend = str_list_make("smbpasswd guest", NULL); #endif /* WITH_LDAP_SAMCONFIG */ @@ -1465,7 +1460,7 @@ static void init_globals(void) Globals.bWinbindEnumGroups = True; Globals.bWinbindUseDefaultDomain = False; - Globals.bIdmapOnly = False; + string_set(&Globals.szWinbindBackend, "tdb"); Globals.name_cache_timeout = 660; /* In seconds */ @@ -1517,17 +1512,17 @@ static char *lp_string(const char *s) if (!ret) return NULL; - /* Note: StrnCpy touches len+1 bytes, but we allocate 100 + /* Note: safe_strcpy touches len+1 bytes, but we allocate 100 * extra bytes so we're OK. */ if (!s) *ret = 0; else - StrnCpy(ret, s, len); + safe_strcpy(ret, s, len+99); if (trim_string(ret, "\"", "\"")) { if (strchr(ret,'"') != NULL) - StrnCpy(ret, s, len); + safe_strcpy(ret, s, len+99); } standard_sub_basic(current_user_info.smb_name,ret,len+100); @@ -1641,9 +1636,7 @@ FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat) FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers) FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups) FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain) - -FN_GLOBAL_STRING(lp_idmap_backend, &Globals.szIdmapBackend) -FN_GLOBAL_BOOL(lp_idmap_only, &Globals.bIdmapOnly) +FN_GLOBAL_STRING(lp_winbind_backend, &Globals.szWinbindBackend) #ifdef WITH_LDAP_SAMCONFIG FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer) @@ -1857,7 +1850,7 @@ FN_LOCAL_INTEGER(lp_block_size, iBlock_size) FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers) -FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) +FN_GLOBAL_BOOL(lp_algorithmic_rid_base, &Globals.bAlgorithmicRidBase) FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) FN_GLOBAL_BOOL(lp_client_signing, &Globals.client_signing) @@ -2261,6 +2254,7 @@ BOOL lp_add_home(const char *pszHomename, int iDefaultService, } else { pstrcpy(newHomedir, lp_pathname(iDefaultService)); string_sub(newHomedir,"%H", pszHomedir, sizeof(newHomedir)); + string_sub(newHomedir,"%S", pszHomename, sizeof(newHomedir)); } string_set(&ServicePtrs[i]->szPath, newHomedir); @@ -2848,55 +2842,55 @@ static BOOL handle_copy(const char *pszParmValue, char **ptr) } /*************************************************************************** - Handle idmap/non unix account uid and gid allocation parameters. The format of these + Handle winbind uid and gid allocation parameters. The format of these parameters is: [global] - idmap uid = 1000-1999 - idmap gid = 700-899 + winbind uid = 1000-1999 + winbind gid = 700-899 We only do simple parsing checks here. The strings are parsed into useful - structures in the idmap daemon code. + structures in the winbind daemon code. ***************************************************************************/ -/* Some lp_ routines to return idmap [ug]id information */ +/* Some lp_ routines to return winbind [ug]id information */ -static uid_t idmap_uid_low, idmap_uid_high; -static gid_t idmap_gid_low, idmap_gid_high; +static uid_t winbind_uid_low, winbind_uid_high; +static gid_t winbind_gid_low, winbind_gid_high; -BOOL lp_idmap_uid(uid_t *low, uid_t *high) +BOOL lp_winbind_uid(uid_t *low, uid_t *high) { - if (idmap_uid_low == 0 || idmap_uid_high == 0) + if (winbind_uid_low == 0 || winbind_uid_high == 0) return False; if (low) - *low = idmap_uid_low; + *low = winbind_uid_low; if (high) - *high = idmap_uid_high; + *high = winbind_uid_high; return True; } -BOOL lp_idmap_gid(gid_t *low, gid_t *high) +BOOL lp_winbind_gid(gid_t *low, gid_t *high) { - if (idmap_gid_low == 0 || idmap_gid_high == 0) + if (winbind_gid_low == 0 || winbind_gid_high == 0) return False; if (low) - *low = idmap_gid_low; + *low = winbind_gid_low; if (high) - *high = idmap_gid_high; + *high = winbind_gid_high; return True; } -/* Do some simple checks on "idmap [ug]id" parameter values */ +/* Do some simple checks on "winbind [ug]id" parameter values */ -static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr) +static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr) { uint32 low, high; @@ -2907,13 +2901,13 @@ static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr) string_set(ptr, pszParmValue); - idmap_uid_low = low; - idmap_uid_high = high; + winbind_uid_low = low; + winbind_uid_high = high; return True; } -static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr) +static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr) { uint32 low, high; @@ -2924,8 +2918,8 @@ static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr) string_set(ptr, pszParmValue); - idmap_gid_low = low; - idmap_gid_high = high; + winbind_gid_low = low; + winbind_gid_high = high; return True; } @@ -3809,18 +3803,7 @@ static void set_server_role(void) DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n")); break; case SEC_SERVER: - if (lp_domain_logons()) - DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); - server_role = ROLE_DOMAIN_MEMBER; - break; case SEC_DOMAIN: - if (lp_domain_logons()) { - DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n")); - server_role = ROLE_DOMAIN_BDC; - break; - } - server_role = ROLE_DOMAIN_MEMBER; - break; case SEC_ADS: if (lp_domain_logons()) { server_role = ROLE_DOMAIN_PDC; @@ -4244,7 +4227,7 @@ void lp_set_logfile(const char *name) } /******************************************************************* - Return the NetBIOS called name. + Return the NetBIOS called name, or my IP - but never global_myname(). ********************************************************************/ const char *get_called_name(void) @@ -4252,22 +4235,11 @@ const char *get_called_name(void) extern fstring local_machine; static fstring called_name; - if (! *local_machine) - return global_myname(); - - /* - * Windows NT/2k uses "*SMBSERVER" and XP uses "*SMBSERV" - * arrggg!!! but we've already rewritten the client's - * netbios name at this point... - */ - - if (*local_machine) { - if (!StrCaseCmp(local_machine, "_SMBSERVER") || !StrCaseCmp(local_machine, "_SMBSERV")) { - fstrcpy(called_name, get_my_primary_ip()); - DEBUG(8,("get_called_name: assuming that client used IP address [%s] as called name.\n", - called_name)); - return called_name; - } + if (!*local_machine) { + fstrcpy(called_name, get_my_primary_ip()); + DEBUG(8,("get_called_name: assuming that client used IP address [%s] as called name.\n", + called_name)); + return called_name; } return local_machine; diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index aa378ecd6e..bbccb86d82 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -5,7 +5,6 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-1998 Copyright (C) Gerald (Jerry) Carter 2000-2001 Copyright (C) Andrew Bartlett 2001-2002 - Copyright (C) Simo Sorce 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -37,7 +36,7 @@ Fill the SAM_ACCOUNT with default values. ***********************************************************/ -void pdb_fill_default_sam(SAM_ACCOUNT *user) +static void pdb_fill_default_sam(SAM_ACCOUNT *user) { ZERO_STRUCT(user->private); /* Don't touch the talloc context */ @@ -47,6 +46,8 @@ void pdb_fill_default_sam(SAM_ACCOUNT *user) /* Don't change these timestamp settings without a good reason. They are important for NT member server compatibility. */ + user->private.uid = user->private.gid = -1; + user->private.logon_time = (time_t)0; user->private.pass_last_set_time = (time_t)0; user->private.pass_can_change_time = (time_t)0; @@ -162,7 +163,13 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user) NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) { - NTSTATUS ret; + GROUP_MAP map; + + const char *guest_account = lp_guestaccount(); + if (!(guest_account && *guest_account)) { + DEBUG(1, ("NULL guest account!?!?\n")); + return NT_STATUS_UNSUCCESSFUL; + } if (!pwd) { return NT_STATUS_UNSUCCESSFUL; @@ -176,6 +183,9 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET); pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT); + + pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET); + pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET); /* When we get a proper uid -> SID and SID -> uid allocation mechinism, we should call it here. @@ -187,8 +197,37 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) -- abartlet 11-May-02 */ - ret = pdb_set_sam_sids(sam_account, pwd); - if (NT_STATUS_IS_ERR(ret)) return ret; + + /* Ensure this *must* be set right */ + if (strcmp(pwd->pw_name, guest_account) == 0) { + if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_SET)) { + return NT_STATUS_UNSUCCESSFUL; + } + if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_SET)) { + return NT_STATUS_UNSUCCESSFUL; + } + } else { + + if (!pdb_set_user_sid_from_rid(sam_account, + fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) { + DEBUG(0,("Can't set User SID from RID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + /* call the mapping code here */ + if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) { + if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){ + DEBUG(0,("Can't set Group SID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } + else { + if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) { + DEBUG(0,("Can't set Group SID\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } + } /* check if this is a user account or a machine account */ if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$') @@ -281,7 +320,6 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username) return nt_status; } } else { - DOM_SID g_sid; if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) { *new_sam_acct = NULL; return nt_status; @@ -290,13 +328,6 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username) pdb_free_sam(new_sam_acct); return nt_status; } - - pdb_set_domain (*new_sam_acct, lp_workgroup(), PDB_DEFAULT); - - /* set Domain Users by default ! */ - sid_copy(&g_sid, get_global_sam_sid()); - sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS); - pdb_set_group_sid(*new_sam_acct, &g_sid, PDB_SET); } return NT_STATUS_OK; } @@ -369,63 +400,6 @@ NTSTATUS pdb_free_sam(SAM_ACCOUNT **user) return NT_STATUS_OK; } -/************************************************************************** - * This function will take care of all the steps needed to correctly - * allocate and set the user SID, please do use this function to create new - * users, messing with SIDs is not good. - * - * account_data must be provided initialized, pwd may be null. - * SSS - ***************************************************************************/ - -NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd) -{ - const char *guest_account = lp_guestaccount(); - GROUP_MAP map; - - if (!account_data || !pwd) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* this is a hack this thing should not be set - this way --SSS */ - if (!(guest_account && *guest_account)) { - DEBUG(1, ("NULL guest account!?!?\n")); - return NT_STATUS_UNSUCCESSFUL; - } else { - /* Ensure this *must* be set right */ - if (strcmp(pwd->pw_name, guest_account) == 0) { - if (!pdb_set_user_sid_from_rid(account_data, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) { - return NT_STATUS_UNSUCCESSFUL; - } - if (!pdb_set_group_sid_from_rid(account_data, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) { - return NT_STATUS_UNSUCCESSFUL; - } - return NT_STATUS_OK; - } - } - - if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) { - DEBUG(0,("Can't set User SID from RID!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - /* call the mapping code here */ - if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) { - if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){ - DEBUG(0,("Can't set Group SID!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - } - else { - if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) { - DEBUG(0,("Can't set Group SID\n")); - return NT_STATUS_INVALID_PARAMETER; - } - } - - return NT_STATUS_OK; -} /********************************************************** Encode the account control bits into a string. @@ -555,6 +529,10 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd) return (True); } +/******************************************************************* + Converts NT user RID to a UNIX uid. + ********************************************************************/ + static int algorithmic_rid_base(void) { static int rid_offset = 0; @@ -577,16 +555,14 @@ static int algorithmic_rid_base(void) return rid_offset; } -/******************************************************************* - Converts NT user RID to a UNIX uid. - ********************************************************************/ uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid) { int rid_offset = algorithmic_rid_base(); - return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER); + return (uid_t)(((user_rid & (~USER_RID_TYPE))- rid_offset)/RID_MULTIPLIER); } + /******************************************************************* converts UNIX uid to an NT User RID. ********************************************************************/ @@ -637,7 +613,7 @@ static BOOL pdb_rid_is_well_known(uint32 rid) Decides if a RID is a user or group RID. ********************************************************************/ -BOOL fallback_pdb_rid_is_user(uint32 rid) +BOOL pdb_rid_is_user(uint32 rid) { /* lkcl i understand that NT attaches an enumeration to a RID * such that it can be identified as either a user, group etc @@ -670,7 +646,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use GROUP_MAP map; if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){ - DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n", + DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n", sid_string_static(&map.sid))); return False; } @@ -727,7 +703,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - if (fallback_pdb_rid_is_user(rid)) { + if (pdb_rid_is_user(rid)) { uid_t uid; DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid)); @@ -860,6 +836,190 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi return True; } +/**************************************************************************** + Convert a uid to SID - locally. +****************************************************************************/ + +DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid) +{ + struct passwd *pass; + SAM_ACCOUNT *sam_user = NULL; + fstring str; /* sid string buffer */ + + sid_copy(psid, get_global_sam_sid()); + + if((pass = getpwuid_alloc(uid))) { + + if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) { + passwd_free(&pass); + return NULL; + } + + if (pdb_getsampwnam(sam_user, pass->pw_name)) { + sid_copy(psid, pdb_get_user_sid(sam_user)); + } else { + sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid)); + } + + DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (%s).\n", + (unsigned)uid, sid_to_string( str, psid), + pass->pw_name )); + + passwd_free(&pass); + pdb_free_sam(&sam_user); + + } else { + sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid)); + + DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (unknown user).\n", + (unsigned)uid, sid_to_string( str, psid))); + } + + return psid; +} + +/**************************************************************************** + Convert a SID to uid - locally. +****************************************************************************/ + +BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_type) +{ + fstring str; + SAM_ACCOUNT *sam_user = NULL; + + *name_type = SID_NAME_UNKNOWN; + + if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) + return False; + + if (pdb_getsampwsid(sam_user, psid)) { + + if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) { + pdb_free_sam(&sam_user); + return False; + } + + *puid = pdb_get_uid(sam_user); + + DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid), + (unsigned int)*puid, pdb_get_username(sam_user))); + pdb_free_sam(&sam_user); + } else { + + DOM_SID dom_sid; + uint32 rid; + GROUP_MAP map; + + pdb_free_sam(&sam_user); + + if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) { + DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid))); + /* It's a group, not a user... */ + return False; + } + + sid_copy(&dom_sid, psid); + if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) { + DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid))); + return False; + } + + if (!pdb_rid_is_user(rid)) { + DEBUG(3, ("local_sid_to_uid: sid '%s' cannot be mapped to a uid algorithmicly becouse it is a group\n", sid_to_string(str, psid))); + return False; + } + + *puid = fallback_pdb_user_rid_to_uid(rid); + + DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n", + sid_to_string(str, psid), (signed long int)(*puid))); + } + + *name_type = SID_NAME_USER; + + return True; +} + +/**************************************************************************** + Convert a gid to SID - locally. +****************************************************************************/ + +DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) +{ + GROUP_MAP map; + + sid_copy(psid, get_global_sam_sid()); + + if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { + sid_copy(psid, &map.sid); + } + else { + sid_append_rid(psid, pdb_gid_to_group_rid(gid)); + } + + return psid; +} + +/**************************************************************************** + Convert a SID to gid - locally. +****************************************************************************/ + +BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_type) +{ + fstring str; + GROUP_MAP map; + + *name_type = SID_NAME_UNKNOWN; + + /* + * We can only convert to a gid if this is our local + * Domain SID (ie. we are the controling authority). + * + * Or in the Builtin SID too. JFM, 11/30/2001 + */ + + if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) { + + /* the SID is in the mapping table but not mapped */ + if (map.gid==(gid_t)-1) + return False; + + *pgid = map.gid; + *name_type = map.sid_name_use; + DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n", + sid_to_string( str, psid), + map.nt_name, (unsigned int)*pgid)); + + } else { + uint32 rid; + SAM_ACCOUNT *sam_user = NULL; + if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) + return False; + + if (pdb_getsampwsid(sam_user, psid)) { + return False; + pdb_free_sam(&sam_user); + } + + pdb_free_sam(&sam_user); + + if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) { + DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid))); + return False; + } + + if (pdb_rid_is_user(rid)) + return False; + + *pgid = pdb_group_rid_to_gid(rid); + *name_type = SID_NAME_ALIAS; + DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u).\n", sid_to_string( str, psid), + (unsigned int)*pgid)); + } + + return True; +} + /************************************************************* Change a password entry in the local smbpasswd file. diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 4370dc2c36..a86d936263 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -202,6 +202,22 @@ enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_el return ret; } +uid_t pdb_get_uid (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.uid); + else + return (-1); +} + +gid_t pdb_get_gid (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.gid); + else + return (-1); +} + const char* pdb_get_username (const SAM_ACCOUNT *sampass) { if (sampass) @@ -493,6 +509,32 @@ BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum p return True; } +BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag) +{ + if (!sampass) + return False; + + DEBUG(10, ("pdb_set_uid: setting uid %d, was %d\n", + (int)uid, (int)sampass->private.uid)); + + sampass->private.uid = uid; + + return pdb_set_init_flags(sampass, PDB_UID, flag); +} + +BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag) +{ + if (!sampass) + return False; + + DEBUG(10, ("pdb_set_gid: setting gid %d, was %d\n", + (int)gid, (int)sampass->private.gid)); + + sampass->private.gid = gid; + + return pdb_set_init_flags(sampass, PDB_GID, flag); +} + BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag) { if (!sampass || !u_sid) diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c index 9bcdccc7e7..7ecfa7d4c3 100644 --- a/source3/passdb/pdb_guest.c +++ b/source3/passdb/pdb_guest.c @@ -24,16 +24,11 @@ Lookup a name in the SAM database ******************************************************************/ -static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname) +static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname) { NTSTATUS nt_status; + struct passwd *pass; const char *guest_account = lp_guestaccount(); - - if (!sam_account || !sname) { - DEBUG(0,("invalid name specified")); - return NT_STATUS_UNSUCCESSFUL; - } - if (!(guest_account && *guest_account)) { DEBUG(1, ("NULL guest account!?!?\n")); return NT_STATUS_UNSUCCESSFUL; @@ -43,31 +38,21 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT * DEBUG(0,("invalid methods\n")); return NT_STATUS_UNSUCCESSFUL; } + if (!sname) { + DEBUG(0,("invalid name specified")); + return NT_STATUS_UNSUCCESSFUL; + } + if (!strequal(guest_account, sname)) { return NT_STATUS_NO_SUCH_USER; } - pdb_fill_default_sam(sam_account); - - if (!pdb_set_username(sam_account, guest_account, PDB_SET)) - return NT_STATUS_UNSUCCESSFUL; - - if (!pdb_set_fullname(sam_account, guest_account, PDB_SET)) - return NT_STATUS_UNSUCCESSFUL; - - if (!pdb_set_domain(sam_account, lp_workgroup(), PDB_DEFAULT)) - return NT_STATUS_UNSUCCESSFUL; - - if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) - return NT_STATUS_UNSUCCESSFUL; - - if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) - return NT_STATUS_UNSUCCESSFUL; - - if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) - return NT_STATUS_UNSUCCESSFUL; + pass = getpwnam_alloc(guest_account); - return NT_STATUS_OK; + nt_status = pdb_fill_sam_pw(user, pass); + + passwd_free(&pass); + return nt_status; } @@ -76,17 +61,35 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT * **************************************************************************/ static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods, - SAM_ACCOUNT *sam_account, uint32 rid) + SAM_ACCOUNT *user, uint32 rid) { - if (rid != DOMAIN_USER_RID_GUEST) { - return NT_STATUS_NO_SUCH_USER; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct passwd *pass = NULL; + const char *guest_account = lp_guestaccount(); + if (!(guest_account && *guest_account)) { + DEBUG(1, ("NULL guest account!?!?\n")); + return nt_status; } - if (!sam_account) { - return NT_STATUS_INVALID_PARAMETER; + if (!methods) { + DEBUG(0,("invalid methods\n")); + return nt_status; + } + + if (rid == DOMAIN_USER_RID_GUEST) { + pass = getpwnam_alloc(guest_account); + if (!pass) { + DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account)); + return NT_STATUS_NO_SUCH_USER; + } + } else { + return NT_STATUS_NO_SUCH_USER; } - return guestsam_getsampwnam (methods, sam_account, lp_guestaccount()); + nt_status = pdb_fill_sam_pw(user, pass); + passwd_free(&pass); + + return nt_status; } static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid) @@ -94,7 +97,6 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT uint32 rid; if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) return NT_STATUS_NO_SUCH_USER; - return guestsam_getsampwrid(my_methods, user, rid); } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index b23b7286ea..4abc7b569c 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1533,11 +1533,12 @@ Initialize SAM_ACCOUNT from an LDAP query (unix attributes only) *********************************************************************/ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, SAM_ACCOUNT * sampass, - LDAPMessage * entry, - gid_t *gid) + LDAPMessage * entry) { pstring homedir; pstring temp; + uid_t uid; + gid_t gid; char **ldap_values; char **values; @@ -1562,12 +1563,19 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir)) return False; + if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) + return False; + + uid = (uid_t)atol(temp); + if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) return False; gid = (gid_t)atol(temp); pdb_set_unix_homedir(sampass, homedir, PDB_SET); + pdb_set_uid(sampass, uid, PDB_SET); + pdb_set_gid(sampass, gid, PDB_SET); DEBUG(10, ("user has posixAcccount attributes\n")); return True; @@ -1609,7 +1617,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, uint8 hours[MAX_HOURS_LEN]; pstring temp; uid_t uid = -1; - gid_t gid = getegid(); + gid_t gid = getegid(); + /* * do a little initialization @@ -1681,17 +1690,40 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, * If so configured, try and get the values from LDAP */ - if (!lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) { + if (!lp_ldap_trust_ids() || (!get_unix_attributes(ldap_state, sampass, entry))) { - if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) { - GROUP_MAP map; - /* call the mapping code here */ - if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { - pdb_set_group_sid(sampass, &map.sid, PDB_SET); - } - else { - pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET); + /* + * Otherwise just ask the system getpw() calls. + */ + + pw = getpwnam_alloc(username); + if (pw == NULL) { + if (! ldap_state->permit_non_unix_accounts) { + DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username)); + return False; } + } else { + uid = pw->pw_uid; + pdb_set_uid(sampass, uid, PDB_SET); + gid = pw->pw_gid; + pdb_set_gid(sampass, gid, PDB_SET); + + pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET); + + passwd_free(&pw); + } + } + + if ((pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) + && (pdb_get_init_flags(sampass,PDB_GID) != PDB_DEFAULT)) { + GROUP_MAP map; + gid = pdb_get_gid(sampass); + /* call the mapping code here */ + if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { + pdb_set_group_sid(sampass, &map.sid, PDB_SET); + } + else { + pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET); } } @@ -3069,7 +3101,7 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { NTSTATUS nt_status; struct ldapsam_privates *ldap_state; @@ -3133,7 +3165,7 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS ** NTSTATUS nt_status; struct ldapsam_privates *ldap_state; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) { + if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) { return nt_status; } @@ -3165,54 +3197,50 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS ** return NT_STATUS_OK; } -static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +static NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { NTSTATUS nt_status; struct ldapsam_privates *ldap_state; - uint32 low_idmap_uid, high_idmap_uid; - uint32 low_idmap_gid, high_idmap_gid; + uint32 low_winbind_uid, high_winbind_uid; + uint32 low_winbind_gid, high_winbind_gid; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) { + if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) { return nt_status; } - (*pdb_method)->name = "ldapsam"; + (*pdb_method)->name = "ldapsam_nua"; ldap_state = (*pdb_method)->private_data; ldap_state->permit_non_unix_accounts = True; /* We know these uids can't turn up as allogorithmic RIDs */ - if (!lp_idmap_uid(&low_idmap_uid, &high_idmap_uid)) { - DEBUG(0, ("cannot use ldapsam_nua without 'idmap uid' range in smb.conf!\n")); + if (!lp_winbind_uid(&low_winbind_uid, &high_winbind_uid)) { + DEBUG(0, ("cannot use ldapsam_nua without 'winbind uid' range in smb.conf!\n")); return NT_STATUS_UNSUCCESSFUL; } /* We know these gids can't turn up as allogorithmic RIDs */ - if (!lp_idmap_gid(&low_idmap_gid, &high_idmap_gid)) { + if (!lp_winbind_gid(&low_winbind_gid, &high_winbind_gid)) { DEBUG(0, ("cannot use ldapsam_nua without 'wibnind gid' range in smb.conf!\n")); return NT_STATUS_UNSUCCESSFUL; } - ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_idmap_uid); + ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_winbind_uid); - ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_idmap_uid); + ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_winbind_uid); - ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_idmap_gid); + ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_winbind_gid); - ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_idmap_gid); + ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_winbind_gid); return NT_STATUS_OK; } NTSTATUS pdb_ldap_init(void) { - NTSTATUS nt_status; - if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam))) - return nt_status; - - if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat))) - return nt_status; - + smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam); + smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat); + smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_nua", pdb_init_ldapsam_nua); return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 4e4aaed02b..cd9288fed0 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -876,6 +876,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET); pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT); + pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET); + pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET); pdb_set_user_sid_from_rid (pw_buf, atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET); pdb_set_group_sid_from_rid (pw_buf, @@ -947,8 +949,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) && strncasecmp (ptr, "NO PASSWORD", 11)) { if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbntpwd)) { - DEBUG (0, ("malformed NT pwd entry:\ %s.\n", - pdb_get_username (pw_buf))); + DEBUG (0, ("malformed NT pwd entry:\ + uid = %d.\n", pdb_get_uid (pw_buf))); return False; } if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET)) @@ -1045,8 +1047,6 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, BOOL need_to_modify = False; const char *name = pdb_get_username (sampass); /* from SAM */ - uint32 u_rid; - uint32 g_rid; /* these must be static or allocate and free entry columns! */ static fstring uid; /* from SAM */ static fstring user_rid; /* from SAM */ @@ -1065,15 +1065,31 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, static fstring acct_desc; /* from SAM */ static char empty[1]; /* just an empty string */ - if (!(u_rid = pdb_get_user_rid (sampass))) - return False; - if (!(g_rid = pdb_get_group_rid (sampass))) - return False; + slprintf (uid, sizeof (uid) - 1, "%u", pdb_get_uid (sampass)); + slprintf (user_rid, sizeof (user_rid) - 1, "%u", + pdb_get_user_rid (sampass) ? pdb_get_user_rid (sampass) : + fallback_pdb_uid_to_user_rid (pdb_get_uid (sampass))); + slprintf (gid, sizeof (gid) - 1, "%u", pdb_get_gid (sampass)); + + { + uint32 rid; + GROUP_MAP map; + + rid = pdb_get_group_rid (sampass); + + if (rid == 0) { + if (pdb_getgrgid(&map, pdb_get_gid (sampass), + MAPPING_WITHOUT_PRIV)) { + if (!sid_peek_check_rid + (get_global_sam_sid (), &map.sid, &rid)) + return False; + } else + rid = pdb_gid_to_group_rid (pdb_get_gid + (sampass)); + } - slprintf (uid, sizeof (uid) - 1, "%u", fallback_pdb_user_rid_to_uid (u_rid)); - slprintf (user_rid, sizeof (user_rid) - 1, "%u", u_rid); - slprintf (gid, sizeof (gid) - 1, "%u", fallback_pdb_group_rid_to_uid (g_rid)); - slprintf (group_rid, sizeof (group_rid) - 1, "%u", g_rid); + slprintf (group_rid, sizeof (group_rid) - 1, "%u", rid); + } acb = pdb_encode_acct_ctrl (pdb_get_acct_ctrl (sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN); @@ -1117,27 +1133,51 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, /* uid */ - if (!ENTRY_VAL (old, NPF_UID) || strcmp (ENTRY_VAL (old, NPF_UID), uid)) { + if (pdb_get_uid (sampass) != -1) { + if (!ENTRY_VAL (old, NPF_UID) + || strcmp (ENTRY_VAL (old, NPF_UID), uid)) { need_to_modify = True; - set_single_attribute (obj, NPF_UID, uid, strlen (uid), EN_MODIFIED); + set_single_attribute (obj, NPF_UID, uid, + strlen (uid), + EN_MODIFIED); + } } /* user_rid */ - if (!ENTRY_VAL (old, NPF_USER_RID) || strcmp (ENTRY_VAL (old, NPF_USER_RID), user_rid)) { + if (pdb_get_user_rid (sampass)) { + if (!ENTRY_VAL (old, NPF_USER_RID) || + strcmp (ENTRY_VAL (old, NPF_USER_RID), + user_rid)) { need_to_modify = True; - set_single_attribute (obj, NPF_USER_RID, user_rid, strlen (user_rid), EN_MODIFIED); + set_single_attribute (obj, NPF_USER_RID, + user_rid, + strlen (user_rid), + EN_MODIFIED); + } } /* smb_grpid */ - if (!ENTRY_VAL (old, NPF_SMB_GRPID) || strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) { + if (pdb_get_gid (sampass) != -1) { + if (!ENTRY_VAL (old, NPF_SMB_GRPID) || + strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) { need_to_modify = True; - set_single_attribute (obj, NPF_SMB_GRPID, gid, strlen (gid), EN_MODIFIED); + set_single_attribute (obj, NPF_SMB_GRPID, gid, + strlen (gid), + EN_MODIFIED); + } } /* group_rid */ - if (!ENTRY_VAL (old, NPF_GROUP_RID) || strcmp (ENTRY_VAL (old, NPF_GROUP_RID), group_rid)) { + if (pdb_get_group_rid (sampass)) { + if (!ENTRY_VAL (old, NPF_GROUP_RID) || + strcmp (ENTRY_VAL (old, NPF_GROUP_RID), + group_rid)) { need_to_modify = True; - set_single_attribute (obj, NPF_GROUP_RID, group_rid, strlen (group_rid), EN_MODIFIED); + set_single_attribute (obj, NPF_GROUP_RID, + group_rid, + strlen (group_rid), + EN_MODIFIED); + } } /* acb */ diff --git a/source3/sam/sam_plugin.c b/source3/passdb/pdb_plugin.c index fd26c4b8d3..ea67da23a5 100644 --- a/source3/sam/sam_plugin.c +++ b/source3/passdb/pdb_plugin.c @@ -1,9 +1,8 @@ /* Unix SMB/CIFS implementation. - Loadable san module interface. - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 + Loadable passdb module interface. + Copyright (C) Jelmer Vernooij 2002 + Copyright (C) Andrew Bartlett 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,57 +22,57 @@ #include "includes.h" #undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM +#define DBGC_CLASS DBGC_PASSDB -NTSTATUS sam_init_plugin(SAM_METHODS *sam_methods, const char *module_params) +NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { - void *dl_handle; - char *plugin_params, *plugin_name, *p; - sam_init_function plugin_init; + void * dl_handle; + char *plugin_location, *plugin_name, *p; + pdb_init_function plugin_init; int (*plugin_version)(void); - if (module_params == NULL) { + if (location == NULL) { DEBUG(0, ("The plugin module needs an argument!\n")); return NT_STATUS_UNSUCCESSFUL; } - plugin_name = smb_xstrdup(module_params); + plugin_name = smb_xstrdup(location); p = strchr(plugin_name, ':'); if (p) { *p = 0; - plugin_params = p+1; - trim_string(plugin_params, " ", " "); - } else plugin_params = NULL; + plugin_location = p+1; + trim_string(plugin_location, " ", " "); + } else plugin_location = NULL; trim_string(plugin_name, " ", " "); DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name)); - dl_handle = sys_dlopen(plugin_name, RTLD_NOW); + dl_handle = sys_dlopen(plugin_name, RTLD_NOW ); if (!dl_handle) { DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; } - plugin_version = sys_dlsym(dl_handle, "sam_version"); + plugin_version = sys_dlsym(dl_handle, "pdb_version"); if (!plugin_version) { sys_dlclose(dl_handle); - DEBUG(0, ("Failed to find function 'sam_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + DEBUG(0, ("Failed to find function 'pdb_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; } - if (plugin_version()!=SAM_INTERFACE_VERSION) { + if (plugin_version() != PASSDB_INTERFACE_VERSION) { sys_dlclose(dl_handle); - DEBUG(0, ("Wrong SAM_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n", - plugin_version(),SAM_INTERFACE_VERSION)); + DEBUG(0, ("Wrong PASSDB_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n", + plugin_version(),PASSDB_INTERFACE_VERSION)); return NT_STATUS_UNSUCCESSFUL; } - plugin_init = sys_dlsym(dl_handle, "sam_init"); + plugin_init = sys_dlsym(dl_handle, "pdb_init"); if (!plugin_init) { sys_dlclose(dl_handle); - DEBUG(0, ("Failed to find function 'sam_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; } - DEBUG(5, ("Starting sam plugin %s with parameters %s for domain %s\n", plugin_name, plugin_params, sam_methods->domain_name)); - return plugin_init(sam_methods, plugin_params); + DEBUG(5, ("Starting sam plugin %s with location %s\n", plugin_name, plugin_location)); + return plugin_init(pdb_context, pdb_method, plugin_location); } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 91fc7bc8e0..cd66cf269c 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1134,23 +1134,28 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass) { uid_t uid; - uint32 rid; if (sampass == NULL) return False; - rid = pdb_get_user_rid(sampass); - - /* If the user specified a RID, make sure its able to be both stored and retreived */ - if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) { - DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); - return False; - } - ZERO_STRUCTP(smb_pw); + + if (!IS_SAM_UNIX_USER(sampass)) { + smb_pw->smb_userid_set = False; + DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n")); + } else { + uint32 rid = pdb_get_user_rid(sampass); + smb_pw->smb_userid_set = True; + uid = pdb_get_uid(sampass); - smb_pw->smb_userid_set = True; - smb_pw->smb_userid=uid; + /* If the user specified a RID, make sure its able to be both stored and retreived */ + if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) { + DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); + return False; + } + + smb_pw->smb_userid=uid; + } smb_pw->smb_name=(const char*)pdb_get_username(sampass); @@ -1502,6 +1507,7 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } + NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { NTSTATUS nt_status; @@ -1548,16 +1554,35 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->free_private_data = free_private_data; - if (lp_idmap_uid(&privates->low_nua_userid, &privates->high_nua_userid)) { - DEBUG(0, ("idmap uid range defined, non unix accounts enabled\n")); - privates->permit_non_unix_accounts = True; + return NT_STATUS_OK; +} + +NTSTATUS pdb_init_smbpasswd_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +{ + NTSTATUS nt_status; + struct smbpasswd_privates *privates; + + if (!NT_STATUS_IS_OK(nt_status = pdb_init_smbpasswd(pdb_context, pdb_method, location))) { + return nt_status; + } + + (*pdb_method)->name = "smbpasswd_nua"; + + privates = (*pdb_method)->private_data; + + privates->permit_non_unix_accounts = True; + + if (!lp_winbind_uid(&privates->low_nua_userid, &privates->high_nua_userid)) { + DEBUG(0, ("cannot use smbpasswd_nua without 'winbind uid' range in smb.conf!\n")); + return NT_STATUS_UNSUCCESSFUL; } return NT_STATUS_OK; } -int pdb_smbpasswd_init(void) +NTSTATUS pdb_smbpasswd_init(void) { smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd); - return True; + smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd_nua", pdb_init_smbpasswd_nua); + return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 74437cba6f..c3538042ee 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -101,7 +101,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, BOOL ret = True; struct passwd *pw; uid_t uid = -1; - gid_t gid = -1; + gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ if(sampass == NULL || buf == NULL) { DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n")); @@ -145,6 +145,30 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, goto done; } + /* validate the account and fill in UNIX uid and gid. Standard + * getpwnam() is used instead of Get_Pwnam() as we do not need + * to try case permutations + */ + if (!username || !(pw = getpwnam_alloc(username))) { + if (!(tdb_state->permit_non_unix_accounts)) { + DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username)); + ret = False; + goto done; + } + } + + if (pw) { + uid = pw->pw_uid; + gid = pw->pw_gid; + + pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET); + + passwd_free(&pw); + + pdb_set_uid(sampass, uid, PDB_SET); + pdb_set_gid(sampass, gid, PDB_SET); + } + pdb_set_logon_time(sampass, logon_time, PDB_SET); pdb_set_logoff_time(sampass, logoff_time, PDB_SET); pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); @@ -640,7 +664,7 @@ static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT return nt_status; } - fstrcpy(name, data.dptr); + fstrcpy (name, data.dptr); SAFE_FREE(data.dptr); tdb_close (pwd_tdb); @@ -744,40 +768,54 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, return False; } - if (!pdb_get_group_rid(newpwd)) { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); - ret = False; - goto done; - } - /* if flag == TDB_INSERT then make up a new RID else throw an error. */ if (!(user_rid = pdb_get_user_rid(newpwd))) { - if ((flag & TDB_INSERT) && tdb_state->permit_non_unix_accounts) { - uint32 lowrid, highrid; - if (!idmap_get_free_rid_range(&lowrid, &highrid)) { - /* should never happen */ - DEBUG(0, ("tdbsam: something messed up, no high/low rids but nua enabled ?!\n")); - ret = False; - goto done; - } - user_rid = lowrid; - tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); - if (!tdb_ret) { - ret = False; - goto done; + if (flag & TDB_INSERT) { + if (IS_SAM_UNIX_USER(newpwd)) { + if (tdb_state->algorithmic_rids) { + user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd)); + } else { + user_rid = BASE_RID; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + } + pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED); + } else { + user_rid = tdb_state->low_nua_rid; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + if (user_rid > tdb_state->high_nua_rid) { + DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); + ret = False; + goto done; + } + pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED); } - if (user_rid > highrid) { - DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); - ret = False; - goto done; - } - if (!pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED)) { - DEBUG(0, ("tdbsam: not able to set new allocated user RID into sam account!\n")); + } else { + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); + ret = False; + goto done; + } + } + + if (!pdb_get_group_rid(newpwd)) { + if (flag & TDB_INSERT) { + if (!tdb_state->permit_non_unix_accounts) { + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); ret = False; goto done; + } else { + /* This seems like a good default choice for non-unix users */ + pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT); } } else { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); ret = False; goto done; } @@ -799,7 +837,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, /* setup the USER index key */ slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name); key.dptr = keystr; - key.dsize = strlen(keystr) + 1; + key.dsize = strlen (keystr) + 1; /* add the account */ if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { @@ -811,7 +849,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, } /* setup RID data */ - data.dsize = strlen(name) + 1; + data.dsize = sizeof(fstring); data.dptr = name; /* setup the RID index key */ @@ -836,49 +874,6 @@ done: return (ret); } -#if 0 -/*************************************************************************** - Allocates a new RID and returns it to the caller as a domain sid - - NOTE: Use carefullt, do not waste RIDs they are a limited resource! - - SSS - ***************************************************************************/ - -static NTSTATUS tdbsam_get_next_sid (struct pdb_methods *my_methods, DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb; - uint32 rid; - - if (sid == NULL) { - return NT_STATUS_INVALID_PARAMETER; - } - - pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600); - if (!pwd_tdb) - { - DEBUG(0, ("tdbsam_get_next_sid: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - rid = BASE_RID; - if (tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &rid, 1)) { - - sid_copy(sid, get_global_sam_sid()); - if (!sid_append_rid(sid, rid)) { - goto done; - } - - ret = NT_STATUS_OK; - } - -done: - tdb_close (pwd_tdb); - return ret; -} -#endif - /*************************************************************************** Modifies an existing SAM_ACCOUNT ****************************************************************************/ @@ -917,7 +912,14 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con { NTSTATUS nt_status; struct tdbsam_privates *tdb_state; - uint32 low_nua_uid, high_nua_uid; + +#if 0 /* when made a module use this */ + tdbsam_debug_level = debug_add_class("tdbsam"); + if(tdbsam_debug_level == -1) { + tdbsam_debug_level = DBGC_ALL; + DEBUG(0, ("tdbsam: Couldn't register custom debugging class!\n")); + } +#endif if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { return nt_status; @@ -951,29 +953,47 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile); } + tdb_state->algorithmic_rids = True; + (*pdb_method)->private_data = tdb_state; (*pdb_method)->free_private_data = free_private_data; - if (lp_idmap_uid(&low_nua_uid, &high_nua_uid)) { - DEBUG(0, ("idmap uid range defined, non unix accounts enabled\n")); + return NT_STATUS_OK; +} - tdb_state->permit_non_unix_accounts = True; +NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +{ + NTSTATUS nt_status; + struct tdbsam_privates *tdb_state; + uint32 low_nua_uid, high_nua_uid; - tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); + if (!NT_STATUS_IS_OK(nt_status = pdb_init_tdbsam(pdb_context, pdb_method, location))) { + return nt_status; + } - tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid); + (*pdb_method)->name = "tdbsam_nua"; - } else { - tdb_state->algorithmic_rids = True; + tdb_state = (*pdb_method)->private_data; + + tdb_state->permit_non_unix_accounts = True; + + if (!lp_winbind_uid(&low_nua_uid, &high_nua_uid)) { + DEBUG(0, ("cannot use tdbsam_nua without 'winbind uid' range in smb.conf!\n")); + return NT_STATUS_UNSUCCESSFUL; } + tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid); + + tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid); + return NT_STATUS_OK; } -int pdb_tdbsam_init(void) +NTSTATUS pdb_tdbsam_init(void) { smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam); - return True; + smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam_nua", pdb_init_tdbsam_nua); + return NT_STATUS_OK; } diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c deleted file mode 100644 index 395795758f..0000000000 --- a/source3/passdb/pdb_unix.c +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Unix password backend for samba - * Copyright (C) Jelmer Vernooij 2002 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -/****************************************************************** - Lookup a name in the SAM database - ******************************************************************/ - -static NTSTATUS unixsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname) -{ - struct passwd *pass; - if (!methods) { - DEBUG(0,("invalid methods\n")); - return NT_STATUS_UNSUCCESSFUL; - } - if (!sname) { - DEBUG(0,("invalid name specified")); - return NT_STATUS_UNSUCCESSFUL; - } - pass = Get_Pwnam(sname); - - return pdb_fill_sam_pw(user, pass); -} - - -/*************************************************************************** - Search by rid - **************************************************************************/ - -static NTSTATUS unixsam_getsampwrid (struct pdb_methods *methods, - SAM_ACCOUNT *user, uint32 rid) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct passwd *pass = NULL; - const char *guest_account = lp_guestaccount(); - if (!(guest_account && *guest_account)) { - DEBUG(1, ("NULL guest account!?!?\n")); - return nt_status; - } - - if (!methods) { - DEBUG(0,("invalid methods\n")); - return nt_status; - } - - if (rid == DOMAIN_USER_RID_GUEST) { - pass = getpwnam_alloc(guest_account); - if (!pass) { - DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account)); - return nt_status; - } - } else if (fallback_pdb_rid_is_user(rid)) { - pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); - } - - if (pass == NULL) { - return nt_status; - } - - nt_status = pdb_fill_sam_pw(user, pass); - passwd_free(&pass); - - return nt_status; -} - -static NTSTATUS unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid) -{ - uint32 rid; - if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) - return NT_STATUS_UNSUCCESSFUL; - return unixsam_getsampwrid(my_methods, user, rid); -} - -/*************************************************************************** - Updates a SAM_ACCOUNT - - This isn't a particulary practical option for pdb_unix. We certainly don't - want to twidde the filesystem, so what should we do? - - Current plan is to transparently add the account. It should appear - as if the pdb_unix version was modified, but its actually stored somehwere. - ****************************************************************************/ - -static NTSTATUS unixsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd) -{ - return methods->parent->pdb_add_sam_account(methods->parent, newpwd); -} - -NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) -{ - NTSTATUS nt_status; - - if (!pdb_context) { - DEBUG(0, ("invalid pdb_context specified\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { - return nt_status; - } - - (*pdb_method)->name = "unixsam"; - (*pdb_method)->update_sam_account = unixsam_update_sam_account; - (*pdb_method)->getsampwnam = unixsam_getsampwnam; - (*pdb_method)->getsampwsid = unixsam_getsampwsid; - - /* There's not very much to initialise here */ - return NT_STATUS_OK; -} - -NTSTATUS pdb_unix_init(void) -{ - return smb_register_passdb(PASSDB_INTERFACE_VERSION, "unixsam", pdb_init_unixsam); -} diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c index 7a5c0e2b53..de2ee4594c 100644 --- a/source3/passdb/pdb_xml.c +++ b/source3/passdb/pdb_xml.c @@ -524,7 +524,7 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method return nt_status; } - (*pdb_method)->name = "xmlsam"; + (*pdb_method)->name = "xml"; (*pdb_method)->setsampwent = xmlsam_setsampwent; (*pdb_method)->endsampwent = xmlsam_endsampwent; diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c index c845170749..b2f45ad366 100644 --- a/source3/printing/lpq_parse.c +++ b/source3/printing/lpq_parse.c @@ -145,8 +145,8 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first) buf->size = atoi(tok[TOTALTOK]); buf->status = strequal(tok[RANKTOK],"active")?LPQ_PRINTING:LPQ_QUEUED; buf->time = time(NULL); - StrnCpy(buf->fs_user,tok[USERTOK],sizeof(buf->fs_user)-1); - StrnCpy(buf->fs_file,tok[FILETOK],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_user,tok[USERTOK]); + fstrcpy(buf->fs_file,tok[FILETOK]); if ((FILETOK + 1) != TOTALTOK) { int i; @@ -266,7 +266,7 @@ static BOOL parse_lpq_lprng(char *line,print_queue_struct *buf,BOOL first) buf->time = LPRng_time(tokarr[LPRNG_TIMETOK]); - StrnCpy(buf->fs_user,tokarr[LPRNG_USERTOK],sizeof(buf->fs_user)-1); + fstrcpy(buf->fs_user,tokarr[LPRNG_USERTOK]); /* The '@hostname' prevents windows from displaying the printing icon * for the current user on the taskbar. Plop in a null. @@ -276,7 +276,7 @@ static BOOL parse_lpq_lprng(char *line,print_queue_struct *buf,BOOL first) *ptr = '\0'; } - StrnCpy(buf->fs_file,tokarr[LPRNG_FILETOK],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_file,tokarr[LPRNG_FILETOK]); if ((LPRNG_FILETOK + 1) != LPRNG_TOTALTOK) { int i; @@ -353,8 +353,8 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first) buf->status = strequal(tok[0],"HELD")?LPQ_PAUSED:LPQ_QUEUED; buf->priority = 0; buf->time = time(NULL); - StrnCpy(buf->fs_user,tok[3],sizeof(buf->fs_user)-1); - StrnCpy(buf->fs_file,tok[2],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_user,tok[3]); + fstrcpy(buf->fs_file,tok[2]); } else { @@ -387,8 +387,8 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first) buf->status = strequal(tok[2],"RUNNING")?LPQ_PRINTING:LPQ_QUEUED; buf->priority = 0; buf->time = time(NULL); - StrnCpy(buf->fs_user,tok[5],sizeof(buf->fs_user)-1); - StrnCpy(buf->fs_file,tok[4],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_user,tok[5]); + fstrcpy(buf->fs_file,tok[4]); } @@ -449,14 +449,14 @@ static BOOL parse_lpq_hpux(char *line, print_queue_struct *buf, BOOL first) fstrcpy(tok[0],"STDIN"); buf->size = atoi(tok[1]); - StrnCpy(buf->fs_file,tok[0],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_file,tok[0]); /* fill things from header line */ buf->time = jobtime; buf->job = jobid; buf->status = jobstat; buf->priority = jobprio; - StrnCpy(buf->fs_user,jobuser,sizeof(buf->fs_user)-1); + fstrcpy(buf->fs_user,jobuser); return(True); } @@ -482,7 +482,7 @@ static BOOL parse_lpq_hpux(char *line, print_queue_struct *buf, BOOL first) /* the 2nd, 5th & 7th column must be integer */ if (!isdigit((int)*tok[1]) || !isdigit((int)*tok[4]) || !isdigit((int)*tok[6])) return(False); jobid = atoi(tok[1]); - StrnCpy(jobuser,tok[2],sizeof(buf->fs_user)-1); + fstrcpy(jobuser,tok[2]); jobprio = atoi(tok[4]); /* process time */ @@ -573,8 +573,8 @@ static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first) buf->status = LPQ_QUEUED; buf->priority = 0; buf->time = EntryTime(tok, 4, count, 7); - StrnCpy(buf->fs_user,tok[2],sizeof(buf->fs_user)-1); - StrnCpy(buf->fs_file,tok[2],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_user,tok[2]); + fstrcpy(buf->fs_file,tok[2]); return(True); } @@ -633,8 +633,8 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first) buf->status = strequal(tok[3],"active")?LPQ_PRINTING:LPQ_QUEUED; buf->priority = 0; buf->time = time(NULL); - StrnCpy(buf->fs_user,tok[1],sizeof(buf->fs_user)-1); - StrnCpy(buf->fs_file,tok[6],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_user,tok[1]); + fstrcpy(buf->fs_file,tok[6]); return(True); } @@ -704,8 +704,8 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first) buf->status = strequal(tok[0],"active")?LPQ_PRINTING:LPQ_QUEUED; buf->priority = 0; buf->time = time(NULL); - StrnCpy(buf->fs_user,tok[1],sizeof(buf->fs_user)-1); - StrnCpy(buf->fs_file,tok[6],sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_user,tok[1]); + fstrcpy(buf->fs_file,tok[6]); return(True); } @@ -779,8 +779,8 @@ static BOOL parse_lpq_nt(char *line,print_queue_struct *buf,BOOL first) buf->priority = 0; buf->size = atoi(parse_line.size); buf->time = time(NULL); - StrnCpy(buf->fs_user, parse_line.owner, sizeof(buf->fs_user)-1); - StrnCpy(buf->fs_file, parse_line.jobname, sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_user, parse_line.owner); + fstrcpy(buf->fs_file, parse_line.jobname); if (strequal(parse_line.status, LPRNT_PRINTING)) buf->status = LPQ_PRINTING; else if (strequal(parse_line.status, LPRNT_PAUSED)) @@ -838,7 +838,7 @@ static BOOL parse_lpq_os2(char *line,print_queue_struct *buf,BOOL first) /* Get the job name */ parse_line.space2[0] = '\0'; trim_string(parse_line.jobname, NULL, " "); - StrnCpy(buf->fs_file, parse_line.jobname, sizeof(buf->fs_file)-1); + fstrcpy(buf->fs_file, parse_line.jobname); buf->priority = 0; buf->size = atoi(parse_line.size); @@ -856,7 +856,7 @@ static BOOL parse_lpq_os2(char *line,print_queue_struct *buf,BOOL first) !strequal(parse_line.status, LPROS2_WAITING)) return(False); - StrnCpy(buf->fs_user, parse_line.owner, sizeof(buf->fs_user)-1); + fstrcpy(buf->fs_user, parse_line.owner); if (strequal(parse_line.status, LPROS2_PRINTING)) buf->status = LPQ_PRINTING; else if (strequal(parse_line.status, LPROS2_PAUSED)) @@ -990,23 +990,23 @@ BOOL parse_lpq_entry(int snum,char *line, case LPSTAT_OK: for (i=0; stat0_strings[i]; i++) if (strstr(line,stat0_strings[i])) { - StrnCpy(status->message,line,sizeof(status->message)-1); - status->status=LPSTAT_OK; - return ret; + fstrcpy(status->message,line); + status->status=LPSTAT_OK; + return ret; } case LPSTAT_STOPPED: for (i=0; stat1_strings[i]; i++) if (strstr(line,stat1_strings[i])) { - StrnCpy(status->message,line,sizeof(status->message)-1); - status->status=LPSTAT_STOPPED; - return ret; + fstrcpy(status->message,line); + status->status=LPSTAT_STOPPED; + return ret; } case LPSTAT_ERROR: for (i=0; stat2_strings[i]; i++) if (strstr(line,stat2_strings[i])) { - StrnCpy(status->message,line,sizeof(status->message)-1); - status->status=LPSTAT_ERROR; - return ret; + fstrcpy(status->message,line); + status->status=LPSTAT_ERROR; + return ret; } break; } diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index a486fb9c00..685f5ff499 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -198,6 +198,22 @@ static const nt_forms_struct default_forms[] = { {"PRC Envelope #10 Rotated",0x1,0x6fd10,0x4f1a0,0x0,0x0,0x6fd10,0x4f1a0} }; +struct table_node { + const char *long_archi; + const char *short_archi; + int version; +}; + +static const struct table_node archi_table[]= { + + {"Windows 4.0", "WIN40", 0 }, + {"Windows NT x86", "W32X86", 2 }, + {"Windows NT R4000", "W32MIPS", 2 }, + {"Windows NT Alpha_AXP", "W32ALPHA", 2 }, + {"Windows NT PowerPC", "W32PPC", 2 }, + {NULL, "", -1 } +}; + static BOOL upgrade_to_version_3(void) { TDB_DATA kbuf, newkey, dbuf; @@ -638,12 +654,12 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count) int get_ntdrivers(fstring **list, const char *architecture, uint32 version) { int total=0; - fstring short_archi; + const char *short_archi; fstring *fl; pstring key; TDB_DATA kbuf, newkey; - get_short_archi(short_archi, architecture); + short_archi = get_short_archi(architecture); slprintf(key, sizeof(key)-1, "%s%s/%d/", DRIVERS_PREFIX, short_archi, version); for (kbuf = tdb_firstkey(tdb_drivers); @@ -667,52 +683,32 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version) } /**************************************************************************** - Function to do the mapping between the long architecture name and - the short one. +function to do the mapping between the long architecture name and +the short one. ****************************************************************************/ -BOOL get_short_archi(char *short_archi, const char *long_archi) +const char *get_short_archi(const char *long_archi) { - struct table { - const char *long_archi; - const char *short_archi; - }; - - struct table archi_table[]= - { - {"Windows 4.0", "WIN40" }, - {"Windows NT x86", "W32X86" }, - {"Windows NT R4000", "W32MIPS" }, - {"Windows NT Alpha_AXP", "W32ALPHA" }, - {"Windows NT PowerPC", "W32PPC" }, - {NULL, "" } - }; - - int i=-1; + int i=-1; - DEBUG(107,("Getting architecture dependant directory\n")); + DEBUG(107,("Getting architecture dependant directory\n")); + do { + i++; + } while ( (archi_table[i].long_archi!=NULL ) && + StrCaseCmp(long_archi, archi_table[i].long_archi) ); - if (long_archi == NULL) { - DEBUGADD(107,("Bad long_archi param.!\n")); - return False; - } + if (archi_table[i].long_archi==NULL) { + DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi)); + return NULL; + } - do { - i++; - } while ( (archi_table[i].long_archi!=NULL ) && - StrCaseCmp(long_archi, archi_table[i].long_archi) ); + /* this might be client code - but shouldn't this be an fstrcpy etc? */ - if (archi_table[i].long_archi==NULL) { - DEBUGADD(107,("Unknown architecture [%s] !\n", long_archi)); - return False; - } - StrnCpy (short_archi, archi_table[i].short_archi, strlen(archi_table[i].short_archi)); + DEBUGADD(108,("index: [%d]\n", i)); + DEBUGADD(108,("long architecture: [%s]\n", archi_table[i].long_archi)); + DEBUGADD(108,("short architecture: [%s]\n", archi_table[i].short_archi)); - DEBUGADD(108,("index: [%d]\n", i)); - DEBUGADD(108,("long architecture: [%s]\n", long_archi)); - DEBUGADD(108,("short architecture: [%s]\n", short_archi)); - - return True; + return archi_table[i].short_archi; } /**************************************************************************** @@ -1066,7 +1062,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr /**************************************************************************** Determine the correct cVersion associated with an architecture and driver ****************************************************************************/ -static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in, +static uint32 get_correct_cversion(const char *architecture, fstring driverpath_in, struct current_user *user, WERROR *perr) { int cversion; @@ -1111,7 +1107,7 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in, } /* We are temporarily becoming the connection user. */ - if (!become_user(conn, conn->vuid)) { + if (!become_user(conn, user->vuid)) { DEBUG(0,("get_correct_cversion: Can't become user!\n")); *perr = WERR_ACCESS_DENIED; return -1; @@ -1192,7 +1188,7 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in, static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver, struct current_user *user) { - fstring architecture; + const char *architecture; fstring new_name; char *p; int i; @@ -1232,7 +1228,7 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri } } - get_short_archi(architecture, driver->environment); + architecture = get_short_archi(driver->environment); /* jfm:7/16/2000 the client always sends the cversion=0. * The server should check which version the driver is by reading @@ -1256,7 +1252,7 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri ****************************************************************************/ static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver, struct current_user *user) { - fstring architecture; + const char *architecture; fstring new_name; char *p; int i; @@ -1296,7 +1292,7 @@ static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *dri } } - get_short_archi(architecture, driver->environment); + architecture = get_short_archi(driver->environment); /* jfm:7/16/2000 the client always sends the cversion=0. * The server should check which version the driver is by reading @@ -1382,7 +1378,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, { NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver; NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver; - fstring architecture; + const char *architecture; pstring new_dir; pstring old_name; pstring new_name; @@ -1409,7 +1405,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, return False; } - get_short_archi(architecture, driver->environment); + architecture = get_short_archi(driver->environment); /* * Connect to the print$ share under the same account as the user connected to the rpc pipe. @@ -1589,7 +1585,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver) { int len, buflen; - fstring architecture; + const char *architecture; pstring directory; fstring temp_name; pstring key; @@ -1597,7 +1593,7 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver) int i, ret; TDB_DATA kbuf, dbuf; - get_short_archi(architecture, driver->environment); + architecture = get_short_archi(driver->environment); /* The names are relative. We store them in the form: \print$\arch\version\driver.xxx * \\server is added in the rpc server layer. @@ -1751,14 +1747,14 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, { NT_PRINTER_DRIVER_INFO_LEVEL_3 driver; TDB_DATA kbuf, dbuf; - fstring architecture; + const char *architecture; int len = 0; int i; pstring key; ZERO_STRUCT(driver); - get_short_archi(architecture, arch); + architecture = get_short_archi(arch); DEBUG(8,("get_a_printer_driver_3: [%s%s/%d/%s]\n", DRIVERS_PREFIX, architecture, version, drivername)); @@ -2611,6 +2607,10 @@ static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer) DEBUG(3, ("ads_init() failed\n")); return WERR_SERVER_UNAVAILABLE; } + setenv("KRB5CCNAME", "MEMORY:prtpub_cache", 1); + SAFE_FREE(ads->auth.password); + ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), + NULL, NULL); ads_rc = ads_connect(ads); if (!ADS_ERR_OK(ads_rc)) { DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc))); @@ -2668,6 +2668,10 @@ WERROR unpublish_it(NT_PRINTER_INFO_LEVEL *printer) DEBUG(3, ("ads_init() failed\n")); return WERR_SERVER_UNAVAILABLE; } + setenv("KRB5CCNAME", "MEMORY:prtpub_cache", 1); + SAFE_FREE(ads->auth.password); + ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), + NULL, NULL); ads_rc = ads_connect(ads); if (!ADS_ERR_OK(ads_rc)) { DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc))); @@ -4405,13 +4409,13 @@ WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct cur uint32 version, BOOL delete_files ) { pstring key; - fstring arch; + const char *arch; TDB_DATA kbuf, dbuf; NT_PRINTER_DRIVER_INFO_LEVEL ctr; /* delete the tdb data first */ - get_short_archi(arch, info_3->environment); + arch = get_short_archi(info_3->environment); slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX, arch, version, info_3->name); diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c index c399c3c6cc..1bdbf4a789 100644 --- a/source3/printing/pcap.c +++ b/source3/printing/pcap.c @@ -384,7 +384,7 @@ void pcap_printer_fn(void (*fn)(char *, char *)) if (strlen(p)>strlen(comment) && has_punctuation) { - StrnCpy(comment,p,sizeof(comment)-1); + pstrcpy(comment,p); continue; } @@ -398,8 +398,8 @@ void pcap_printer_fn(void (*fn)(char *, char *)) if (!strchr_m(comment,' ') && strlen(p) > strlen(comment)) { - StrnCpy(comment,p,sizeof(comment)-1); - continue; + pstrcpy(comment,p); + continue; } } diff --git a/source3/python/py_winbind.c b/source3/python/py_winbind.c index 0c40861c70..db66be2321 100644 --- a/source3/python/py_winbind.c +++ b/source3/python/py_winbind.c @@ -261,12 +261,12 @@ static PyObject *py_config_dict(void) /* Winbind uid/gid range */ - if (lp_idmap_uid(&ulow, &uhi)) { + if (lp_winbind_uid(&ulow, &uhi)) { PyDict_SetItemString(result, "uid_low", PyInt_FromLong(ulow)); PyDict_SetItemString(result, "uid_high", PyInt_FromLong(uhi)); } - if (lp_idmap_gid(&glow, &ghi)) { + if (lp_winbind_gid(&glow, &ghi)) { PyDict_SetItemString(result, "gid_low", PyInt_FromLong(glow)); PyDict_SetItemString(result, "gid_high", PyInt_FromLong(ghi)); } diff --git a/source3/python/setup.py b/source3/python/setup.py index 6569331031..a9f220f195 100755 --- a/source3/python/setup.py +++ b/source3/python/setup.py @@ -41,15 +41,24 @@ samba_srcdir = os.environ.get("SRCDIR", "") samba_libs = os.environ.get("LIBS", "") -# Convert libs and objs from space separated strings to lists of strings -# for distutils to digest. Split "-l" prefix off library list. - obj_list = string.split(samba_objs) -lib_list = [] +# Unfortunately the samba_libs variable contains both shared libraries +# and linker flags. The python distutils doesn't like this so we have +# to split $samba_libs into a flags component and a library component. + +libraries = [] +library_dirs = [] for lib in string.split(samba_libs): - lib_list.append(string.replace(lib, "-l", "")) + if lib[0:2] == "-l": + libraries.append(lib[2:]) + continue + if lib[0:2] == "-L": + library_dirs.append(lib[2:]) + continue + print "Unknown entry '%s' in $LIBS variable passed to setup.py" % lib + sys.exit(1) flags_list = string.split(samba_cflags) @@ -96,8 +105,8 @@ setup( samba_srcdir + "python/py_spoolss_jobs.c", samba_srcdir + "python/py_spoolss_jobs_conv.c", ], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), @@ -107,8 +116,8 @@ setup( sources = [samba_srcdir + "python/py_lsa.c", samba_srcdir + "python/py_common.c", samba_srcdir + "python/py_ntsec.c"], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), @@ -119,8 +128,8 @@ setup( samba_srcdir + "python/py_conv.c", samba_srcdir + "python/py_samr_conv.c", samba_srcdir + "python/py_common.c"], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), @@ -131,8 +140,8 @@ setup( samba_srcdir + "python/py_winbind_conv.c", samba_srcdir + "python/py_conv.c", samba_srcdir + "python/py_common.c"], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), @@ -141,8 +150,8 @@ setup( Extension(name = "winreg", sources = [samba_srcdir + "python/py_winreg.c", samba_srcdir + "python/py_common.c"], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), @@ -153,8 +162,8 @@ setup( samba_srcdir + "python/py_conv.c", samba_srcdir + "python/py_srvsvc_conv.c", samba_srcdir + "python/py_common.c"], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), @@ -162,8 +171,8 @@ setup( Extension(name = "tdb", sources = [samba_srcdir + "python/py_tdb.c"], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), @@ -173,8 +182,8 @@ setup( sources = [samba_srcdir + "python/py_smb.c", samba_srcdir + "python/py_common.c", samba_srcdir + "python/py_ntsec.c"], - libraries = lib_list, - library_dirs = ["/usr/kerberos/lib"], + libraries = libraries, + library_dirs = ["/usr/kerberos/lib"] + library_dirs, extra_compile_args = flags_list, extra_objects = obj_list), diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 9002ad3d1b..db873236e4 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1164,7 +1164,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, LSA_Q_ENUM_ACCT_RIGHTS q; LSA_R_ENUM_ACCT_RIGHTS r; NTSTATUS result; - unsigned int i; + int i; ZERO_STRUCT(q); ZERO_STRUCT(r); @@ -1199,7 +1199,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx, *privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **)); for (i=0;i<*count;i++) { - (*privs_name)[i] = unistr2_tdup(mem_ctx, &r.rights.strings[i].string); + pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer); } done: @@ -1293,58 +1293,6 @@ done: } -/* list account SIDs that have the specified right */ - -NTSTATUS cli_lsa_enum_account_with_right(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, const char *right, - uint32 *count, DOM_SID **sids) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_ACCT_WITH_RIGHT q; - LSA_R_ENUM_ACCT_WITH_RIGHT r; - NTSTATUS result; - - ZERO_STRUCT(q); - - /* Initialise parse structures */ - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - init_q_enum_acct_with_right(&q, pol, right); - - if (!lsa_io_q_enum_acct_with_right("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_ENUMACCTWITHRIGHT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_enum_acct_with_right("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - *count = r.count; - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (*count) { - int i; - (*sids) = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (*count)); - for (i=0; i<*count; i++) { - sid_copy(&(*sids)[i], &r.sids.sids[i].sid.sid); - } - } -done: - - return result; -} - - #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index ce0dd95e94..72240ca7d2 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -280,7 +280,7 @@ NTSTATUS cli_nt_setup_creds(struct cli_state *cli, } if (!NT_STATUS_IS_OK(result)) - DEBUG(1,("cli_nt_setup_creds: auth%d challenge failed %s\n", level, nt_errstr(result))); + DEBUG(3,("cli_nt_setup_creds: auth%d challenge failed %s\n", level, nt_errstr(result))); return result; } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 1c089e589b..f8472f3cfc 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -174,7 +174,8 @@ static void NTLMSSPcalc_ap( struct cli_state *cli, unsigned char *data, uint32 l Never on bind requests/responses. ****************************************************************************/ -static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int auth_len) +static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, + uint32 fragment_start, int len, int auth_len, int *pauth_padding_len) { /* * The following is that length of the data we must sign or seal. @@ -187,12 +188,14 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int /* * The start of the data to sign/seal is just after the RPC headers. */ - char *reply_data = prs_data_p(rdata) + RPC_HEADER_LEN + RPC_HDR_REQ_LEN; + char *reply_data = prs_data_p(rdata) + fragment_start + RPC_HEADER_LEN + RPC_HDR_REQ_LEN; BOOL auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0); BOOL auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0); BOOL auth_schannel = (cli->saved_netlogon_pipe_fnum != 0); + *pauth_padding_len = 0; + DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s schannel %s\n", len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal), BOOLSTR(auth_schannel))); @@ -297,8 +300,10 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int if (auth_schannel) { RPC_AUTH_NETSEC_CHK chk; - char data[RPC_AUTH_NETSEC_CHK_LEN]; - char *dp = prs_data_p(rdata) + len - auth_len; + RPC_HDR_AUTH rhdr_auth; + char data[RPC_HDR_AUTH_LEN+RPC_AUTH_NETSEC_CHK_LEN]; + char *dp = prs_data_p(rdata) + fragment_start + len - + RPC_HDR_AUTH_LEN - RPC_AUTH_NETSEC_CHK_LEN; prs_struct auth_verf; if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) { @@ -322,7 +327,19 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int /* The endinness must be preserved. JRA. */ prs_set_endian_data( &auth_verf, rdata->bigendian_data); - prs_give_memory(&auth_verf, data, RPC_AUTH_NETSEC_CHK_LEN, False); + prs_give_memory(&auth_verf, data, sizeof(data), False); + + if (!smb_io_rpc_hdr_auth("auth_hdr", &rhdr_auth, &auth_verf, 0)) { + DEBUG(0, ("rpc_auth_pipe: Could not parse schannel auth header\n")); + return False; + } + + if ((rhdr_auth.auth_type != NETSEC_AUTH_TYPE) || + (rhdr_auth.auth_level != NETSEC_AUTH_LEVEL)) { + DEBUG(0, ("rpc_auth_pipe: Got wrong schannel auth type/level: %d/%d\n", + rhdr_auth.auth_type, rhdr_auth.auth_level)); + return False; + } if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", &chk, &auth_verf, 0)) { DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling " @@ -336,6 +353,7 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int DEBUG(0, ("rpc_auth_pipe: Could not decode schannel\n")); return False; } + *pauth_padding_len = rhdr_auth.padding; } return True; } @@ -379,6 +397,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd char *prdata = NULL; uint32 rdata_len = 0; uint32 current_offset = 0; + uint32 fragment_start = 0; uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024; /* Create setup parameters - must be in native byte order. */ @@ -469,7 +488,10 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd */ if (rhdr.auth_len != 0) { - if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len)) + int auth_padding_len = 0; + + if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len, + rhdr.auth_len, &auth_padding_len)) return False; /* * Drop the auth footers from the current offset. @@ -477,7 +499,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd * The auth footers consist of the auth_data and the * preceeding 8 byte auth_header. */ - current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN); + current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len); } /* @@ -557,12 +579,17 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd if (!rpc_read(cli, rdata, len, ¤t_offset)) return False; + fragment_start = current_offset - len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; + /* * Verify any authentication footer. */ if (rhdr.auth_len != 0 ) { - if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len)) + int auth_padding_len = 0; + + if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len, + rhdr.auth_len, &auth_padding_len)) return False; /* * Drop the auth footers from the current offset. @@ -570,7 +597,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd * preceeding 8 byte auth_header. * We need this if there are more fragments. */ - current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN); + current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len); } } diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index fc9999dc4d..0b45c0baf3 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -2219,21 +2219,18 @@ BOOL lsa_io_r_query_info2(const char *desc, LSA_R_QUERY_INFO2 *r_c, if(!prs_uint32("ptr", ps, depth, &r_c->ptr)) return False; - - if (r_c->ptr != 0) { - if(!prs_uint16("info_class", ps, depth, &r_c->info_class)) + if(!prs_uint16("info_class", ps, depth, &r_c->info_class)) + return False; + switch(r_c->info_class) { + case 0x000c: + if (!lsa_io_dns_dom_info("info12", &r_c->info.dns_dom_info, + ps, depth)) return False; - switch(r_c->info_class) { - case 0x000c: - if (!lsa_io_dns_dom_info("info12", &r_c->info.dns_dom_info, - ps, depth)) - return False; break; - default: - DEBUG(0,("lsa_io_r_query_info2: unknown info class %d\n", - r_c->info_class)); - return False; - } + default: + DEBUG(0,("lsa_io_r_query_info2: unknown info class %d\n", + r_c->info_class)); + return False; } if(!prs_align(ps)) @@ -2304,19 +2301,6 @@ BOOL lsa_io_r_enum_acct_rights(const char *desc, LSA_R_ENUM_ACCT_RIGHTS *r_c, pr return True; } -/******************************************************************* - Inits an LSA_R_ENUM_ACCT_RIGHTS structure. -********************************************************************/ -void init_r_enum_acct_rights(LSA_R_ENUM_ACCT_RIGHTS *q_r, - uint32 count, - const char **rights) -{ - DEBUG(5, ("init_r_enum_acct_rights\n")); - - q_r->count = count; - init_unistr2_array(&q_r->rights, count, rights); -} - /******************************************************************* Inits an LSA_Q_ADD_ACCT_RIGHTS structure. @@ -2332,6 +2316,7 @@ void init_q_add_acct_rights(LSA_Q_ADD_ACCT_RIGHTS *q_q, q_q->pol = *hnd; init_dom_sid2(&q_q->sid, sid); init_unistr2_array(&q_q->rights, count, rights); + q_q->count = 5; } @@ -2372,15 +2357,6 @@ BOOL lsa_io_r_add_acct_rights(const char *desc, LSA_R_ADD_ACCT_RIGHTS *r_c, prs_ return True; } -/******************************************************************* - Inits an LSA_R_ADD_ACCT_RIGHTS structure. -********************************************************************/ -void init_r_add_acct_rights(LSA_R_ADD_ACCT_RIGHTS *q_r) -{ - DEBUG(5, ("init_r_add_acct_rights\n")); - /* oh what a silly function! */ -} - /******************************************************************* Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure. @@ -2398,6 +2374,7 @@ void init_q_remove_acct_rights(LSA_Q_REMOVE_ACCT_RIGHTS *q_q, init_dom_sid2(&q_q->sid, sid); q_q->removeall = removeall; init_unistr2_array(&q_q->rights, count, rights); + q_q->count = 5; } @@ -2428,7 +2405,7 @@ BOOL lsa_io_q_remove_acct_rights(const char *desc, LSA_Q_REMOVE_ACCT_RIGHTS *q_q } /******************************************************************* -reads or writes a LSA_R_REMOVE_ACCT_RIGHTS structure. +reads or writes a LSA_R_ENUM_ACCT_RIGHTS structure. ********************************************************************/ BOOL lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *r_c, prs_struct *ps, int depth) { @@ -2440,89 +2417,3 @@ BOOL lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *r_c return True; } - -/******************************************************************* - Inits an LSA_R_REMOVE_ACCT_RIGHTS structure. -********************************************************************/ -void init_r_remove_acct_rights(LSA_R_REMOVE_ACCT_RIGHTS *q_r) -{ - DEBUG(5, ("init_r_remove_acct_rights\n")); -} - -/******************************************************************* - Inits an LSA_Q_ENUM_ACCT_WITH_RIGHT structure. -********************************************************************/ -void init_q_enum_acct_with_right(LSA_Q_ENUM_ACCT_WITH_RIGHT *q_q, - POLICY_HND *hnd, - const char *right) -{ - DEBUG(5, ("init_q_enum_acct_with_right\n")); - - q_q->pol = *hnd; - init_unistr2(&q_q->right, right, strlen(right)); - init_str_hdr(&q_q->right_hdr, - q_q->right.uni_max_len*2, - q_q->right.uni_max_len*2, right?1:0); -} - - -/******************************************************************* -reads or writes a LSA_Q_ENUM_ACCT_WITH_RIGHT structure. -********************************************************************/ -BOOL lsa_io_q_enum_acct_with_right(const char *desc, LSA_Q_ENUM_ACCT_WITH_RIGHT *q_q, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "lsa_io_q_enum_acct_with_right"); - depth++; - - if (!smb_io_pol_hnd("", &q_q->pol, ps, depth)) - return False; - - if (!prs_uint32("ref_id ", ps, depth, &q_q->right_hdr.buffer)) - return False; - - if (UNMARSHALLING(ps) && q_q->right_hdr.buffer == 0) { - return True; - } - - if (!smb_io_strhdr("", &q_q->right_hdr, ps, depth)) - return False; - - if (!smb_io_unistr2("", &q_q->right, q_q->right_hdr.buffer, ps, depth)) - return False; - - return True; -} - - -/******************************************************************* -reads or writes a LSA_R_ENUM_ACCT_WITH_RIGHT structure. -********************************************************************/ -BOOL lsa_io_r_enum_acct_with_right(const char *desc, LSA_R_ENUM_ACCT_WITH_RIGHT *r_c, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "lsa_io_r_enum_acct_with_right"); - depth++; - - if (!prs_uint32("count ", ps, depth, &r_c->count)) - return False; - - if (!smb_io_sid_array("sids ", &r_c->sids, ps, depth)) - return False; - - if(!prs_ntstatus("status", ps, depth, &r_c->status)) - return False; - - return True; -} - -/******************************************************************* - Inits an LSA_R_ENUM_ACCT_WITH_RIGHT structure. -********************************************************************/ -void init_r_enum_acct_with_right(LSA_R_ENUM_ACCT_WITH_RIGHT *r_c, - uint32 count, - DOM_SID *sids) -{ - DEBUG(5, ("init_r_enum_acct_with_right\n")); - - r_c->count = count; - init_sid_array(&r_c->sids, count, sids); -} diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index a39e3391bb..f0d4c67d9f 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -1122,78 +1122,6 @@ BOOL smb_io_unistr2_array(const char *desc, UNISTR2_ARRAY *array, prs_struct *ps } -/* - initialise a SID_ARRAY from a list of sids -*/ -BOOL init_sid_array(SID_ARRAY *array, - uint32 count, DOM_SID *sids) -{ - unsigned int i; - - array->count = count; - array->ref_id = count?1:0; - if (array->count == 0) { - return True; - } - - array->sids = (SID_ARRAY_EL *)talloc_zero(get_talloc_ctx(), count * sizeof(SID_ARRAY_EL)); - if (!array->sids) { - return False; - } - - for (i=0;i<count;i++) { - array->sids[i].ref_id = 1; - init_dom_sid2(&array->sids[i].sid, &sids[i]); - } - - return True; -} - - -/******************************************************************* - Reads or writes a SID_ARRAY structure. -********************************************************************/ -BOOL smb_io_sid_array(const char *desc, SID_ARRAY *array, prs_struct *ps, int depth) -{ - unsigned int i; - - prs_debug(ps, depth, desc, "smb_io_sid_array"); - depth++; - - if(!prs_uint32("ref_id", ps, depth, &array->ref_id)) - return False; - - if (! array->ref_id) { - return True; - } - - if(!prs_uint32("count", ps, depth, &array->count)) - return False; - - if (array->count == 0) { - return True; - } - - if (UNMARSHALLING(ps)) { - array->sids = talloc_zero(get_talloc_ctx(), array->count * sizeof(array->sids[0])); - } - if (! array->sids) { - return False; - } - - for (i=0;i<array->count;i++) { - if(!prs_uint32("ref_id", ps, depth, &array->sids[i].ref_id)) - return False; - } - - for (i=0;i<array->count;i++) { - if (!smb_io_dom_sid2("sid", &array->sids[i].sid, ps, depth)) - return False; - } - - return True; -} - /******************************************************************* Inits a DOM_RID2 structure. ********************************************************************/ @@ -1289,22 +1217,22 @@ void init_dom_rid4(DOM_RID4 *rid4, uint16 unknown, uint16 attr, uint32 rid) Inits a DOM_CLNT_SRV structure. ********************************************************************/ -static void init_clnt_srv(DOM_CLNT_SRV *dlog, const char *logon_srv, const char *comp_name) +static void init_clnt_srv(DOM_CLNT_SRV *log, const char *logon_srv, const char *comp_name) { DEBUG(5,("init_clnt_srv: %d\n", __LINE__)); if (logon_srv != NULL) { - dlog->undoc_buffer = 1; - init_unistr2(&dlog->uni_logon_srv, logon_srv, strlen(logon_srv)+1); + log->undoc_buffer = 1; + init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1); } else { - dlog->undoc_buffer = 0; + log->undoc_buffer = 0; } if (comp_name != NULL) { - dlog->undoc_buffer2 = 1; - init_unistr2(&dlog->uni_comp_name, comp_name, strlen(comp_name)+1); + log->undoc_buffer2 = 1; + init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1); } else { - dlog->undoc_buffer2 = 0; + log->undoc_buffer2 = 0; } } @@ -1312,9 +1240,9 @@ static void init_clnt_srv(DOM_CLNT_SRV *dlog, const char *logon_srv, const char Inits or writes a DOM_CLNT_SRV structure. ********************************************************************/ -static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *dlog, prs_struct *ps, int depth) +static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *log, prs_struct *ps, int depth) { - if (dlog == NULL) + if (log == NULL) return False; prs_debug(ps, depth, desc, "smb_io_clnt_srv"); @@ -1323,22 +1251,22 @@ static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *dlog, prs_struct *ps if(!prs_align(ps)) return False; - if(!prs_uint32("undoc_buffer ", ps, depth, &dlog->undoc_buffer)) + if(!prs_uint32("undoc_buffer ", ps, depth, &log->undoc_buffer)) return False; - if (dlog->undoc_buffer != 0) { - if(!smb_io_unistr2("unistr2", &dlog->uni_logon_srv, dlog->undoc_buffer, ps, depth)) + if (log->undoc_buffer != 0) { + if(!smb_io_unistr2("unistr2", &log->uni_logon_srv, log->undoc_buffer, ps, depth)) return False; } if(!prs_align(ps)) return False; - if(!prs_uint32("undoc_buffer2", ps, depth, &dlog->undoc_buffer2)) + if(!prs_uint32("undoc_buffer2", ps, depth, &log->undoc_buffer2)) return False; - if (dlog->undoc_buffer2 != 0) { - if(!smb_io_unistr2("unistr2", &dlog->uni_comp_name, dlog->undoc_buffer2, ps, depth)) + if (log->undoc_buffer2 != 0) { + if(!smb_io_unistr2("unistr2", &log->uni_comp_name, log->undoc_buffer2, ps, depth)) return False; } @@ -1349,28 +1277,28 @@ static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *dlog, prs_struct *ps Inits a DOM_LOG_INFO structure. ********************************************************************/ -void init_log_info(DOM_LOG_INFO *dlog, const char *logon_srv, const char *acct_name, +void init_log_info(DOM_LOG_INFO *log, const char *logon_srv, const char *acct_name, uint16 sec_chan, const char *comp_name) { DEBUG(5,("make_log_info %d\n", __LINE__)); - dlog->undoc_buffer = 1; + log->undoc_buffer = 1; - init_unistr2(&dlog->uni_logon_srv, logon_srv, strlen(logon_srv)+1); - init_unistr2(&dlog->uni_acct_name, acct_name, strlen(acct_name)+1); + init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1); + init_unistr2(&log->uni_acct_name, acct_name, strlen(acct_name)+1); - dlog->sec_chan = sec_chan; + log->sec_chan = sec_chan; - init_unistr2(&dlog->uni_comp_name, comp_name, strlen(comp_name)+1); + init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1); } /******************************************************************* Reads or writes a DOM_LOG_INFO structure. ********************************************************************/ -BOOL smb_io_log_info(const char *desc, DOM_LOG_INFO *dlog, prs_struct *ps, int depth) +BOOL smb_io_log_info(const char *desc, DOM_LOG_INFO *log, prs_struct *ps, int depth) { - if (dlog == NULL) + if (log == NULL) return False; prs_debug(ps, depth, desc, "smb_io_log_info"); @@ -1379,18 +1307,18 @@ BOOL smb_io_log_info(const char *desc, DOM_LOG_INFO *dlog, prs_struct *ps, int d if(!prs_align(ps)) return False; - if(!prs_uint32("undoc_buffer", ps, depth, &dlog->undoc_buffer)) + if(!prs_uint32("undoc_buffer", ps, depth, &log->undoc_buffer)) return False; - if(!smb_io_unistr2("unistr2", &dlog->uni_logon_srv, True, ps, depth)) + if(!smb_io_unistr2("unistr2", &log->uni_logon_srv, True, ps, depth)) return False; - if(!smb_io_unistr2("unistr2", &dlog->uni_acct_name, True, ps, depth)) + if(!smb_io_unistr2("unistr2", &log->uni_acct_name, True, ps, depth)) return False; - if(!prs_uint16("sec_chan", ps, depth, &dlog->sec_chan)) + if(!prs_uint16("sec_chan", ps, depth, &log->sec_chan)) return False; - if(!smb_io_unistr2("unistr2", &dlog->uni_comp_name, True, ps, depth)) + if(!smb_io_unistr2("unistr2", &log->uni_comp_name, True, ps, depth)) return False; return True; @@ -1529,21 +1457,21 @@ BOOL smb_io_clnt_info(const char *desc, DOM_CLNT_INFO *clnt, prs_struct *ps, in Inits a DOM_LOGON_ID structure. ********************************************************************/ -void init_logon_id(DOM_LOGON_ID *dlog, uint32 log_id_low, uint32 log_id_high) +void init_logon_id(DOM_LOGON_ID *log, uint32 log_id_low, uint32 log_id_high) { DEBUG(5,("make_logon_id: %d\n", __LINE__)); - dlog->low = log_id_low; - dlog->high = log_id_high; + log->low = log_id_low; + log->high = log_id_high; } /******************************************************************* Reads or writes a DOM_LOGON_ID structure. ********************************************************************/ -BOOL smb_io_logon_id(const char *desc, DOM_LOGON_ID *dlog, prs_struct *ps, int depth) +BOOL smb_io_logon_id(const char *desc, DOM_LOGON_ID *log, prs_struct *ps, int depth) { - if (dlog == NULL) + if (log == NULL) return False; prs_debug(ps, depth, desc, "smb_io_logon_id"); @@ -1552,9 +1480,9 @@ BOOL smb_io_logon_id(const char *desc, DOM_LOGON_ID *dlog, prs_struct *ps, int d if(!prs_align(ps)) return False; - if(!prs_uint32("low ", ps, depth, &dlog->low )) + if(!prs_uint32("low ", ps, depth, &log->low )) return False; - if(!prs_uint32("high", ps, depth, &dlog->high)) + if(!prs_uint32("high", ps, depth, &log->high)) return False; return True; diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 259ca7fdc1..2c99d54b1b 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1808,9 +1808,9 @@ static BOOL net_io_sam_domain_info(const char *desc, SAM_DOMAIN_INFO * info, if (!smb_io_unihdr("hdr_unknown", &info->hdr_unknown, ps, depth)) return False; - if (prs_offset(ps) + 40 > prs_data_size(ps)) + if (ps->data_offset + 40 > ps->buffer_size) return False; - prs_set_offset(ps, prs_offset(ps) + 40); + ps->data_offset += 40; if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name, info->hdr_dom_name.buffer, ps, depth)) @@ -1847,9 +1847,9 @@ static BOOL net_io_sam_group_info(const char *desc, SAM_GROUP_INFO * info, if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth)) return False; - if (prs_offset(ps) + 48 > prs_data_size(ps)) + if (ps->data_offset + 48 > ps->buffer_size) return False; - prs_set_offset(ps, prs_offset(ps) + 48); + ps->data_offset += 48; if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name, info->hdr_grp_name.buffer, ps, depth)) @@ -2128,13 +2128,13 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16], uint32 len = 0x44; if (!prs_uint32("pwd_len", ps, depth, &len)) return False; - old_offset = prs_offset(ps); + old_offset = ps->data_offset; if (len == 0x44) { if (ps->io) { /* reading */ - if (!prs_hash1(ps, prs_offset(ps), sess_key)) + if (!prs_hash1(ps, ps->data_offset, sess_key)) return False; } if (!net_io_sam_passwd_info("pass", &info->pass, @@ -2148,9 +2148,9 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16], return False; } } - if (old_offset + len > prs_data_size(ps)) + if (old_offset + len > ps->buffer_size) return False; - prs_set_offset(ps, old_offset + len); + ps->data_offset = old_offset + len; } if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc, info->hdr_sec_desc.buffer, ps, depth)) @@ -2185,9 +2185,9 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf if (!prs_uint32("num_members", ps, depth, &info->num_members)) return False; - if (prs_offset(ps) + 16 > prs_data_size(ps)) + if (ps->data_offset + 16 > ps->buffer_size) return False; - prs_set_offset(ps, prs_offset(ps) + 16); + ps->data_offset += 16; if (info->ptr_rids != 0) { @@ -2267,9 +2267,9 @@ static BOOL net_io_sam_alias_info(const char *desc, SAM_ALIAS_INFO * info, if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth)) return False; - if (prs_offset(ps) + 40 > prs_data_size(ps)) + if (ps->data_offset + 40 > ps->buffer_size) return False; - prs_set_offset(ps, prs_offset(ps) + 40); + ps->data_offset += 40; if (!smb_io_unistr2("uni_als_name", &info->uni_als_name, info->hdr_als_name.buffer, ps, depth)) @@ -2307,9 +2307,9 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf if (info->ptr_members != 0) { - if (prs_offset(ps) + 16 > prs_data_size(ps)) + if (ps->data_offset + 16 > ps->buffer_size) return False; - prs_set_offset(ps, prs_offset(ps) + 16); + ps->data_offset += 16; if (!prs_uint32("num_sids", ps, depth, &info->num_sids)) return False; diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 7bd300dc7c..384e8e9094 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -642,164 +642,34 @@ static BOOL api_lsa_query_info2(pipes_struct *p) } - -/*************************************************************************** - api_lsa_enum_acctrights - ***************************************************************************/ -static BOOL api_lsa_enum_acct_rights(pipes_struct *p) -{ - LSA_Q_ENUM_ACCT_RIGHTS q_u; - LSA_R_ENUM_ACCT_RIGHTS r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n")); - return False; - } - - r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n")); - return False; - } - - return True; -} - - -/*************************************************************************** - api_lsa_enum_acct_with_right - ***************************************************************************/ -static BOOL api_lsa_enum_acct_with_right(pipes_struct *p) -{ - LSA_Q_ENUM_ACCT_WITH_RIGHT q_u; - LSA_R_ENUM_ACCT_WITH_RIGHT r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_enum_acct_with_right("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_enum_acct_with_right: failed to unmarshall LSA_Q_ENUM_ACCT_WITH_RIGHT.\n")); - return False; - } - - r_u.status = _lsa_enum_acct_with_right(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_enum_acct_with_right("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_enum_acct_with_right: Failed to marshall LSA_R_ENUM_ACCT_WITH_RIGHT.\n")); - return False; - } - - return True; -} - - -/*************************************************************************** - api_lsa_add_acctrights - ***************************************************************************/ -static BOOL api_lsa_add_acct_rights(pipes_struct *p) -{ - LSA_Q_ADD_ACCT_RIGHTS q_u; - LSA_R_ADD_ACCT_RIGHTS r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n")); - return False; - } - - r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n")); - return False; - } - - return True; -} - - -/*************************************************************************** - api_lsa_remove_acctrights - ***************************************************************************/ -static BOOL api_lsa_remove_acct_rights(pipes_struct *p) -{ - LSA_Q_REMOVE_ACCT_RIGHTS q_u; - LSA_R_REMOVE_ACCT_RIGHTS r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n")); - return False; - } - - r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n")); - return False; - } - - return True; -} - - /*************************************************************************** \PIPE\ntlsa commands ***************************************************************************/ - NTSTATUS rpc_lsa_init(void) { - static const struct api_struct api_lsa_cmds[] = - { - { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 }, - { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy }, - { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info }, - { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom }, - { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close }, - { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret }, - { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids }, - { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names }, - { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs }, - { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname}, - { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts }, - { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser }, - { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account }, - { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount}, - { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount }, - { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount }, - { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs }, - { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs }, - { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj }, - { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }, - { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights }, - { "LSA_ENUMACCTWITHRIGHT", LSA_ENUMACCTWITHRIGHT, api_lsa_enum_acct_with_right }, - { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights }, - { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights}, - }; +static const struct api_struct api_lsa_cmds[] = +{ + { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 }, + { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy }, + { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info }, + { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom }, + { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close }, + { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret }, + { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids }, + { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names }, + { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs }, + { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname}, + { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts }, + { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser }, + { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account }, + { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount}, + { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount }, + { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount }, + { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs }, + { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs }, + { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj }, + { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 } +}; return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds, sizeof(api_lsa_cmds) / sizeof(struct api_struct)); diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 3581be0181..e7e13d7a84 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -645,7 +645,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_ num_entries = MAX_LOOKUP_SIDS; DEBUG(5,("_lsa_lookup_sids: truncating SID lookup list to %d\n", num_entries)); } - + ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM)); @@ -1273,140 +1273,3 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I return r_u->status; } - - -/*************************************************************************** - For a given SID, enumerate all the privilege this account has. - ***************************************************************************/ -NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u) -{ - struct lsa_info *info=NULL; - char **rights = NULL; - int num_rights = 0; - int i; - - r_u->status = NT_STATUS_OK; - - /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) - return NT_STATUS_INVALID_HANDLE; - - r_u->status = privilege_enum_account_rights(&q_u->sid.sid, &num_rights, &rights); - - init_r_enum_acct_rights(r_u, num_rights, (const char **)rights); - - for (i=0;i<num_rights;i++) { - free(rights[i]); - } - safe_free(rights); - - return r_u->status; -} - -/*************************************************************************** -return a list of SIDs for a particular privilege - ***************************************************************************/ -NTSTATUS _lsa_enum_acct_with_right(pipes_struct *p, - LSA_Q_ENUM_ACCT_WITH_RIGHT *q_u, - LSA_R_ENUM_ACCT_WITH_RIGHT *r_u) -{ - struct lsa_info *info=NULL; - char *right; - DOM_SID *sids = NULL; - uint32 count = 0; - - r_u->status = NT_STATUS_OK; - - /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) - return NT_STATUS_INVALID_HANDLE; - - right = unistr2_tdup(p->mem_ctx, &q_u->right); - - DEBUG(5,("lsa_enum_acct_with_right on right %s\n", right)); - - r_u->status = privilege_enum_account_with_right(right, &count, &sids); - - init_r_enum_acct_with_right(r_u, count, sids); - - safe_free(sids); - - return r_u->status; -} - -/*************************************************************************** - add privileges to a acct by SID - ***************************************************************************/ -NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u) -{ - struct lsa_info *info=NULL; - int i; - - r_u->status = NT_STATUS_OK; - - /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) - return NT_STATUS_INVALID_HANDLE; - - DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n", - sid_string_static(&q_u->sid.sid), q_u->rights.count)); - - for (i=0;i<q_u->rights.count;i++) { - DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); - } - - - for (i=0;i<q_u->rights.count;i++) { - r_u->status = privilege_add_account_right(unistr2_static(&q_u->rights.strings[i].string), - &q_u->sid.sid); - if (!NT_STATUS_IS_OK(r_u->status)) { - DEBUG(2,("Failed to add right '%s'\n", - unistr2_static(&q_u->rights.strings[i].string))); - break; - } - } - - init_r_add_acct_rights(r_u); - - return r_u->status; -} - - -/*************************************************************************** - remove privileges from a acct by SID - ***************************************************************************/ -NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u) -{ - struct lsa_info *info=NULL; - int i; - - r_u->status = NT_STATUS_OK; - - /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) - return NT_STATUS_INVALID_HANDLE; - - - DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n", - sid_string_static(&q_u->sid.sid), - q_u->removeall, - q_u->rights.count)); - - for (i=0;i<q_u->rights.count;i++) { - DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); - } - - for (i=0;i<q_u->rights.count;i++) { - r_u->status = privilege_remove_account_right(unistr2_static(&q_u->rights.strings[i].string), - &q_u->sid.sid); - if (!NT_STATUS_IS_OK(r_u->status)) { - DEBUG(2,("Failed to remove right '%s'\n", - unistr2_static(&q_u->rights.strings[i].string))); - break; - } - } - - init_r_remove_acct_rights(r_u); - - return r_u->status; -} diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 6a9e591f64..5b9d39ddc7 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -472,10 +472,16 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ + if (!IS_SAM_UNIX_USER(server_info->sam_account)) { + DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n")); + free_server_info(&server_info); + return False; + } + memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); - p->pipe_user.uid = server_info->uid; - p->pipe_user.gid = server_info->gid; + p->pipe_user.uid = pdb_get_uid(server_info->sam_account); + p->pipe_user.gid = pdb_get_gid(server_info->sam_account); p->pipe_user.ngroups = server_info->n_groups; if (p->pipe_user.ngroups) { diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 69ac60a7db..62d5f8ab0c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -6,7 +6,7 @@ * Copyright (C) Paul Ashton 1997, * Copyright (C) Marc Jacobsen 1999, * Copyright (C) Jeremy Allison 2001-2002, - * Copyright (C) Jean François Micouleau 1998-2001, + * Copyright (C) Jean François Micouleau 1998-2001, * Copyright (C) Anthony Liguori 2002, * Copyright (C) Jim McDonough 2002. * @@ -920,7 +920,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM struct sys_grent *grp; struct passwd *pw; gid_t winbind_gid_low, winbind_gid_high; - BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high); + BOOL winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); /* local aliases */ /* we return the UNIX groups here. This seems to be the right */ @@ -2818,7 +2818,8 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid) copy_id23_to_sam_passwd(pwd, id23); /* if it's a trust account, don't update /etc/passwd */ - if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( (!IS_SAM_UNIX_USER(pwd)) || + ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -2879,7 +2880,8 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid) } /* if it's a trust account, don't update /etc/passwd */ - if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( (!IS_SAM_UNIX_USER(pwd)) || + ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -3394,9 +3396,9 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } - - /* check a real user exist before we run the script to add a user to a group */ - if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) { + + uid = pdb_get_uid(sam_user); + if (uid == -1) { pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } @@ -3406,7 +3408,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; } - + if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_ALIAS; @@ -3555,6 +3557,18 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD return NT_STATUS_NO_SUCH_USER; } + uid = pdb_get_uid(sam_user); + if (uid == -1) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { + return NT_STATUS_NO_SUCH_USER; + } + if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_GROUP; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 026484d96d..e6129f4ace 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1018,9 +1018,9 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx ) } if ( sending_msg_count ) { - cli_spoolss_rrpcn( ¬ify_cli, mem_ctx, &p->notify.client_hnd, - data_len, data, p->notify.change, 0 ); - } + cli_spoolss_rrpcn( ¬ify_cli, mem_ctx, &p->notify.client_hnd, + data_len, data, p->notify.change, 0 ); + } } done: @@ -7601,12 +7601,12 @@ static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environmen { pstring path; pstring long_archi; - pstring short_archi; + const char *short_archi; DRIVER_DIRECTORY_1 *info=NULL; unistr2_to_ascii(long_archi, uni_environment, sizeof(long_archi)-1); - if (get_short_archi(short_archi, long_archi)==False) + if (!(short_archi = get_short_archi(long_archi))) return WERR_INVALID_ENVIRONMENT; if((info=(DRIVER_DIRECTORY_1 *)malloc(sizeof(DRIVER_DIRECTORY_1))) == NULL) @@ -8432,7 +8432,7 @@ WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_ /**************************************************************************** ****************************************************************************/ -static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getjob_level_1(print_queue_struct **queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) { int i=0; BOOL found=False; @@ -8445,7 +8445,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin } for (i=0; i<count && found==False; i++) { - if (queue[i].job==(int)jobid) + if ((*queue)[i].job==(int)jobid) found=True; } @@ -8455,7 +8455,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin return WERR_INVALID_PARAM; } - fill_job_info_1(info_1, &(queue[i-1]), i, snum); + fill_job_info_1(info_1, &((*queue)[i-1]), i, snum); *needed += spoolss_size_job_info_1(info_1); @@ -8477,7 +8477,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin /**************************************************************************** ****************************************************************************/ -static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) { int i = 0; BOOL found = False; @@ -8498,7 +8498,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin for ( i=0; i<count && found==False; i++ ) { - if (queue[i].job == (int)jobid) + if ((*queue)[i].job == (int)jobid) found = True; } @@ -8529,7 +8529,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin } } - fill_job_info_2(info_2, &(queue[i-1]), i, snum, ntprinter, devmode); + fill_job_info_2(info_2, &((*queue)[i-1]), i, snum, ntprinter, devmode); *needed += spoolss_size_job_info_2(info_2); @@ -8593,11 +8593,11 @@ WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_ switch ( level ) { case 1: - wstatus = getjob_level_1(queue, count, snum, jobid, + wstatus = getjob_level_1(&queue, count, snum, jobid, buffer, offered, needed); break; case 2: - wstatus = getjob_level_2(queue, count, snum, jobid, + wstatus = getjob_level_2(&queue, count, snum, jobid, buffer, offered, needed); break; default: @@ -9135,12 +9135,12 @@ static WERROR getprintprocessordirectory_level_1(UNISTR2 *name, { pstring path; pstring long_archi; - pstring short_archi; + const char *short_archi; PRINTPROCESSOR_DIRECTORY_1 *info=NULL; unistr2_to_ascii(long_archi, environment, sizeof(long_archi)-1); - if (get_short_archi(short_archi, long_archi)==False) + if (!(short_archi = get_short_archi(long_archi))) return WERR_INVALID_ENVIRONMENT; if((info=(PRINTPROCESSOR_DIRECTORY_1 *)malloc(sizeof(PRINTPROCESSOR_DIRECTORY_1))) == NULL) diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 4d9130fb97..1a7b64858b 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1840,8 +1840,6 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC struct current_user user; connection_struct *conn = NULL; BOOL became_user = False; - fstring dev; - fstrcpy(dev, "A:"); ZERO_STRUCT(st); @@ -1855,7 +1853,7 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC get_current_user(&user, p); become_root(); - conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status); + conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status); unbecome_root(); if (conn == NULL) { @@ -1945,12 +1943,9 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ struct current_user user; connection_struct *conn = NULL; BOOL became_user = False; - fstring dev; - fstrcpy(dev, "A:"); ZERO_STRUCT(st); - r_u->status = WERR_OK; unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname)); @@ -1961,7 +1956,7 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ get_current_user(&user, p); become_root(); - conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status); + conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status); unbecome_root(); if (conn == NULL) { diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index f96ccaef67..4eba9c7d1f 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -112,7 +112,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui *prids=NULL; *numgroups=0; - winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high); + winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", @@ -129,12 +129,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); - if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) { - /* this should never happen */ - DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n")); - pdb_free_sam(&sam_pass); - return NT_STATUS_UNSUCCESSFUL; - } + gid=pdb_get_gid(sam_pass); become_root(); /* on some systems this must run as root */ diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 808ef50a45..db74370bc0 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -543,50 +543,6 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli, } -/* Enumerate the accounts with a specific right */ - -static NTSTATUS cmd_lsa_enum_acct_with_right(struct cli_state *cli, - TALLOC_CTX *mem_ctx, int argc, - const char **argv) -{ - POLICY_HND dom_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_SID *sids; - uint32 count; - const char *right; - - int i; - - if (argc != 2 ) { - printf("Usage: %s <RIGHT>\n", argv[0]); - return NT_STATUS_OK; - } - - right = argv[1]; - - result = cli_lsa_open_policy2(cli, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &dom_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_lsa_enum_account_with_right(cli, mem_ctx, &dom_pol, right, &count, &sids); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - printf("found %d SIDs for '%s'\n", count, right); - - for (i = 0; i < count; i++) { - printf("\t%s\n", sid_string_static(&sids[i])); - } - - done: - return result; -} - - /* add some privileges to a SID via LsaAddAccountRights */ static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli, @@ -750,7 +706,6 @@ struct cmd_set lsarpc_commands[] = { { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" }, { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" }, - { "lsaenumacctwithright",RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_with_right,NULL, PI_LSARPC,"Enumerate accounts with a right", "" }, { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" }, { "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account", "" }, { "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookupprivvalue, NULL, PI_LSARPC, "Get a privilege value given its name", "" }, diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 3ce7f9e6ac..e4ff06a35e 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -54,7 +54,7 @@ static const struct table_node archi_table[]= { function to do the mapping between the long architecture name and the short one. ****************************************************************************/ -BOOL get_short_archi(char *short_archi, const char *long_archi) +static const char *cmd_spoolss_get_short_archi(const char *long_archi) { int i=-1; @@ -66,18 +66,17 @@ BOOL get_short_archi(char *short_archi, const char *long_archi) if (archi_table[i].long_archi==NULL) { DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi)); - return False; + return NULL; } /* this might be client code - but shouldn't this be an fstrcpy etc? */ - StrnCpy (short_archi, archi_table[i].short_archi, strlen(archi_table[i].short_archi)); DEBUGADD(108,("index: [%d]\n", i)); - DEBUGADD(108,("long architecture: [%s]\n", long_archi)); - DEBUGADD(108,("short architecture: [%s]\n", short_archi)); + DEBUGADD(108,("long architecture: [%s]\n", archi_table[i].long_archi)); + DEBUGADD(108,("short architecture: [%s]\n", archi_table[i].short_archi)); - return True; + return archi_table[i].short_archi; } #if 0 @@ -1153,7 +1152,7 @@ static char* get_driver_3_param (const char* str, const char* delim, UNISTR* des parameter because two consecutive delimiters will not return an empty string. See man strtok(3) for details */ - if (StrCaseCmp(ptr, "NULL") == 0) + if (ptr && (StrCaseCmp(ptr, "NULL") == 0)) ptr = NULL; if (dest != NULL) @@ -1227,7 +1226,7 @@ static WERROR cmd_spoolss_addprinterdriver(struct cli_state *cli, uint32 level = 3; PRINTER_DRIVER_CTR ctr; DRIVER_INFO_3 info3; - fstring arch; + const char *arch; fstring driver_name; /* parse the command arguements */ @@ -1243,7 +1242,7 @@ static WERROR cmd_spoolss_addprinterdriver(struct cli_state *cli, /* Fill in the DRIVER_INFO_3 struct */ ZERO_STRUCT(info3); - if (!get_short_archi(arch, argv[1])) + if (!(arch = cmd_spoolss_get_short_archi(argv[1]))) { printf ("Error Unknown architechture [%s]\n", argv[1]); return WERR_INVALID_PARAM; diff --git a/source3/sam/SAM-interface_handles.txt b/source3/sam/SAM-interface_handles.txt deleted file mode 100644 index 1c164bd198..0000000000 --- a/source3/sam/SAM-interface_handles.txt +++ /dev/null @@ -1,123 +0,0 @@ -SAM API
-
-NTSTATUS sam_get_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC **sd)
-NTSTATUS sam_set_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC *sd)
-
-NTSTATUS sam_lookup_name(NT_USER_TOKEN *access, DOM_SID *domain, char *name, DOM_SID **sid, uint32 *type)
-NTSTATUS sam_lookup_sid(NT_USER_TOKEN *access, DOM_SID *sid, char **name, uint32 *type)
-
-
-Domain API
-
-NTSTATUS sam_update_domain(SAM_DOMAIN_HANDLE *domain)
-
-NTSTATUS sam_enum_domains(NT_USER_TOKEN *access, int32 *domain_count, DOM_SID **domains, char **domain_names)
-NTSTATUS sam_lookup_domain(NT_USER_TOKEN *access, char *domain, DOM_SID **domainsid)
-
-NTSTATUS sam_get_domain_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-
-
-User API
-
-NTSTATUS sam_create_user(NT_USER_TOKEN *access, uint32 access_desired, SAM_USER_HANDLE **user)
-NTSTATUS sam_add_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_update_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_delete_user(SAM_USER_HANDLE * user)
-
-NTSTATUS sam_enum_users(NT_USER_TOKEN *access, DOM_SID *domain, int32 *user_count, SAM_USER_ENUM **users)
-
-NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE **user)
-NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE **user)
-
-
-Group API
-
-NTSTATUS sam_create_group(NT_USER_TOKEN *access, uint32 access_desired, uint32 typ, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_add_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_update_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_delete_group(SAM_GROUP_HANDLE *groupsid)
-
-NTSTATUS sam_enum_groups(NT_USER_TOKEN *access, DOM_SID *domainsid, uint32 typ, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-
-NTSTATUS sam_get_group_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_get_group_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_GROUP_HANDLE **group)
-
-NTSTATUS sam_add_member_to_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_delete_member_from_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_enum_groupmembers(SAM_GROUP_HANLDE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-
-NTSTATUS sam_get_groups_of_user(SAM_USER_HANDLE *user, uint32 typ, uint32 *group_count, SAM_GROUP_ENUM **groups)
-
-
-
-structures
-
-typedef _SAM_GROUP_MEMBER {
- DOM_SID sid;
- BOOL group; /* specifies if it is a group or a user */
-
-} SAM_GROUP_MEMBER
-
-typedef struct sam_user_enum {
- DOM_SID sid;
- char *username;
- char *full_name;
- char *user_desc;
- uint16 acc_ctrl;
-} SAM_USER_ENUM;
-
-typedef struct sam_group_enum {
- DOM_SID sid;
- char *groupname;
- char *comment;
-} SAM_GROUP_ENUM
-
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
-NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
-NTSTATUS sam_{get,set}_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
-NTSTATUS sam_{get,set}_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
-NTSTATUS sam_{get,set}_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
-NTSTATUS sam_{get,set}_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
-NTSTATUS sam_{get,set}_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
-NTSTATUS sam_{get,set}_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
-NTSTATUS sam_{get,set}_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
-NTSTATUS sam_{get,set}_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uin16 *password_history)
-NTSTATUS sam_{get,set}_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
-NTSTATUS sam_{get,set}_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
-NTSTATUS sam_{get,set}_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
-
-NTSTATUS sam_get_user_sid(SAM_USER_HANDLE *user, DOM_SID **sid)
-NTSTATUS sam_{get,set}_user_pgroup(SAM_USER_HANDLE *user, DOM_SID **pgroup)
-NTSTATUS sam_{get,set}_user_name(SAM_USER_HANDLE *user, char **username)
-NTSTATUS sam_{get,set}_user_fullname(SAM_USER_HANDLE *user, char** fullname)
-NTSTATUS sam_{get,set}_user_description(SAM_USER_HANDLE *user, char **description)
-NTSTATUS sam_{get,set}_user_home_dir(SAM_USER_HANDLE *user, char **home_dir)
-NTSTATUS sam_{get,set}_user_dir_drive(SAM_USER_HANDLE *user, char **dir_drive)
-NTSTATUS sam_{get,set}_user_logon_script(SAM_USER_HANDLE *user, char **logon_script)
-NTSTATUS sam_{get,set}_user_profile_path(SAM_USER_HANDLE *user, char **profile_path)
-NTSTATUS sam_{get,set}_user_workstations(SAM_USER_HANDLE *user, char **workstations)
-NTSTATUS sam_{get,set}_user_munged_dial(SAM_USER_HANDLE *user, char **munged_dial)
-NTSTATUS sam_{get,set}_user_lm_pwd(SAM_USER_HANDLE *user, DATA_BLOB *lm_pwd)
-NTSTATUS sam_{get,set}_user_nt_pwd(SAM_USER_HANDLE *user, DATA_BLOB *nt_pwd)
-NTSTATUS sam_{get,set}_user_plain_pwd(SAM_USER_HANDLE *user, DATA_BLOB *plaintext_pwd)
-NTSTATUS sam_{get,set}_user_acct_ctrl(SAM_USER_HANDLE *user, uint16 *acct_ctrl)
-NTSTATUS sam_{get,set}_user_logon_divs(SAM_USER_HANDLE *user, uint16 *logon_divs)
-NTSTATUS sam_{get,set}_user_hours(SAM_USER_HANDLE *user, uint32 *hours_len, uint8 **hours)
-NTSTATUS sam_{get,set}_user_logon_time(SAM_USER_HANDLE *user, NTTIME *logon_time)
-NTSTATUS sam_{get,set}_user_logoff_time(SAM_USER_HANDLE *user, NTTIME *logoff_time)
-NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME kickoff_time)
-NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME pwd_last_set)
-NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME pwd_can_change)
-NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME pwd_must_change)
-NTSTATUS sam_{get,set}_user_unknown_1(SAM_USER_HANDLE *user, char **unknown_1)
-NTSTATUS sam_{get,set}_user_unknown_2(SAM_USER_HANDLE *user, uint32 *unknown_2)
-NTSTATUS sam_{get,set}_user_unknown_3(SAM_USER_HANDLE *user, uint32 *unknown_3)
-NTSTATUS sam_{get,set}_user_unknown_4(SAM_USER_HANDLE *user, uint32 *unknown_4)
-
-NTSTATUS sam_get_group_sid(SAM_GROUP_HANDLE *group, DOM_SID **sid)
-NTSTATUS sam_get_group_typ(SAM_GROUP_HANDLE *group, uint32 *typ)
-NTSTATUS sam_{get,set}_group_name(SAM_GROUP_HANDLE *group, char **group_name)
-NTSTATUS sam_{get,set}_group_comment(SAM_GROUP_HANDLE *group, char **comment)
-NTSTATUS sam_{get,set}_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
\ No newline at end of file diff --git a/source3/sam/account.c b/source3/sam/account.c deleted file mode 100644 index b8336146cd..0000000000 --- a/source3/sam/account.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Jeremy Allison 1996-2001 - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - Copyright (C) Gerald (Jerry) Carter 2000-2001 - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_ACCOUNT_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account) -{ - ZERO_STRUCT(account->private); /* Don't touch the talloc context */ - - /* Don't change these timestamp settings without a good reason. - They are important for NT member server compatibility. */ - - /* FIXME: We should actually call get_nt_time_max() or sthng - * here */ - unix_to_nt_time(&(account->private.logoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max()); - account->private.unknown_1 = 0x00ffffff; /* don't know */ - account->private.logon_divs = 168; /* hours per week */ - account->private.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */ - account->private.unknown_2 = 0x00000000; /* don't know */ - account->private.unknown_3 = 0x000004ec; /* don't know */ -} - -static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account) -{ - if (*account) { - data_blob_clear_free(&((*account)->private.lm_pw)); - data_blob_clear_free(&((*account)->private.nt_pw)); - if((*account)->private.plaintext_pw!=NULL) - memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw)); - - talloc_destroy((*account)->mem_ctx); - *account = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE)); - - if (*account==NULL) { - DEBUG(0,("sam_init_account_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*account)->mem_ctx = mem_ctx; - - (*account)->free_fn = NULL; - - sam_fill_default_account(*account); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct sam_passwd. - ************************************************************/ - -NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*account)->free_fn = destroy_sam_talloc; - - return NT_STATUS_OK; -} - -/** - * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure. - * - * Also wipes the LM and NT hashes and plaintext password from - * memory. - * - * @param account SAM_ACCOUNT_HANDLE to free members of. - **/ - -static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account) -{ - - /* Kill off sensitive data. Free()ed by the - talloc mechinism */ - - data_blob_clear_free(&(account->private.lm_pw)); - data_blob_clear_free(&(account->private.nt_pw)); - if (account->private.plaintext_pw) - memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw)); -} - - -/************************************************************ - Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes. - ***********************************************************/ - -NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account) -{ - SMB_ASSERT(account != NULL); - - sam_free_account_contents(account); - - sam_fill_default_account(account); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_ACCOUNT_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - sam_free_account_contents(*account); - - if ((*account)->free_fn) { - (*account)->free_fn(account); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) - acct_str[i] = ' '; - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - **********************************************************/ - -uint16 sam_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return acct_ctrl; -} - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ - -void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) { - int i; - for (i = 0; i < 16; i++) - slprintf(&p[i*2], 3, "%02X", pwd[i]); - } else { - if (acct_ctrl & ACB_PWNOTREQ) - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - else - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ - -BOOL sam_gethexpwd(const char *p, unsigned char *pwd) -{ - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - if (!p) - return (False); - - for (i = 0; i < 32; i += 2) { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - return (False); - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); -} diff --git a/source3/sam/get_set_account.c b/source3/sam/get_set_account.c deleted file mode 100644 index acac281d21..0000000000 --- a/source3/sam/get_set_account.c +++ /dev/null @@ -1,845 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_ACCOUNT_HANDLE access routines - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid) -{ - NTSTATUS status; - SAM_DOMAIN_HANDLE *domain; - SAM_ASSERT(!sampass || !sid); - - if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){ - DEBUG(0, ("sam_get_account_domain_sid: Can't get domain for account\n")); - return status; - } - - return sam_get_domain_sid(domain, sid); -} - -NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, const char **domain_name) -{ - NTSTATUS status; - SAM_DOMAIN_HANDLE *domain; - SAM_ASSERT(sampass && domain_name); - - if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){ - DEBUG(0, ("sam_get_account_domain_name: Can't get domain for account\n")); - return status; - } - - return sam_get_domain_name(domain, domain_name); -} - -NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *acct_ctrl) -{ - SAM_ASSERT(sampass && acct_ctrl); - - *acct_ctrl = sampass->private.acct_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logon_time) -{ - SAM_ASSERT(sampass && logon_time) ; - - *logon_time = sampass->private.logon_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logoff_time) -{ - SAM_ASSERT(sampass && logoff_time) ; - - *logoff_time = sampass->private.logoff_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *kickoff_time) -{ - SAM_ASSERT(sampass && kickoff_time); - - *kickoff_time = sampass->private.kickoff_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_last_set_time) -{ - SAM_ASSERT(sampass && pass_last_set_time); - - *pass_last_set_time = sampass->private.pass_last_set_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_can_change_time) -{ - SAM_ASSERT(sampass && pass_can_change_time); - - *pass_can_change_time = sampass->private.pass_can_change_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_must_change_time) -{ - SAM_ASSERT(sampass && pass_must_change_time); - - *pass_must_change_time = sampass->private.pass_must_change_time; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *logon_divs) -{ - SAM_ASSERT(sampass && logon_divs); - - *logon_divs = sampass->private.logon_divs; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_hours_len(const SAM_ACCOUNT_HANDLE *sampass, uint32 *hours_len) -{ - SAM_ASSERT(sampass && hours_len); - - *hours_len = sampass->private.hours_len; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, const uint8 **hours) -{ - SAM_ASSERT(sampass && hours); - - *hours = sampass->private.hours; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt_pwd) -{ - SAM_ASSERT(sampass); - - SMB_ASSERT((!sampass->private.nt_pw.data) - || sampass->private.nt_pw.length == NT_HASH_LEN); - - *nt_pwd = sampass->private.nt_pw; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm_pwd) -{ - SAM_ASSERT(sampass); - - SMB_ASSERT((!sampass->private.lm_pw.data) - || sampass->private.lm_pw.length == LM_HASH_LEN); - - *lm_pwd = sampass->private.lm_pw; - - return NT_STATUS_OK; -} - -/* Return the plaintext password if known. Most of the time - it isn't, so don't assume anything magic about this function. - - Used to pass the plaintext to sam backends that might - want to store more than just the NTLM hashes. -*/ - -NTSTATUS sam_get_account_plaintext_pwd(const SAM_ACCOUNT_HANDLE *sampass, char **plain_pwd) -{ - SAM_ASSERT(sampass && plain_pwd); - - *plain_pwd = sampass->private.plaintext_pw; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid) -{ - SAM_ASSERT(sampass); - - *sid = &(sampass->private.account_sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid) -{ - SAM_ASSERT(sampass); - - *sid = &(sampass->private.group_sid); - - return NT_STATUS_OK; -} - -/** - * Get flags showing what is initalised in the SAM_ACCOUNT_HANDLE - * @param sampass the SAM_ACCOUNT_HANDLE in question - * @return the flags indicating the members initialised in the struct. - **/ - -NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *initflag) -{ - SAM_ASSERT(sampass); - - *initflag = sampass->private.init_flag; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_name) -{ - SAM_ASSERT(sampass); - - *account_name = sampass->private.account_name; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain) -{ - SAM_ASSERT(sampass); - - *domain = sampass->private.domain; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **fullname) -{ - SAM_ASSERT(sampass); - - *fullname = sampass->private.full_name; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homedir) -{ - SAM_ASSERT(sampass); - - *homedir = sampass->private.home_dir; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char **uhomedir) -{ - SAM_ASSERT(sampass); - - *uhomedir = sampass->private.unix_home_dir; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dirdrive) -{ - SAM_ASSERT(sampass); - - *dirdrive = sampass->private.dir_drive; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **logon_script) -{ - SAM_ASSERT(sampass); - - *logon_script = sampass->private.logon_script; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **profile_path) -{ - SAM_ASSERT(sampass); - - *profile_path = sampass->private.profile_path; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **description) -{ - SAM_ASSERT(sampass); - - *description = sampass->private.acct_desc; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **workstations) -{ - SAM_ASSERT(sampass); - - *workstations = sampass->private.workstations; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **unknown_str) -{ - SAM_ASSERT(sampass); - - *unknown_str = sampass->private.unknown_str; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **munged_dial) -{ - SAM_ASSERT(sampass); - - *munged_dial = sampass->private.munged_dial; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown1) -{ - SAM_ASSERT(sampass && unknown1); - - *unknown1 = sampass->private.unknown_1; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown2) -{ - SAM_ASSERT(sampass && unknown2); - - *unknown2 = sampass->private.unknown_2; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown3) -{ - SAM_ASSERT(sampass && unknown3); - - *unknown3 = sampass->private.unknown_3; - - return NT_STATUS_OK; -} - -/********************************************************************* - Collection of set...() functions for SAM_ACCOUNT_HANDLE_INFO. - ********************************************************************/ - -NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 acct_ctrl) -{ - SAM_ASSERT(sampass); - - sampass->private.acct_ctrl = acct_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.logon_time = mytime; - - - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.logoff_time = mytime; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.kickoff_time = mytime; - - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.pass_can_change_time = mytime; - - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store) -{ - SAM_ASSERT(sampass); - - sampass->private.pass_must_change_time = mytime; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime) -{ - SAM_ASSERT(sampass); - - sampass->private.pass_last_set_time = mytime; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len) -{ - SAM_ASSERT(sampass); - - sampass->private.hours_len = len; - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours) -{ - SAM_ASSERT(sampass); - - sampass->private.logon_divs = hours; - return NT_STATUS_OK; -} - -/** - * Set flags showing what is initalised in the SAM_ACCOUNT_HANDLE - * @param sampass the SAM_ACCOUNT_HANDLE in question - * @param flag The *new* flag to be set. Old flags preserved - * this flag is only added. - **/ - -NTSTATUS sam_set_account_init_flag(SAM_ACCOUNT_HANDLE *sampass, uint32 flag) -{ - SAM_ASSERT(sampass); - - sampass->private.init_flag |= flag; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *u_sid) -{ - SAM_ASSERT(sampass && u_sid); - - sid_copy(&sampass->private.account_sid, u_sid); - - DEBUG(10, ("sam_set_account_sid: setting account sid %s\n", - sid_string_static(&sampass->private.account_sid))); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, const char *u_sid) -{ - DOM_SID new_sid; - SAM_ASSERT(sampass && u_sid); - - DEBUG(10, ("sam_set_account_sid_from_string: setting account sid %s\n", - u_sid)); - - if (!string_to_sid(&new_sid, u_sid)) { - DEBUG(1, ("sam_set_account_sid_from_string: %s isn't a valid SID!\n", u_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(sam_set_account_sid(sampass, &new_sid))) { - DEBUG(1, ("sam_set_account_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", u_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *g_sid) -{ - SAM_ASSERT(sampass && g_sid); - - sid_copy(&sampass->private.group_sid, g_sid); - - DEBUG(10, ("sam_set_group_sid: setting group sid %s\n", - sid_string_static(&sampass->private.group_sid))); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, const char *g_sid) -{ - DOM_SID new_sid; - SAM_ASSERT(sampass && g_sid); - - DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n", - g_sid)); - - if (!string_to_sid(&new_sid, g_sid)) { - DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(sam_set_account_pgroup_sid(sampass, &new_sid))) { - DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", g_sid)); - return NT_STATUS_UNSUCCESSFUL; - } - return NT_STATUS_OK; -} - -/********************************************************************* - Set the domain name. - ********************************************************************/ - -NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain) -{ - SAM_ASSERT(sampass); - - sampass->private.domain = domain; - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's NT name. - ********************************************************************/ - -NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_name) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_account_name: setting nt account_name %s, was %s\n", account_name, sampass->private.account_name)); - - sampass->private.account_name = talloc_strdup(sampass->mem_ctx, account_name); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's full name. - ********************************************************************/ - -NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_name) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_account_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name)); - - sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's logon script. - ********************************************************************/ - -NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *logon_script, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script)); - - sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script); - - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's profile path. - ********************************************************************/ - -NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *profile_path, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path)); - - sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's directory drive. - ********************************************************************/ - -NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_drive, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive, - sampass->private.dir_drive)); - - sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's home directory. - ********************************************************************/ - -NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_dir, BOOL store) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir, - sampass->private.home_dir)); - - sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's unix home directory. - ********************************************************************/ - -NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *unix_home_dir) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir, - sampass->private.unix_home_dir)); - - sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's account description. - ********************************************************************/ - -NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct_desc) -{ - SAM_ASSERT(sampass); - - sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's workstation allowed list. - ********************************************************************/ - -NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *workstations) -{ - SAM_ASSERT(sampass); - - DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations, - sampass->private.workstations)); - - sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's 'unknown_str', whatever the heck this actually is... - ********************************************************************/ - -NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *unknown_str) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's dial string. - ********************************************************************/ - -NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *munged_dial) -{ - SAM_ASSERT(sampass); - - sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial); - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's NT hash. - ********************************************************************/ - -NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data) -{ - SAM_ASSERT(sampass); - - sampass->private.nt_pw = data; - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's LM hash. - ********************************************************************/ - -NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data) -{ - SAM_ASSERT(sampass); - - sampass->private.lm_pw = data; - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's plaintext password only (base procedure, see helper - below) - ********************************************************************/ - -NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *plain_pwd) -{ - SAM_ASSERT(sampass); - - sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, plain_pwd); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_1 = unkn; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_2 = unkn; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn) -{ - SAM_ASSERT(sampass); - - sampass->private.unknown_3 = unkn; - return NT_STATUS_OK; -} - -NTSTATUS sam_set_account_hours(SAM_ACCOUNT_HANDLE *sampass, const uint8 *hours) -{ - SAM_ASSERT(sampass); - - if (!hours) { - memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN); - return NT_STATUS_OK; - } - - memcpy(sampass->private.hours, hours, MAX_HOURS_LEN); - - return NT_STATUS_OK; -} - -/* Helpful interfaces to the above */ - -/********************************************************************* - Sets the last changed times and must change times for a normal - password change. - ********************************************************************/ - -NTSTATUS sam_set_account_pass_changed_now(SAM_ACCOUNT_HANDLE *sampass) -{ - uint32 expire; - NTTIME temptime; - - SAM_ASSERT(sampass); - - unix_to_nt_time(&temptime, time(NULL)); - if (!NT_STATUS_IS_OK(sam_set_account_pass_last_set_time(sampass, temptime))) - return NT_STATUS_UNSUCCESSFUL; - - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || (expire==(uint32)-1)) { - - get_nttime_max(&temptime); - if (!NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime, False))) - return NT_STATUS_UNSUCCESSFUL; - - } else { - /* FIXME: Add expire to temptime */ - - if (!NT_STATUS_IS_OK(sam_get_account_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime,True))) - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -/********************************************************************* - Set the account's PLAINTEXT password. Used as an interface to the above. - Also sets the last change time to NOW. - ********************************************************************/ - -NTSTATUS sam_set_account_passwd(SAM_ACCOUNT_HANDLE *sampass, const char *plaintext) -{ - DATA_BLOB data; - uchar new_lanman_p16[16]; - uchar new_nt_p16[16]; - - SAM_ASSERT(sampass && plaintext); - - nt_lm_owf_gen(plaintext, new_nt_p16, new_lanman_p16); - - data = data_blob(new_nt_p16, 16); - if (!NT_STATUS_IS_OK(sam_set_account_nt_pwd(sampass, data))) - return NT_STATUS_UNSUCCESSFUL; - - data = data_blob(new_lanman_p16, 16); - - if (!NT_STATUS_IS_OK(sam_set_account_lm_pwd(sampass, data))) - return NT_STATUS_UNSUCCESSFUL; - - if (!NT_STATUS_IS_OK(sam_set_account_plaintext_pwd(sampass, plaintext))) - return NT_STATUS_UNSUCCESSFUL; - - if (!NT_STATUS_IS_OK(sam_set_account_pass_changed_now(sampass))) - return NT_STATUS_UNSUCCESSFUL; - - return NT_STATUS_OK; -} - diff --git a/source3/sam/get_set_domain.c b/source3/sam/get_set_domain.c deleted file mode 100644 index c70a4a3f09..0000000000 --- a/source3/sam/get_set_domain.c +++ /dev/null @@ -1,263 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_DOMAIN access routines - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, const DOM_SID **sid) -{ - SAM_ASSERT(domain &&sid); - - *sid = &(domain->private.sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_accounts) -{ - SAM_ASSERT(domain &&num_accounts); - - *num_accounts = domain->private.num_accounts; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups) -{ - SAM_ASSERT(domain &&num_groups); - - *num_groups = domain->private.num_groups; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases) -{ - SAM_ASSERT(domain &&num_aliases); - - *num_aliases = domain->private.num_aliases; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, const char **domain_name) -{ - SAM_ASSERT(domain &&domain_name); - - *domain_name = domain->private.name; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, const char **server_name) -{ - SAM_ASSERT(domain &&server_name); - - *server_name = domain->private.servername; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage) -{ - SAM_ASSERT(domain &&max_passwordage); - - *max_passwordage = domain->private.max_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage) -{ - SAM_ASSERT(domain &&min_passwordage); - - *min_passwordage = domain->private.min_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration) -{ - SAM_ASSERT(domain &&lockout_duration); - - *lockout_duration = domain->private.lockout_duration; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count) -{ - SAM_ASSERT(domain &&reset_lockout_count); - - *reset_lockout_count = domain->private.reset_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength) -{ - SAM_ASSERT(domain &&min_passwordlength); - - *min_passwordlength = domain->private.min_passwordlength; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history) -{ - SAM_ASSERT(domain &&password_history); - - *password_history = domain->private.password_history; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count) -{ - SAM_ASSERT(domain &&lockout_count); - - *lockout_count = domain->private.lockout_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff) -{ - SAM_ASSERT(domain &&force_logoff); - - *force_logoff = domain->private.force_logoff; - - return NT_STATUS_OK; -} - - -NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange) -{ - SAM_ASSERT(domain && login_pwdchange); - - *login_pwdchange = domain->private.login_pwdchange; - - return NT_STATUS_OK; -} - -/* Set */ - -NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, const char *domain_name) -{ - SAM_ASSERT(domain); - - domain->private.name = talloc_strdup(domain->mem_ctx, domain_name); - - return NT_STATUS_OK; -} - - -NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage) -{ - SAM_ASSERT(domain); - - domain->private.max_passwordage = max_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage) -{ - SAM_ASSERT(domain); - - domain->private.min_passwordage = min_passwordage; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration) -{ - SAM_ASSERT(domain); - - domain->private.lockout_duration = lockout_duration; - - return NT_STATUS_OK; -} -NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count) -{ - SAM_ASSERT(domain); - - domain->private.reset_count = reset_lockout_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength) -{ - SAM_ASSERT(domain); - - domain->private.min_passwordlength = min_passwordlength; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history) -{ - SAM_ASSERT(domain); - - domain->private.password_history = password_history; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count) -{ - SAM_ASSERT(domain); - - domain->private.lockout_count = lockout_count; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff) -{ - SAM_ASSERT(domain); - - domain->private.force_logoff = force_logoff; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange) -{ - SAM_ASSERT(domain); - - domain->private.login_pwdchange = login_pwdchange; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, const char *server_name) -{ - SAM_ASSERT(domain); - - domain->private.servername = talloc_strdup(domain->mem_ctx, server_name); - - return NT_STATUS_OK; -} diff --git a/source3/sam/get_set_group.c b/source3/sam/get_set_group.c deleted file mode 100644 index 11ea9258a7..0000000000 --- a/source3/sam/get_set_group.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_USER_HANDLE access routines - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/* sam group get functions */ - -NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, const DOM_SID **sid) -{ - SAM_ASSERT(group && sid); - - *sid = &(group->private.sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_ctrl(const SAM_GROUP_HANDLE *group, uint32 *group_ctrl) -{ - SAM_ASSERT(group && group_ctrl); - - *group_ctrl = group->private.group_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, const char **group_name) -{ - SAM_ASSERT(group); - - *group_name = group->private.group_name; - - return NT_STATUS_OK; - -} -NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, const char **group_desc) -{ - SAM_ASSERT(group); - - *group_desc = group->private.group_desc; - - return NT_STATUS_OK; -} - -/* sam group set functions */ - -NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, const DOM_SID *sid) -{ - SAM_ASSERT(group); - - if (!sid) - ZERO_STRUCT(group->private.sid); - else - sid_copy(&(group->private.sid), sid); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_group_group_ctrl(SAM_GROUP_HANDLE *group, uint32 group_ctrl) -{ - SAM_ASSERT(group); - - group->private.group_ctrl = group_ctrl; - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, const char *group_name) -{ - SAM_ASSERT(group); - - group->private.group_name = talloc_strdup(group->mem_ctx, group_name); - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_group_description(SAM_GROUP_HANDLE *group, const char *group_desc) -{ - SAM_ASSERT(group); - - group->private.group_desc = talloc_strdup(group->mem_ctx, group_desc); - - return NT_STATUS_OK; - -} diff --git a/source3/sam/group.c b/source3/sam/group.c deleted file mode 100644 index 101e3dd7ce..0000000000 --- a/source3/sam/group.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers - - Copyright (C) Stefan (metze) Metzmacher 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_GROUP_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_group(SAM_GROUP_HANDLE *group) -{ - ZERO_STRUCT(group->private); /* Don't touch the talloc context */ - -} - -static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group) -{ - if (*group) { - - talloc_destroy((*group)->mem_ctx); - *group = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE)); - - if (*group==NULL) { - DEBUG(0,("sam_init_group_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*group)->mem_ctx = mem_ctx; - - (*group)->free_fn = NULL; - - sam_fill_default_group(*group); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct SAM_GROUP_HANDLE. - ************************************************************/ - -NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*group)->free_fn = destroy_sam_group_handle_talloc; - - return NT_STATUS_OK; -} - - -/************************************************************ - Reset the SAM_GROUP_HANDLE. - ***********************************************************/ - -NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group) -{ - SMB_ASSERT(group != NULL); - - sam_fill_default_group(group); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_GROUP_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if ((*group)->free_fn) { - (*group)->free_fn(group); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the group control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length) -{ - static fstring group_str; - size_t i = 0; - - group_str[i++] = '['; - - if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L'; - if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G'; - - for ( ; i < length - 2 ; i++ ) - group_str[i] = ' '; - - i = length - 2; - group_str[i++] = ']'; - group_str[i++] = '\0'; - - return group_str; -} - -/********************************************************** - Decode the group control bits from a string. - **********************************************************/ - -uint16 sam_decode_group_ctrl(const char *p) -{ - uint16 group_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ } - case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ } - - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return group_ctrl; -} - diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c deleted file mode 100644 index 5da2407faa..0000000000 --- a/source3/sam/gumm_tdb.c +++ /dev/null @@ -1,1196 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * SMB parameters and setup - * Copyright (C) Andrew Tridgell 1992-1998 - * Copyright (C) Simo Sorce 2000-2002 - * Copyright (C) Gerald Carter 2000 - * Copyright (C) Jeremy Allison 2001 - * Copyright (C) Andrew Bartlett 2002 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" -#include "tdbsam2.h" -#include "tdbsam2_parse_info.h" - -static int tdbgumm_debug_level = DBGC_ALL; -#undef DBGC_CLASS -#define DBGC_CLASS tdbgumm_debug_level - -#define TDBSAM_VERSION 20021215 -#define TDB_FILE_NAME "tdbsam2.tdb" -#define NAMEPREFIX "NAME_" -#define SIDPREFIX "SID_" -#define PRIVILEGEPREFIX "PRIV_" - -#define TDB_FORMAT_STRING "ddB" - -#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - -struct tdbsam2_enum_objs { - uint32 type; - fstring dom_sid; - TDB_CONTEXT *db; - TDB_DATA key; - struct tdbsam2_enum_objs *next; -}; - -union tdbsam2_data { - struct tdbsam2_domain_data *domain; - struct tdbsam2_user_data *user; - struct tdbsam2_group_data *group; -}; - -struct tdbsam2_object { - uint32 type; - uint32 version; - union tdbsam2_data data; -}; - -static TDB_CONTEXT *tdbsam2_db; - -struct tdbsam2_enum_objs **teo_handlers; - -static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - int iret; - char *obj_data; - int data_size = 0; - int len; - - len = tdb_unpack (buffer, size, TDB_FORMAT_STRING, - &(object->version), - &(object->type), - &data_size, &obj_data); - - if (len == -1) - goto done; - - /* version is checked inside this function so that backward compatibility code can be - called eventually. - this way we can easily handle database format upgrades */ - if (object->version != TDBSAM_VERSION) { - DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - switch (object->type) { - case GUMS_OBJ_DOMAIN: - object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data)); - TALLOC_CHECK(object->data.domain, ret, done); - memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data)); - - iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data)); - TALLOC_CHECK(object->data.group, ret, done); - memset(object->data.group, 0, sizeof(struct tdbsam2_group_data)); - - iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data); - break; - case GUMS_OBJ_NORMAL_USER: - object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data)); - TALLOC_CHECK(object->data.user, ret, done); - memset(object->data.user, 0, sizeof(struct tdbsam2_user_data)); - - iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data); - break; - default: - DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n")); - goto done; - } - - if (iret != 0) { - DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?")); - goto done; - } - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object) -{ - - NTSTATUS ret; - char *buf1 = NULL; - size_t buflen; - - if (!buffer) - return NT_STATUS_INVALID_PARAMETER; - - switch (object->type) { - case GUMS_OBJ_DOMAIN: - buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0); - break; - case GUMS_OBJ_NORMAL_USER: - buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0); - break; - default: - DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (buf1 == NULL) { - DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - strlen(buf1) + 1, buf1); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - strlen(buf1) + 1, buf1); - - if (*len != buflen) { - DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS opentdb(void) -{ - if (!tdbsam2_db) { - pstring tdbfile; - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, TDB_FILE_NAME); - - tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600); - if (!tdbsam2_db) - { - DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile)); - return NT_STATUS_UNSUCCESSFUL; - } - } - - return NT_STATUS_OK; -} - -static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid) -{ - NTSTATUS ret; - TDB_DATA data, key; - fstring keystr; - - if (!obj || !mem_ctx || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - return ret; - } - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdbsam2_db, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - return NT_STATUS_UNSUCCESSFUL; - } - - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - SAFE_FREE(data.dptr); - - return NT_STATUS_OK; - -} - -static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name) -{ - - NTSTATUS ret; - TDB_DATA data, key; - fstring keystr; - fstring objname; - DOM_SID sid; - char *obj_sidstr; - int obj_version, obj_type, obj_sidstr_len, len; - - if (!obj || !mem_ctx || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - return ret; - } - - fstrcpy(objname, name); - strlower(objname); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdbsam2_db, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - return NT_STATUS_UNSUCCESSFUL; - } - - len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING, - &obj_version, - &obj_type, - &obj_sidstr_len, &obj_sidstr); - - SAFE_FREE(data.dptr); - - if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) { - DEBUG(5, ("get_object_by_name: Error unpacking database object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!string_to_sid(&sid, obj_sidstr)) { - DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n")); - SAFE_FREE(obj_sidstr); - return NT_STATUS_UNSUCCESSFUL; - } - SAFE_FREE(obj_sidstr); - - return get_object_by_sid(mem_ctx, obj, &sid); -} - -static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj) -{ - - NTSTATUS ret; - TDB_DATA data, key, key2; - fstring keystr; - fstring namestr; - int flag, r; - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - return ret; - } - - if (new_obj) { - flag = TDB_INSERT; - } else { - flag = TDB_MODIFY; - } - - ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object); - if (NT_STATUS_IS_ERR(ret)) - return ret; - - switch (object->type) { - case GUMS_OBJ_DOMAIN: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid)); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid)); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name); - break; - case GUMS_OBJ_NORMAL_USER: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid)); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name); - break; - default: - return NT_STATUS_UNSUCCESSFUL; - } - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify SAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_INTERNAL_DB_ERROR; - } - - key2.dptr = namestr; - key2.dsize = strlen(namestr) + 1; - - if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify SAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_INTERNAL_DB_ERROR; - } -/* TODO: update the general database counter */ -/* TODO: update this entry counter too */ - - return NT_STATUS_OK; -} - -static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - DOM_SID *dom_sid = get_global_sam_sid(); - uint32 new_rid; - -/* TODO: LOCK DOMAIN OBJECT */ - ret = get_object_by_sid(mem_ctx, &obj, dom_sid); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("get_next_sid: unable to get root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto error; - } - - new_rid = obj.data.domain->next_rid; - - /* Increment the RID Counter */ - obj.data.domain->next_rid++; - - /* Store back Domain object */ - ret = store_object(mem_ctx, &obj, False); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("get_next_sid: unable to update root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto error; - } -/* TODO: UNLOCK DOMAIN OBJECT */ - - *sid = sid_dup_talloc(mem_ctx, dom_sid); - TALLOC_CHECK(*sid, ret, error); - - if (!sid_append_rid(*sid, new_rid)) { - DEBUG(0, ("get_next_sid: unable to build new SID !?!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - - return NT_STATUS_OK; - -error: - return ret; -} - -static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata) -{ - NTSTATUS ret; - - if (!object || !userdata) { - DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* userdata->xcounter */ - /* userdata->sec_desc */ - - SET_OR_FAIL(gums_set_object_sid(*object, userdata->user_sid), error); - SET_OR_FAIL(gums_set_object_name(*object, userdata->name), error); - - SET_OR_FAIL(gums_set_user_pri_group(*object, userdata->group_sid), error); - - if (userdata->description) - SET_OR_FAIL(gums_set_object_description(*object, userdata->description), error); - - if (userdata->full_name) - SET_OR_FAIL(gums_set_user_fullname(*object, userdata->full_name), error); - - if (userdata->home_dir) - SET_OR_FAIL(gums_set_user_homedir(*object, userdata->home_dir), error); - - if (userdata->dir_drive) - SET_OR_FAIL(gums_set_user_dir_drive(*object, userdata->dir_drive), error); - - if (userdata->logon_script) - SET_OR_FAIL(gums_set_user_logon_script(*object, userdata->logon_script), error); - - if (userdata->profile_path) - SET_OR_FAIL(gums_set_user_profile_path(*object, userdata->profile_path), error); - - if (userdata->workstations) - SET_OR_FAIL(gums_set_user_workstations(*object, userdata->workstations), error); - - if (userdata->unknown_str) - SET_OR_FAIL(gums_set_user_unknown_str(*object, userdata->unknown_str), error); - - if (userdata->munged_dial) - SET_OR_FAIL(gums_set_user_munged_dial(*object, userdata->munged_dial), error); - - SET_OR_FAIL(gums_set_user_logon_divs(*object, userdata->logon_divs), error); - SET_OR_FAIL(gums_set_user_hours_len(*object, userdata->hours_len), error); - - if (userdata->hours) - SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error); - - SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error); - SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error); - SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error); - - SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error); - SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error); - SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error); - SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error); - SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error); - SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error); - - ret = NT_STATUS_OK; - return ret; - -error: - talloc_destroy((*object)->mem_ctx); - *object = NULL; - return ret; -} - -static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata) -{ - NTSTATUS ret; - - if (!object || !groupdata) { - DEBUG(0, ("tdbsam2_group_data_to_gums_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* groupdata->xcounter */ - /* groupdata->sec_desc */ - - SET_OR_FAIL(gums_set_object_sid(*object, groupdata->group_sid), error); - SET_OR_FAIL(gums_set_object_name(*object, groupdata->name), error); - - if (groupdata->description) - SET_OR_FAIL(gums_set_object_description(*object, groupdata->description), error); - - if (groupdata->count) - SET_OR_FAIL(gums_set_group_members(*object, groupdata->count, groupdata->members), error); - - ret = NT_STATUS_OK; - return ret; - -error: - talloc_destroy((*object)->mem_ctx); - *object = NULL; - return ret; -} - -static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata) -{ - - NTSTATUS ret; - - if (!object || !*object || !domdata) { - DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* domdata->xcounter */ - /* domdata->sec_desc */ - - SET_OR_FAIL(gums_set_object_sid(*object, domdata->dom_sid), error); - SET_OR_FAIL(gums_set_object_name(*object, domdata->name), error); - - if (domdata->description) - SET_OR_FAIL(gums_set_object_description(*object, domdata->description), error); - - ret = NT_STATUS_OK; - return ret; - -error: - talloc_destroy((*object)->mem_ctx); - *object = NULL; - return ret; -} - -static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data) -{ - - NTSTATUS ret; - - if (!object || !data) { - DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL structure pointers are accepted here!\n")); - ret = NT_STATUS_INVALID_PARAMETER; - goto done; - } - - ret = gums_create_object(object, data->type); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(5, ("tdbsam2_user_data_to_gums_object: error creating gums object!\n")); - goto done; - } - - switch (data->type) { - case GUMS_OBJ_DOMAIN: - ret = domain_data_to_gums_object(object, data->data.domain); - break; - - case GUMS_OBJ_NORMAL_USER: - ret = user_data_to_gums_object(object, data->data.user); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - ret = group_data_to_gums_object(object, data->data.group); - break; - - default: - ret = NT_STATUS_UNSUCCESSFUL; - } - -done: - return ret; -} - - -/* GUMM object functions */ - -static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name) -{ - - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - fstring domname; - - if (!sid || !name) - return NT_STATUS_INVALID_PARAMETER; - - mem_ctx = talloc_init("tdbsam2_get_domain_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (NT_STATUS_IS_ERR(ret = opentdb())) { - goto done; - } - - fstrcpy(domname, name); - strlower(domname); - - ret = get_object_by_name(mem_ctx, &obj, domname); - - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); - goto done; - } - - if (obj.type != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - sid_copy(sid, obj.data.domain->dom_sid); - - ret = NT_STATUS_OK; - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name) -{ - - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - fstring domname; - - if (!sid || !name) - return NT_STATUS_INVALID_PARAMETER; - - mem_ctx = talloc_init("tdbsam2_set_domain_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (tdbsam2_db == NULL) { - if (NT_STATUS_IS_ERR(ret = opentdb())) { - goto done; - } - } - - fstrcpy(domname, name); - strlower(domname); - -/* TODO: we need to lock this entry until updated! */ - - ret = get_object_by_name(mem_ctx, &obj, domname); - - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); - goto done; - } - - if (obj.type != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - sid_copy(obj.data.domain->dom_sid, sid); - - ret = store_object(mem_ctx, &obj, False); - -done: -/* TODO: unlock here */ - if (mem_ctx) talloc_destroy(mem_ctx); - return ret; -} - -/* TODO */ - NTSTATUS (*get_sequence_number) (void); - - -extern DOM_SID global_sid_NULL; - -static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type) -{ - - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - NTTIME zero_time = {0,0}; - const char *defpw = "NOPASSWORDXXXXXX"; - uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}; - - if (!sid || !name) { - DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_new_object"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_new_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - obj.type = obj_type; - obj.version = TDBSAM_VERSION; - - switch (obj_type) { - case GUMS_OBJ_NORMAL_USER: - obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data)); - TALLOC_CHECK(obj.data.user, ret, done); - - get_next_sid(mem_ctx, &(obj.data.user->user_sid)); - TALLOC_CHECK(obj.data.user->user_sid, ret, done); - sid_copy(sid, obj.data.user->user_sid); - - obj.data.user->name = talloc_strdup(mem_ctx, name); - TALLOC_CHECK(obj.data.user, ret, done); - - obj.data.user->xcounter = 1; - /*obj.data.user->sec_desc*/ - obj.data.user->description = ""; - obj.data.user->group_sid = &global_sid_NULL; - obj.data.user->logon_time = &zero_time; - obj.data.user->logoff_time = &zero_time; - obj.data.user->kickoff_time = &zero_time; - obj.data.user->pass_last_set_time = &zero_time; - obj.data.user->pass_can_change_time = &zero_time; - obj.data.user->pass_must_change_time = &zero_time; - - obj.data.user->full_name = ""; - obj.data.user->home_dir = ""; - obj.data.user->dir_drive = ""; - obj.data.user->logon_script = ""; - obj.data.user->profile_path = ""; - obj.data.user->workstations = ""; - obj.data.user->unknown_str = ""; - obj.data.user->munged_dial = ""; - - obj.data.user->lm_pw_ptr = defpw; - obj.data.user->nt_pw_ptr = defpw; - - obj.data.user->logon_divs = 168; - obj.data.user->hours_len = 21; - obj.data.user->hours = &defhours; - - obj.data.user->unknown_3 = 0x00ffffff; - obj.data.user->unknown_5 = 0x00020000; - obj.data.user->unknown_6 = 0x000004ec; - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data)); - TALLOC_CHECK(obj.data.group, ret, done); - - get_next_sid(mem_ctx, &(obj.data.group->group_sid)); - TALLOC_CHECK(obj.data.group->group_sid, ret, done); - sid_copy(sid, obj.data.group->group_sid); - - obj.data.group->name = talloc_strdup(mem_ctx, name); - TALLOC_CHECK(obj.data.group, ret, done); - - obj.data.group->xcounter = 1; - /*obj.data.group->sec_desc*/ - obj.data.group->description = ""; - - break; - - case GUMS_OBJ_DOMAIN: - - /* FIXME: should we check against global_sam_sid to make it impossible - to store more than one domain ? */ - - obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data)); - TALLOC_CHECK(obj.data.domain, ret, done); - - obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid()); - TALLOC_CHECK(obj.data.domain->dom_sid, ret, done); - sid_copy(sid, obj.data.domain->dom_sid); - - obj.data.domain->name = talloc_strdup(mem_ctx, name); - TALLOC_CHECK(obj.data.domain, ret, done); - - obj.data.domain->xcounter = 1; - /*obj.data.domain->sec_desc*/ - obj.data.domain->next_rid = 0x3e9; - obj.data.domain->description = ""; - - ret = NT_STATUS_OK; - break; - - default: - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = store_object(mem_ctx, &obj, True); - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - TDB_DATA data, key; - fstring keystr; - - if (!sid) { - DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_delete_object"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (tdbsam2_db == NULL) { - if (NT_STATUS_IS_ERR(ret = opentdb())) { - goto done; - } - } - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdbsam2_db, key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - switch (obj.type) { - case GUMS_OBJ_DOMAIN: - /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */ - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name); - break; - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name); - break; - case GUMS_OBJ_NORMAL_USER: - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name); - break; - default: - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -/* TODO: update the general database counter */ - -done: - SAFE_FREE(data.dptr); - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - - if (!object || !sid) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_get_object_from_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - ret = get_object_by_sid(mem_ctx, &obj, sid); - if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n")); - goto done; - } - - ret = data_to_gums_object(object, &obj); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n")); - goto done; - } - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type) -{ - NTSTATUS ret; - struct tdbsam2_object obj; - TALLOC_CTX *mem_ctx; - - if (!object || !name) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - mem_ctx = talloc_init("tdbsam2_get_object_from_sid"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - ret = get_object_by_name(mem_ctx, &obj, name); - if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n")); - goto done; - } - - ret = data_to_gums_object(object, &obj); - if (NT_STATUS_IS_ERR(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n")); - goto done; - } - -done: - talloc_destroy(mem_ctx); - return ret; -} - - /* This function is used to get the list of all objects changed since base_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - -static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type) -{ - struct tdbsam2_enum_objs *teo, *t; - pstring tdbfile; - - teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs)); - if (!teo) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - teo->type = obj_type; - if (sid) { - sid_to_string(teo->dom_sid, sid); - } - - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, TDB_FILE_NAME); - - teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600); - if (!teo->db) - { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile)); - SAFE_FREE(teo); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!teo_handlers) { - *teo_handlers = teo; - } else { - t = *teo_handlers; - while (t->next) { - t = t->next; - } - t->next = teo; - } - - handle = teo; - - teo->key = tdb_firstkey(teo->db); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle) -{ - NTSTATUS ret; - TALLOC_CTX *mem_ctx; - TDB_DATA data; - struct tdbsam2_enum_objs *teo; - struct tdbsam2_object obj; - const char *prefix = SIDPREFIX; - const int preflen = strlen(prefix); - - if (!object || !handle) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - teo = (struct tdbsam2_enum_objs *)handle; - - mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next"); - if (!mem_ctx) { - DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - while ((teo->key.dsize != 0)) { - int len, version, type, size; - char *ptr; - - if (strncmp(teo->key.dptr, prefix, preflen)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - if (teo->dom_sid) { - if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - } - - data = tdb_fetch(teo->db, teo->key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db))); - DEBUGADD(5, (" Key: %s\n", teo->key.dptr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING, - &version, - &type, - &size, &ptr); - - if (len == -1) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(ptr); - - if (teo->type && type != teo->type) { - SAFE_FREE(data.dptr); - data.dsize = 0; - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - break; - } - - if (data.dsize != 0) { - if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(data.dptr); - } - - ret = data_to_gums_object(object, &obj); - -done: - talloc_destroy(mem_ctx); - return ret; -} - -static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle) -{ - struct tdbsam2_enum_objs *teo, *t, *p; - - teo = (struct tdbsam2_enum_objs *)handle; - - if (*teo_handlers == teo) { - *teo_handlers = teo->next; - } else { - t = *teo_handlers; - while (t != teo) { - p = t; - t = t->next; - if (t == NULL) { - DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - } - p = t->next; - } - - tdb_close(teo->db); - SAFE_FREE(teo); - - return NT_STATUS_OK; -} - - /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. - Never use this function to update an object in the database, use set_object_values() */ - NTSTATUS (*set_object) (const GUMS_OBJECT *object); - - /* set object values function */ - NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ - NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - - NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - - NTSTATUS (*lock_sid) (const DOM_SID *sid); - NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - - NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members); - NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members); - NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv); - NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid); - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ - NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); - - -int gumm_init(GUMS_FUNCTIONS **storage) -{ - tdbsam2_db = NULL; - teo_handlers = 0; - - return 0; -} - -#if 0 -int main(int argc, char *argv[]) -{ - NTSTATUS ret; - DOM_SID dsid; - - if (argc < 2) { - printf ("not enough arguments!\n"); - exit(0); - } - - if (!lp_load(dyn_CONFIGFILE,True,False,False)) { - fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE); - exit(1); - } - - ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN); - if (NT_STATUS_IS_OK(ret)) { - printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid)); - } else { - printf ("_domain_ creation error n. 0x%08x\n", ret.v); - } - ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER); - if (NT_STATUS_IS_OK(ret)) { - printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid)); - } else { - printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v); - } - - exit(0); -} -#endif diff --git a/source3/sam/gums.c b/source3/sam/gums.c deleted file mode 100644 index a118740637..0000000000 --- a/source3/sam/gums.c +++ /dev/null @@ -1,161 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Grops and Users Management System initializations. - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*#undef DBGC_CLASS -#define DBGC_CLASS DBGC_GUMS*/ - -#define GMV_MAJOR 0 -#define GMV_MINOR 1 - -#define PRIV_NONE 0 -#define PRIV_CREATE_TOKEN 1 -#define PRIV_ASSIGNPRIMARYTOKEN 2 -#define PRIV_LOCK_MEMORY 3 -#define PRIV_INCREASE_QUOTA 4 -#define PRIV_MACHINE_ACCOUNT 5 -#define PRIV_TCB 6 -#define PRIV_SECURITY 7 -#define PRIV_TAKE_OWNERSHIP 8 -#define PRIV_LOAD_DRIVER 9 -#define PRIV_SYSTEM_PROFILE 10 -#define PRIV_SYSTEMTIME 11 -#define PRIV_PROF_SINGLE_PROCESS 12 -#define PRIV_INC_BASE_PRIORITY 13 -#define PRIV_CREATE_PAGEFILE 14 -#define PRIV_CREATE_PERMANENT 15 -#define PRIV_BACKUP 16 -#define PRIV_RESTORE 17 -#define PRIV_SHUTDOWN 18 -#define PRIV_DEBUG 19 -#define PRIV_AUDIT 20 -#define PRIV_SYSTEM_ENVIRONMENT 21 -#define PRIV_CHANGE_NOTIFY 22 -#define PRIV_REMOTE_SHUTDOWN 23 -#define PRIV_UNDOCK 24 -#define PRIV_SYNC_AGENT 25 -#define PRIV_ENABLE_DELEGATION 26 -#define PRIV_ALL 255 - - -GUMS_FUNCTIONS *gums_storage; -static void *dl_handle; - -static PRIVS gums_privs[] = { - {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ - {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"}, - {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"}, - {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"}, - {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"}, - {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"}, - {PRIV_TCB, "SeTCB", "TCB"}, - {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, - {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, - {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, - {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, - {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"}, - {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, - {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, - {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, - {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"}, - {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, - {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, - {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, - {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, - {PRIV_AUDIT, "SeAudit", "Audit"}, - {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, - {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"}, - {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, - {PRIV_UNDOCK, "SeUndock", "Undock"}, - {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"}, - {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"}, - {PRIV_ALL, "SaAllPrivs", "All Privileges"} -}; - -NTSTATUS gums_init(const char *module_name) -{ - int (*module_version)(int); - NTSTATUS (*module_init)(); -/* gums_module_init module_init;*/ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - DEBUG(5, ("Opening gums module %s\n", module_name)); - dl_handle = sys_dlopen(module_name, RTLD_NOW); - if (!dl_handle) { - DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror())); - return NT_STATUS_UNSUCCESSFUL; - } - - module_version = sys_dlsym(dl_handle, "gumm_version"); - if (!module_version) { - DEBUG(0, ("ERROR: Failed to find gums module version!\n")); - goto error; - } - - if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) { - DEBUG(0, ("ERROR: Module's major version does not match gums version!\n")); - goto error; - } - - if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) { - DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n")); - } - - module_init = sys_dlsym(dl_handle, "gumm_init"); - if (!module_init) { - DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); - goto error; - } - - DEBUG(5, ("Initializing module %s\n", module_name)); - - ret = module_init(&gums_storage); - goto done; - -error: - ret = NT_STATUS_UNSUCCESSFUL; - sys_dlclose(dl_handle); - -done: - return ret; -} - -NTSTATUS gums_unload(void) -{ - NTSTATUS ret; - NTSTATUS (*module_finalize)(); - - if (!dl_handle) - return NT_STATUS_UNSUCCESSFUL; - - module_finalize = sys_dlsym(dl_handle, "gumm_finalize"); - if (!module_finalize) { - DEBUG(0, ("ERROR: Failed to find gums module's init function!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(5, ("Finalizing module")); - - ret = module_finalize(); - sys_dlclose(dl_handle); - - return ret; -} diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c deleted file mode 100644 index 2e5dcd143a..0000000000 --- a/source3/sam/gums_api.c +++ /dev/null @@ -1,1470 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - -/******************************************************************* - Create a SEC_ACL structure. -********************************************************************/ - -static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list) -{ - SEC_ACL *dst; - int i; - - if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL) - return NULL; - - dst->revision = revision; - dst->num_aces = num_aces; - dst->size = SEC_ACL_HEADER_SIZE; - - /* Now we need to return a non-NULL address for the ace list even - if the number of aces required is zero. This is because there - is a distinct difference between a NULL ace and an ace with zero - entries in it. This is achieved by checking that num_aces is a - positive number. */ - - if ((num_aces) && - ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) - == NULL)) { - return NULL; - } - - for (i = 0; i < num_aces; i++) { - dst->ace[i] = ace_list[i]; /* Structure copy. */ - dst->size += ace_list[i].size; - } - - return dst; -} - - - -/******************************************************************* - Duplicate a SEC_ACL structure. -********************************************************************/ - -static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) -{ - if(src == NULL) - return NULL; - - return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); -} - - - -/******************************************************************* - Creates a SEC_DESC structure -********************************************************************/ - -static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, - DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) -{ - SEC_DESC *dst; - uint32 offset = 0; - uint32 offset_sid = SEC_DESC_HEADER_SIZE; - uint32 offset_acl = 0; - - *sd_size = 0; - - if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL) - return NULL; - - dst->revision = revision; - dst->type = SEC_DESC_SELF_RELATIVE; - - if (sacl) dst->type |= SEC_DESC_SACL_PRESENT; - if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; - - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; - - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) - goto error_exit; - - if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) - goto error_exit; - - if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) - goto error_exit; - - if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) - goto error_exit; - - offset = 0; - - /* - * Work out the linearization sizes. - */ - if (dst->owner_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->owner_sid); - } - - if (dst->grp_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->grp_sid); - } - - if (dst->sacl != NULL) { - - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_sacl = offset_acl; - offset_acl += dst->sacl->size; - offset += dst->sacl->size; - offset_sid += dst->sacl->size; - } - - if (dst->dacl != NULL) { - - if (offset_acl == 0) - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_dacl = offset_acl; - offset_acl += dst->dacl->size; - offset += dst->dacl->size; - offset_sid += dst->dacl->size; - } - - *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); - - if (dst->owner_sid != NULL) - dst->off_owner_sid = offset_sid; - - /* sid_size() returns 0 if the sid is NULL so this is ok */ - - if (dst->grp_sid != NULL) - dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); - - return dst; - -error_exit: - - *sd_size = 0; - return NULL; -} - -/******************************************************************* - Duplicate a SEC_DESC structure. -********************************************************************/ - -static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) -{ - size_t dummy; - - if(src == NULL) - return NULL; - - return make_sec_desc( ctx, src->revision, - src->owner_sid, src->grp_sid, src->sacl, - src->dacl, &dummy); -} - - - - - - - -extern GUMS_FUNCTIONS *gums_storage; - -/* Functions to get/set info from a GUMS object */ - -NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - *type = obj->type; - return NT_STATUS_OK; -} - -NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) -{ - TALLOC_CTX *mem_ctx = talloc_init("gums_create_object"); - GUMS_OBJECT *go; - NTSTATUS ret; - - go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - go->mem_ctx = mem_ctx; - go->type = type; - go->version = GUMS_OBJECT_VERSION; - - switch(type) { - case GUMS_OBJ_DOMAIN: - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER)); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); - break; - - default: - /* TODO: throw error */ - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto error; - } - - if (!(go->data.user)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - *obj = go; - return NT_STATUS_OK; - -error: - talloc_destroy(go->mem_ctx); - *obj = NULL; - return ret; -} - -NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj) -{ - if (!version || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *version = obj->version; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->version = version; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj) -{ - if (!sec_desc || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *sec_desc = obj->sec_desc; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc) -{ - if (!obj || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc); - if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj) -{ - if (!sid || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *sid = obj->sid; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - obj->sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj) -{ - if (!name || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *name = obj->name; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name) -{ - if (!obj || !name) - return NT_STATUS_INVALID_PARAMETER; - - obj->name = (char *)talloc_strdup(obj->mem_ctx, name); - if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj) -{ - if (!description || !obj) - return NT_STATUS_INVALID_PARAMETER; - - *description = obj->description; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description) -{ - if (!obj || !description) - return NT_STATUS_INVALID_PARAMETER; - - obj->description = (char *)talloc_strdup(obj->mem_ctx, description); - if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -/* User specific functions */ - -/* -NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj) -{ - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; - - *priv_set = obj->priv_set; - return NT_STATUS_OK; -} -*/ - -NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *rid = obj->data.domain->next_rid; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.domain->next_rid = rid; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj) -{ - if (!sid || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *sid = obj->data.user->group_sid; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj) -{ - if (!nt_pwd || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *nt_pwd = &(obj->data.user->nt_pw); - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) -{ - if (!obj || nt_pwd.length != NT_HASH_LEN) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj) -{ - if (!lm_pwd || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *lm_pwd = &(obj->data.user->lm_pw); - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) -{ - if (!obj || lm_pwd.length != LM_HASH_LEN) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj) -{ - if (!fullname || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *fullname = obj->data.user->full_name; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname) -{ - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname); - if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj) -{ - if (!homedir || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *homedir = obj->data.user->home_dir; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir) -{ - if (!obj || !homedir) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir); - if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj) -{ - if (!dirdrive || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *dirdrive = obj->data.user->dir_drive; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive) -{ - if (!obj || !dir_drive) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive); - if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj) -{ - if (!logon_script || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logon_script = obj->data.user->logon_script; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script) -{ - if (!obj || !logon_script) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script); - if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj) -{ - if (!profile_path || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *profile_path = obj->data.user->profile_path; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path) -{ - if (!obj || !profile_path) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path); - if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj) -{ - if (!workstations || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *workstations = obj->data.user->workstations; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations) -{ - if (!obj || !workstations) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations); - if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj) -{ - if (!unknown_str || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_str = obj->data.user->unknown_str; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str) -{ - if (!obj || !unknown_str) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str); - if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj) -{ - if (!munged_dial || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *munged_dial = obj->data.user->munged_dial; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial) -{ - if (!obj || !munged_dial) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial); - if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj) -{ - if (!logon_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logon_time = obj->data.user->logon_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logon_time = logon_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj) -{ - if (!logoff_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logoff_time = obj->data.user->logoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logoff_time = logoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj) -{ - if (!kickoff_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *kickoff_time = obj->data.user->kickoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->kickoff_time = kickoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj) -{ - if (!pass_last_set_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *pass_last_set_time = obj->data.user->pass_last_set_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->pass_last_set_time = pass_last_set_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj) -{ - if (!pass_can_change_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *pass_can_change_time = obj->data.user->pass_can_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->pass_can_change_time = pass_can_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj) -{ - if (!pass_must_change_time || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *pass_must_change_time = obj->data.user->pass_must_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->pass_must_change_time = pass_must_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj) -{ - if (!logon_divs || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *logon_divs = obj->data.user->logon_divs; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs) -{ - if (!obj || !logon_divs) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->logon_divs = logon_divs; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj) -{ - if (!hours_len || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *hours_len = obj->data.user->hours_len; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->hours_len = hours_len; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj) -{ - if (!hours || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *hours = obj->data.user->hours; - return NT_STATUS_OK; -} - -/* WARNING: always set hours_len before hours */ -NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours) -{ - if (!obj || !hours) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - if (obj->data.user->hours_len == 0) - DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n")); - - obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len); - if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj) -{ - if (!unknown_3 || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_3 = obj->data.user->unknown_3; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_3 = unknown_3; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj) -{ - if (!unknown_5 || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_5 = obj->data.user->unknown_5; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_5 = unknown_5; - return NT_STATUS_OK; -} - -NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj) -{ - if (!unknown_6 || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *unknown_6 = obj->data.user->unknown_6; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.user->unknown_6 = unknown_6; - return NT_STATUS_OK; -} - -/* Group specific functions */ - -NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj) -{ - if (!count || !members || !obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - *count = obj->data.group->count; - *members = *(obj->data.group->members); - return NT_STATUS_OK; -} - -NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members) -{ - uint32 n; - - if (!obj || !members || !members) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->data.group->count = count; - n = 0; - do { - obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]); - if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY; - n++; - } while (n < count); - return NT_STATUS_OK; -} - -/* data_store set functions */ - -NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type) -{ - TALLOC_CTX *mem_ctx; - GUMS_COMMIT_SET *set; - - mem_ctx = talloc_init("commit_set"); - if (mem_ctx == NULL) - return NT_STATUS_NO_MEMORY; - set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET)); - if (set == NULL) { - talloc_destroy(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - - set->mem_ctx = mem_ctx; - set->type = type; - sid_copy(&(set->sid), sid); - set->count = 0; - set->data = NULL; - *com_set = set; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) -{ - GUMS_DATA_SET *data_set; - SEC_DESC *new_sec_desc; - - if (!mem_ctx || !com_set || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SEC_DESC; - new_sec_desc = dup_sec_desc(mem_ctx, sec_desc); - if (new_sec_desc == NULL) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_sec_desc; - - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) -{ - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!mem_ctx || !com_set) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_PRIVILEGE; - if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv) -{ - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!mem_ctx || !com_set) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_PRIVILEGE; - if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv))) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) -{ - GUMS_DATA_SET *data_set; - PRIVILEGE_SET *new_priv_set; - - if (!mem_ctx || !com_set || !priv_set) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_PRIVILEGE; - if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set))) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_priv_set; - - return NT_STATUS_OK; -} -*/ - -NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str) -{ - GUMS_DATA_SET *data_set; - char *new_str; - - if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_str = talloc_strdup(mem_ctx, str); - if (new_str == NULL) - return NT_STATUS_NO_MEMORY; - - (char *)(data_set->data) = new_str; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name) -{ - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name); -} - -NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc) -{ - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc); -} - -NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name); -} - -NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir); -} - -NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive); -} - -NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script); -} - -NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path); -} - -NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks); -} - -NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str); -} - -NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial); -} - -NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) -{ - GUMS_DATA_SET *data_set; - NTTIME *new_time; - - if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_time = talloc(mem_ctx, sizeof(NTTIME)); - if (new_time == NULL) - return NT_STATUS_NO_MEMORY; - - new_time->low = nttime->low; - new_time->high = nttime->high; - (char *)(data_set->data) = new_time; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time); -} - -NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time); -} - -NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); -} - -NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time); -} - -NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time); -} - -NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time); -} - -NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); -} - -NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count); -} - -NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!mem_ctx || !com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - com_set->count = com_set->count + 1; - if (com_set->count == 1) { /* first data set */ - data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data[0] = data_set; - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SID_LIST; - new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - - -NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) -{ - return gums_storage->set_object_values(&(set->sid), set->count, set->data); -} - -NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set) -{ - talloc_destroy((*com_set)->mem_ctx); - *com_set = NULL; - - return NT_STATUS_OK; -} - diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c deleted file mode 100644 index c22e6cf7ff..0000000000 --- a/source3/sam/gums_helper.c +++ /dev/null @@ -1,610 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS backends helper functions - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -extern GUMS_FUNCTIONS *gums_storage; - -extern DOM_SID global_sid_World; -extern DOM_SID global_sid_Builtin_Administrators; -extern DOM_SID global_sid_Builtin_Power_Users; -extern DOM_SID global_sid_Builtin_Account_Operators; -extern DOM_SID global_sid_Builtin_Server_Operators; -extern DOM_SID global_sid_Builtin_Print_Operators; -extern DOM_SID global_sid_Builtin_Backup_Operators; -extern DOM_SID global_sid_Builtin_Replicator; -extern DOM_SID global_sid_Builtin_Users; -extern DOM_SID global_sid_Builtin_Guests; - - -/* defines */ - -#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) - -/**************************************************************************** - Check if a user is a mapped group. - - This function will check if the group SID is mapped onto a - system managed gid or onto a winbind manged sid. - In the first case it will be threated like a mapped group - and the backend should take the member list with a getgrgid - and ignore any user that have been possibly set into the group - object. - - In the second case, the group is a fully SAM managed group - served back to the system through winbind. In this case the - members of a Local group are "unrolled" to cope with the fact - that unix cannot contain groups inside groups. - The backend MUST never call any getgr* / getpw* function or - loops with winbind may happen. - ****************************************************************************/ - -#if 0 -NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) -{ - NTSTATUS result; - gid_t id; - - /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ - result = idmap_get_gid_from_sid(&id, sid, False); - if (NT_STATUS_IS_OK(result)) { - *mapped = gid_is_in_winbind_range(id); - } else { - *mapped = False; - } - - return result; -} -#endif - -/**************************************************************************** - duplicate alloc luid_attr - ****************************************************************************/ -NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la) -{ - *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR)); - if (*new_la == NULL) { - DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n")); - return NT_STATUS_NO_MEMORY; - } - - (*new_la)->luid.high = old_la.luid.high; - (*new_la)->luid.low = old_la.luid.low; - (*new_la)->attr = old_la.attr; - - return NT_STATUS_OK; -} - -/**************************************************************************** - initialise a privilege list - ****************************************************************************/ -void gums_init_privilege(PRIVILEGE_SET *priv_set) -{ - priv_set->count=0; - priv_set->control=0; - priv_set->set=NULL; -} - -/**************************************************************************** - add a privilege to a privilege array - ****************************************************************************/ -NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) -{ - LUID_ATTR *new_set; - - /* check if the privilege is not already in the list */ - if (gums_check_priv_in_privilege(priv_set, set)) - return NT_STATUS_UNSUCCESSFUL; - - /* we can allocate memory to add the new privilege */ - - new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n")); - return NT_STATUS_NO_MEMORY; - } - - new_set[priv_set->count].luid.high=set.luid.high; - new_set[priv_set->count].luid.low=set.luid.low; - new_set[priv_set->count].attr=set.attr; - - priv_set->count++; - priv_set->set=new_set; - - return NT_STATUS_OK; -} - -/**************************************************************************** - add all the privileges to a privilege array - ****************************************************************************/ -NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx) -{ - NTSTATUS result = NT_STATUS_OK; - LUID_ATTR set; - - set.attr=0; - set.luid.high=0; - - set.luid.low=SE_PRIV_ADD_USERS; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - - set.luid.low=SE_PRIV_ADD_MACHINES; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - - set.luid.low=SE_PRIV_PRINT_OPERATOR; - result = gums_add_privilege(priv_set, ctx, set); - NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done); - -done: - return result; -} - -/**************************************************************************** - check if the privilege list is empty - ****************************************************************************/ -BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set) -{ - return (priv_set->count == 0); -} - -/**************************************************************************** - check if the privilege is in the privilege list - ****************************************************************************/ -BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) -{ - int i; - - /* if the list is empty, obviously we can't have it */ - if (gums_check_empty_privilege(priv_set)) - return False; - - for (i=0; i<priv_set->count; i++) { - LUID_ATTR *cur_set; - - cur_set=&priv_set->set[i]; - /* check only the low and high part. Checking the attr field has no meaning */ - if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) ) - return True; - } - - return False; -} - -/**************************************************************************** - remove a privilege from a privilege array - ****************************************************************************/ -NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set) -{ - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i,j; - - /* check if the privilege is in the list */ - if (!gums_check_priv_in_privilege(priv_set, set)) - return NT_STATUS_UNSUCCESSFUL; - - /* special case if it's the only privilege in the list */ - if (priv_set->count==1) { - gums_init_privilege(priv_set); - return NT_STATUS_OK; - } - - /* - * the privilege is there, create a new list, - * and copy the other privileges - */ - - old_set = priv_set->set; - - new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); - return NT_STATUS_NO_MEMORY; - } - - for (i=0, j=0; i<priv_set->count; i++) { - if ((old_set[i].luid.low == set.luid.low) && - (old_set[i].luid.high == set.luid.high)) { - continue; - } - - new_set[j].luid.low = old_set[i].luid.low; - new_set[j].luid.high = old_set[i].luid.high; - new_set[j].attr = old_set[i].attr; - - j++; - } - - if (j != priv_set->count - 1) { - DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); - DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); - return NT_STATUS_INTERNAL_ERROR; - } - - /* ok everything is fine */ - - priv_set->count--; - priv_set->set=new_set; - - return NT_STATUS_OK; -} - -/**************************************************************************** - duplicates a privilege array - ****************************************************************************/ -NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set) -{ - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i; - - *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET)); - gums_init_privilege(*new_priv_set); - - /* special case if there are no privileges in the list */ - if (priv_set->count == 0) { - return NT_STATUS_OK; - } - - /* - * create a new list, - * and copy the other privileges - */ - - old_set = priv_set->set; - - new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i < priv_set->count; i++) { - - new_set[i].luid.low = old_set[i].luid.low; - new_set[i].luid.high = old_set[i].luid.high; - new_set[i].attr = old_set[i].attr; - } - - (*new_priv_set)->count = priv_set->count; - (*new_priv_set)->control = priv_set->control; - (*new_priv_set)->set = new_set; - - return NT_STATUS_OK; -} - -#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013 -#define ALIAS_DEFAULT_DACL_SA_RIGHTS \ - (READ_CONTROL_ACCESS | \ - SA_RIGHT_ALIAS_LOOKUP_INFO | \ - SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */ - -#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ - - -#if 0 -NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) -{ - DOM_SID *world = &global_sid_World; - DOM_SID *admins = &global_sid_Builtin_Administrators; - SEC_ACCESS sa; - SEC_ACE sacl_ace; - SEC_ACE dacl_aces[2]; - SEC_ACL *sacl = NULL; - SEC_ACL *dacl = NULL; - size_t psize; - - init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS); - init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG); - - sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS); - init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS); - init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - - dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize); - if (!(*sec_desc)) { - DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - -NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask) -{ - NTSTATUS result; - SEC_ACE *new_aces; - unsigned num_aces; - int i; - - num_aces = sec_desc->dacl->num_aces + 1; - result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask); - if (NT_STATUS_IS_OK(result)) { - sec_desc->dacl->ace = new_aces; - sec_desc->dacl->num_aces = num_aces; - sec_desc->dacl->size = SEC_ACL_HEADER_SIZE; - for (i = 0; i < num_aces; i++) { - sec_desc->dacl->size += sec_desc->dacl->ace[i].size; - } - } - return result; -} - -NTSTATUS gums_init_builtin_groups(void) -{ - NTSTATUS result; - GUMS_OBJECT g_obj; - GUMS_GROUP *g_grp; - GUMS_PRIVILEGE g_priv; - - /* Build the well known Builtin Local Groups */ - g_obj.type = GUMS_OBJ_GROUP; - g_obj.version = 1; - g_obj.seq_num = 0; - g_obj.mem_ctx = talloc_init("gums_init_backend_acct"); - if (g_obj.mem_ctx == NULL) { - DEBUG(0, ("gums_init_backend: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Administrators * / - - /* alloc group structure */ - g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP)); - ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done); - - /* make admins sid */ - g_grp = (GUMS_GROUP *)g_obj.data.group; - sid_copy(g_obj.sid, &global_sid_Builtin_Administrators); - - /* make security descriptor */ - result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx); - NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done); - - /* make privilege set */ - /* From BDC join trace: - SeSecurityPrivilege - SeBackupPrivilege - SeRestorePrivilege - SeSystemtimePrivilege - SeShutdownPrivilege - SeRemoteShutdownPrivilege - SeTakeOwnershipPrivilege - SeDebugPrivilege - SeSystemEnvironmentPrivilege - SeSystemProfilePrivilege - SeProfileSingleProcessPrivilege - SeIncreaseBasePriorityPrivilege - SeLocalDriverPrivilege - SeCreatePagefilePrivilege - SeIncreaseQuotaPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* numebr of group members */ - g_grp->count = 0; - g_grp->members = NULL; - - /* store Administrators group */ - result = gums_storage->set_object(&g_obj); - - /* Power Users */ - /* Domain Controllers Does NOT have power Users */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users); - - /* make privilege set */ - /* SE_PRIV_??? */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ -/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Power Users group */ - result = gums_storage->set_object(&g_obj); - - /* Account Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Account Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Server Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeSystemtimePrivilege - SeShutdownPrivilege - SeRemoteShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Server Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Print Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Print Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Backup Operators */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators); - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Backup Operators group */ - result = gums_storage->set_object(&g_obj); - - /* Replicator */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Replicator); - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege - SeRestorePrivilege - SeShutdownPrivilege - */ - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Replicator group */ - result = gums_storage->set_object(&g_obj); - - /* Users */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Users); - - /* add ACE to sec dsec dacl */ - sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); - sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Users group */ - result = gums_storage->set_object(&g_obj); - - /* Guests */ - - sid_copy(g_obj.sid, &global_sid_Builtin_Guests); - - /* set name */ - g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests"); - ALLOC_CHECK("gums_init_backend", g_obj.name, result, done); - - /* set description */ - g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain"); - ALLOC_CHECK("gums_init_backend", g_obj.description, result, done); - - /* store Guests group */ - result = gums_storage->set_object(&g_obj); - - /* set default privileges */ - g_priv.type = GUMS_OBJ_GROUP; - g_priv.version = 1; - g_priv.seq_num = 0; - g_priv.mem_ctx = talloc_init("gums_init_backend_priv"); - if (g_priv.mem_ctx == NULL) { - DEBUG(0, ("gums_init_backend: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - - -done: - talloc_destroy(g_obj.mem_ctx); - talloc_destroy(g_priv.mem_ctx); - return result; -} -#endif - diff --git a/source3/sam/interface.c b/source3/sam/interface.c deleted file mode 100644 index 51ae561999..0000000000 --- a/source3/sam/interface.c +++ /dev/null @@ -1,1338 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Kai Krüger 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -extern DOM_SID global_sid_Builtin; - -/** List of various built-in sam modules */ - -const struct sam_init_function_entry builtin_sam_init_functions[] = { - { "plugin", sam_init_plugin }, -#ifdef HAVE_LDAP - { "ads", sam_init_ads }, -#endif - { "skel", sam_init_skel }, - { NULL, NULL} -}; - - -static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (sid_equal(domainsid, &(tmp_methods->domain_sid))) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid))); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (strequal(domainname, tmp_methods->domain_name)) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname)); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods) -{ - *methods = talloc(mem_ctx, sizeof(SAM_METHODS)); - - if (!*methods) { - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*methods); - - return NT_STATUS_OK; -} - -/****************************************************************** - Free and cleanup a sam context, any associated data and anything - that the attached modules might have associated. - *******************************************************************/ - -void free_sam_context(SAM_CONTEXT **context) -{ - SAM_METHODS *sam_selected = (*context)->methods; - - while (sam_selected) { - if (sam_selected->free_private_data) { - sam_selected->free_private_data(&(sam_selected->private_data)); - } - sam_selected = sam_selected->next; - } - - talloc_destroy((*context)->mem_ctx); - *context = NULL; -} - -/****************************************************************** - Make a backend_entry from scratch - *******************************************************************/ - -static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string) -{ - char *tmp = NULL; - char *tmp_string = sam_backend_string; - - DEBUG(5,("make_backend_entry: %d\n", __LINE__)); - - SAM_ASSERT(sam_backend_string && backend_entry); - - backend_entry->module_name = sam_backend_string; - - DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name)); - - if ((tmp = strrchr(tmp_string, '|')) != NULL) { - DEBUGADD(20,("a domain name has been specified\n")); - *tmp = 0; - backend_entry->domain_name = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if ((tmp = strchr(tmp_string, ':')) != NULL) { - DEBUG(20,("options for the backend have been specified\n")); - *tmp = 0; - backend_entry->module_params = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if (backend_entry->domain_name == NULL) { - DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n", - backend_entry->module_name, lp_workgroup())); - backend_entry->domain_name = smb_xstrdup(lp_workgroup()); - } - - if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) { - DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n")); - return NT_STATUS_NO_MEMORY; - } - - DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name)); - - if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) { - DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n", - backend_entry->domain_name)); - DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__)); - ZERO_STRUCTP(backend_entry->domain_sid); - } - - DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n", - backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid))); - - return NT_STATUS_OK; -} - -/****************************************************************** - create sam_methods struct based on sam_backend_entry - *****************************************************************/ - -static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SAM_METHODS *methods; - int i; - - DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__)); - - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) { - return nt_status; - } - - methods = *methods_ptr; - methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name); - methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name); - sid_copy(&methods->domain_sid, backend_entry->domain_sid); - methods->parent = context; - - DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name)); - for (i = 0; builtin_sam_init_functions[i].module_name; i++) - { - if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name)) - { - DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i)); - DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid))); - nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params); - if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name)); - } else { - DEBUG(2,("sam backend %s did not correctly init (error was %s)\n", - backend_entry->module_name, nt_errstr(nt_status))); - } - return nt_status; - } - } - - DEBUG(2,("could not find backend %s\n", backend_entry->module_name)); - - return NT_STATUS_INVALID_PARAMETER; -} - -static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context) -{ - SAM_BACKEND_ENTRY entry; - DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */ - SAM_METHODS *methods, *tmpmethods; - NTSTATUS ntstatus; - - DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__)); - - /* Make sure domain lp_workgroup() is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n", - lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND)); - - SAM_ASSERT(global_sam_sid); - - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = lp_workgroup(); - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, global_sam_sid); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup())); - return ntstatus; - } - - /* Make sure the BUILTIN domain is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n", - SAM_DEFAULT_BACKEND)); - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = "BUILTIN"; - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, &global_sid_Builtin); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n")); - return ntstatus; - } - - return NT_STATUS_OK; -} - -static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends) -{ - int i, j; - - DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__)); - - for (i = 0; i < *nBackends; i++) { - for (j = i + 1; j < *nBackends; j++) { - if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) { - DEBUG(0,("two backend modules claim the same domain %s\n", - sid_string_static((*backend_entries)[j].domain_sid))); - return NT_STATUS_INVALID_PARAMETER; - } - } - } - - return NT_STATUS_OK; -} - -NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param) -{ - int i = 0, j = 0; - SAM_METHODS *curmethods, *tmpmethods; - int nBackends = 0; - SAM_BACKEND_ENTRY *backends = NULL; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__)); - - if (!sam_backends_param) { - DEBUG(1, ("no SAM backeds specified!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) { - DEBUG(4,("make_sam_context failed\n")); - return nt_status; - } - - while (sam_backends_param[nBackends]) - nBackends++; - - DEBUG(6,("There are %d domains listed with their backends\n", nBackends)); - - if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) { - DEBUG(0,("make_sam_context_list: failed to allocate backends\n")); - return NT_STATUS_NO_MEMORY; - } - - memset(backends, '\0', sizeof(*backends)*nBackends); - - for (i = 0; i < nBackends; i++) { - DEBUG(8,("processing %s\n",sam_backends_param[i])); - if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) { - DEBUG(4,("make_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - } - - if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) { - DEBUG(4,("check_duplicate_backend_entries failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - - for (i = 0; i < nBackends; i++) { - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - DLIST_ADD_END((*context)->methods, curmethods, tmpmethods); - } - - for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid); - - SAFE_FREE(backends); - return NT_STATUS_OK; -} - -/****************************************************************** - Make a sam_context from scratch. - *******************************************************************/ - -NTSTATUS make_sam_context(SAM_CONTEXT **context) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("sam_context internal allocation context"); - - if (!mem_ctx) { - DEBUG(0, ("make_sam_context: talloc init failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - *context = talloc(mem_ctx, sizeof(**context)); - if (!*context) { - DEBUG(0, ("make_sam_context: talloc failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*context); - - (*context)->mem_ctx = mem_ctx; - - (*context)->free_fn = free_sam_context; - - return NT_STATUS_OK; -} - -/****************************************************************** - Return an already initialised sam_context, to facilitate backward - compatibility (see functions below). - *******************************************************************/ - -static struct sam_context *sam_get_static_context(BOOL reload) -{ - static SAM_CONTEXT *sam_context = NULL; - - if ((sam_context) && (reload)) { - sam_context->free_fn(&sam_context); - sam_context = NULL; - } - - if (!sam_context) { - if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) { - DEBUG(4,("make_sam_context_list failed\n")); - return NULL; - } - - /* Make sure the required domains (default domain, builtin) are available */ - if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) { - DEBUG(4,("sam_context_check_default_backends failed\n")); - return NULL; - } - } - - return sam_context; -} - -/*************************************************************** - Initialize the static context (at smbd startup etc). - - If uninitialised, context will auto-init on first use. - ***************************************************************/ - -BOOL initialize_sam(BOOL reload) -{ - return (sam_get_static_context(reload) != NULL); -} - - -/************************************************************** - External API. This is what the rest of the world calls... -***************************************************************/ - -/****************************************************************** - sam_* functions are used to link the external SAM interface - with the internal backends. These functions lookup the appropriate - backends for the domain and pass on to the function in sam_methods - in the selected backend - - When the context parmater is NULL, the default is used. - *******************************************************************/ - -#define SAM_SETUP_CONTEXT if (!context) \ - context = sam_get_static_context(False);\ - if (!context) {\ - return NT_STATUS_UNSUCCESSFUL; \ - }\ - - - -NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_sec_desc) { - DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_set_sec_desc) { - DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_lookup_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_name) { - DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) { - DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n", - tmp_methods->domain_name, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_lookup_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - sid_copy(&domainsid, sid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_lookup_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_sid) { - DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) { - DEBUG(4,("sam_lookup_name for %s in backend %s failed\n", - sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid domain specified */ - SAM_ASSERT(domain && domain->current_sam_methods); - - tmp_methods = domain->current_sam_methods; - - if (!tmp_methods->sam_update_domain) { - DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){ - DEBUG(4,("sam_update_domain in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - int i = 0; - - DEBUG(5,("sam_enum_domains: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters specified */ - SAM_ASSERT(domain_count && domains && domain_names); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) { - DEBUG(3,("sam_enum_domains: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - *domain_count = 0; - - while (tmp_methods) { - (*domain_count)++; - tmp_methods= tmp_methods->next; - } - - DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count))); - - tmp_methods = context->methods; - - if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n")); - return NT_STATUS_NO_MEMORY; - } - - if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n")); - SAFE_FREE((*domains)); - return NT_STATUS_NO_MEMORY; - } - - while (tmp_methods) { - DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid))); - sid_copy(domains[i],&tmp_methods->domain_sid); - *domain_names[i] = smb_xstrdup(tmp_methods->domain_name); - i++; - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - - DEBUG(5,("sam_lookup_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid paramters */ - SAM_ASSERT(access_token && domain && domainsid); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) { - DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - - while (tmp_methods) { - if (strcmp(domain, tmp_methods->domain_name) == 0) { - (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy((*domainsid), &tmp_methods->domain_sid); - return NT_STATUS_OK; - } - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_NO_SUCH_DOMAIN; -} - - -NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && domain); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_domain_handle) { - DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) { - DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n", - sid_string_static(domainsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(access_token && domainsid && account_name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_account) { - DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) { - DEBUG(4,("sam_create_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - DOM_SID domainsid; - const DOM_SID *accountsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) { - DEBUG(0,("Can't get account SID\n")); - return nt_status; - } - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_account) { - DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){ - DEBUG(4,("sam_add_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_update_account) { - DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){ - DEBUG(4,("sam_update_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_delete_account) { - DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){ - DEBUG(4,("sam_delete_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_accounts: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && account_count && accounts); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) { - DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - DOM_SID domainsid; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && accountsid && account); - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_sid) { - DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) { - DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n", - sid_string_static(accountsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_name) { - DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) { - DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && group_name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_group) { - DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) { - DEBUG(4,("sam_create_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - DOM_SID domainsid; - const DOM_SID *groupsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) { - DEBUG(0,("Can't get group SID\n")); - return nt_status; - } - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_group) { - DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){ - DEBUG(4,("sam_add_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_update_group) { - DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){ - DEBUG(4,("sam_update_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_group) { - DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){ - DEBUG(4,("sam_delete_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_groups: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && groups_count && groups); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) { - DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && groupsid && group); - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_sid) { - DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) { - DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n", - sid_string_static(groupsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_name) { - DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) { - DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_add_member_to_group) { - DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) { - DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; - -} - -NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_member_from_group) { - DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) { - DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods && members_count && members); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_enum_groupmembers) { - DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) { - DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - uint32 tmp_group_count; - SAM_GROUP_ENUM *tmp_groups; - - DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid sam_context specified */ - SAM_ASSERT(access_token && sids && context && context->methods); - - *group_count = 0; - - *groups = NULL; - - tmp_methods= context->methods; - - while (tmp_methods) { - DEBUG(5,("getting groups from domain \n")); - if (!tmp_methods->sam_get_groups_of_sid) { - DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n")); - SAFE_FREE(*groups); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) { - DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname)); - SAFE_FREE(*groups); - return nt_status; - } - - *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM)); - - memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count); - - SAFE_FREE(tmp_groups); - - *group_count += tmp_group_count; - - tmp_methods = tmp_methods->next; - } - - return NT_STATUS_OK; -} - - diff --git a/source3/sam/sam_ads.c b/source3/sam/sam_ads.c deleted file mode 100755 index 79b107e417..0000000000 --- a/source3/sam/sam_ads.c +++ /dev/null @@ -1,1378 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Active Directory SAM backend, for simulate a W2K DC in mixed mode. - - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Andrew Bartlett 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - -#ifdef HAVE_LDAP - -static int sam_ads_debug_level = DBGC_SAM; - -#undef DBGC_CLASS -#define DBGC_CLASS sam_ads_debug_level - -#ifndef FIXME -#define FIXME( body ) { DEBUG(0,("FIXME: "));\ - DEBUGADD(0,(body));} -#endif - -#define ADS_STATUS_OK ADS_ERROR(0) -#define ADS_STATUS_UNSUCCESSFUL ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL) -#define ADS_STATUS_NOT_IMPLEMENTED ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED) - - -#define ADS_SUBTREE_BUILTIN "CN=Builtin," -#define ADS_SUBTREE_COMPUTERS "CN=Computers," -#define ADS_SUBTREE_DC "CN=Domain Controllers," -#define ADS_SUBTREE_USERS "CN=Users," -#define ADS_ROOT_TREE "" -/* Here are private module structs and functions */ - -typedef struct sam_ads_privates { - ADS_STRUCT *ads_struct; - TALLOC_CTX *mem_ctx; - BOOL bind_plaintext; - char *ads_bind_dn; - char *ads_bind_pw; - char *ldap_uri; - /* did we need something more? */ -}SAM_ADS_PRIVATES; - - -/* get only these LDAP attributes, witch we really need for an account */ -const char *account_attrs[] = { "objectSid", - "objectGUID", - "sAMAccountType", - "sAMAcountName", - "userPrincipalName", - "accountExpires", - "badPasswordTime", - "badPwdCount", - "lastLogoff", - "lastLogon", - "userWorkstations", - "dBCSPwd", - "unicodePwd", - "pwdLastSet", - "userAccountControl", - "profilePath", - "homeDrive", - "scriptPath", - "homeDirectory", - "cn", - "primaryGroupID",/* 513 */ - "nsNPAllowDialIn",/* TRUE */ - "userParameters",/* Dial Back number ...*/ - "codePage",/* 0 */ - "countryCode",/* 0 */ - "adminCount",/* 1 or 0 */ - "logonCount",/* 0 */ - "managedObjects", - "memberOf",/* dn */ - "instanceType",/* 4 */ - "name", /* sync with cn */ - "description", - /* "nTSecurityDescriptor", */ - NULL}; - -/* get only these LDAP attributes, witch we really need for a group */ -const char *group_attrs[] = {"objectSid", - /* "objectGUID", */ - "sAMAccountType", - "sAMAcountName", - "groupType", - /* "member", */ - "description", - "name", /* sync with cn */ - /* "nTSecurityDescriptor", */ - NULL}; - - -/*************************************************** - return our ads connection. We keep the connection - open to make things faster -****************************************************/ -static ADS_STATUS sam_ads_cached_connection(SAM_ADS_PRIVATES *privates) -{ - ADS_STRUCT *ads_struct; - ADS_STATUS ads_status; - - if (!privates->ads_struct) { - privates->ads_struct = ads_init_simple(); - ads_struct = privates->ads_struct; - ads_struct->server.ldap_uri = smb_xstrdup(privates->ldap_uri); - if ((!privates->ads_bind_dn) || (!*privates->ads_bind_dn)) { - ads_struct->auth.flags |= ADS_AUTH_ANON_BIND; - } else { - ads_struct->auth.user_name - = smb_xstrdup(privates->ads_bind_dn); - if (privates->ads_bind_pw) { - ads_struct->auth.password - = smb_xstrdup(privates->ads_bind_pw); - } - } - if (privates->bind_plaintext) { - ads_struct->auth.flags |= ADS_AUTH_SIMPLE_BIND; - } - } else { - ads_struct = privates->ads_struct; - } - - if (ads_struct->ld != NULL) { - /* connection has been opened. ping server. */ - struct sockaddr_un addr; - socklen_t len; - int sd; - if (ldap_get_option(ads_struct->ld, LDAP_OPT_DESC, &sd) == 0 && - getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { - /* the other end has died. reopen. */ - ldap_unbind_ext(ads_struct->ld, NULL, NULL); - ads_struct->ld = NULL; - } - } - - if (ads_struct->ld != NULL) { - DEBUG(5,("sam_ads_cached_connection: allready connected to the LDAP server\n")); - return ADS_SUCCESS; - } - - ads_status = ads_connect(ads_struct); - - ads_status = ads_server_info(ads_struct); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(0,("Can't set server info: %s\n",ads_errstr(ads_status))); - /* return ads_status; */ FIXME("for now we only warn!\n"); - } - - DEBUG(2, ("sam_ads_cached_connection: succesful connection to the LDAP server\n")); - return ADS_SUCCESS; -} - -static ADS_STATUS sam_ads_do_search(SAM_ADS_PRIVATES *privates, const char *bind_path, int scope, const char *exp, const char **attrs, void **res) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - - ads_status = sam_ads_cached_connection(privates); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - return ads_do_search_retry(privates->ads_struct, bind_path, scope, exp, attrs, res); -} - - -/********************************************* -here we have to check the update serial number - - this is the core of the ldap cache -*********************************************/ -static ADS_STATUS sam_ads_usn_is_valid(SAM_ADS_PRIVATES *privates, uint32 usn_in, uint32 *usn_out) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - - SAM_ASSERT(privates && privates->ads_struct && usn_out); - - ads_status = ads_USN(privates->ads_struct, usn_out); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - if (*usn_out == usn_in) - return ADS_SUCCESS; - - return ads_status; -} - -/*********************************************** -Initialize SAM_ACCOUNT_HANDLE from an ADS query -************************************************/ -/* not ready :-( */ -static ADS_STATUS ads_entry2sam_account_handle(SAM_ADS_PRIVATES *privates, SAM_ACCOUNT_HANDLE *account ,void *msg) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER); - NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = account->mem_ctx; - char *tmp_str = NULL; - - SAM_ASSERT(privates && ads_struct && account && mem_ctx && msg); - - FIXME("should we really use ads_pull_username()(or ads_pull_string())?\n"); - if ((account->private.account_name = ads_pull_username(ads_struct, mem_ctx, msg))==NULL) { - DEBUG(0,("ads_pull_username failed\n")); - return ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER); - } - - if ((account->private.full_name = ads_pull_string(ads_struct, mem_ctx, msg,"name"))==NULL) { - DEBUG(3,("ads_pull_string for 'name' failed - skip\n")); - } - - if ((account->private.acct_desc = ads_pull_string(ads_struct, mem_ctx, msg,"description"))!=NULL) { - DEBUG(3,("ads_pull_string for 'acct_desc' failed - skip\n")); - } - - if ((account->private.home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"homeDirectory"))!=NULL) { - DEBUG(3,("ads_pull_string for 'homeDirectory' failed - skip\n")); - } - - if ((account->private.dir_drive = ads_pull_string(ads_struct, mem_ctx, msg,"homeDrive"))!=NULL) { - DEBUG(3,("ads_pull_string for 'homeDrive' failed - skip\n")); - } - - if ((account->private.profile_path = ads_pull_string(ads_struct, mem_ctx, msg,"profilePath"))!=NULL) { - DEBUG(3,("ads_pull_string for 'profilePath' failed - skip\n")); - } - - if ((account->private.logon_script = ads_pull_string(ads_struct, mem_ctx, msg,"scriptPath"))!=NULL) { - DEBUG(3,("ads_pull_string for 'scriptPath' failed - skip\n")); - } - - FIXME("check 'nsNPAllowDialIn' for munged_dial!\n"); - if ((account->private.munged_dial = ads_pull_string(ads_struct, mem_ctx, msg,"userParameters"))!=NULL) { - DEBUG(3,("ads_pull_string for 'userParameters' failed - skip\n")); - } - - if ((account->private.unix_home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"msSFUHomeDrirectory"))!=NULL) { - DEBUG(3,("ads_pull_string for 'msSFUHomeDrirectory' failed - skip\n")); - } - -#if 0 - FIXME("use function intern mem_ctx for pwdLastSet\n"); - if ((tmp_str = ads_pull_string(ads_struct, mem_ctx, msg,"pwdLastSet"))!=NULL) { - DEBUG(3,("ads_pull_string for 'pwdLastSet' failed - skip\n")); - } else { - account->private.pass_last_set_time = ads_parse_nttime(tmp_str); - tmp_str = NULL; - - } -#endif - -#if 0 -typedef struct sam_account_handle { - TALLOC_CTX *mem_ctx; - uint32 access_granted; - const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */ - void (*free_fn)(struct sam_account_handle **); - struct sam_account_data { - uint32 init_flag; - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - char * account_name; /* account_name string */ - SAM_DOMAIN_HANDLE * domain; /* domain of account */ - char *full_name; /* account's full name string */ - char *unix_home_dir; /* UNIX home directory string */ - char *home_dir; /* home directory string */ - char *dir_drive; /* home directory drive string */ - char *logon_script; /* logon script string */ - char *profile_path; /* profile path string */ - char *acct_desc; /* account description string */ - char *workstations; /* login from workstations string */ - char *unknown_str; /* don't know what this is, yet. */ - char *munged_dial; /* munged path name and dial-back tel number */ - DOM_SID account_sid; /* Primary Account SID */ - DOM_SID group_sid; /* Primary Group SID */ - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - char *plaintext_pw; /* if Null not available */ - uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */ - uint32 unknown_1; /* 0x00ff ffff */ - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 hours[MAX_HOURS_LEN]; - uint32 unknown_2; /* 0x0002 0000 */ - uint32 unknown_3; /* 0x0000 04ec */ - } private; -} SAM_ACCOUNT_HANDLE; -#endif - - return ads_status; -} - - -/*********************************************** -Initialize SAM_GROUP_ENUM from an ads entry -************************************************/ -/* not ready :-( */ -static ADS_STATUS ads_entry2sam_group_enum(SAM_ADS_PRIVATES *privates, TALLOC_CTX *mem_ctx, SAM_GROUP_ENUM **group_enum,const void *entry) -{ - ADS_STATUS ads_status = ADS_STATUS_UNSUCCESSFUL; - ADS_STRUCT *ads_struct = privates->ads_struct; - SAM_GROUP_ENUM __group_enum; - SAM_GROUP_ENUM *_group_enum = &__group_enum; - - SAM_ASSERT(privates && ads_struct && mem_ctx && group_enum && entry); - - *group_enum = _group_enum; - - DEBUG(3,("sam_ads: ads_entry2sam_account_handle\n")); - - if (!ads_pull_sid(ads_struct, &entry, "objectSid", &(_group_enum->sid))) { - DEBUG(0,("No sid for!?\n")); - return ADS_STATUS_UNSUCCESSFUL; - } - - if (!(_group_enum->group_name = ads_pull_string(ads_struct, mem_ctx, &entry, "sAMAccountName"))) { - DEBUG(0,("No groupname found")); - return ADS_STATUS_UNSUCCESSFUL; - } - - if (!(_group_enum->group_desc = ads_pull_string(ads_struct, mem_ctx, &entry, "desciption"))) { - DEBUG(0,("No description found")); - return ADS_STATUS_UNSUCCESSFUL; - } - - DEBUG(0,("sAMAccountName: %s\ndescription: %s\nobjectSid: %s\n", - _group_enum->group_name, - _group_enum->group_desc, - sid_string_static(&(_group_enum->sid)) - )); - - return ads_status; -} - -static ADS_STATUS sam_ads_access_check(SAM_ADS_PRIVATES *privates, const SEC_DESC *sd, const NT_USER_TOKEN *access_token, uint32 access_desired, uint32 *acc_granted) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED); - NTSTATUS nt_status; - uint32 my_acc_granted; - - SAM_ASSERT(privates && sd && access_token); - /* acc_granted can be set to NULL */ - - /* the steps you need are: - 1. get_sec_desc for sid - 2. se_map_generic(accessdesired, generic_mapping) - 3. se_access_check() */ - - if (!se_access_check(sd, access_token, access_desired, (acc_granted)?acc_granted:&my_acc_granted, &nt_status)) { - DEBUG(3,("sam_ads_access_check: ACCESS DENIED\n")); - ads_status = ADS_ERROR_NT(nt_status); - return ads_status; - } - ads_status = ADS_ERROR_NT(nt_status); - return ads_status; -} - -static ADS_STATUS sam_ads_get_tree_sec_desc(SAM_ADS_PRIVATES *privates, const char *subtree, SEC_DESC **sd) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - char *search_path; - void *sec_desc_res; - void *sec_desc_msg; - const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL}; - - SAM_ASSERT(privates && ads_struct && mem_ctx && sd); - *sd = NULL; - - if (subtree) { - asprintf(&search_path, "%s%s",subtree,ads_struct->config.bind_path); - } else { - asprintf(&search_path, "%s",""); - } - ads_status = sam_ads_do_search(privates, search_path, LDAP_SCOPE_BASE, "(objectClass=*)", sec_desc_attrs, &sec_desc_res); - SAFE_FREE(search_path); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - if ((sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))==NULL) { - ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - return ads_status; - } - - if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) { - *sd = NULL; - ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - return ads_status; - } - - return ads_status; -} - -static ADS_STATUS sam_ads_account_policy_get(SAM_ADS_PRIVATES *privates, int field, uint32 *value) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - ADS_STRUCT *ads_struct = privates->ads_struct; - void *ap_res; - void *ap_msg; - const char *ap_attrs[] = {"minPwdLength",/* AP_MIN_PASSWORD_LEN */ - "pwdHistoryLength",/* AP_PASSWORD_HISTORY */ - "AP_USER_MUST_LOGON_TO_CHG_PASS",/* AP_USER_MUST_LOGON_TO_CHG_PASS */ - "maxPwdAge",/* AP_MAX_PASSWORD_AGE */ - "minPwdAge",/* AP_MIN_PASSWORD_AGE */ - "lockoutDuration",/* AP_LOCK_ACCOUNT_DURATION */ - "AP_RESET_COUNT_TIME",/* AP_RESET_COUNT_TIME */ - "AP_BAD_ATTEMPT_LOCKOUT",/* AP_BAD_ATTEMPT_LOCKOUT */ - "AP_TIME_TO_LOGOUT",/* AP_TIME_TO_LOGOUT */ - NULL}; - /*lockOutObservationWindow - lockoutThreshold $ pwdProperties*/ - static uint32 ap[9]; - static uint32 ap_usn = 0; - uint32 tmp_usn = 0; - - SAM_ASSERT(privates && ads_struct && value); - - FIXME("We need to decode all account_policy attributes!\n"); - - ads_status = sam_ads_usn_is_valid(privates,ap_usn,&tmp_usn); - if (!ADS_ERR_OK(ads_status)) { - ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_BASE, "(objectClass=*)", ap_attrs, &ap_res); - if (!ADS_ERR_OK(ads_status)) - return ads_status; - - if (ads_count_replies(ads_struct, ap_res) != 1) { - ads_msgfree(ads_struct, ap_res); - return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - } - - if (!(ap_msg = ads_first_entry(ads_struct, ap_res))) { - ads_msgfree(ads_struct, ap_res); - return ADS_ERROR(LDAP_NO_RESULTS_RETURNED); - } - - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[0], &ap[0])) { - /* AP_MIN_PASSWORD_LEN */ - ap[0] = MINPASSWDLENGTH;/* 5 chars minimum */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[1], &ap[1])) { - /* AP_PASSWORD_HISTORY */ - ap[1] = 0;/* don't keep any old password */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[2], &ap[2])) { - /* AP_USER_MUST_LOGON_TO_CHG_PASS */ - ap[2] = 0;/* don't force user to logon */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[3], &ap[3])) { - /* AP_MAX_PASSWORD_AGE */ - ap[3] = MAX_PASSWORD_AGE;/* 21 days */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[4], &ap[4])) { - /* AP_MIN_PASSWORD_AGE */ - ap[4] = 0;/* 0 days */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[5], &ap[5])) { - /* AP_LOCK_ACCOUNT_DURATION */ - ap[5] = 0;/* lockout for 0 minutes */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[6], &ap[6])) { - /* AP_RESET_COUNT_TIME */ - ap[6] = 0;/* reset immediatly */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[7], &ap[7])) { - /* AP_BAD_ATTEMPT_LOCKOUT */ - ap[7] = 0;/* don't lockout */ - } - if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[8], &ap[8])) { - /* AP_TIME_TO_LOGOUT */ - ap[8] = -1;/* don't force logout */ - } - - ads_msgfree(ads_struct, ap_res); - ap_usn = tmp_usn; - } - - switch(field) { - case AP_MIN_PASSWORD_LEN: - *value = ap[0]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_PASSWORD_HISTORY: - *value = ap[1]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_USER_MUST_LOGON_TO_CHG_PASS: - *value = ap[2]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_MAX_PASSWORD_AGE: - *value = ap[3]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_MIN_PASSWORD_AGE: - *value = ap[4]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_LOCK_ACCOUNT_DURATION: - *value = ap[5]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_RESET_COUNT_TIME: - *value = ap[6]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_BAD_ATTEMPT_LOCKOUT: - *value = ap[7]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - case AP_TIME_TO_LOGOUT: - *value = ap[8]; - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - break; - default: *value = 0; break; - } - - return ads_status; -} - - -/********************************** -Now the functions off the SAM API -***********************************/ - -/* General API */ -static NTSTATUS sam_ads_get_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const DOM_SID *sid, SEC_DESC **sd) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx; - char *sidstr,*filter; - void *sec_desc_res; - void *sec_desc_msg; - const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL}; - fstring sid_str; - SEC_DESC *my_sd; - - SAM_ASSERT(sam_method && access_token && sid && sd); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL); - - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - sidstr = sid_binstring(sid); - if (asprintf(&filter, "(objectSid=%s)", sidstr) == -1) { - SAFE_FREE(sidstr); - return NT_STATUS_NO_MEMORY; - } - - SAFE_FREE(sidstr); - - ads_status = sam_ads_do_search(privates,ads_struct->config.bind_path, - LDAP_SCOPE_SUBTREE, filter, sec_desc_attrs, - &sec_desc_res); - SAFE_FREE(filter); - - if (!ADS_ERR_OK(ads_status)) { - return ads_ntstatus(ads_status); - } - - if (!(mem_ctx = talloc_init("sec_desc parse in sam_ads"))) { - DEBUG(1, ("talloc_init() failed for sec_desc parse context in sam_ads")); - ads_msgfree(ads_struct, sec_desc_res); - return NT_STATUS_NO_MEMORY; - } - - if (ads_count_replies(ads_struct, sec_desc_res) != 1) { - DEBUG(1,("sam_ads_get_sec_desc: duplicate or 0 results for sid %s\n", - sid_to_string(sid_str, sid))); - talloc_destroy(mem_ctx); - ads_msgfree(ads_struct, sec_desc_res); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!(sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))) { - talloc_destroy(mem_ctx); - ads_msgfree(ads_struct, sec_desc_res); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) { - ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); - talloc_destroy(mem_ctx); - ads_msgfree(ads_struct, sec_desc_res); - return ads_ntstatus(ads_status); - } - - /* now, were we allowed to see the SD we just got? */ - - ads_msgfree(ads_struct, sec_desc_res); - talloc_destroy(mem_ctx); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_set_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const DOM_SID *sid, const SEC_DESC *sd) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - - -static NTSTATUS sam_ads_lookup_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, - enum SID_NAME_USE *type) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - SEC_DESC *my_sd; - - SAM_ASSERT(sam_method && access_token && mem_ctx && sid && name && type); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - return ads_sid_to_name(ads_struct, mem_ctx, sid, name, type); -} - -static NTSTATUS sam_ads_lookup_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const char *name, DOM_SID *sid, enum SID_NAME_USE *type) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - SEC_DESC *my_sd; - - SAM_ASSERT(sam_method && access_token && name && sid && type); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - return ads_name_to_sid(ads_struct, name, sid, type); -} - - -/* Domain API */ - -static NTSTATUS sam_ads_update_domain(const SAM_METHODS *sam_method, const SAM_DOMAIN_HANDLE *domain) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_domain_handle(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, - const uint32 access_desired, SAM_DOMAIN_HANDLE **domain) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - TALLOC_CTX *mem_ctx = privates->mem_ctx; /*Fix me is this right??? */ - SAM_DOMAIN_HANDLE *dom_handle = NULL; - SEC_DESC *sd; - uint32 acc_granted; - uint32 tmp_value; - - DEBUG(5,("sam_ads_get_domain_handle: %d\n",__LINE__)); - - SAM_ASSERT(sam_method && access_token && domain); - - (*domain) = NULL; - - if ((dom_handle = talloc(mem_ctx, sizeof(SAM_DOMAIN_HANDLE))) == NULL) { - DEBUG(0,("failed to talloc dom_handle\n")); - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - return ads_ntstatus(ads_status); - } - - ZERO_STRUCTP(dom_handle); - - dom_handle->mem_ctx = mem_ctx; /*Fix me is this right??? */ - dom_handle->free_fn = NULL; - dom_handle->current_sam_methods = sam_method; - - /* check if access can be granted as requested */ - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - dom_handle->access_granted = acc_granted; - - /* fill all the values of dom_handle */ - sid_copy(&dom_handle->private.sid, &sam_method->domain_sid); - dom_handle->private.name = smb_xstrdup(sam_method->domain_name); - dom_handle->private.servername = "WHOKNOWS"; /* what is the servername */ - - /*Fix me: sam_ads_account_policy_get() return ADS_STATUS! */ - ads_status = sam_ads_account_policy_get(privates, AP_MAX_PASSWORD_AGE, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for max password age. Useing default\n")); - tmp_value = MAX_PASSWORD_AGE; - } - unix_to_nt_time_abs(&dom_handle->private.max_passwordage,tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_AGE, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for min password age. Useing default\n")); - tmp_value = 0; - } - unix_to_nt_time_abs(&dom_handle->private.min_passwordage, tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_LOCK_ACCOUNT_DURATION, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for lockout duration. Useing default\n")); - tmp_value = 0; - } - unix_to_nt_time_abs(&dom_handle->private.lockout_duration, tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_RESET_COUNT_TIME, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for time till locout count is reset. Useing default\n")); - tmp_value = 0; - } - unix_to_nt_time_abs(&dom_handle->private.reset_count, tmp_value); - - ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_LEN, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for min password length. Useing default\n")); - tmp_value = 0; - } - dom_handle->private.min_passwordlength = (uint16)tmp_value; - - ads_status = sam_ads_account_policy_get(privates, AP_PASSWORD_HISTORY, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed password history. Useing default\n")); - tmp_value = 0; - } - dom_handle->private.password_history = (uint16)tmp_value; - - ads_status = sam_ads_account_policy_get(privates, AP_BAD_ATTEMPT_LOCKOUT, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for bad attempts till lockout. Useing default\n")); - tmp_value = 0; - } - dom_handle->private.lockout_count = (uint16)tmp_value; - - ads_status = sam_ads_account_policy_get(privates, AP_TIME_TO_LOGOUT, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for force logout. Useing default\n")); - tmp_value = -1; - } - - ads_status = sam_ads_account_policy_get(privates, AP_USER_MUST_LOGON_TO_CHG_PASS, &tmp_value); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(4,("sam_ads_account_policy_get failed for user must login to change password. Useing default\n")); - tmp_value = 0; - } - - /* should the real values of num_accounts, num_groups and num_aliases be retreved? - * I think it is to expensive to bother - */ - dom_handle->private.num_accounts = 3; - dom_handle->private.num_groups = 4; - dom_handle->private.num_aliases = 5; - - *domain = dom_handle; - - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - return ads_ntstatus(ads_status); -} - -/* Account API */ -static NTSTATUS sam_ads_create_account(const SAM_METHODS *sam_method, - const NT_USER_TOKEN *access_token, uint32 access_desired, - const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - SEC_DESC *sd = NULL; - uint32 acc_granted; - - SAM_ASSERT(sam_method && privates && access_token && account_name && account); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_SUBTREE_USERS, &sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = ADS_ERROR_NT(sam_init_account(account)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - (*account)->access_granted = acc_granted; - - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_add_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account) -{ - ADS_STATUS ads_status = ADS_ERROR(LDAP_NO_MEMORY); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - ADS_MODLIST mods; - uint16 acct_ctrl; - char *new_dn; - SEC_DESC *sd; - uint32 acc_granted; - - SAM_ASSERT(sam_method && account); - - ads_status = ADS_ERROR_NT(sam_get_account_acct_ctrl(account,&acct_ctrl)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - if ((acct_ctrl & ACB_WSTRUST)||(acct_ctrl & ACB_SVRTRUST)) { - /* Computer account */ - char *name,*controlstr; - char *hostname,*host_upn,*host_spn; - const char *objectClass[] = {"top", "person", "organizationalPerson", - "user", "computer", NULL}; - - ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - if (!(host_upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Computers,%s", hostname, - ads_struct->config.bind_path))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(mods = ads_init_mods(mem_ctx))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - ads_status = ads_mod_str(mem_ctx, &mods, "cn", hostname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", host_upn); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "displayName", hostname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr); - if (!ADS_ERR_OK(ads_status)) - goto done; - - ads_status = ads_mod_str(mem_ctx, &mods, "servicePrincipalName", host_spn); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "dNSHostName", hostname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr); - if (!ADS_ERR_OK(ads_status)) - goto done; - /* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystem", "Samba"); - if (!ADS_ERR_OK(ads_status)) - goto done; - *//* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", VERSION); - if (!ADS_ERR_OK(ads_status)) - goto done; - */ - /* End Computer account */ - } else { - /* User account*/ - char *upn, *controlstr; - char *name, *fullname; - const char *objectClass[] = {"top", "person", "organizationalPerson", - "user", NULL}; - - ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - ads_status = ADS_ERROR_NT(sam_get_account_fullname(account,&fullname)); - if (!ADS_ERR_OK(ads_status)) - goto done; - - if (!(upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", fullname, - ads_struct->config.bind_path))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - if (!(mods = ads_init_mods(mem_ctx))) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - goto done; - } - - ads_status = ads_mod_str(mem_ctx, &mods, "cn", fullname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", upn); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "displayName", fullname); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name); - if (!ADS_ERR_OK(ads_status)) - goto done; - ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr); - if (!ADS_ERR_OK(ads_status)) - goto done; - }/* End User account */ - - /* Finally at the account */ - ads_status = ads_gen_add(ads_struct, new_dn, mods); - -done: - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_update_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_delete_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - - - - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_enum_accounts(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -#if 0 -static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - SEC_DESC *sd = NULL; - uint32 acc_granted; - - SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_sid && account); - - ads_status = ADS_ERROR_NT(sam_ads_get_sec_desc(sam_method, access_token, account_sid, &my_sd)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = ADS_ERROR_NT(sam_init_account(account)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - (*account)->access_granted = acc_granted; - - return ads_ntstatus(ads_status); -} -#else -static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} -#endif - -#if 0 -static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - SEC_DESC *sd = NULL; - uint32 acc_granted; - - SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_name && account); - - ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - ads_status = ADS_ERROR_NT(sam_init_account(account)); - if (!ADS_ERR_OK(ads_status)) - return ads_ntstatus(ads_status); - - (*account)->access_granted = acc_granted; - - return ads_ntstatus(ads_status); -} -#else -static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} -#endif - -/* Group API */ -static NTSTATUS sam_ads_create_group(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_add_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_update_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_delete_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_enum_groups(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data; - ADS_STRUCT *ads_struct = privates->ads_struct; - TALLOC_CTX *mem_ctx = privates->mem_ctx; - void *res = NULL; - void *msg = NULL; - char *filter = NULL; - int i = 0; - - /* get only these LDAP attributes, witch we really need for a group */ - const char *group_enum_attrs[] = {"objectSid", - "description", - "sAMAcountName", - NULL}; - - SAM_ASSERT(sam_method && access_token && groups_count && groups); - - *groups_count = 0; - - DEBUG(3,("ads: enum_dom_groups\n")); - - FIXME("get only group from the wanted Type!\n"); - asprintf(&filter, "(&(objectClass=group)(groupType=%s))", "*"); - ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_SUBTREE, filter, group_enum_attrs, &res); - if (!ADS_ERR_OK(ads_status)) { - DEBUG(1,("enum_groups ads_search: %s\n", ads_errstr(ads_status))); - } - - *groups_count = ads_count_replies(ads_struct, res); - if (*groups_count == 0) { - DEBUG(1,("enum_groups: No groups found\n")); - } - - (*groups) = talloc_zero(mem_ctx, (*groups_count) * sizeof(**groups)); - if (!*groups) { - ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - for (msg = ads_first_entry(ads_struct, res); msg; msg = ads_next_entry(ads_struct, msg)) { - uint32 grouptype; - - if (!ads_pull_uint32(ads_struct, msg, "groupType", &grouptype)) { - ; - } else { - (*groups)->group_ctrl = ads_gtype2gcb(grouptype); - } - - if (!((*groups)->group_name = ads_pull_string(ads_struct, mem_ctx, msg, "sAMAccountName"))) { - ; - } - - if (!((*groups)->group_desc = ads_pull_string(ads_struct, mem_ctx, msg, "description"))) { - ; - } - - if (!ads_pull_sid(ads_struct, msg, "objectSid", &((*groups)->sid))) { - DEBUG(1,("No sid for group %s !?\n", (*groups)->group_name)); - continue; - } - - i++; - } - - (*groups_count) = i; - - ads_status = ADS_ERROR_NT(NT_STATUS_OK); - - DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*groups_count))); - - if (res) ads_msgfree(ads_struct, res); - - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_group_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_group_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_add_member_to_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_delete_member_from_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_enum_groupmembers(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -static NTSTATUS sam_ads_get_groups_of_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const DOM_SID **sids, const uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED; - DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO)); - SAM_ASSERT(sam_method); - return ads_ntstatus(ads_status); -} - -/********************************** -Free our private data -***********************************/ -static void sam_ads_free_private_data(void **vp) -{ - SAM_ADS_PRIVATES **sam_ads_state = (SAM_ADS_PRIVATES **)vp; - - if ((*sam_ads_state)->ads_struct->ld) { - ldap_unbind((*sam_ads_state)->ads_struct->ld); - } - - ads_destroy(&((*sam_ads_state)->ads_struct)); - - talloc_destroy((*sam_ads_state)->mem_ctx); - FIXME("maybe we must free some other stuff here\n"); - - *sam_ads_state = NULL; -} - - - -/***************************************************** -Init the ADS SAM backend -******************************************************/ -NTSTATUS sam_init_ads(SAM_METHODS *sam_method, const char *module_params) -{ - ADS_STATUS ads_status; - SAM_ADS_PRIVATES *sam_ads_state; - TALLOC_CTX *mem_ctx; - - SAM_ASSERT(sam_method && sam_method->parent); - - mem_ctx = sam_method->parent->mem_ctx; - - /* Here the SAM API functions of the sam_ads module */ - - /* General API */ - - sam_method->sam_get_sec_desc = sam_ads_get_sec_desc; - sam_method->sam_set_sec_desc = sam_ads_set_sec_desc; - - sam_method->sam_lookup_sid = sam_ads_lookup_sid; - sam_method->sam_lookup_name = sam_ads_lookup_name; - - /* Domain API */ - - sam_method->sam_update_domain = sam_ads_update_domain; - sam_method->sam_get_domain_handle = sam_ads_get_domain_handle; - - /* Account API */ - - sam_method->sam_create_account = sam_ads_create_account; - sam_method->sam_add_account = sam_ads_add_account; - sam_method->sam_update_account = sam_ads_update_account; - sam_method->sam_delete_account = sam_ads_delete_account; - sam_method->sam_enum_accounts = sam_ads_enum_accounts; - - sam_method->sam_get_account_by_sid = sam_ads_get_account_by_sid; - sam_method->sam_get_account_by_name = sam_ads_get_account_by_name; - - /* Group API */ - - sam_method->sam_create_group = sam_ads_create_group; - sam_method->sam_add_group = sam_ads_add_group; - sam_method->sam_update_group = sam_ads_update_group; - sam_method->sam_delete_group = sam_ads_delete_group; - sam_method->sam_enum_groups = sam_ads_enum_groups; - sam_method->sam_get_group_by_sid = sam_ads_get_group_by_sid; - sam_method->sam_get_group_by_name = sam_ads_get_group_by_name; - - sam_method->sam_add_member_to_group = sam_ads_add_member_to_group; - sam_method->sam_delete_member_from_group = sam_ads_delete_member_from_group; - sam_method->sam_enum_groupmembers = sam_ads_enum_groupmembers; - - sam_method->sam_get_groups_of_sid = sam_ads_get_groups_of_sid; - - sam_ads_state = talloc_zero(mem_ctx, sizeof(SAM_ADS_PRIVATES)); - if (!sam_ads_state) { - DEBUG(0, ("talloc() failed for sam_ads private_data!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!(sam_ads_state->mem_ctx = talloc_init("sam_ads_method"))) { - DEBUG(0, ("talloc_init() failed for sam_ads_state->mem_ctx\n")); - return NT_STATUS_NO_MEMORY; - } - - sam_ads_state->ads_bind_dn = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_const_string(GLOBAL_SECTION_SNUM,"sam_ads","bind as", "")); - sam_ads_state->ads_bind_pw = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_const_string(GLOBAL_SECTION_SNUM,"sam_ads","bind pw", "")); - - sam_ads_state->bind_plaintext = lp_parm_bool(GLOBAL_SECTION_SNUM, "sam_ads", "plaintext bind" , True); - - if (!sam_ads_state->ads_bind_dn || !sam_ads_state->ads_bind_pw) { - DEBUG(0, ("talloc_strdup() failed for bind dn or password\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Maybe we should not check the result here? Server down on startup? */ - - if (module_params && *module_params) { - sam_ads_state->ldap_uri = talloc_strdup(sam_ads_state->mem_ctx, module_params); - if (!sam_ads_state->ldap_uri) { - DEBUG(0, ("talloc_strdup() failed for bind dn or password\n")); - return NT_STATUS_NO_MEMORY; - } - } else { - sam_ads_state->ldap_uri = "ldapi://"; - } - - ads_status = sam_ads_cached_connection(sam_ads_state); - if (!ADS_ERR_OK(ads_status)) { - return ads_ntstatus(ads_status); - } - - sam_method->private_data = sam_ads_state; - sam_method->free_private_data = sam_ads_free_private_data; - - sam_ads_debug_level = debug_add_class("sam_ads"); - if (sam_ads_debug_level == -1) { - sam_ads_debug_level = DBGC_ALL; - DEBUG(0, ("sam_ads: Couldn't register custom debugging class!\n")); - } else DEBUG(2, ("sam_ads: Debug class number of 'sam_ads': %d\n", sam_ads_debug_level)); - - DEBUG(5, ("Initializing sam_ads\n")); - if (module_params) - DEBUG(10, ("Module Parameters for Domain %s[%s]: %s\n", sam_method->domain_name, sam_method->domain_name, module_params)); - return NT_STATUS_OK; -} - -#else /* HAVE_LDAP */ -void sam_ads_dummy(void) -{ - DEBUG(0,("sam_ads: not supported!\n")); -} -#endif /* HAVE_LDAP */ diff --git a/source3/sam/sam_skel.c b/source3/sam/sam_skel.c deleted file mode 100644 index b4d64bb6da..0000000000 --- a/source3/sam/sam_skel.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - Unix SMB/CIFS implementation. - this is a skeleton for SAM backend modules. - - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Andrew Bartlett 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -static int sam_skel_debug_level = DBGC_SAM; - -#undef DBGC_CLASS -#define DBGC_CLASS sam_skel_debug_level - -/* define the version of the SAM interface */ -SAM_MODULE_VERSIONING_MAGIC - -/* General API */ - -static NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -/* Domain API */ - -static NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -/* Account API */ - -static NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -/* Group API */ - -static NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO)); - return NT_STATUS_NOT_IMPLEMENTED; -} - -NTSTATUS sam_init_skel(SAM_METHODS *sam_methods, const char *module_params) -{ - /* Functions your SAM module doesn't provide should be set - * to NULL */ - - sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc; - sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc; - - sam_methods->sam_lookup_sid = sam_skel_lookup_sid; - sam_methods->sam_lookup_name = sam_skel_lookup_name; - - /* Domain API */ - - sam_methods->sam_update_domain = sam_skel_update_domain; - sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle; - - /* Account API */ - - sam_methods->sam_create_account = sam_skel_create_account; - sam_methods->sam_add_account = sam_skel_add_account; - sam_methods->sam_update_account = sam_skel_update_account; - sam_methods->sam_delete_account = sam_skel_delete_account; - sam_methods->sam_enum_accounts = sam_skel_enum_accounts; - - sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid; - sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name; - - /* Group API */ - - sam_methods->sam_create_group = sam_skel_create_group; - sam_methods->sam_add_group = sam_skel_add_group; - sam_methods->sam_update_group = sam_skel_update_group; - sam_methods->sam_delete_group = sam_skel_delete_group; - sam_methods->sam_enum_groups = sam_skel_enum_groups; - sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid; - sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name; - - sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group; - sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group; - sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers; - - sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid; - - sam_methods->free_private_data = NULL; - - - sam_skel_debug_level = debug_add_class("sam_skel"); - if (sam_skel_debug_level == -1) { - sam_skel_debug_level = DBGC_SAM; - DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n")); - } else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level)); - - if(module_params) - DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name)); - else - DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name)); - - return NT_STATUS_OK; -} diff --git a/source3/script/addtosmbpass b/source3/script/addtosmbpass new file mode 100644 index 0000000000..bc82851c52 --- /dev/null +++ b/source3/script/addtosmbpass @@ -0,0 +1,74 @@ +#!/usr/bin/awk -f +# edit the line above to point to your real location of awk interpreter + +# awk program for adding new entries in smbpasswd files +# arguments are account names to add; feed it an existent Samba password +# file on stdin, results will be written on stdout +# +# Michal Jaegermann, michal@ellpspace.math.ualberta.ca, 1995-11-09 + +BEGIN { + me = "addtosmbpass"; + count = ARGC; + FS = ":"; + + if (count == 1) { + print "Usage:", me, + "name1 [name2 ....] < smbpasswd.in > smbpasswd.out"; + ARGV[1] = "/dev/null"; + ARGC = 2; + exit; + } + + for(i = 1; i < count; i++) { + names[ARGV[i]] = " "; + delete ARGV[i]; + } +# sane awk should work simply with 'ARGC = 1', but not every awk +# implementation is sane - big sigh!! + ARGV[1] = "-"; + ARGC = 2; +# +# If you have ypmatch but is not RPC registered (some Linux systems +# for example) comment out the next line. +# "which ypmatch" | getline ypmatch; + if (1 != match(ypmatch, /^\//)) { + ypmatch = ""; + } + pwdf = "/etc/passwd"; +} +#check for names already present in input +{ + print $0; + for(name in names) { + if($1 == name) { + delete names[name]; + } + } +} +END { + fmt = "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:"; + fmt = fmt "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:%s:\n"; + for(name in names) { + while ((getline < pwdf) > 0) { + if ($1 == name) { + printf(fmt, $1, $3, $5); + close(pwdf); + notfound = ""; + break; + } + notfound = "n"; + } + $0 = ""; + if (notfound && ypmatch) { +# try to find in NIS databases + command = ypmatch " " name " passwd"; + command | getline; + if (NF > 0) { + printf(fmt, $1, $3, $5); + } + close(command); + } + } +} + diff --git a/source3/script/build_env.sh b/source3/script/build_env.sh index 0000759f16..eb54f37aed 100755 --- a/source3/script/build_env.sh +++ b/source3/script/build_env.sh @@ -1,25 +1,31 @@ #!/bin/sh +if [ $# -lt 3 ] +then + echo "Usage: $0 srcdir builddir compiler" + exit 1 +fi + uname=`uname -a` date=`date` srcdir=$1 builddir=$2 compiler=$3 - if [ ! "x$USER" = "x" ]; then - whoami=$USER - else - if [ ! "x$LOGNAME" = "x" ]; then - whoami=$LOGNAME - else - whoami=`whoami || id -un` - fi - fi +if [ ! "x$USER" = "x" ]; then + whoami=$USER +else + if [ ! "x$LOGNAME" = "x" ]; then + whoami=$LOGNAME + else + whoami=`whoami || id -un` + fi +fi host=`hostname` cat <<EOF -/* This file is automatically generated with "make build_env". DO NOT EDIT */ +/* This file is automatically generated with "make include/build_env.h". DO NOT EDIT */ #ifndef _BUILD_ENV_H #define _BUILD_ENV_H diff --git a/source3/script/convert_smbpasswd b/source3/script/convert_smbpasswd new file mode 100755 index 0000000000..edb775d3a6 --- /dev/null +++ b/source3/script/convert_smbpasswd @@ -0,0 +1,17 @@ +#!/bin/sh +# +# Convert a Samba 1.9.18 smbpasswd file format into +# a Samba 2.0 smbpasswd file format. +# Read from stdin and write to stdout for simplicity. +# Set the last change time to 0x363F96AD to avoid problems +# with trying to work out how to get the seconds since 1970 +# in awk or the shell. JRA. +# +nawk 'BEGIN {FS=":"} +{ + if( $0 ~ "^#" ) { + print $0 + } else { + printf( "%s:%s:%s:%s:[U ]:LCT-363F96AD:\n", $1, $2, $3, $4); + } +}' diff --git a/source3/script/genstruct.pl b/source3/script/genstruct.pl deleted file mode 100755 index a6abd718c9..0000000000 --- a/source3/script/genstruct.pl +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/perl -w -# a simple system for generating C parse info -# this can be used to write generic C structer load/save routines -# Copyright 2002 Andrew Tridgell <genstruct@tridgell.net> -# released under the GNU General Public License v2 or later - -use strict; - -my(%enum_done) = (); -my(%struct_done) = (); - -################################################### -# general handler -sub handle_general($$$$$$$$) -{ - my($name) = shift; - my($ptr_count) = shift; - my($size) = shift; - my($element) = shift; - my($flags) = shift; - my($dump_fn) = shift; - my($parse_fn) = shift; - my($tflags) = shift; - my($array_len) = 0; - my($dynamic_len) = "NULL"; - - # handle arrays, currently treat multidimensional arrays as 1 dimensional - while ($element =~ /(.*)\[(.*?)\]$/) { - $element = $1; - if ($array_len == 0) { - $array_len = $2; - } else { - $array_len = "$2 * $array_len"; - } - } - - if ($flags =~ /_LEN\((\w*?)\)/) { - $dynamic_len = "\"$1\""; - } - - if ($flags =~ /_NULLTERM/) { - $tflags = "FLAG_NULLTERM"; - } - - print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n"; -} - - -#################################################### -# parse one element -sub parse_one($$$$) -{ - my($name) = shift; - my($type) = shift; - my($element) = shift; - my($flags) = shift; - my($ptr_count) = 0; - my($size) = "sizeof($type)"; - my($tflags) = "0"; - - # enums get the FLAG_ALWAYS flag - if ($type =~ /^enum /) { - $tflags = "FLAG_ALWAYS"; - } - - - # make the pointer part of the base type - while ($element =~ /^\*(.*)/) { - $ptr_count++; - $element = $1; - } - - # convert spaces to _ - $type =~ s/ /_/g; - - my($dump_fn) = "gen_dump_$type"; - my($parse_fn) = "gen_parse_$type"; - - handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags); -} - -#################################################### -# parse one element -sub parse_element($$$) -{ - my($name) = shift; - my($element) = shift; - my($flags) = shift; - my($type); - my($data); - - # pull the base type - if ($element =~ /^struct (\S*) (.*)/) { - $type = "struct $1"; - $data = $2; - } elsif ($element =~ /^enum (\S*) (.*)/) { - $type = "enum $1"; - $data = $2; - } elsif ($element =~ /^unsigned (\S*) (.*)/) { - $type = "unsigned $1"; - $data = $2; - } elsif ($element =~ /^(\S*) (.*)/) { - $type = $1; - $data = $2; - } else { - die "Can't parse element '$element'"; - } - - # handle comma separated lists - while ($data =~ /(\S*),[\s]?(.*)/) { - parse_one($name, $type, $1, $flags); - $data = $2; - } - parse_one($name, $type, $data, $flags); -} - - -my($first_struct) = 1; - -#################################################### -# parse the elements of one structure -sub parse_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_struct) { - $first_struct = 0; - print "Parsing structs: $name"; - } else { - print ", $name"; - } - - print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n"; - print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n"; - - print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n"; - - - while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) { - my($element) = $1; - my($flags) = $2; - $elements = $3; - parse_element($name, $element, $flags); - } - - print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n"; - - print OFILE " -int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent); -} -int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) { - return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str); -} - -"; -} - -my($first_enum) = 1; - -#################################################### -# parse out the enum declarations -sub parse_enum_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_enum) { - $first_enum = 0; - print "Parsing enums: $name"; - } else { - print ", $name"; - } - - print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n"; - - my(@enums) = split(/,/s, $elements); - for (my($i)=0; $i <= $#{@enums}; $i++) { - my($enum) = $enums[$i]; - if ($enum =~ /\s*(\w*)/) { - my($e) = $1; - print OFILE "{\"$e\", $e},\n"; - } - } - - print OFILE "{NULL, 0}};\n"; - - print OFILE " -int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_enum(einfo_$name, p, ptr, indent); -} - -int gen_parse_enum_$name(char *ptr, const char *str) { - return gen_parse_enum(einfo_$name, ptr, str); -} - -"; -} - -#################################################### -# parse out the enum declarations -sub parse_enums($) -{ - my($data) = shift; - - while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - - if (!defined($enum_done{$name})) { - $enum_done{$name} = 1; - parse_enum_elements($name, $elements); - } - } - - if (! $first_enum) { - print "\n"; - } -} - -#################################################### -# parse all the structures -sub parse_structs($) -{ - my($data) = shift; - - # parse into structures - while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - if (!defined($struct_done{$name})) { - $struct_done{$name} = 1; - parse_elements($name, $elements); - } - } - - if (! $first_struct) { - print "\n"; - } else { - print "No GENSTRUCT structures found?\n"; - } -} - - -#################################################### -# parse a header file, generating a dumper structure -sub parse_data($) -{ - my($data) = shift; - - # collapse spaces - $data =~ s/[\t ]+/ /sg; - $data =~ s/\s*\n\s+/\n/sg; - # strip debug lines - $data =~ s/^\#.*?\n//smg; - - parse_enums($data); - parse_structs($data); -} - - -######################################### -# display help text -sub ShowHelp() -{ - print " -generator for C structure dumpers -Copyright Andrew Tridgell <genstruct\@tridgell.net> - -Sample usage: - genstruct -o output.h gcc -E -O2 -g test.h - -Options: - --help this help page - -o OUTPUT place output in OUTPUT -"; - exit(0); -} - -######################################## -# main program -if ($ARGV[0] ne "-o" || $#ARGV < 2) { - ShowHelp(); -} - -shift; -my($opt_ofile)=shift; - -print "creating $opt_ofile\n"; - -open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile"; - -print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n"; - -parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`); -exit(0); diff --git a/source3/script/installswat.sh b/source3/script/installswat.sh index c66604cdb8..d1f8ea191d 100755 --- a/source3/script/installswat.sh +++ b/source3/script/installswat.sh @@ -1,5 +1,5 @@ #!/bin/sh -#fist version March 1998, Andrew Tridgell +#first version March 1998, Andrew Tridgell SWATDIR=$1 SRCDIR=$2/ diff --git a/source3/script/mkbuildoptions.awk b/source3/script/mkbuildoptions.awk new file mode 100644 index 0000000000..cdc5bd9881 --- /dev/null +++ b/source3/script/mkbuildoptions.awk @@ -0,0 +1,262 @@ +BEGIN { + print "/* "; + print " Unix SMB/CIFS implementation."; + print " Build Options for Samba Suite"; + print " Copyright (C) Vance Lankhaar <vlankhaar@linux.ca> 2003"; + print " Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001"; + print " "; + print " This program is free software; you can redistribute it and/or modify"; + print " it under the terms of the GNU General Public License as published by"; + print " the Free Software Foundation; either version 2 of the License, or"; + print " (at your option) any later version."; + print " "; + print " This program is distributed in the hope that it will be useful,"; + print " but WITHOUT ANY WARRANTY; without even the implied warranty of"; + print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the"; + print " GNU General Public License for more details."; + print " "; + print " You should have received a copy of the GNU General Public License"; + print " along with this program; if not, write to the Free Software"; + print " Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA."; + print "*/"; + print ""; + print "#include \"includes.h\""; + print "#include \"build_env.h\""; + print "#include \"dynconfig.h\""; + print ""; + print "static void output(BOOL screen, const char *format, ...) PRINTF_ATTRIBUTE(2,3);"; + print ""; + print ""; + print "/****************************************************************************"; + print "helper function for build_options"; + print "****************************************************************************/"; + print "static void output(BOOL screen, const char *format, ...)"; + print "{"; + print " char *ptr;"; + print " va_list ap;"; + print " "; + print " va_start(ap, format);"; + print " vasprintf(&ptr,format,ap);"; + print " va_end(ap);"; + print ""; + print " if (screen) {"; + print " d_printf(\"%s\", ptr);"; + print " } else {"; + print " DEBUG(4,(\"%s\", ptr));"; + print " }"; + print " "; + print " SAFE_FREE(ptr);"; + print "}"; + print ""; + print "/****************************************************************************"; + print "options set at build time for the samba suite"; + print "****************************************************************************/"; + print "void build_options(BOOL screen)"; + print "{"; + print " if ((DEBUGLEVEL < 4) && (!screen)) {"; + print " return;"; + print " }"; + print ""; + print "#ifdef _BUILD_ENV_H"; + print " /* Output information about the build environment */"; + print " output(screen,\"Build environment:\\n\");"; + print " output(screen,\" Built by: %s@%s\\n\",BUILD_ENV_USER,BUILD_ENV_HOST);"; + print " output(screen,\" Built on: %s\\n\",BUILD_ENV_DATE);"; + print ""; + print " output(screen,\" Built using: %s\\n\",BUILD_ENV_COMPILER);"; + print " output(screen,\" Build host: %s\\n\",BUILD_ENV_UNAME);"; + print " output(screen,\" SRCDIR: %s\\n\",BUILD_ENV_SRCDIR);"; + print " output(screen,\" BUILDDIR: %s\\n\",BUILD_ENV_BUILDDIR);"; + print ""; + print " "; + print "#endif"; + print ""; + + print " /* Output various paths to files and directories */"; + print " output(screen,\"\\nPaths:\\n\");"; + + print " output(screen,\" SBINDIR: %s\\n\", dyn_SBINDIR);"; + print " output(screen,\" BINDIR: %s\\n\", dyn_BINDIR);"; + print " output(screen,\" SWATDIR: %s\\n\", dyn_SWATDIR);"; + + print " output(screen,\" CONFIGFILE: %s\\n\", dyn_CONFIGFILE);"; + print " output(screen,\" LOGFILEBASE: %s\\n\", dyn_LOGFILEBASE);"; + print " output(screen,\" LMHOSTSFILE: %s\\n\",dyn_LMHOSTSFILE);"; + + print " output(screen,\" LIBDIR: %s\\n\",dyn_LIBDIR);"; + print " output(screen,\" SHLIBEXT: %s\\n\",dyn_SHLIBEXT);"; + + print " output(screen,\" LOCKDIR: %s\\n\",dyn_LOCKDIR);"; + print " output(screen,\" PIDDIR: %s\\n\", dyn_PIDDIR);"; + + print " output(screen,\" SMB_PASSWD_FILE: %s\\n\",dyn_SMB_PASSWD_FILE);"; + print " output(screen,\" PRIVATE_DIR: %s\\n\",dyn_PRIVATE_DIR);"; + print ""; + + +################################################## +# predefine first element of *_ary +# predefine *_i (num of elements in *_ary) + with_ary[0]=""; + with_i=0; + have_ary[0]=""; + have_i=0; + utmp_ary[0]=""; + utmp_i=0; + misc_ary[0]=""; + misc_i=0; + sys_ary[0]=""; + sys_i=0; + headers_ary[0]=""; + headers_i=0; + in_comment = 0; +} + +# capture single line comments +/^\/\* (.*?)\*\// { + last_comment = $0; + next; +} + +# end capture multi-line comments +/(.*?)\*\// { + last_comment = last_comment $0; + in_comment = 0; + next; +} + +# capture middle lines of multi-line comments +in_comment { + last_comment = last_comment $0; + next; +} + +# begin capture multi-line comments +/^\/\* (.*?)/ { + last_comment = $0; + in_comment = 1; + next +} + +################################################## +# if we have an #undef and a last_comment, store it +/^\#undef/ { + split($0,a); + comments_ary[a[2]] = last_comment; + last_comment = ""; +} + +################################################## +# for each line, sort into appropriate section +# then move on + +/^\#undef WITH/ { + with_ary[with_i++] = a[2]; + # we want (I think) to allow --with to show up in more than one place, so no next +} + + +/^\#undef HAVE_UT_UT_/ || /^\#undef .*UTMP/ { + utmp_ary[utmp_i++] = a[2]; + next; +} + +/^\#undef HAVE_SYS_.*?_H$/ { + sys_ary[sys_i++] = a[2]; + next; +} + +/^\#undef HAVE_.*?_H$/ { + headers_ary[headers_i++] = a[2]; + next; +} + +/^\#undef HAVE_/ { + have_ary[have_i++] = a[2]; + next; +} + +/^\#undef/ { + misc_ary[misc_i++] = a[2]; + next; +} + + +################################################## +# simple sort function +function sort(ARRAY, ELEMENTS) { + for (i = 1; i <= ELEMENTS; ++i) { + for (j = i; (j-1) in ARRAY && (j) in ARRAY && ARRAY[j-1] > ARRAY[j]; --j) { + temp = ARRAY[j]; + ARRAY[j] = ARRAY[j-1]; + ARRAY[j-1] = temp; + } + } + return; +} + + +################################################## +# output code from list of defined +# expects: ARRAY an array of things defined +# ELEMENTS number of elements in ARRAY +# TITLE title for section +# returns: nothing +function output(ARRAY, ELEMENTS, TITLE) { + + # add section header + print "\n\t/* Show " TITLE " */"; + print "\toutput(screen, \"\\n " TITLE ":\\n\");\n"; + + + # sort element using bubble sort (slow, but easy) + sort(ARRAY, ELEMENTS); + + # loop through array of defines, outputting code + for (i = 0; i < ELEMENTS; i++) { + print "#ifdef " ARRAY[i]; + + # I don't know which one to use.... + + print "\toutput(screen, \" " ARRAY[i] "\\n\");"; + #printf "\toutput(screen, \" %s\\n %s\\n\\n\");\n", comments_ary[ARRAY[i]], ARRAY[i]; + #printf "\toutput(screen, \" %-35s %s\\n\");\n", ARRAY[i], comments_ary[ARRAY[i]]; + + print "#endif"; + } + return; +} + +END { + ################################################## + # add code to show various options + print "/* Output various other options (as gleaned from include/config.h.in) */"; + output(sys_ary, sys_i, "System Headers"); + output(headers_ary, headers_i, "Headers"); + output(utmp_ary, utmp_i, "UTMP Options"); + output(have_ary, have_i, "HAVE_* Defines"); + output(with_ary, with_i, "--with Options"); + output(misc_ary, misc_i, "Build Options"); + + ################################################## + # add code to display the various type sizes + print " /* Output the sizes of the various types */"; + print " output(screen, \"\\nType sizes:\\n\");"; + print " output(screen, \" sizeof(char): %u\\n\",sizeof(char));"; + print " output(screen, \" sizeof(int): %u\\n\",sizeof(int));"; + print " output(screen, \" sizeof(long): %u\\n\",sizeof(long));"; + print " output(screen, \" sizeof(uint8): %u\\n\",sizeof(uint8));"; + print " output(screen, \" sizeof(uint16): %u\\n\",sizeof(uint16));"; + print " output(screen, \" sizeof(uint32): %u\\n\",sizeof(uint32));"; + print " output(screen, \" sizeof(short): %u\\n\",sizeof(short));"; + print " output(screen, \" sizeof(void*): %u\\n\",sizeof(void*));"; + + ################################################## + # add code to give information about modules + print " output(screen, \"\\nBuiltin modules:\\n\");"; + print " output(screen, \" %s\\n\", STRING_STATIC_MODULES);"; + + print "}"; + +} + diff --git a/source3/smbd/.cvsignore b/source3/smbd/.cvsignore index 5f2a5c4cf7..d2b1fd5b2e 100644 --- a/source3/smbd/.cvsignore +++ b/source3/smbd/.cvsignore @@ -1,2 +1,3 @@ *.po *.po32 +build_options.c diff --git a/source3/smbd/build_options.c b/source3/smbd/build_options.c deleted file mode 100644 index 43335666a6..0000000000 --- a/source3/smbd/build_options.c +++ /dev/null @@ -1,532 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Build Options for Samba Suite - Copyright (C) Vance Lankhaar <vlankhaar@hotmail.com> 2001 - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "build_env.h" -#include "dynconfig.h" - -static void output(BOOL screen, const char *format, ...) PRINTF_ATTRIBUTE(2,3); - -/* -#define OUTPUT(x) snprintf(outstring,sizeof(outstring),x); output(screen,outstring); -*/ -/**************************************************************************** -helper function for build_options -****************************************************************************/ -static void output(BOOL screen, const char *format, ...) -{ - char *ptr; - va_list ap; - - va_start(ap, format); - vasprintf(&ptr,format,ap); - va_end(ap); - - if (screen) { - d_printf("%s", ptr); - } else { - DEBUG(4,("%s", ptr)); - } - - SAFE_FREE(ptr); -} - -/**************************************************************************** -options set at build time for the samba suite -****************************************************************************/ -void build_options(BOOL screen) -{ - if ((DEBUGLEVEL < 4) && (!screen)) { - return; - } - -#ifdef _BUILD_ENV_H - /* Output information about the build environment */ - output(screen,"Build environment:\n"); - output(screen," Built by: %s@%s\n",BUILD_ENV_USER,BUILD_ENV_HOST); - output(screen," Built on: %s\n",BUILD_ENV_DATE); - - output(screen," Built using: %s\n",BUILD_ENV_COMPILER); - output(screen," Build host: %s\n",BUILD_ENV_UNAME); - output(screen," SRCDIR: %s\n",BUILD_ENV_SRCDIR); - output(screen," BUILDDIR: %s\n",BUILD_ENV_BUILDDIR); - - -#endif - - /* Output various options (most correspond to --with options) */ - output(screen,"\nBuild options:\n"); -#ifdef WITH_SMBWRAPPER - output(screen," WITH_SMBWRAPPER\n"); -#endif -#ifdef WITH_AFS - output(screen," WITH_AFS\n"); -#endif -#ifdef WITH_DFS - output(screen," WITH_DFS\n"); -#endif -#ifdef KRB4_AUTH - output(screen," KRB4_AUTH"); -#endif -#ifdef HAVE_KRB5 - output(screen," HAVE_KRB5"); -#endif -#ifdef HAVE_GSSAPI - output(screen," HAVE_GSSAPI"); -#endif -#ifdef HAVE_LDAP - output(screen," HAVE_LDAP"); -#endif -#ifdef WITH_AUTOMOUNT - output(screen," WITH_AUTOMOUNT\n"); -#endif -#ifdef WITH_SMBMOUNT - output(screen," WITH_SMBMOUNT\n"); -#endif -#ifdef WITH_PAM - output(screen," WITH_PAM\n"); -#endif -#ifdef WITH_NISPLUS_HOME - output(screen," WITH_NISPLUS_HOME\n"); -#endif -#ifdef WITH_SYSLOG - output(screen," WITH_SYSLOG\n"); -#endif -#ifdef WITH_PROFILE - output(screen," WITH_PROFILE\n"); -#endif -#ifdef WITH_QUOTAS - output(screen," WITH_QUOTAS\n"); -#endif -#ifdef WITH_VFS - output(screen," WITH_VFS\n"); -#endif -#ifdef USE_SPINLOCKS - output(screen," USE_SPINLOCKS\n"); -#endif -#ifdef SPARC_SPINLOCKS - output(screen," SPARC_SPINLOCKS\n"); -#endif -#ifdef INTEL_SPINLOCKS - output(screen," INTEL_SPINLOCKS\n"); -#endif -#ifdef MIPS_SPINLOCKS - output(screen," MIPS_SPINLOCKS\n"); -#endif -#ifdef POWERPC_SPINLOCKS - output(screen," POWERPC_SPINLOCKS\n"); -#endif -#ifdef HAVE_UNIXWARE_ACLS - output(screen," HAVE_UNIXWARE_ACLS\n"); -#endif -#ifdef HAVE_SOLARIS_ACLS - output(screen," HAVE_SOLARIS_ACLS\n"); -#endif -#ifdef HAVE_IRIX_ACLS - output(screen," HAVE_IRIX_ACLS\n"); -#endif -#ifdef HAVE_AIX_ACLS - output(screen," HAVE_AIX_ACLS\n"); -#endif -#ifdef HAVE_POSIX_ACLS - output(screen," HAVE_POSIX_ACLS\n"); -#endif -#ifdef HAVE_TRU64_ACLS - output(screen," HAVE_TRU64_ACLS\n"); -#endif - -#ifdef HAVE_ACL_GET_PERM_NP - output(screen," HAVE_ACL_GET_PERM_NP\n"); -#endif -#ifdef HAVE_NO_ACLS - output(screen," HAVE_NO_ACLS\n"); -#endif -#ifdef HAVE_LIBREADLINE - output(screen," HAVE_LIBREADLINE\n"); -#endif -#ifdef WITH_LIBICONV - output(screen," WITH_LIBICONV: %s\n",WITH_LIBICONV); -#endif - - - /* Output various paths to files and directories */ - output(screen,"\nPaths:\n"); - output(screen," CONFIGFILE: %s\n", dyn_CONFIGFILE); -#ifdef PRIVATE_DIR - output(screen," PRIVATE_DIR: %s\n",PRIVATE_DIR); -#endif -#ifdef LMHOSTSFILE - output(screen," LMHOSTSFILE: %s\n",LMHOSTSFILE); -#endif - output(screen," SBINDIR: %s\n", dyn_SBINDIR); - output(screen," BINDIR: %s\n", dyn_BINDIR); - output(screen," LOCKDIR: %s\n",dyn_LOCKDIR); - output(screen," LOGFILEBASE: %s\n", dyn_LOGFILEBASE); - - /*Output various other options (most map to defines in the configure script*/ - output(screen,"\nOther Build Options:\n"); -#ifdef HAVE_VOLATILE - output(screen," HAVE_VOLATILE\n"); -#endif -#ifdef HAVE_SHADOW_H - output(screen," HAVE_SHADOW_H\n"); -#endif -#ifdef HAVE_CRYPT - output(screen," HAVE_CRYPT\n"); -#endif -#ifdef USE_BOTH_CRYPT_CALLS - output(screen," USE_BOTH_CRYPT_CALLS\n"); -#endif -#ifdef HAVE_TRUNCATED_SALT - output(screen," HAVE_TRUNCATED_SALT\n"); -#endif -#ifdef HAVE_CUPS - output(screen," HAVE_CUPS\n"); -#endif -#ifdef HAVE_CUPS_CUPS_H - output(screen," HAVE_CUPS_CUPS_H\n"); -#endif -#ifdef HAVE_CUPS_LANGUAGE_H - output(screen," HAVE_CUPS_LANGUAGE_H\n"); -#endif -#ifdef HAVE_DLOPEN - output(screen," HAVE_DLOPEN\n"); -#endif -#ifdef HAVE_DLCLOSE - output(screen," HAVE_DLCLOSE\n"); -#endif -#ifdef HAVE_DLSYM - output(screen," HAVE_DLSYM\n"); -#endif -#ifdef HAVE_DLERROR - output(screen," HAVE_DLERROR\n"); -#endif -#ifdef HAVE_UNIXSOCKET - output(screen," HAVE_UNIXSOCKET\n"); -#endif -#ifdef HAVE_SOCKLEN_T_TYPE - output(screen," HAVE_SOCKLEN_T_TYPE\n"); -#endif -#ifdef HAVE_SIG_ATOMIC_T_TYPE - output(screen," HAVE_SIG_ATOMIC_T_TYPE\n"); -#endif -#ifdef HAVE_SETRESUID - output(screen," HAVE_SETRESUID\n"); -#endif -#ifdef HAVE_SETRESGID - output(screen," HAVE_SETRESGID\n"); -#endif -#ifdef HAVE_CONNECT - output(screen," HAVE_CONNECT\n"); -#endif -#ifdef HAVE_YP_GET_DEFAULT_DOMAIN - output(screen," HAVE_YP_GET_DEFAULT_DOMAIN\n"); -#endif -#ifdef HAVE_STAT64 - output(screen," HAVE_STAT64\n"); -#endif -#ifdef HAVE_LSTAT64 - output(screen," HAVE_LSTAT64\n"); -#endif -#ifdef HAVE_FSTAT64 - output(screen," HAVE_FSTAT64\n"); -#endif -#ifdef HAVE_STRCASECMP - output(screen," HAVE_STRCASECMP\n"); -#endif -#ifdef HAVE_MEMSET - output(screen," HAVE_MEMSET\n"); -#endif -#ifdef HAVE_LONGLONG - output(screen," HAVE_LONGLONG\n"); -#endif -#ifdef COMPILER_SUPPORTS_LL - output(screen," COMPILER_SUPPORTS_LL\n"); -#endif -#ifdef SIZEOF_OFF_T - output(screen," SIZEOF_OFF_T: %d\n",SIZEOF_OFF_T); -#endif -#ifdef HAVE_OFF64_T - output(screen," HAVE_OFF64_T\n"); -#endif -#ifdef SIZEOF_INO_T - output(screen," SIZEOF_INO_T: %d\n",SIZEOF_INO_T); -#endif -#ifdef HAVE_INO64_T - output(screen," HAVE_INO64_T\n"); -#endif -#ifdef HAVE_STRUCT_DIRENT64 - output(screen," HAVE_STRUCT_DIRENT64\n"); -#endif -#ifdef HAVE_UNSIGNED_CHAR - output(screen," HAVE_UNSIGNED_CHAR\n"); -#endif -#ifdef HAVE_SOCK_SIN_LEN - output(screen," HAVE_SOCK_SIN_LEN\n"); -#endif -#ifdef SEEKDIR_RETURNS_VOID - output(screen," SEEKDIR_RETURNS_VOID\n"); -#endif -#ifdef HAVE_FUNCTION_MACRO - output(screen," HAVE_FUNCTION_MACRO\n"); -#endif -#ifdef HAVE_GETTIMEOFDAY - output(screen," HAVE_GETTIMEOFDAY\n"); -#endif -#ifdef HAVE_C99_VSNPRINTF - output(screen," HAVE_C99_VSNPRINTF\n"); -#endif -#ifdef HAVE_BROKEN_READDIR - output(screen," HAVE_BROKEN_READDIR\n"); -#endif -#ifdef HAVE_NATIVE_ICONV - output(screen," HAVE_NATIVE_ICONV\n"); -#endif -#ifdef HAVE_KERNEL_OPLOCKS_LINUX - output(screen," HAVE_KERNEL_OPLOCKS_LINUX\n"); -#endif -#ifdef HAVE_KERNEL_CHANGE_NOTIFY - output(screen," HAVE_KERNEL_CHANGE_NOTIFY\n"); -#endif -#ifdef HAVE_KERNEL_SHARE_MODES - output(screen," HAVE_KERNEL_SHARE_MODES\n"); -#endif -#ifdef HAVE_KERNEL_OPLOCKS_IRIX - output(screen," HAVE_KERNEL_OPLOCKS_IRIX\n"); -#endif -#ifdef HAVE_IRIX_SPECIFIC_CAPABILITIES - output(screen," HAVE_IRIX_SPECIFIC_CAPABILITIES\n"); -#endif -#ifdef HAVE_INT16_FROM_RPC_RPC_H - output(screen," HAVE_INT16_FROM_RPC_RPC_H\n"); -#endif -#ifdef HAVE_UINT16_FROM_RPC_RPC_H - output(screen," HAVE_UINT16_FROM_RPC_RPC_H\n"); -#endif -#ifdef HAVE_INT32_FROM_RPC_RPC_H - output(screen," HAVE_INT16_FROM_RPC_RPC_H\n"); -#endif -#ifdef HAVE_UINT32_FROM_RPC_RPC_H - output(screen," HAVE_UINT32_FROM_RPC_RPC_H\n"); -#endif -#ifdef HAVE_RPC_AUTH_ERROR_CONFLICT - output(screen," HAVE_RPC_AUTH_ERROR_CONFLICT\n"); -#endif -#ifdef HAVE_FTRUNCATE_EXTEND - output(screen," HAVE_FTRUNCATE_EXTEND\n"); -#endif -#ifdef HAVE_WORKING_AF_LOCAL - output(screen," HAVE_WORKING_AF_LOCAL\n"); -#endif -#ifdef HAVE_BROKEN_GETGROUPS - output(screen," HAVE_BROKEN_GETGROUPS\n"); -#endif -#ifdef REPLACE_GETPASS - output(screen," REPLACE_GETPASS\n"); -#endif -#ifdef REPLACE_INET_NTOA - output(screen," REPLACE_INET_NTOA\n"); -#endif -#ifdef HAVE_SECURE_MKSTEMP - output(screen," HAVE_SECURE_MKSTEMP\n"); -#endif -#ifdef SYSCONF_SC_NGROUPS_MAX - output(screen," SYSCONF_SC_NGROUPS_MAX\n"); -#endif -#ifdef HAVE_IFACE_AIX - output(screen," HAVE_IFACE_AIX\n"); -#endif -#ifdef HAVE_IFACE_IFCONF - output(screen," HAVE_IFACE_IFCONF\n"); -#endif -#ifdef HAVE_IFACE_IFREQ - output(screen," HAVE_IFACE_IFREQ\n"); -#endif -#ifdef USE_SETRESUID - output(screen," USE_SETRESUID\n"); -#endif -#ifdef USE_SETRESGID - output(screen," USE_SETREUID\n"); -#endif -#ifdef USE_SETEUID - output(screen," USE_SETEUID\n"); -#endif -#ifdef USE_SETUIDX - output(screen," USE_SETUIDX\n"); -#endif -#ifdef HAVE_MMAP - output(screen," HAVE_MMAP\n"); -#endif -#ifdef MMAP_BLACKLIST - output(screen," MMAP_BLACKLIST\n"); -#endif -#ifdef FTRUNCATE_NEEDS_ROOT - output(screen," FTRUNCATE_NEEDS_ROOT\n"); -#endif -#ifdef HAVE_FCNTL_LOCK - output(screen," HAVE_FCNTL_LOCK\n"); -#endif -#ifdef HAVE_BROKEN_FCNTL64_LOCKS - output(screen," HAVE_BROKEN_FCNTL64_LOCKS\n"); -#endif -#ifdef HAVE_STRUCT_FLOCK64 - output(screen," HAVE_STRUCT_FLOCK64\n"); -#endif -#ifdef BROKEN_NISPLUS_INCLUDE_FILES - output(screen," BROKEN_NISPLUS_INCLUDE_FILES\n"); -#endif -#ifdef HAVE_LIBPAM - output(screen," HAVE_LIBPAM\n"); -#endif -#ifdef STAT_STATVFS64 - output(screen," STAT_STATVFS64\n"); -#endif -#ifdef STAT_STATVFS - output(screen," STAT_STATVFS\n"); -#endif -#ifdef STAT_STATFS3_OSF1 - output(screen," STAT_STATFS3_OSF1\n"); -#endif -#ifdef STAT_STATFS2_BSIZE - output(screen," STAT_STATFS2_BSIZE\n"); -#endif -#ifdef STAT_STATFS4 - output(screen," STAT_STATFS4\n"); -#endif -#ifdef STAT_STATFS2_FSIZE - output(screen," STAT_STATFS2_FSIZE\n"); -#endif -#ifdef STAT_STATFS2_FS_DATA - output(screen," STAT_STATFS2_FS_DATA\n"); -#endif -#ifdef HAVE_EXPLICIT_LARGEFILE_SUPPORT - output(screen," HAVE_EXPLICIT_LARGEFILE_SUPPORT\n"); -#endif - -#ifdef WITH_UTMP - /* Output UTMP Stuff */ - output(screen,"\nUTMP Related:\n"); - output(screen," WITH_UTMP\n"); - -#ifdef HAVE_UTIMBUF - output(screen," HAVE_UTIMBUF\n"); -#endif -#ifdef HAVE_UT_UT_NAME - output(screen," HAVE_UT_UT_NAME\n"); -#endif -#ifdef HAVE_UT_UT_USER - output(screen," HAVE_UT_UT_USER\n"); -#endif -#ifdef HAVE_UT_UT_ID - output(screen," HAVE_UT_UT_ID\n"); -#endif -#ifdef HAVE_UT_UT_HOST - output(screen," HAVE_UT_UT_HOST\n"); -#endif -#ifdef HAVE_UT_UT_TIME - output(screen," HAVE_UT_UT_TIME\n"); -#endif -#ifdef HAVE_UT_UT_TV - output(screen," HAVE_UT_UT_TV\n"); -#endif -#ifdef HAVE_UT_UT_TYPE - output(screen," HAVE_UT_UT_TYPE\n"); -#endif -#ifdef HAVE_UT_UT_PID - output(screen," HAVE_UT_UT_PID\n"); -#endif -#ifdef HAVE_UT_UT_EXIT - output(screen," HAVE_UT_UT_EXIT\n"); -#endif -#ifdef HAVE_UT_UT_ADDR - output(screen," HAVE_UT_UT_ADDR\n"); -#endif -#ifdef PUTUTLINE_RETURNS_UTMP - output(screen," PUTUTLINE_RETURNS_UTMP\n"); -#endif -#ifdef HAVE_UX_UT_SYSLEN - output(screen," HAVE_UX_UT_SYSLEN\n"); -#endif -#endif /* WITH_UTMP */ - - /* Output Build OS */ - output(screen,"\nBuilt for host os:\n"); -#ifdef LINUX - output(screen," LINUX\n"); -#endif -#ifdef SUNOS5 - output(screen," SUNOS5\n"); -#endif -#ifdef SUNOS4 - output(screen," SUNOS4\n"); -#endif - /* BSD Isn't Defined in the configure script, but there is something about it in include/config.h.in (and I guess acconfig.h) */ -#ifdef BSD - output(screen," BSD\n"); -#endif -#ifdef IRIX - output(screen," IRIX\n"); -#endif -#ifdef IRIX6 - output(screen," IRIX6\n"); -#endif -#ifdef AIX - output(screen," AIX\n"); -#endif -#ifdef HPUX - output(screen," HPUX\n"); -#endif -#ifdef QNX - output(screen," QNX\n"); -#endif -#ifdef OSF1 - output(screen," OSF1\n"); -#endif -#ifdef SCO - output(screen," SCO\n"); -#endif -#ifdef UNIXWARE - output(screen," UNIXWARE\n"); -#endif -#ifdef NEXT2 - output(screen," NEXT2\n"); -#endif -#ifdef RELIANTUNIX - output(screen," RELIANTUNIX\n"); -#endif - - /* Output the sizes of the various types */ - output(screen,"\nType sizes:\n"); - output(screen," sizeof(char): %d\n",sizeof(char)); - output(screen," sizeof(int): %d\n",sizeof(int)); - output(screen," sizeof(long): %d\n",sizeof(long)); - output(screen," sizeof(uint8): %d\n",sizeof(uint8)); - output(screen," sizeof(uint16): %d\n",sizeof(uint16)); - output(screen," sizeof(uint32): %d\n",sizeof(uint32)); - output(screen," sizeof(short): %d\n",sizeof(short)); - output(screen," sizeof(void*): %d\n",sizeof(void*)); - - output(screen,"\nBuiltin modules:\n"); - output(screen,"%s\n", STRING_STATIC_MODULES); -} - - - diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 3d25f33f45..31c4fa7cc9 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -478,12 +478,6 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL if (!name) { DEBUG(1, ("NULL username specfied to chgpasswd()!\n")); } - - pass = Get_Pwnam(name); - if (!pass) { - DEBUG(1, ("Username does not exist in system passwd!\n")); - return False; - } if (!oldpass) { oldpass = ""; @@ -534,6 +528,8 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL } } + pass = Get_Pwnam(name); + #ifdef WITH_PAM if (lp_pam_password_change()) { BOOL ret; @@ -987,8 +983,9 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw * to touch the unix db unless we have admin permission. */ - if(lp_unix_password_sync() && - !chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, False)) { + if(lp_unix_password_sync() && IS_SAM_UNIX_USER(hnd) + && !chgpasswd(pdb_get_username(hnd), + old_passwd, new_passwd, False)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index e220d2f6d2..d2eb996899 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -556,8 +556,8 @@ static void cache_mangled_name( char *mangled_name, char *raw_name ) /* Fill the new cache entry, and add it to the cache. */ s1 = (char *)(new_entry + 1); s2 = (char *)&(s1[mangled_len + 1]); - (void)StrnCpy( s1, mangled_name, mangled_len ); - (void)StrnCpy( s2, raw_name, raw_len ); + safe_strcpy( s1, mangled_name, mangled_len ); + safe_strcpy( s2, raw_name, raw_len ); ubi_cachePut( mangled_cache, i, new_entry, s1 ); } diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index 632dfe9e29..8525687793 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -391,7 +391,7 @@ pid %d, port %d, dev = %x, inode = %.0f, file_id = %lu\n", /* * Keep this as a debug case - eventually we can remove it. */ - case (CMD_REPLY | KERNEL_OPLOCK_BREAK_CMD): + case 0x8001: DEBUG(0,("process_local_message: Received unsolicited break \ reply - dumping info.\n")); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index c4f813b00c..8dff42471f 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -68,6 +68,7 @@ void invalidate_vuid(uint16 vuid) SAFE_FREE(vuser->logon_script); session_yield(vuser); + SAFE_FREE(vuser->session_keystr); free_server_info(&vuser->server_info); @@ -141,9 +142,15 @@ int register_vuid(auth_serversupplied_info *server_info, const char *smb_name) /* the next functions should be done by a SID mapping system (SMS) as * the new real sam db won't have reference to unix uids or gids */ + if (!IS_SAM_UNIX_USER(server_info->sam_account)) { + DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n")); + free(vuser); + free_server_info(&server_info); + return UID_FIELD_INVALID; + } - vuser->uid = server_info->uid; - vuser->gid = server_info->gid; + vuser->uid = pdb_get_uid(server_info->sam_account); + vuser->gid = pdb_get_gid(server_info->sam_account); vuser->n_groups = server_info->n_groups; if (vuser->n_groups) { diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 6925b35246..a38acc437d 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -443,6 +443,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, { DOM_SID owner_sid; DOM_SID grp_sid; + enum SID_NAME_USE sid_type; *puser = (uid_t)-1; *pgrp = (gid_t)-1; @@ -468,7 +469,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, if (security_info_sent & OWNER_SECURITY_INFORMATION) { sid_copy(&owner_sid, psd->owner_sid); - if (NT_STATUS_IS_ERR(sid_to_uid(&owner_sid, puser))) { + if (!sid_to_uid( &owner_sid, puser, &sid_type)) { #if ACL_FORCE_UNMAPPABLE /* this allows take ownership to work reasonably */ extern struct current_user current_user; @@ -488,7 +489,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, if (security_info_sent & GROUP_SECURITY_INFORMATION) { sid_copy(&grp_sid, psd->grp_sid); - if (NT_STATUS_IS_ERR(sid_to_gid( &grp_sid, pgrp))) { + if (!sid_to_gid( &grp_sid, pgrp, &sid_type)) { #if ACL_FORCE_UNMAPPABLE /* this allows take group ownership to work reasonably */ extern struct current_user current_user; @@ -937,6 +938,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, } for(i = 0; i < dacl->num_aces; i++) { + enum SID_NAME_USE sid_type; SEC_ACE *psa = &dacl->ace[i]; /* @@ -1001,10 +1003,10 @@ static BOOL create_canon_ace_lists(files_struct *fsp, if (nt4_compatible_acls()) psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY; - } else if (NT_STATUS_IS_OK(sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid))) { + } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid, &sid_type)) { current_ace->owner_type = GID_ACE; current_ace->type = SMB_ACL_GROUP; - } else if (NT_STATUS_IS_OK(sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid))) { + } else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid, &sid_type)) { current_ace->owner_type = UID_ACE; current_ace->type = SMB_ACL_USER; } else { diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 54fd4a90d9..18acb35f7a 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1114,6 +1114,9 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t /* become root again if waiting */ change_to_root_user(); + /* run all registered idle events */ + smb_run_idle_events(t); + /* check if we need to reload services */ check_reload(t); @@ -1277,6 +1280,10 @@ void smbd_process(void) lp_talloc_free(); main_loop_talloc_free(); + /* run all registered idle events */ + smb_run_idle_events(time(NULL)); + + /* Did someone ask for immediate checks on things like blocking locks ? */ if (select_timeout == 0) { if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time)) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index b2dab2fea2..9577196bfe 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -148,7 +148,7 @@ int reply_tcon(connection_struct *conn, const char *service; pstring service_buf; pstring password; - fstring dev; + pstring dev; int outsize = 0; uint16 vuid = SVAL(inbuf,smb_uid); int pwlen=0; @@ -204,7 +204,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt { fstring service; DATA_BLOB password; - + /* what the cleint thinks the device is */ fstring client_devicetype; /* what the server tells the client the share represents */ @@ -283,15 +283,16 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt set_message_end(outbuf,p); } else { /* NT sets the fstype of IPC$ to the null string */ - const char *fsname = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn)); + const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn)); set_message(outbuf,3,0,True); - - p = smb_buf(outbuf); + + p = smb_buf(outbuf); p += srvstr_push(outbuf, p, server_devicetype, -1, - STR_TERMINATE|STR_ASCII); - p += srvstr_push(outbuf, p, fsname, -1, - STR_TERMINATE); + STR_TERMINATE|STR_ASCII); + p += srvstr_push(outbuf, p, fstype, -1, + STR_TERMINATE); + set_message_end(outbuf,p); /* what does setting this bit do? It is set by NT4 and @@ -1463,6 +1464,7 @@ void send_file_readbraw(connection_struct *conn, files_struct *fsp, SMB_OFF_T st int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int dum_buffsize) { + extern struct current_user current_user; ssize_t maxcount,mincount; size_t nread = 0; SMB_OFF_T startpos; @@ -2360,6 +2362,7 @@ int reply_exit(connection_struct *conn, int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize) { + extern struct current_user current_user; int outsize = 0; time_t mtime; int32 eclass = 0, err = 0; @@ -2380,7 +2383,7 @@ int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size, * We can only use CHECK_FSP if we know it's not a directory. */ - if(!fsp || (fsp->conn != conn)) { + if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) { END_PROFILE(SMBclose); return ERROR_DOS(ERRDOS,ERRbadfid); } @@ -3104,7 +3107,7 @@ static BOOL resolve_wildcards(const char *name1, char *name2) if (ext2[0]) { snprintf(pname2, available_space - 1, "%s.%s", root2, ext2); } else { - StrnCpy(pname2, root2, available_space - 1); + pstrcpy_base(pname2, root2, name2); } return(True); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index ef27f0b7a4..d46be42eba 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -567,6 +567,9 @@ void exit_server(const char *reason) print_notify_send_messages(3); /* 3 second timeout. */ + /* run all registered exit events */ + smb_run_exit_events(); + /* delete our entry in the connections database. */ yield_connection(NULL,""); @@ -836,12 +839,6 @@ static BOOL init_structs(void ) if(!initialize_password_db(False)) exit(1); - if (!idmap_init()) - exit(1); - - if (!idmap_init_wellknown_sids()) - exit(1); - static_init_rpc; init_modules(); @@ -874,10 +871,6 @@ static BOOL init_structs(void ) if (!init_change_notify()) exit(1); - /* Setup privileges database */ - if (!privilege_init()) - exit(1); - /* re-initialise the timezone */ TimeInit(); diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 54b7a24b07..ac06b9872d 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -33,6 +33,8 @@ BOOL session_claim(user_struct *vuser) { int i = 0; TDB_DATA data; + struct sockaddr sa; + struct in_addr *client_ip; struct sessionid sessionid; uint32 pid = (uint32)sys_getpid(); TDB_DATA key; @@ -117,6 +119,8 @@ BOOL session_claim(user_struct *vuser) fstrcpy(sessionid.remote_machine, get_remote_machine_name()); fstrcpy(sessionid.ip_addr, client_addr()); + client_ip = client_inaddr(&sa); + if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, sessionid.hostname)) { DEBUG(1,("pam_session rejected the session for %s [%s]\n", sessionid.username, sessionid.id_str)); @@ -136,6 +140,7 @@ BOOL session_claim(user_struct *vuser) #if WITH_UTMP if (lp_utmp()) { sys_utmp_claim(sessionid.username, sessionid.hostname, + client_ip, sessionid.id_str, sessionid.id_num); } #endif @@ -153,7 +158,8 @@ void session_yield(user_struct *vuser) { TDB_DATA dbuf; struct sessionid sessionid; - TDB_DATA key; + struct in_addr *client_ip; + TDB_DATA key; if (!tdb) return; @@ -171,11 +177,14 @@ void session_yield(user_struct *vuser) memcpy(&sessionid, dbuf.dptr, sizeof(sessionid)); + client_ip = interpret_addr2(sessionid.ip_addr); + SAFE_FREE(dbuf.dptr); #if WITH_UTMP if (lp_utmp()) { sys_utmp_yield(sessionid.username, sessionid.hostname, + client_ip, sessionid.id_str, sessionid.id_num); } #endif diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index c68d00025c..b9cf0de3bd 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -405,9 +405,10 @@ void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t)); for (i = 0; i < ptok->num_sids; i++) { + enum SID_NAME_USE sid_type; gid_t new_grp; - if (NT_STATUS_IS_OK(sid_to_gid(&ptok->user_sids[i], &new_grp))) { + if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) { /* * Don't add the gid_t if it is already in the current group * list. Some UNIXen don't like the same group more than once. @@ -529,3 +530,419 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE } return True; } + +/***************************************************************** + Id mapping cache. This is to avoid Winbind mappings already + seen by smbd to be queried too frequently, keeping winbindd + busy, and blocking smbd while winbindd is busy with other + stuff. Written by Michael Steffens <michael.steffens@hp.com>, + modified to use linked lists by jra. +*****************************************************************/ + +#define MAX_UID_SID_CACHE_SIZE 100 +#define TURNOVER_UID_SID_CACHE_SIZE 10 +#define MAX_GID_SID_CACHE_SIZE 100 +#define TURNOVER_GID_SID_CACHE_SIZE 10 + +static size_t n_uid_sid_cache = 0; +static size_t n_gid_sid_cache = 0; + +static struct uid_sid_cache { + struct uid_sid_cache *next, *prev; + uid_t uid; + DOM_SID sid; + enum SID_NAME_USE sidtype; +} *uid_sid_cache_head; + +static struct gid_sid_cache { + struct gid_sid_cache *next, *prev; + gid_t gid; + DOM_SID sid; + enum SID_NAME_USE sidtype; +} *gid_sid_cache_head; + +/***************************************************************** + Find a SID given a uid. +*****************************************************************/ + +static BOOL fetch_sid_from_uid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, uid_t uid) +{ + struct uid_sid_cache *pc; + + for (pc = uid_sid_cache_head; pc; pc = pc->next) { + if (pc->uid == uid) { + fstring sid; + *psid = pc->sid; + *psidtype = pc->sidtype; + DEBUG(3,("fetch sid from uid cache %u -> %s\n", + (unsigned int)uid, sid_to_string(sid, psid))); + DLIST_PROMOTE(uid_sid_cache_head, pc); + return True; + } + } + return False; +} + +/***************************************************************** + Find a uid given a SID. +*****************************************************************/ + +static BOOL fetch_uid_from_cache(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE sidtype) +{ + struct uid_sid_cache *pc; + + for (pc = uid_sid_cache_head; pc; pc = pc->next) { + if (sid_compare(&pc->sid, psid) == 0) { + fstring sid; + *puid = pc->uid; + DEBUG(3,("fetch uid from cache %u -> %s\n", + (unsigned int)*puid, sid_to_string(sid, psid))); + DLIST_PROMOTE(uid_sid_cache_head, pc); + return True; + } + } + return False; +} + +/***************************************************************** + Store uid to SID mapping in cache. +*****************************************************************/ + +static void store_uid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, uid_t uid) +{ + struct uid_sid_cache *pc; + + if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) { + /* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */ + struct uid_sid_cache *pc_next; + size_t i; + + for (i = 0, pc = uid_sid_cache_head; i < (n_uid_sid_cache - TURNOVER_UID_SID_CACHE_SIZE); i++, pc = pc->next) + ; + for(; pc; pc = pc_next) { + pc_next = pc->next; + DLIST_REMOVE(uid_sid_cache_head,pc); + SAFE_FREE(pc); + n_uid_sid_cache--; + } + } + + pc = (struct uid_sid_cache *)malloc(sizeof(struct uid_sid_cache)); + if (!pc) + return; + pc->uid = uid; + sid_copy(&pc->sid, psid); + pc->sidtype = sidtype; + DLIST_ADD(uid_sid_cache_head, pc); + n_uid_sid_cache++; +} + +/***************************************************************** + Find a SID given a gid. +*****************************************************************/ + +static BOOL fetch_sid_from_gid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, gid_t gid) +{ + struct gid_sid_cache *pc; + + for (pc = gid_sid_cache_head; pc; pc = pc->next) { + if (pc->gid == gid) { + fstring sid; + *psid = pc->sid; + *psidtype = pc->sidtype; + DEBUG(3,("fetch sid from gid cache %u -> %s\n", + (unsigned int)gid, sid_to_string(sid, psid))); + DLIST_PROMOTE(gid_sid_cache_head, pc); + return True; + } + } + return False; +} + +/***************************************************************** + Find a gid given a SID. +*****************************************************************/ + +static BOOL fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE sidtype) +{ + struct gid_sid_cache *pc; + + for (pc = gid_sid_cache_head; pc; pc = pc->next) { + if (sid_compare(&pc->sid, psid) == 0) { + fstring sid; + *pgid = pc->gid; + DEBUG(3,("fetch uid from cache %u -> %s\n", + (unsigned int)*pgid, sid_to_string(sid, psid))); + DLIST_PROMOTE(gid_sid_cache_head, pc); + return True; + } + } + return False; +} + +/***************************************************************** + Store gid to SID mapping in cache. +*****************************************************************/ + +static void store_gid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, gid_t gid) +{ + struct gid_sid_cache *pc; + + if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) { + /* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */ + struct gid_sid_cache *pc_next; + size_t i; + + for (i = 0, pc = gid_sid_cache_head; i < (n_gid_sid_cache - TURNOVER_GID_SID_CACHE_SIZE); i++, pc = pc->next) + ; + for(; pc; pc = pc_next) { + pc_next = pc->next; + DLIST_REMOVE(gid_sid_cache_head,pc); + SAFE_FREE(pc); + n_gid_sid_cache--; + } + } + + pc = (struct gid_sid_cache *)malloc(sizeof(struct gid_sid_cache)); + if (!pc) + return; + pc->gid = gid; + sid_copy(&pc->sid, psid); + pc->sidtype = sidtype; + DLIST_ADD(gid_sid_cache_head, pc); + n_gid_sid_cache++; +} + + +/***************************************************************** + *THE CANONICAL* convert uid_t to SID function. + Tries winbind first - then uses local lookup. + Returns SID pointer. +*****************************************************************/ + +DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid) +{ + uid_t low, high; + enum SID_NAME_USE sidtype; + fstring sid; + + if (fetch_sid_from_uid_cache(psid, &sidtype, uid)) + return psid; + + if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) { + if (winbind_uid_to_sid(psid, uid)) { + + DEBUG(10,("uid_to_sid: winbindd %u -> %s\n", + (unsigned int)uid, sid_to_string(sid, psid))); + + if (psid) + store_uid_sid_cache(psid, SID_NAME_USER, uid); + return psid; + } + } + + /* Make sure we report failure, (when psid == NULL) */ + become_root(); + psid = local_uid_to_sid(psid, uid); + unbecome_root(); + + DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid))); + if (psid) + store_uid_sid_cache(psid, SID_NAME_USER, uid); + + return psid; +} + +/***************************************************************** + *THE CANONICAL* convert gid_t to SID function. + Tries winbind first - then uses local lookup. + Returns SID pointer. +*****************************************************************/ + +DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid) +{ + gid_t low, high; + enum SID_NAME_USE sidtype; + fstring sid; + + if (fetch_sid_from_gid_cache(psid, &sidtype, gid)) + return psid; + + if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) { + if (winbind_gid_to_sid(psid, gid)) { + + DEBUG(10,("gid_to_sid: winbindd %u -> %s\n", + (unsigned int)gid, sid_to_string(sid, psid))); + + if (psid) + store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid); + return psid; + } + } + + /* Make sure we report failure, (when psid == NULL) */ + become_root(); + psid = local_gid_to_sid(psid, gid); + unbecome_root(); + DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid))); + if (psid) + store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid); + + return psid; +} + +/***************************************************************** + *THE CANONICAL* convert SID to uid function. + Tries winbind first - then uses local lookup. + Returns True if this name is a user sid and the conversion + was done correctly, False if not. sidtype is set by this function. +*****************************************************************/ + +BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype) +{ + fstring sid_str; + + if (fetch_uid_from_cache(puid, psid, *sidtype)) + return True; + + /* if we know its local then don't try winbindd */ + if (sid_compare_domain(get_global_sam_sid(), psid) == 0) { + BOOL result; + become_root(); + result = local_sid_to_uid(puid, psid, sidtype); + unbecome_root(); + if (result) + store_uid_sid_cache(psid, *sidtype, *puid); + return result; + } + +/* (tridge) I commented out the slab of code below in order to support foreign SIDs + Do we really need to validate the type of SID we have in this case? +*/ +#if 0 + fstring dom_name, name; + enum SID_NAME_USE name_type; + + *sidtype = SID_NAME_UNKNOWN; + /* + * First we must look up the name and decide if this is a user sid. + */ + + if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) { + BOOL result; + DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n", + sid_to_string(sid_str, psid) )); + + become_root(); + result = local_sid_to_uid(puid, psid, sidtype); + unbecome_root(); + return result; + } + + /* + * Ensure this is a user sid. + */ + + if (name_type != SID_NAME_USER) { + DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n", + (unsigned int)name_type )); + return False; + } +#endif + *sidtype = SID_NAME_USER; + + /* + * Get the uid for this SID. + */ + + if (!winbind_sid_to_uid(puid, psid)) { + BOOL result; + DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n", + sid_to_string(sid_str, psid) )); + become_root(); + result = local_sid_to_uid(puid, psid, sidtype); + unbecome_root(); + if (result) + store_uid_sid_cache(psid, *sidtype, *puid); + return result; + } + + DEBUG(10,("sid_to_uid: winbindd %s -> %u\n", + sid_to_string(sid_str, psid), + (unsigned int)*puid )); + + store_uid_sid_cache(psid, *sidtype, *puid); + return True; +} + +/***************************************************************** + *THE CANONICAL* convert SID to gid function. + Tries winbind first - then uses local lookup. + Returns True if this name is a user sid and the conversion + was done correctly, False if not. +*****************************************************************/ + +BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype) +{ + fstring dom_name, name, sid_str; + enum SID_NAME_USE name_type; + + *sidtype = SID_NAME_UNKNOWN; + + if (fetch_gid_from_cache(pgid, psid, *sidtype)) + return True; + + /* + * First we must look up the name and decide if this is a group sid. + */ + + /* if we know its local then don't try winbindd */ + if (sid_compare_domain(get_global_sam_sid(), psid) == 0) { + BOOL result; + become_root(); + result = local_sid_to_gid(pgid, psid, sidtype); + unbecome_root(); + if (result) + store_gid_sid_cache(psid, *sidtype, *pgid); + return result; + } + + if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) { + DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n", + sid_to_string(sid_str, psid) )); + /* this was probably a foreign sid - assume its a group rid + and continue */ + name_type = SID_NAME_DOM_GRP; + } + + /* + * Ensure this is a group sid. + */ + + if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) { + DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n", + (unsigned int)name_type )); + + return False; + } + + *sidtype = name_type; + + /* + * Get the gid for this SID. + */ + + if (!winbind_sid_to_gid(pgid, psid)) { + DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n", + sid_to_string(sid_str, psid) )); + return False; + } + + DEBUG(10,("sid_to_gid: winbindd %s -> %u\n", + sid_to_string(sid_str, psid), + (unsigned int)*pgid )); + + store_gid_sid_cache(psid, *sidtype, *pgid); + return True; +} + diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c index 6c12cfac62..84ec364654 100644 --- a/source3/smbd/utmp.c +++ b/source3/smbd/utmp.c @@ -484,6 +484,7 @@ static int ut_id_encode(int i, char *fourbyte) */ static BOOL sys_utmp_fill(struct utmp *u, const char *username, const char *hostname, + struct in_addr *ipaddr, const char *id_str, int id_num) { struct timeval timeval; @@ -538,8 +539,9 @@ static BOOL sys_utmp_fill(struct utmp *u, #if defined(HAVE_UT_UT_HOST) utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host)); #endif - #if defined(HAVE_UT_UT_ADDR) + if (ipaddr) + u->ut_addr = ipaddr->s_addr; /* * "(unsigned long) ut_addr" apparently exists on at least HP-UX 10.20. * Volunteer to implement, please ... @@ -561,6 +563,7 @@ static BOOL sys_utmp_fill(struct utmp *u, ****************************************************************************/ void sys_utmp_yield(const char *username, const char *hostname, + struct in_addr *ipaddr, const char *id_str, int id_num) { struct utmp u; @@ -576,7 +579,7 @@ void sys_utmp_yield(const char *username, const char *hostname, u.ut_type = DEAD_PROCESS; #endif - if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return; + if (!sys_utmp_fill(&u, username, hostname, ipaddr, id_str, id_num)) return; sys_utmp_update(&u, NULL, False); } @@ -586,6 +589,7 @@ void sys_utmp_yield(const char *username, const char *hostname, ****************************************************************************/ void sys_utmp_claim(const char *username, const char *hostname, + struct in_addr *ipaddr, const char *id_str, int id_num) { struct utmp u; @@ -596,7 +600,7 @@ void sys_utmp_claim(const char *username, const char *hostname, u.ut_type = USER_PROCESS; #endif - if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return; + if (!sys_utmp_fill(&u, username, hostname, ipaddr, id_str, id_num)) return; sys_utmp_update(&u, hostname, True); } diff --git a/source3/smbwrapper/shared.c b/source3/smbwrapper/shared.c index b4cfcf7148..ca8df5841d 100644 --- a/source3/smbwrapper/shared.c +++ b/source3/smbwrapper/shared.c @@ -179,8 +179,8 @@ void smbw_setshared(const char *name, const char *val) SSVAL(&variables[shared_size], 0, l1); SSVAL(&variables[shared_size], 2, l2); - pstrcpy(&variables[shared_size] + 4, name); - pstrcpy(&variables[shared_size] + 4 + l1, val); + safe_strcpy(&variables[shared_size] + 4, name, l1-1); + safe_strcpy(&variables[shared_size] + 4 + l1, val, l2-1); shared_size += l1+l2+4; diff --git a/source3/smbwrapper/smbw_dir.c b/source3/smbwrapper/smbw_dir.c index 31d81a1e7e..6d55c1d9da 100644 --- a/source3/smbwrapper/smbw_dir.c +++ b/source3/smbwrapper/smbw_dir.c @@ -216,7 +216,7 @@ int smbw_dir_open(const char *fname) smbw_NetServerEnum(&srv->cli, srv->server_name, SV_TYPE_ALL, smbw_server_add, NULL); *p = '#'; - } else if (strcmp(srv->cli.dev,"IPC") == 0) { + } else if ((strcmp(srv->cli.dev,"IPC") == 0) || (strcasecmp(share,"IPC$") == 0)) { DEBUG(4,("doing NetShareEnum\n")); smbw_share_add(".",0,"", NULL); smbw_share_add("..",0,"", NULL); @@ -412,7 +412,8 @@ int smbw_chdir(const char *name) goto failed; } - if (strncmp(srv->cli.dev,"IPC",3) && + if (strncmp(srv->cli.dev,"IPC",3) && + strcasecmp(share, "IPC$") && strncmp(srv->cli.dev,"LPT",3) && !smbw_getatr(srv, path, &mode, NULL, NULL, NULL, NULL, NULL)) { diff --git a/source3/stf/pythoncheck.py b/source3/stf/pythoncheck.py new file mode 100755 index 0000000000..398bb2c3d6 --- /dev/null +++ b/source3/stf/pythoncheck.py @@ -0,0 +1,48 @@ +#! /usr/bin/python + +# Comfychair test cases for Samba python extensions + +# Copyright (C) 2003 by Tim Potter <tpot@samba.org> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA + +"""These tests are run by Samba's "make check".""" + +import sys, comfychair + +class ImportTest(comfychair.TestCase): + """Check that all modules can be imported without error.""" + def runtest(self): + python_modules = ['spoolss', 'lsa', 'samr', 'winbind', 'winreg', + 'srvsvc', 'tdb', 'smb', 'tdbpack'] + for m in python_modules: + try: + __import__('samba.%s' % m) + except ImportError, msg: + self.log(str(msg)) + self.fail('error importing %s module' % m) + +tests = [ImportTest] + +if __name__ == '__main__': + # Some magic to repend build directory to python path so we see the + # objects we have built and not previously installed stuff. + from distutils.util import get_platform + from os import getcwd + sys.path.insert(0, '%s/build/lib.%s-%s' % + (getcwd(), get_platform(), sys.version[0:3])) + + comfychair.main(tests) diff --git a/source3/torture/cmd_sam.c b/source3/torture/cmd_sam.c deleted file mode 100644 index 3f7f7dfe27..0000000000 --- a/source3/torture/cmd_sam.c +++ /dev/null @@ -1,514 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM module functions - - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "samtest.h" - -static void print_account(SAM_ACCOUNT_HANDLE *a) -{ - /* FIXME */ -} - -static NTSTATUS cmd_context(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - NTSTATUS status; - char **plugins; - int i; - - plugins = malloc(argc * sizeof(char *)); - - for(i = 1; i < argc; i++) - plugins[i-1] = argv[i]; - - plugins[argc-1] = NULL; - - if(!NT_STATUS_IS_OK(status = make_sam_context_list(&st->context, plugins))) { - printf("make_sam_context_list failed: %s\n", nt_errstr(status)); - SAFE_FREE(plugins); - return status; - } - - SAFE_FREE(plugins); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_load_module(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - char *plugin_arg[2]; - NTSTATUS status; - if (argc != 2 && argc != 3) { - printf("Usage: load <module path> [domain-name]\n"); - return NT_STATUS_OK; - } - - if (argc == 3) - asprintf(&plugin_arg[0], "plugin:%s|%s", argv[1], argv[2]); - else - asprintf(&plugin_arg[0], "plugin:%s", argv[1]); - - plugin_arg[1] = NULL; - - if(!NT_STATUS_IS_OK(status = make_sam_context_list(&st->context, plugin_arg))) { - free(plugin_arg[0]); - return status; - } - - free(plugin_arg[0]); - - printf("load: ok\n"); - return NT_STATUS_OK; -} - -static NTSTATUS cmd_get_sec_desc(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_set_sec_desc(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_lookup_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - char *name; - uint32 type; - NTSTATUS status; - DOM_SID sid; - if (argc != 2) { - printf("Usage: lookup_sid <sid>\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!string_to_sid(&sid, argv[1])){ - printf("Unparseable SID specified!\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(status = sam_lookup_sid(st->context, st->token, mem_ctx, &sid, &name, &type))) { - printf("sam_lookup_sid failed!\n"); - return status; - } - - printf("Name: %s\n", name); - printf("Type: %d\n", type); /* FIXME: What kind of an integer is type ? */ - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_lookup_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - DOM_SID sid; - uint32 type; - NTSTATUS status; - if (argc != 3) { - printf("Usage: lookup_name <domain> <name>\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(status = sam_lookup_name(st->context, st->token, argv[1], argv[2], &sid, &type))) { - printf("sam_lookup_name failed!\n"); - return status; - } - - printf("SID: %s\n", sid_string_static(&sid)); - printf("Type: %d\n", type); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_lookup_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_lookup_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_lookup_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - DOM_SID *sid; - NTSTATUS status; - if (argc != 2) { - printf("Usage: lookup_domain <domain>\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(status = sam_lookup_domain(st->context, st->token, argv[1], &sid))) { - printf("sam_lookup_name failed!\n"); - return status; - } - - printf("SID: %s\n", sid_string_static(sid)); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_enum_domains(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - int32 domain_count, i; - DOM_SID *domain_sids; - char **domain_names; - NTSTATUS status; - - if (!NT_STATUS_IS_OK(status = sam_enum_domains(st->context, st->token, &domain_count, &domain_sids, &domain_names))) { - printf("sam_enum_domains failed!\n"); - return status; - } - - if (domain_count == 0) { - printf("No domains found!\n"); - return NT_STATUS_OK; - } - - for (i = 0; i < domain_count; i++) { - printf("%s %s\n", domain_names[i], sid_string_static(&domain_sids[i])); - } - - SAFE_FREE(domain_sids); - SAFE_FREE(domain_names); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_update_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_show_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - NTSTATUS status; - DOM_SID sid; - SAM_DOMAIN_HANDLE *domain; - uint32 tmp_uint32; - uint16 tmp_uint16; - NTTIME tmp_nttime; - BOOL tmp_bool; - const char *tmp_string; - - if (argc != 2) { - printf("Usage: show_domain <sid>\n"); - return status; - } - - if (!string_to_sid(&sid, argv[1])){ - printf("Unparseable SID specified!\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_by_sid(st->context, st->token, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS, &sid, &domain))) { - printf("sam_get_domain_by_sid failed\n"); - return status; - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_num_accounts(domain, &tmp_uint32))) { - printf("sam_get_domain_num_accounts failed: %s\n", nt_errstr(status)); - } else { - printf("Number of accounts: %d\n", tmp_uint32); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_num_groups(domain, &tmp_uint32))) { - printf("sam_get_domain_num_groups failed: %s\n", nt_errstr(status)); - } else { - printf("Number of groups: %u\n", tmp_uint32); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_num_aliases(domain, &tmp_uint32))) { - printf("sam_get_domain_num_aliases failed: %s\n", nt_errstr(status)); - } else { - printf("Number of aliases: %u\n", tmp_uint32); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_name(domain, &tmp_string))) { - printf("sam_get_domain_name failed: %s\n", nt_errstr(status)); - } else { - printf("Domain Name: %s\n", tmp_string); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_lockout_count(domain, &tmp_uint16))) { - printf("sam_get_domain_lockout_count failed: %s\n", nt_errstr(status)); - } else { - printf("Lockout Count: %u\n", tmp_uint16); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_force_logoff(domain, &tmp_bool))) { - printf("sam_get_domain_force_logoff failed: %s\n", nt_errstr(status)); - } else { - printf("Force Logoff: %s\n", (tmp_bool?"Yes":"No")); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_lockout_duration(domain, &tmp_nttime))) { - printf("sam_get_domain_lockout_duration failed: %s\n", nt_errstr(status)); - } else { - printf("Lockout duration: %u\n", tmp_nttime.low); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_login_pwdchange(domain, &tmp_bool))) { - printf("sam_get_domain_login_pwdchange failed: %s\n", nt_errstr(status)); - } else { - printf("Password changing allowed: %s\n", (tmp_bool?"Yes":"No")); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_max_pwdage(domain, &tmp_nttime))) { - printf("sam_get_domain_max_pwdage failed: %s\n", nt_errstr(status)); - } else { - printf("Maximum password age: %u\n", tmp_nttime.low); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_min_pwdage(domain, &tmp_nttime))) { - printf("sam_get_domain_min_pwdage failed: %s\n", nt_errstr(status)); - } else { - printf("Minimal password age: %u\n", tmp_nttime.low); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_min_pwdlength(domain, &tmp_uint16))) { - printf("sam_get_domain_min_pwdlength: %s\n", nt_errstr(status)); - } else { - printf("Minimal Password Length: %u\n", tmp_uint16); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_pwd_history(domain, &tmp_uint16))) { - printf("sam_get_domain_pwd_history failed: %s\n", nt_errstr(status)); - } else { - printf("Password history: %u\n", tmp_uint16); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_reset_count(domain, &tmp_nttime))) { - printf("sam_get_domain_reset_count failed: %s\n", nt_errstr(status)); - } else { - printf("Reset count: %u\n", tmp_nttime.low); - } - - if (!NT_STATUS_IS_OK(status = sam_get_domain_server(domain, &tmp_string))) { - printf("sam_get_domain_server failed: %s\n", nt_errstr(status)); - } else { - printf("Server: %s\n", tmp_string); - } - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_create_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_update_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_delete_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_enum_accounts(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - NTSTATUS status; - DOM_SID sid; - int32 account_count, i; - SAM_ACCOUNT_ENUM *accounts; - - if (argc != 2) { - printf("Usage: enum_accounts <domain-sid>\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!string_to_sid(&sid, argv[1])){ - printf("Unparseable SID specified!\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(status = sam_enum_accounts(st->context, st->token, &sid, 0, &account_count, &accounts))) { - printf("sam_enum_accounts failed: %s\n", nt_errstr(status)); - return status; - } - - if (account_count == 0) { - printf("No accounts found!\n"); - return NT_STATUS_OK; - } - - for (i = 0; i < account_count; i++) - printf("SID: %s\nName: %s\nFullname: %s\nDescription: %s\nACB_BITS: %08X\n\n", - sid_string_static(&accounts[i].sid), accounts[i].account_name, - accounts[i].full_name, accounts[i].account_desc, - accounts[i].acct_ctrl); - - SAFE_FREE(accounts); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_lookup_account_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - NTSTATUS status; - DOM_SID sid; - SAM_ACCOUNT_HANDLE *account; - - if (argc != 2) { - printf("Usage: lookup_account_sid <account-sid>\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!string_to_sid(&sid, argv[1])){ - printf("Unparseable SID specified!\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(status = sam_get_account_by_sid(st->context, st->token, GENERIC_RIGHTS_USER_ALL_ACCESS, &sid, &account))) { - printf("context_sam_get_account_by_sid failed: %s\n", nt_errstr(status)); - return status; - } - - print_account(account); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_lookup_account_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - NTSTATUS status; - SAM_ACCOUNT_HANDLE *account; - - if (argc != 3) { - printf("Usage: lookup_account_name <domain-name> <account-name>\n"); - return NT_STATUS_INVALID_PARAMETER; - } - - - if (!NT_STATUS_IS_OK(status = sam_get_account_by_name(st->context, st->token, GENERIC_RIGHTS_USER_ALL_ACCESS, argv[1], argv[2], &account))) { - printf("context_sam_get_account_by_sid failed: %s\n", nt_errstr(status)); - return status; - } - - print_account(account); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_create_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_update_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_delete_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_enum_groups(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_lookup_group_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_lookup_group_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_group_add_member(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS cmd_group_del_member(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS cmd_group_enum(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - - -static NTSTATUS cmd_get_sid_groups(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -struct cmd_set sam_general_commands[] = { - - { "General SAM Commands" }, - - { "load", cmd_load_module, "Load a module", "load <module.so> [domain-sid]" }, - { "context", cmd_context, "Load specified context", "context [DOMAIN|]backend1[:options] [DOMAIN|]backend2[:options]" }, - { "get_sec_desc", cmd_get_sec_desc, "Get security descriptor info", "get_sec_desc <access-token> <sid>" }, - { "set_sec_desc", cmd_set_sec_desc, "Set security descriptor info", "set_sec_desc <access-token> <sid>" }, - { "lookup_sid", cmd_lookup_sid, "Lookup type of specified SID", "lookup_sid <sid>" }, - { "lookup_name", cmd_lookup_name, "Lookup type of specified name", "lookup_name <sid>" }, - { NULL } -}; - -struct cmd_set sam_domain_commands[] = { - { "Domain Commands" }, - { "update_domain", cmd_update_domain, "Update domain information", "update_domain [domain-options] domain-name | domain-sid" }, - { "show_domain", cmd_show_domain, "Show domain information", "show_domain domain-sid | domain-name" }, - { "enum_domains", cmd_enum_domains, "Enumerate all domains", "enum_domains <token> <acct-ctrl>" }, - { "lookup_domain", cmd_lookup_domain, "Lookup a domain by name", "lookup_domain domain-name" }, - { NULL } -}; - -struct cmd_set sam_account_commands[] = { - { "Account Commands" }, - { "create_account", cmd_create_account, "Create a new account with specified properties", "create_account [account-options]" }, - { "update_account", cmd_update_account, "Update an existing account", "update_account [account-options] account-sid | account-name" }, - { "delete_account", cmd_delete_account, "Delete an account", "delete_account account-sid | account-name" }, - { "enum_accounts", cmd_enum_accounts, "Enumerate all accounts", "enum_accounts <token> <acct-ctrl>" }, - { "lookup_account", cmd_lookup_account, "Lookup an account by either sid or name", "lookup_account account-sid | account-name" }, - { "lookup_account_sid", cmd_lookup_account_sid, "Lookup an account by sid", "lookup_account_sid account-sid" }, - { "lookup_account_name", cmd_lookup_account_name, "Lookup an account by name", "lookup_account_name account-name" }, - { NULL } -}; - -struct cmd_set sam_group_commands[] = { - { "Group Commands" }, - { "create_group", cmd_create_group, "Create a new group", "create_group [group-opts]" }, - { "update_group", cmd_update_group, "Update an existing group", "update_group [group-opts] group-name | group-sid" }, - { "delete_group", cmd_delete_group, "Delete an existing group", "delete_group group-name | group-sid" }, - { "enum_groups", cmd_enum_groups, "Enumerate all groups", "enum_groups <token> <group-ctrl>" }, - { "lookup_group", cmd_lookup_group, "Lookup a group by SID or name", "lookup_group group-sid | group-name" }, - { "lookup_group_sid", cmd_lookup_group_sid, "Lookup a group by SID", "lookup_group_sid <sid>" }, - { "lookup_group_name", cmd_lookup_group_name, "Lookup a group by name", "lookup_group_name <name>" }, - { "group_add_member", cmd_group_add_member, "Add group member to group", "group_add_member <group-name | group-sid> <member-name | member-sid>" }, - { "group_del_member", cmd_group_del_member, "Delete group member from group", "group_del_member <group-name | group-sid> <member-name | member-sid>" }, - { "group_enum", cmd_group_enum, "Enumerate all members of specified group", "group_enum group-sid | group-name" }, - - { "get_sid_groups", cmd_get_sid_groups, "Get a list of groups specified sid is a member of", "group_enum <group-sid | group-name>" }, - { NULL } -}; diff --git a/source3/torture/samtest.c b/source3/torture/samtest.c deleted file mode 100644 index fd5f75a664..0000000000 --- a/source3/torture/samtest.c +++ /dev/null @@ -1,445 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM module tester - - Copyright (C) 2002 Jelmer Vernooij - - Parts of the code stolen from vfstest by Simo Sorce and Eric Lorimer - Parts of the code stolen from rpcclient by Tim Potter - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "samtest.h" - -struct func_entry { - char *name; - int (*fn)(struct connection_struct *conn, const char *path); -}; - -/* List to hold groups of commands */ -static struct cmd_list { - struct cmd_list *prev, *next; - struct cmd_set *cmd_set; -} *cmd_list; - -static char* next_command (char** cmdstr) -{ - static pstring command; - char *p; - - if (!cmdstr || !(*cmdstr)) - return NULL; - - p = strchr_m(*cmdstr, ';'); - if (p) - *p = '\0'; - pstrcpy(command, *cmdstr); - *cmdstr = p; - - return command; -} - -/* Load specified configuration file */ -static NTSTATUS cmd_conf(struct samtest_state *sam, TALLOC_CTX *mem_ctx, - int argc, char **argv) -{ - if (argc != 2) { - printf("Usage: %s <smb.conf>\n", argv[0]); - return NT_STATUS_OK; - } - - if (!lp_load(argv[1], False, True, False)) { - printf("Error loading \"%s\"\n", argv[1]); - return NT_STATUS_OK; - } - - printf("\"%s\" successfully loaded\n", argv[1]); - return NT_STATUS_OK; -} - -/* Display help on commands */ -static NTSTATUS cmd_help(struct samtest_state *st, TALLOC_CTX *mem_ctx, - int argc, const char **argv) -{ - struct cmd_list *tmp; - struct cmd_set *tmp_set; - - /* Usage */ - if (argc > 2) { - printf("Usage: %s [command]\n", argv[0]); - return NT_STATUS_OK; - } - - /* Help on one command */ - - if (argc == 2) { - for (tmp = cmd_list; tmp; tmp = tmp->next) { - - tmp_set = tmp->cmd_set; - - while(tmp_set->name) { - if (strequal(argv[1], tmp_set->name)) { - if (tmp_set->usage && - tmp_set->usage[0]) - printf("%s\n", tmp_set->usage); - else - printf("No help for %s\n", tmp_set->name); - - return NT_STATUS_OK; - } - - tmp_set++; - } - } - - printf("No such command: %s\n", argv[1]); - return NT_STATUS_OK; - } - - /* List all commands */ - - for (tmp = cmd_list; tmp; tmp = tmp->next) { - - tmp_set = tmp->cmd_set; - - while(tmp_set->name) { - - printf("%20s\t%s\n", tmp_set->name, - tmp_set->description ? tmp_set->description: - ""); - - tmp_set++; - } - } - - return NT_STATUS_OK; -} - -/* Change the debug level */ -static NTSTATUS cmd_debuglevel(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - if (argc > 2) { - printf("Usage: %s [debuglevel]\n", argv[0]); - return NT_STATUS_OK; - } - - if (argc == 2) { - DEBUGLEVEL = atoi(argv[1]); - } - - printf("debuglevel is %d\n", DEBUGLEVEL); - - return NT_STATUS_OK; -} - -static NTSTATUS cmd_quit(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv) -{ - /* Cleanup */ - talloc_destroy(mem_ctx); - - exit(0); - return NT_STATUS_OK; /* NOTREACHED */ -} - -static struct cmd_set samtest_commands[] = { - - { "GENERAL OPTIONS" }, - - { "help", cmd_help, "Get help on commands", "" }, - { "?", cmd_help, "Get help on commands", "" }, - { "conf", cmd_conf, "Load smb configuration file", "conf <smb.conf>" }, - { "debuglevel", cmd_debuglevel, "Set debug level", "" }, - { "exit", cmd_quit, "Exit program", "" }, - { "quit", cmd_quit, "Exit program", "" }, - - { NULL } -}; - -static struct cmd_set separator_command[] = { - { "---------------", NULL, "----------------------" }, - { NULL } -}; - - -/*extern struct cmd_set sam_commands[];*/ -extern struct cmd_set sam_general_commands[]; -extern struct cmd_set sam_domain_commands[]; -extern struct cmd_set sam_account_commands[]; -extern struct cmd_set sam_group_commands[]; -static struct cmd_set *samtest_command_list[] = { - samtest_commands, - sam_general_commands, - sam_domain_commands, - sam_account_commands, - sam_group_commands, - NULL -}; - -static void add_command_set(struct cmd_set *cmd_set) -{ - struct cmd_list *entry; - - if (!(entry = (struct cmd_list *)malloc(sizeof(struct cmd_list)))) { - DEBUG(0, ("out of memory\n")); - return; - } - - ZERO_STRUCTP(entry); - - entry->cmd_set = cmd_set; - DLIST_ADD(cmd_list, entry); -} - -static NTSTATUS do_cmd(struct samtest_state *st, struct cmd_set *cmd_entry, char *cmd) -{ - char *p = cmd, **argv = NULL; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx = NULL; - pstring buf; - int argc = 0, i; - - /* Count number of arguments first time through the loop then - allocate memory and strdup them. */ - - again: - while(next_token(&p, buf, " ", sizeof(buf))) { - if (argv) { - argv[argc] = strdup(buf); - } - - argc++; - } - - if (!argv) { - - /* Create argument list */ - - argv = (char **)malloc(sizeof(char *) * argc); - memset(argv, 0, sizeof(char *) * argc); - - if (!argv) { - fprintf(stderr, "out of memory\n"); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - p = cmd; - argc = 0; - - goto again; - } - - /* Call the function */ - - if (cmd_entry->fn) { - - if (mem_ctx == NULL) { - /* Create mem_ctx */ - if (!(mem_ctx = talloc_init("do_cmd"))) { - DEBUG(0, ("talloc_init() failed\n")); - goto done; - } - } - - /* Run command */ - result = cmd_entry->fn(st, mem_ctx, argc, argv); - - } else { - fprintf (stderr, "Invalid command\n"); - goto done; - } - - done: - - /* Cleanup */ - - if (argv) { - for (i = 0; i < argc; i++) - SAFE_FREE(argv[i]); - - SAFE_FREE(argv); - } - - return result; -} - -/* Process a command entered at the prompt or as part of -c */ -static NTSTATUS process_cmd(struct samtest_state *st, char *cmd) -{ - struct cmd_list *temp_list; - BOOL found = False; - pstring buf; - char *p = cmd; - NTSTATUS result = NT_STATUS_OK; - int len = 0; - - if (cmd[strlen(cmd) - 1] == '\n') - cmd[strlen(cmd) - 1] = '\0'; - - if (!next_token(&p, buf, " ", sizeof(buf))) { - return NT_STATUS_OK; - } - - /* strip the trainly \n if it exsists */ - len = strlen(buf); - if (buf[len-1] == '\n') - buf[len-1] = '\0'; - - /* Search for matching commands */ - - for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) { - struct cmd_set *temp_set = temp_list->cmd_set; - - while(temp_set->name) { - if (strequal(buf, temp_set->name)) { - found = True; - result = do_cmd(st, temp_set, cmd); - - goto done; - } - temp_set++; - } - } - - done: - if (!found && buf[0]) { - printf("command not found: %s\n", buf); - return NT_STATUS_OK; - } - - if (!NT_STATUS_IS_OK(result)) { - printf("result was %s\n", nt_errstr(result)); - } - - return result; -} - -void exit_server(char *reason) -{ - DEBUG(3,("Server exit (%s)\n", (reason ? reason : ""))); - exit(0); -} - -static int server_fd = -1; -int last_message = -1; - -int smbd_server_fd(void) -{ - return server_fd; -} - -BOOL reload_services(BOOL test) -{ - return True; -} - -/* Main function */ - -int main(int argc, char *argv[]) -{ - BOOL interactive = True; - int opt; - static char *cmdstr = NULL; - struct cmd_set **cmd_set; - struct samtest_state st; - - /* make sure the vars that get altered (4th field) are in - a fixed location or certain compilers complain */ - poptContext pc; - struct poptOption long_options[] = { - POPT_AUTOHELP - {"command", 'e', POPT_ARG_STRING, &cmdstr, 'e', "Execute semicolon seperated cmds"}, - POPT_COMMON_SAMBA - POPT_TABLEEND - }; - - ZERO_STRUCT(st); - - st.token = get_system_token(); - - setlinebuf(stdout); - - DEBUGLEVEL = 1; - - pc = poptGetContext("samtest", argc, (const char **) argv, - long_options, 0); - - while((opt = poptGetNextOpt(pc)) != -1) { - switch (opt) { - case 'l': - slprintf(logfile, sizeof(logfile) - 1, "%s.client", - opt_logfile); - lp_set_logfile(logfile); - interactive = False; - break; - } - } - - if (!lp_load(config_file,True,False,False)) { - fprintf(stderr, "Can't load %s - run testparm to debug it\n", config_file); - exit(1); - } - - poptFreeContext(pc); - - /* the following functions are part of the Samba debugging - facilities. See lib/debug.c */ - setup_logging("samtest", interactive); - if (!interactive) - reopen_logs(); - - /* Load command lists */ - - cmd_set = samtest_command_list; - - while(*cmd_set) { - add_command_set(*cmd_set); - add_command_set(separator_command); - cmd_set++; - } - - /* Do anything specified with -c */ - if (cmdstr && cmdstr[0]) { - char *cmd; - char *p = cmdstr; - - while((cmd=next_command(&p)) != NULL) { - process_cmd(&st, cmd); - } - - return 0; - } - - /* Loop around accepting commands */ - - while(1) { - pstring prompt; - char *line; - - slprintf(prompt, sizeof(prompt) - 1, "samtest $> "); - - line = smb_readline(prompt, NULL, NULL); - - if (line == NULL) - break; - - if (line[0] != '\n') - process_cmd(&st, line); - } - - return 0; -} diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 840b6ad294..07d7f1547e 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -1121,7 +1121,7 @@ static BOOL run_tcon_devtype_test(int dummy) BOOL retry; int flags = 0; NTSTATUS status; - BOOL ret; + BOOL ret = True; status = cli_full_connection(&cli1, myname, host, NULL, port_to_use, diff --git a/source3/utils/editreg.c b/source3/utils/editreg.c index c45959799b..bda817310b 100644 --- a/source3/utils/editreg.c +++ b/source3/utils/editreg.c @@ -1041,7 +1041,6 @@ void *str_to_val(int type, char *val, int *len) default: return NULL; - break; } return NULL; @@ -1212,7 +1211,7 @@ int string_to_sid(DOM_SID **sid, char *sid_str) lstr = strchr(lstr + 1, '-'); } - return 1; + /*return 1; */ /* Not Reached ... */ } /* @@ -1380,7 +1379,7 @@ REG_KEY *nt_add_reg_key_list(REGF *regf, REG_KEY *key, char * name, int create) else { /* Create more space in the list ... */ if (!(list = (KEY_LIST *)realloc(list, sizeof(KEY_LIST) + (list->max_keys + REG_KEY_LIST_SIZE - 1) - * sizeof(REG_KEY *)))); + * sizeof(REG_KEY *)))) goto error; list->max_keys += REG_KEY_LIST_SIZE; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 203d849786..1a50f9d270 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -109,6 +109,9 @@ static int net_ads_info(int argc, const char **argv) d_printf("LDAP port: %d\n", ads->ldap_port); d_printf("Server time: %s\n", http_timestring(ads->config.current_time)); + d_printf("KDC server: %s\n", ads->auth.kdc_server ); + d_printf("Server time offset: %d\n", ads->auth.time_offset ); + return 0; } @@ -124,7 +127,7 @@ static ADS_STRUCT *ads_startup(void) ADS_STATUS status; BOOL need_password = False; BOOL second_time = False; - char *realm; + char *cp; ads = ads_init(NULL, NULL, opt_host); @@ -146,22 +149,24 @@ retry: if (opt_password) { use_in_memory_ccache(); - ads->auth.password = strdup(opt_password); + ads->auth.password = smb_xstrdup(opt_password); } - ads->auth.user_name = strdup(opt_user_name); + ads->auth.user_name = smb_xstrdup(opt_user_name); - /* - * If the username is of the form "name@realm", - * extract the realm and convert to upper case. - */ - if ((realm = strchr(ads->auth.user_name, '@'))) { - *realm++ = '\0'; - ads->auth.realm = strdup(realm); - strupper(ads->auth.realm); - } + /* + * If the username is of the form "name@realm", + * extract the realm and convert to upper case. + * This is only used to establish the connection. + */ + if (cp = strchr(ads->auth.user_name, '@')) { + *cp++ = '\0'; + ads->auth.realm = smb_xstrdup(cp); + strupper(ads->auth.realm); + } status = ads_connect(ads); + if (!ADS_ERR_OK(status)) { if (!need_password && !second_time) { need_password = True; @@ -230,7 +235,7 @@ static BOOL usergrp_display(char *field, void **values, void *data_area) if (!field) { /* must be end of record */ if (!strchr_m(disp_fields[0], '$')) { if (disp_fields[1]) - d_printf("%-21.21s %-50.50s\n", + d_printf("%-21.21s %s\n", disp_fields[0], disp_fields[1]); else d_printf("%s\n", disp_fields[0]); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 3f5a339948..cd3cc9cfec 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -74,7 +74,7 @@ static DOM_SID *net_get_remote_domain_sid(struct cli_state *cli) goto error; } - result = cli_lsa_open_policy(cli, mem_ctx, True, + result = cli_lsa_open_policy(cli, mem_ctx, False, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) { @@ -235,14 +235,25 @@ int net_rpc_changetrustpw(int argc, const char **argv) * @return Normal NTSTATUS return. **/ -static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cli_state *cli, +static NTSTATUS rpc_oldjoin_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { fstring trust_passwd; unsigned char orig_trust_passwd_hash[16]; NTSTATUS result; + uint32 sec_channel_type; + /* + check what type of join - if the user want's to join as + a BDC, the server must agree that we are a BDC. + */ + if (argc >= 0) { + sec_channel_type = get_sec_channel_type(argv[0]); + } else { + sec_channel_type = get_sec_channel_type(NULL); + } + fstrcpy(trust_passwd, global_myname()); strlower(trust_passwd); @@ -257,11 +268,7 @@ static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cl result = trust_pw_change_and_store_it(cli, mem_ctx, opt_target_workgroup, orig_trust_passwd_hash, - SEC_CHAN_WKSTA); - - /* SEC_CHAN_WKSTA specified specifically, as you cannot use this - to join a BDC to the domain (MS won't allow it, and is *really* - insecure) */ + sec_channel_type); if (NT_STATUS_IS_OK(result)) printf("Joined domain %s.\n",opt_target_workgroup); @@ -285,40 +292,11 @@ static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cl * @return A shell status integer (0 for success) **/ -static int net_rpc_join_oldstyle(int argc, const char **argv) -{ - uint32 sec_channel_type; - /* check what type of join */ - if (argc >= 0) { - sec_channel_type = get_sec_channel_type(argv[0]); - } else { - sec_channel_type = get_sec_channel_type(NULL); - } - - if (sec_channel_type != SEC_CHAN_WKSTA) - return 1; - - return run_rpc_command(NULL, PI_NETLOGON, - NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, - rpc_join_oldstyle_internals, - argc, argv); -} - -/** - * Join a domain, the old way. - * - * @param argc Standard main() style argc - * @param argc Standard main() style argv. Initial components are already - * stripped - * - * @return A shell status integer (0 for success) - **/ - static int net_rpc_oldjoin(int argc, const char **argv) { return run_rpc_command(NULL, PI_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, - rpc_join_oldstyle_internals, + rpc_oldjoin_internals, argc, argv); } @@ -351,13 +329,13 @@ static int rpc_join_usage(int argc, const char **argv) * * Main 'net_rpc_join()' (where the admain username/password is used) is * in net_rpc_join.c - * Assume if a -U is specified, it's the new style, otherwise it's the - * old style. If 'oldstyle' is specfied explicity, do it and don't prompt. + * Try to just change the password, but if that doesn't work, use/prompt + * for a username/password. **/ int net_rpc_join(int argc, const char **argv) { - if ((net_rpc_join_oldstyle(argc, argv) == 0)) + if ((net_rpc_oldjoin(argc, argv) == 0)) return 0; return net_rpc_join_newstyle(argc, argv); @@ -862,7 +840,7 @@ rpc_user_list_internals(const DOM_SID *domain_sid, struct cli_state *cli, unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc)-1); if (opt_long_list_entries) - printf("%-21.21s %-50.50s\n", user, desc); + printf("%-21.21s %s\n", user, desc); else printf("%s\n", user); } @@ -1785,7 +1763,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } - nt_status = cli_lsa_open_policy2(cli, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE, + nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", @@ -1804,6 +1782,9 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } + + + /* There should be actually query info level 3 (following nt serv behaviour), but I still don't know if it's _really_ necessary */ diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 42490190f3..c4beb4ef1a 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -38,7 +38,6 @@ enum squid_mode { extern int winbindd_fd; -static const char *helper_protocol; static const char *opt_username; static const char *opt_domain; static const char *opt_workstation; @@ -48,7 +47,6 @@ static DATA_BLOB opt_lm_response; static DATA_BLOB opt_nt_response; static int request_lm_key; static int request_nt_key; -static int diagnostics; static char winbind_separator(void) @@ -184,7 +182,7 @@ static NTSTATUS contact_winbind_auth_crap(const char *username, const DATA_BLOB *lm_response, const DATA_BLOB *nt_response, uint32 flags, - uint8 lm_key[16], + uint8 lm_key[8], uint8 nt_key[16], char **error_string) { @@ -476,6 +474,10 @@ static DATA_BLOB get_challenge(void) return chal; } +/* + * Test LM authentication, no NT response supplied + */ + static BOOL test_lm(void) { NTSTATUS nt_status; @@ -483,13 +485,18 @@ static BOOL test_lm(void) DATA_BLOB lm_response = data_blob(NULL, 24); uchar lm_key[8]; + uchar nt_key[16]; uchar lm_hash[16]; DATA_BLOB chall = get_challenge(); char *error_string; + ZERO_STRUCT(lm_key); + ZERO_STRUCT(nt_key); + flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_NTKEY; - SMBencrypt(opt_password,chall.data,lm_response.data); + SMBencrypt(opt_password, chall.data, lm_response.data); E_deshash(opt_password, lm_hash); nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation, @@ -498,7 +505,7 @@ static BOOL test_lm(void) NULL, flags, lm_key, - NULL, + nt_key, &error_string); data_blob_free(&lm_response); @@ -518,9 +525,20 @@ static BOOL test_lm(void) DEBUG(1, ("expected:\n")); dump_data(1, lm_hash, 8); } + if (memcmp(lm_hash, nt_key, 8) != 0) { + DEBUG(1, ("Session Key (first 8, lm hash) does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + } return True; } +/* + * Test the normal 'LM and NTLM' combination + */ + static BOOL test_lm_ntlm(void) { BOOL pass = True; @@ -537,6 +555,9 @@ static BOOL test_lm_ntlm(void) DATA_BLOB chall = get_challenge(); char *error_string; + ZERO_STRUCT(lm_key); + ZERO_STRUCT(nt_key); + flags |= WINBIND_PAM_LMKEY; flags |= WINBIND_PAM_NTKEY; @@ -589,6 +610,10 @@ static BOOL test_lm_ntlm(void) return pass; } +/* + * Test the NTLM response only, no LM. + */ + static BOOL test_ntlm(void) { BOOL pass = True; @@ -597,24 +622,170 @@ static BOOL test_ntlm(void) DATA_BLOB nt_response = data_blob(NULL, 24); DATA_BLOB session_key = data_blob(NULL, 16); + char lm_key[8]; char nt_key[16]; + char lm_hash[16]; char nt_hash[16]; DATA_BLOB chall = get_challenge(); char *error_string; + ZERO_STRUCT(lm_key); + ZERO_STRUCT(nt_key); + + flags |= WINBIND_PAM_LMKEY; flags |= WINBIND_PAM_NTKEY; SMBNTencrypt(opt_password,chall.data,nt_response.data); E_md4hash(opt_password, nt_hash); SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + E_deshash(opt_password, lm_hash); + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation, &chall, NULL, &nt_response, flags, + lm_key, + nt_key, + &error_string); + + data_blob_free(&nt_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + pass = False; + } + if (memcmp(session_key.data, nt_key, + sizeof(nt_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, session_key.data, session_key.length); + pass = False; + } + return pass; +} + +/* + * Test the NTLM response only, but in the LM feild. + */ + +static BOOL test_ntlm_in_lm(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB nt_response = data_blob(NULL, 24); + + uchar lm_key[8]; + uchar lm_hash[16]; + uchar nt_key[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(nt_key); + + flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_NTKEY; + + SMBNTencrypt(opt_password,chall.data,nt_response.data); + + E_deshash(opt_password, lm_hash); + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &nt_response, NULL, + flags, + lm_key, + nt_key, + &error_string); + + data_blob_free(&nt_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + pass = False; + } + if (memcmp(lm_hash, nt_key, 8) != 0) { + DEBUG(1, ("Session Key (first 8 lm hash) does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + pass = False; + } + return pass; +} + +/* + * Test the NTLM response only, but in the both the NT and LM feilds. + */ + +static BOOL test_ntlm_in_both(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB nt_response = data_blob(NULL, 24); + DATA_BLOB session_key = data_blob(NULL, 16); + + char lm_key[8]; + char lm_hash[16]; + char nt_key[16]; + char nt_hash[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(lm_key); + ZERO_STRUCT(nt_key); + + flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_NTKEY; + + SMBNTencrypt(opt_password,chall.data,nt_response.data); + E_md4hash(opt_password, nt_hash); + SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + + E_deshash(opt_password, lm_hash); + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &nt_response, + &nt_response, + flags, + lm_key, nt_key, &error_string); @@ -628,6 +799,15 @@ static BOOL test_ntlm(void) return False; } + if (memcmp(lm_hash, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 8); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_hash, 8); + pass = False; + } if (memcmp(session_key.data, nt_key, sizeof(nt_key)) != 0) { DEBUG(1, ("NT Session Key does not match expectations!\n")); @@ -637,6 +817,233 @@ static BOOL test_ntlm(void) dump_data(1, session_key.data, session_key.length); pass = False; } + + + return pass; +} + +/* + * Test the NTLMv2 response only + */ + +static BOOL test_ntlmv2(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB ntlmv2_response = data_blob(NULL, 0); + DATA_BLOB lmv2_response = data_blob(NULL, 0); + DATA_BLOB nt_session_key = data_blob(NULL, 0); + DATA_BLOB lm_session_key = data_blob(NULL, 0); + + uchar lm_key[16]; + uchar nt_key[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(lm_key); + ZERO_STRUCT(nt_key); + + flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_NTKEY; + + if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, chall, + &lmv2_response, &ntlmv2_response, + &lm_session_key, &nt_session_key)) { + return False; + } + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + NULL, + &ntlmv2_response, + flags, + lm_key, + nt_key, + &error_string); + + data_blob_free(&lmv2_response); + data_blob_free(&ntlmv2_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + +#if 0 + if (memcmp(lm_session_key.data, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Session Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_session_key.data, lm_session_key.length); + pass = False; + } + if (memcmp(nt_session_key.data, nt_key, + sizeof(nt_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, nt_session_key.data, nt_session_key.length); + pass = False; + } +#endif + return pass; +} + +/* + * Test the NTLMv2 and LMv2 responses + */ + +static BOOL test_lmv2_ntlmv2(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB ntlmv2_response = data_blob(NULL, 0); + DATA_BLOB lmv2_response = data_blob(NULL, 0); + DATA_BLOB nt_session_key = data_blob(NULL, 0); + DATA_BLOB lm_session_key = data_blob(NULL, 0); + + uchar lm_key[16]; + uchar nt_key[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(nt_key); + ZERO_STRUCT(lm_key); + + flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_NTKEY; + + if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, chall, + &lmv2_response, &ntlmv2_response, + &lm_session_key, &nt_session_key)) { + return False; + } + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &lmv2_response, + &ntlmv2_response, + flags, + lm_key, + nt_key, + &error_string); + + data_blob_free(&lmv2_response); + data_blob_free(&ntlmv2_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + +#if 0 + if (memcmp(lm_session_key.data, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Session Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_session_key.data, lm_session_key.length); + pass = False; + } + if (memcmp(nt_session_key.data, nt_key, + sizeof(nt_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, nt_session_key.data, nt_session_key.length); + pass = False; + } +#endif + return pass; +} + +/* + * Test the LMv2 response only + */ + +static BOOL test_lmv2(void) +{ + BOOL pass = True; + NTSTATUS nt_status; + uint32 flags = 0; + DATA_BLOB ntlmv2_response = data_blob(NULL, 0); + DATA_BLOB lmv2_response = data_blob(NULL, 0); + DATA_BLOB nt_session_key = data_blob(NULL, 0); + DATA_BLOB lm_session_key = data_blob(NULL, 0); + + uchar lm_key[16]; + uchar nt_key[16]; + DATA_BLOB chall = get_challenge(); + char *error_string; + + ZERO_STRUCT(nt_key); + ZERO_STRUCT(lm_key); + + flags |= WINBIND_PAM_LMKEY; + flags |= WINBIND_PAM_NTKEY; + + if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, chall, + &lmv2_response, &ntlmv2_response, + &lm_session_key, &nt_session_key)) { + return False; + } + + nt_status = contact_winbind_auth_crap(opt_username, opt_domain, + opt_workstation, + &chall, + &lmv2_response, + NULL, + flags, + lm_key, + nt_key, + &error_string); + + data_blob_free(&lmv2_response); + data_blob_free(&ntlmv2_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + d_printf("%s (0x%x)\n", + error_string, + NT_STATUS_V(nt_status)); + SAFE_FREE(error_string); + return False; + } + +#if 0 + if (memcmp(lm_session_key.data, lm_key, + sizeof(lm_key)) != 0) { + DEBUG(1, ("LM Session Key does not match expectations!\n")); + DEBUG(1, ("lm_key:\n")); + dump_data(1, lm_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, lm_session_key.data, lm_session_key.length); + pass = False; + } + if (memcmp(nt_session_key.data, nt_key, + sizeof(nt_key)) != 0) { + DEBUG(1, ("NT Session Key does not match expectations!\n")); + DEBUG(1, ("nt_key:\n")); + dump_data(1, nt_key, 16); + DEBUG(1, ("expected:\n")); + dump_data(1, nt_session_key.data, nt_session_key.length); + pass = False; + } +#endif return pass; } @@ -646,6 +1053,8 @@ static BOOL test_ntlm(void) - LM only - NT and LM - NT + - NT in LM feild + - NT in both feilds - NTLMv2 - NTLMv2 and LMv2 - LMv2 @@ -661,10 +1070,12 @@ struct ntlm_tests { } test_table[] = { {test_lm, "test LM"}, {test_lm_ntlm, "test LM and NTLM"}, - {test_ntlm, "test NTLM"} -/* {test_lm_ntlmv2, "test NTLMv2"}, */ -/* {test_lm_ntlmv2, "test NTLMv2 and LMv2"}, */ -/* {test_lm_ntlmv2, "test LMv2"} */ + {test_ntlm, "test NTLM"}, + {test_ntlm_in_lm, "test NTLM in LM"}, + {test_ntlm_in_both, "test NTLM in both"}, + {test_ntlmv2, "test NTLMv2"}, + {test_lmv2_ntlmv2, "test NTLMv2 and LMv2"}, + {test_lmv2, "test LMv2"} }; static BOOL diagnose_ntlm_auth(void) @@ -701,6 +1112,8 @@ enum { int main(int argc, const char **argv) { int opt; + static const char *helper_protocol; + static int diagnostics; static const char *hex_challenge; static const char *hex_lm_response; diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 13f35e8880..3a3d06a645 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -122,6 +122,12 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst printf ("Unix username: %s\n", pdb_get_username(sam_pwent)); printf ("NT username: %s\n", pdb_get_nt_username(sam_pwent)); printf ("Account Flags: %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN)); + + if (IS_SAM_UNIX_USER(sam_pwent)) { + uid = pdb_get_uid(sam_pwent); + gid = pdb_get_gid(sam_pwent); + printf ("User ID/Group ID: %d/%d\n", uid, gid); + } printf ("User SID: %s\n", sid_string_static(pdb_get_user_sid(sam_pwent))); printf ("Primary Group SID: %s\n", @@ -155,25 +161,35 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst printf ("Password must change: %s\n", tmp ? http_timestring(tmp) : "0"); } else if (smbpwdstyle) { - char lm_passwd[33]; - char nt_passwd[33]; - - uid = -1; - sid_to_uid(pdb_get_user_sid(sam_pwent), &uid); - pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); - pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); + if (IS_SAM_UNIX_USER(sam_pwent)) { + char lm_passwd[33]; + char nt_passwd[33]; + + uid = pdb_get_uid(sam_pwent); + pdb_sethexpwd(lm_passwd, + pdb_get_lanman_passwd(sam_pwent), + pdb_get_acct_ctrl(sam_pwent)); + pdb_sethexpwd(nt_passwd, + pdb_get_nt_passwd(sam_pwent), + pdb_get_acct_ctrl(sam_pwent)); - printf("%s:%d:%s:%s:%s:LCT-%08X:\n", - pdb_get_username(sam_pwent), - uid, - lm_passwd, - nt_passwd, - pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), - (uint32)pdb_get_pass_last_set_time(sam_pwent)); + printf("%s:%d:%s:%s:%s:LCT-%08X:\n", + pdb_get_username(sam_pwent), + uid, + lm_passwd, + nt_passwd, + pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), + (uint32)pdb_get_pass_last_set_time(sam_pwent)); + } else { + fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n"); + } } else { - uid = -1; - sid_to_uid(pdb_get_user_sid(sam_pwent), &uid); - printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), uid, pdb_get_fullname(sam_pwent)); + if (IS_SAM_UNIX_USER(sam_pwent)) { + printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), pdb_get_uid(sam_pwent), + pdb_get_fullname(sam_pwent)); + } else { + printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent)); + } } return 0; @@ -610,12 +626,6 @@ int main (int argc, char **argv) if (!init_names()) exit(1); - if (!idmap_init()) - exit(1); - - if (!idmap_init_wellknown_sids()) - exit(1); - setparms = (backend ? BIT_BACKEND : 0) + (verbose ? BIT_VERBOSE : 0) + (spstyle ? BIT_SPSTYLE : 0) + diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c deleted file mode 100644 index 0faa0513ed..0000000000 --- a/source3/utils/smbgroupedit.c +++ /dev/null @@ -1,405 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -/* - * Next two lines needed for SunOS and don't - * hurt anything else... - */ -extern char *optarg; -extern int optind; - -/********************************************************* - Print command usage on stderr and die. -**********************************************************/ -static void usage(void) -{ - if (getuid() == 0) { - printf("smbgroupedit options\n"); - } else { - printf("You need to be root to use this tool!\n"); - } - printf("options:\n"); - printf(" -a group create new group\n"); - printf(" -n group NT group name\n"); - printf(" -p privilege only local\n"); - printf(" -d description group description\n"); - printf(" -v list groups\n"); - printf(" -l long list (include details)\n"); - printf(" -s short list (default)\n"); - printf(" -c SID change group\n"); - printf(" -u unix group\n"); - printf(" -d description group description\n"); - printf(" -r rid RID of new group\n"); - printf(" -x group delete this group\n"); - printf("\n"); - printf(" -t[b|d|l] type: builtin, domain, local \n"); - exit(1); -} - -/********************************************************* - Figure out if the input was an NT group or a SID string. - Return the SID. -**********************************************************/ -static BOOL get_sid_from_input(DOM_SID *sid, char *input) -{ - GROUP_MAP map; - - if (StrnCaseCmp( input, "S-", 2)) { - /* Perhaps its the NT group name? */ - if (!pdb_getgrnam(&map, input, MAPPING_WITHOUT_PRIV)) { - printf("NT Group %s doesn't exist in mapping DB\n", input); - return False; - } else { - *sid = map.sid; - } - } else { - if (!string_to_sid(sid, input)) { - printf("converting sid %s from a string failed!\n", input); - return False; - } - } - return True; -} - -/********************************************************* - add a group. -**********************************************************/ -static int addgroup(gid_t gid, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege, uint32 rid) -{ - PRIVILEGE_SET se_priv; - DOM_SID sid; - fstring string_sid; - fstring comment; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - - sid_to_string(string_sid, &sid); - - if (ntcomment==NULL) - fstrcpy(comment, "Local Unix group"); - else - fstrcpy(comment, ntcomment); - - init_privilege(&se_priv); - if (privilege!=NULL) - convert_priv_from_text(&se_priv, privilege); - - if(!add_initial_entry(gid, string_sid, sid_type, ntgroup, - comment, se_priv, PR_ACCESS_FROM_NETWORK)) { - printf("adding entry for group %s failed!\n", ntgroup); - free_privilege(&se_priv); - return -1; - } - - free_privilege(&se_priv); - return 0; -} - -/********************************************************* - Change a group. -**********************************************************/ -static int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *groupdesc, char *privilege) -{ - DOM_SID sid; - GROUP_MAP map; - gid_t gid; - - if (!get_sid_from_input(&sid, sid_string)) { - return -1; - } - - /* Get the current mapping from the database */ - if(!pdb_getgrsid(&map, sid, MAPPING_WITH_PRIV)) { - printf("This SID does not exist in the database\n"); - return -1; - } - - /* If a new Unix group is specified, check and change */ - if (group!=NULL) { - gid=nametogid(group); - if (gid==-1) { - printf("The UNIX group does not exist\n"); - return -1; - } else - map.gid=gid; - } - - /* - * Allow changing of group type only between domain and local - * We disallow changing Builtin groups !!! (SID problem) - */ - if (sid_type==SID_NAME_ALIAS - || sid_type==SID_NAME_DOM_GRP - || sid_type==SID_NAME_UNKNOWN) { - if (map.sid_name_use==SID_NAME_ALIAS - || map.sid_name_use==SID_NAME_DOM_GRP - || map.sid_name_use==SID_NAME_UNKNOWN) { - map.sid_name_use=sid_type; - } else { - printf("cannot change group type to builtin\n"); - }; - } else { - printf("cannot change group type from builtin\n"); - } - - if (ntgroup!=NULL) - fstrcpy(map.nt_name, ntgroup); - - /* Change comment if new one */ - if (groupdesc!=NULL) - fstrcpy(map.comment, groupdesc); - - /* Change the privilege if new one */ - if (privilege!=NULL) - convert_priv_from_text(&map.priv_set, privilege); - - if (!pdb_update_group_mapping_entry(&map)) { - printf("Could not update group database\n"); - free_privilege(&map.priv_set); - return -1; - } - - free_privilege(&map.priv_set); - return 0; -} - -/********************************************************* - Delete the group. -**********************************************************/ -static int deletegroup(char *group) -{ - DOM_SID sid; - - if (!get_sid_from_input(&sid, group)) { - return -1; - } - - if(!pdb_delete_group_mapping_entry(sid)) { - printf("removing group %s from the mapping db failed!\n", group); - return -1; - } - - return 0; -} - -/********************************************************* - List the groups. -**********************************************************/ -static int listgroup(enum SID_NAME_USE sid_type, BOOL long_list) -{ - int entries,i; - GROUP_MAP *map=NULL; - fstring string_sid; - fstring group_type; - fstring priv_text; - - if (!long_list) - printf("NT group (SID) -> Unix group\n"); - - if (!pdb_enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV)) - return -1; - - for (i=0; i<entries; i++) { - decode_sid_name_use(group_type, (map[i]).sid_name_use); - sid_to_string(string_sid, &map[i].sid); - convert_priv_to_text(&(map[i].priv_set), priv_text); - free_privilege(&(map[i].priv_set)); - - if (!long_list) - printf("%s (%s) -> %s\n", map[i].nt_name, string_sid, gidtoname(map[i].gid)); - else { - printf("%s\n", map[i].nt_name); - printf("\tSID : %s\n", string_sid); - printf("\tUnix group: %s\n", gidtoname(map[i].gid)); - printf("\tGroup type: %s\n", group_type); - printf("\tComment : %s\n", map[i].comment); - printf("\tPrivilege : %s\n\n", priv_text); - } - } - - return 0; -} - -/********************************************************* - Start here. -**********************************************************/ -int main (int argc, char **argv) -{ - int ch; - BOOL add_group = False; - BOOL view_group = False; - BOOL change_group = False; - BOOL delete_group = False; - BOOL nt_group = False; - BOOL priv = False; - BOOL group_type = False; - BOOL long_list = False; - - char *group = NULL; - char *sid = NULL; - char *ntgroup = NULL; - char *privilege = NULL; - char *groupt = NULL; - char *group_desc = NULL; - - enum SID_NAME_USE sid_type; - uint32 rid = -1; - - setup_logging("groupedit", True); - - if (argc < 2) { - usage(); - return 0; - } - - if (!lp_load(dyn_CONFIGFILE,True,False,False)) { - fprintf(stderr, "Can't load %s - run testparm to debug it\n", - dyn_CONFIGFILE); - exit(1); - } - - if (!init_names()) - exit(1); - - if(!initialize_password_db(True)) { - fprintf(stderr, "Can't setup password database vectors.\n"); - exit(1); - } - - if(get_global_sam_sid()==False) { - fprintf(stderr, "Can not read machine SID\n"); - return 0; - } - - while ((ch = getopt(argc, argv, "a:c:d:ln:p:r:st:u:vx:")) != EOF) { - switch(ch) { - case 'a': - add_group = True; - group=optarg; - break; - case 'c': - change_group = True; - sid=optarg; - break; - case 'd': - group_desc=optarg; - break; - case 'l': - long_list = True; - break; - case 'n': - nt_group = True; - ntgroup=optarg; - break; - case 'p': - priv = True; - privilege=optarg; - break; - case 'r': - rid = atoi(optarg); - break; - case 's': - long_list = False; - break; - case 't': - group_type = True; - groupt=optarg; - break; - case 'u': - group=optarg; - break; - case 'v': - view_group = True; - break; - case 'x': - delete_group = True; - group=optarg; - break; - /*default: - usage();*/ - } - } - - - if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) { - fprintf (stderr, "Incompatible options on command line!\n"); - usage(); - exit(1); - } - - /* no option on command line -> list groups */ - if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0) - view_group = True; - - - if (group_type==False) - sid_type=SID_NAME_UNKNOWN; - else { - switch (groupt[0]) { - case 'l': - case 'L': - sid_type=SID_NAME_ALIAS; - break; - case 'd': - case 'D': - sid_type=SID_NAME_DOM_GRP; - break; - case 'b': - case 'B': - sid_type=SID_NAME_WKN_GRP; - break; - default: - sid_type=SID_NAME_UNKNOWN; - break; - } - } - - if (add_group) { - gid_t gid=nametogid(group); - if (gid==-1) { - printf("unix group %s doesn't exist!\n", group); - return -1; - } - - if (rid == -1) { - rid = pdb_gid_to_group_rid(gid); - } - return addgroup(gid, sid_type, ntgroup?ntgroup:group, - group_desc, privilege, rid); - } - - if (view_group) - return listgroup(sid_type, long_list); - - if (delete_group) - return deletegroup(group); - - if (change_group) { - return changegroup(sid, group, sid_type, ntgroup, group_desc, privilege); - } - - usage(); - - return 0; -} |