summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in119
-rw-r--r--source3/auth/auth_rhosts.c19
-rw-r--r--source3/auth/auth_sam.c46
-rw-r--r--source3/auth/auth_util.c43
-rw-r--r--source3/bin/.cvsignore1
-rw-r--r--source3/change-log2
-rw-r--r--source3/client/client.c187
-rwxr-xr-xsource3/config.sub236
-rw-r--r--source3/configure.in81
-rw-r--r--source3/groupdb/mapping.c23
-rw-r--r--source3/include/.cvsignore1
-rw-r--r--source3/include/auth.h3
-rw-r--r--source3/include/debug.h1
-rw-r--r--source3/include/genparser.h78
-rw-r--r--source3/include/genparser_samba.h58
-rw-r--r--source3/include/gums.h240
-rw-r--r--source3/include/includes.h36
-rw-r--r--source3/include/mapping.h1
-rw-r--r--source3/include/module.h44
-rw-r--r--source3/include/passdb.h149
-rw-r--r--source3/include/rpc_client_proto.h231
-rw-r--r--source3/include/rpc_lsa.h40
-rw-r--r--source3/include/rpc_misc.h16
-rw-r--r--source3/include/safe_string.h18
-rw-r--r--source3/include/sam.h238
-rw-r--r--source3/include/smb.h128
-rw-r--r--source3/include/smb_ldap.h59
-rw-r--r--source3/include/smb_macros.h9
-rw-r--r--source3/include/tdbsam2.h95
-rw-r--r--source3/include/version.h2
-rw-r--r--source3/lib/debug.c1
-rw-r--r--source3/lib/domain_namemap.c1317
-rw-r--r--source3/lib/genparser.c786
-rw-r--r--source3/lib/genparser_samba.c200
-rw-r--r--source3/lib/iconv.c2
-rw-r--r--source3/lib/ldap.c719
-rw-r--r--source3/lib/module.c120
-rw-r--r--source3/lib/readline.c24
-rw-r--r--source3/lib/substitute.c11
-rw-r--r--source3/lib/username.c2
-rw-r--r--source3/lib/util_sid.c3
-rw-r--r--source3/lib/util_sock.c13
-rw-r--r--source3/lib/util_unistr.c5
-rw-r--r--source3/libads/ads_utils.c46
-rw-r--r--source3/libads/krb5_setpw.c2
-rw-r--r--source3/libsmb/cliconnect.c5
-rw-r--r--source3/libsmb/ntlmssp.c2
-rw-r--r--source3/libsmb/smb_signing.c37
-rw-r--r--source3/libsmb/smbencrypt.c34
-rw-r--r--source3/libsmb/trusts_util.c2
-rw-r--r--source3/mainpage.dox7
-rw-r--r--source3/modules/weird.c (renamed from source3/modules/developer.c)5
-rw-r--r--source3/nmbd/nmbd.c71
-rw-r--r--source3/nmbd/nmbd_become_lmb.c3
-rw-r--r--source3/nmbd/nmbd_browserdb.c4
-rw-r--r--source3/nmbd/nmbd_browsesync.c8
-rw-r--r--source3/nmbd/nmbd_incomingdgrams.c14
-rw-r--r--source3/nmbd/nmbd_sendannounce.c8
-rw-r--r--source3/nmbd/nmbd_serverlistdb.c4
-rw-r--r--source3/nmbd/nmbd_workgroupdb.c2
-rw-r--r--source3/nsswitch/winbindd.c108
-rw-r--r--source3/nsswitch/winbindd_cache.c7
-rw-r--r--source3/nsswitch/winbindd_dual.c3
-rw-r--r--source3/nsswitch/winbindd_group.c37
-rw-r--r--source3/nsswitch/winbindd_idmap.c194
-rw-r--r--source3/nsswitch/winbindd_idmap_tdb.c459
-rw-r--r--source3/nsswitch/winbindd_sid.c13
-rw-r--r--source3/nsswitch/winbindd_user.c19
-rw-r--r--source3/nsswitch/winbindd_util.c9
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c21
-rw-r--r--source3/pam_smbpass/support.c42
-rw-r--r--source3/param/loadparm.c146
-rw-r--r--source3/passdb/passdb.c314
-rw-r--r--source3/passdb/pdb_get_set.c42
-rw-r--r--source3/passdb/pdb_guest.c70
-rw-r--r--source3/passdb/pdb_ldap.c94
-rw-r--r--source3/passdb/pdb_nisplus.c80
-rw-r--r--source3/passdb/pdb_plugin.c (renamed from source3/sam/sam_plugin.c)47
-rw-r--r--source3/passdb/pdb_smbpasswd.c57
-rw-r--r--source3/passdb/pdb_tdb.c188
-rw-r--r--source3/passdb/pdb_unix.c131
-rw-r--r--source3/passdb/pdb_xml.c2
-rw-r--r--source3/printing/lpq_parse.c60
-rw-r--r--source3/printing/nt_printing.c112
-rw-r--r--source3/printing/pcap.c6
-rw-r--r--source3/python/py_winbind.c4
-rwxr-xr-xsource3/python/setup.py51
-rw-r--r--source3/rpc_client/cli_lsarpc.c56
-rw-r--r--source3/rpc_client/cli_netlogon.c2
-rw-r--r--source3/rpc_client/cli_pipe.c45
-rw-r--r--source3/rpc_parse/parse_lsa.c135
-rw-r--r--source3/rpc_parse/parse_misc.c142
-rw-r--r--source3/rpc_parse/parse_net.c28
-rw-r--r--source3/rpc_server/srv_lsa.c176
-rw-r--r--source3/rpc_server/srv_lsa_nt.c139
-rw-r--r--source3/rpc_server/srv_pipe.c10
-rw-r--r--source3/rpc_server/srv_samr_nt.c30
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c30
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c9
-rw-r--r--source3/rpc_server/srv_util.c9
-rw-r--r--source3/rpcclient/cmd_lsarpc.c45
-rw-r--r--source3/rpcclient/cmd_spoolss.c17
-rw-r--r--source3/sam/SAM-interface_handles.txt123
-rw-r--r--source3/sam/account.c305
-rw-r--r--source3/sam/get_set_account.c845
-rw-r--r--source3/sam/get_set_domain.c263
-rw-r--r--source3/sam/get_set_group.c106
-rw-r--r--source3/sam/group.c193
-rw-r--r--source3/sam/gumm_tdb.c1196
-rw-r--r--source3/sam/gums.c161
-rw-r--r--source3/sam/gums_api.c1470
-rw-r--r--source3/sam/gums_helper.c610
-rw-r--r--source3/sam/interface.c1338
-rwxr-xr-xsource3/sam/sam_ads.c1378
-rw-r--r--source3/sam/sam_skel.c251
-rw-r--r--source3/script/addtosmbpass74
-rwxr-xr-xsource3/script/build_env.sh26
-rwxr-xr-xsource3/script/convert_smbpasswd17
-rwxr-xr-xsource3/script/genstruct.pl299
-rwxr-xr-xsource3/script/installswat.sh2
-rw-r--r--source3/script/mkbuildoptions.awk262
-rw-r--r--source3/smbd/.cvsignore1
-rw-r--r--source3/smbd/build_options.c532
-rw-r--r--source3/smbd/chgpasswd.c13
-rw-r--r--source3/smbd/mangle_hash.c4
-rw-r--r--source3/smbd/oplock.c2
-rw-r--r--source3/smbd/password.c11
-rw-r--r--source3/smbd/posix_acls.c10
-rw-r--r--source3/smbd/process.c7
-rw-r--r--source3/smbd/reply.c23
-rw-r--r--source3/smbd/server.c13
-rw-r--r--source3/smbd/session.c11
-rw-r--r--source3/smbd/uid.c419
-rw-r--r--source3/smbd/utmp.c10
-rw-r--r--source3/smbwrapper/shared.c4
-rw-r--r--source3/smbwrapper/smbw_dir.c5
-rwxr-xr-xsource3/stf/pythoncheck.py48
-rw-r--r--source3/torture/cmd_sam.c514
-rw-r--r--source3/torture/samtest.c445
-rw-r--r--source3/torture/torture.c2
-rw-r--r--source3/utils/editreg.c5
-rw-r--r--source3/utils/net_ads.c31
-rw-r--r--source3/utils/net_rpc.c65
-rw-r--r--source3/utils/ntlm_auth.c431
-rw-r--r--source3/utils/pdbedit.c56
-rw-r--r--source3/utils/smbgroupedit.c405
146 files changed, 3877 insertions, 16959 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 7f9c2a8b93..1454c65e34 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -119,15 +119,15 @@ PATH_FLAGS = $(PATH_FLAGS6) $(PASSWD_FLAGS)
# Note that all executable programs now provide for an optional executable suffix.
SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ bin/swat@EXEEXT@ \
- bin/wrepld@EXEEXT@ @EXTRA_SBIN_PROGS@
+ @EXTRA_SBIN_PROGS@
BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \
bin/testparm@EXEEXT@ bin/testprns@EXEEXT@ bin/smbstatus@EXEEXT@
BIN_PROGS2 = bin/smbcontrol@EXEEXT@ bin/smbtree@EXEEXT@ bin/tdbbackup@EXEEXT@ \
- bin/nmblookup@EXEEXT@ bin/pdbedit@EXEEXT@
+ bin/nmblookup@EXEEXT@ bin/pdbedit@EXEEXT@ bin/editreg@EXEEXT@
BIN_PROGS3 = bin/smbpasswd@EXEEXT@ bin/rpcclient@EXEEXT@ bin/smbcacls@EXEEXT@ \
bin/profiles@EXEEXT@ bin/ntlm_auth@EXEEXT@ \
- bin/editreg@EXEEXT@ bin/smbcquotas@EXEEXT@
+ bin/smbcquotas@EXEEXT@
TORTURE_PROGS = bin/smbtorture@EXEEXT@ bin/msgtest@EXEEXT@ \
bin/masktest@EXEEXT@ bin/locktest@EXEEXT@ \
@@ -175,8 +175,7 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
- lib/module.o lib/genparser.o lib/genparser_samba.o \
- lib/ldap_escape.o @CHARSET_STATIC@
+ lib/module.o lib/ldap_escape.o @CHARSET_STATIC@
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
@@ -279,26 +278,17 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
passdb/machine_sid.o passdb/util_sam_sid.o passdb/pdb_compat.o \
- passdb/privileges.o @LDAP_OBJ@ @PDB_STATIC@
+ @PDB_STATIC@
XML_OBJ = passdb/pdb_xml.o
MYSQL_OBJ = passdb/pdb_mysql.o
-DEVEL_HELP_OBJ = modules/developer.o
-
-SAM_STATIC_MODULES = sam/sam_plugin.o sam/sam_skel.o sam/sam_ads.o
-
-IDMAP_OBJ = sam/idmap.o sam/idmap_util.o sam/idmap_tdb.o
-
-SAM_OBJ = sam/account.o sam/get_set_account.o sam/get_set_group.o \
- sam/get_set_domain.o sam/interface.o $(SAM_STATIC_MODULES)
-
-SAMTEST_OBJ = torture/samtest.o torture/cmd_sam.o $(PARAM_OBJ) $(SAM_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(READLINE_OBJ) lib/util_seaccess.o $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(GROUPDB_OBJ)
+DEVEL_HELP_OBJ = modules/weird.o
GROUPDB_OBJ = groupdb/mapping.o
PROFILE_OBJ = profile/profile.o
PROFILES_OBJ = utils/profiles.o
-EDITREG_OBJ = utils/editreg.o lib/snprintf.o
+EDITREG_OBJ = utils/editreg.o
OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o
@@ -306,9 +296,9 @@ NOTIFY_OBJ = smbd/notify.o smbd/notify_hash.o smbd/notify_kernel.o
VFS_AUDIT_OBJ = modules/vfs_audit.o
VFS_EXTD_AUDIT_OBJ = modules/vfs_extd_audit.o
+VFS_FAKE_PERMS_OBJ = modules/vfs_fake_perms.o
VFS_RECYCLE_OBJ = modules/vfs_recycle.o
VFS_NETATALK_OBJ = modules/vfs_netatalk.o
-VFS_FAKE_PERMS_OBJ = modules/vfs_fake_perms.o
PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
@@ -353,9 +343,7 @@ SMBD_OBJ_BASE = $(PARAM_OBJ) $(SMBD_OBJ_SRV) $(MSDFS_OBJ) $(LIBSMB_OBJ) \
$(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(LIBADS_SERVER_OBJ) \
- $(LIB_SMBD_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \
- $(IDMAP_OBJ)
-
+ $(LIB_SMBD_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ)
PRINTING_OBJ = printing/pcap.o printing/print_svid.o \
printing/print_cups.o printing/print_generic.o \
@@ -393,9 +381,9 @@ SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
web/swat.o web/neg_lang.o
SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(LIBSMB_OBJ) \
- $(LOCKING_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(KRBCLIENT_OBJ) \
+ $(LOCKING_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(KRBCLIENT_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \
- $(POPT_LIB_OBJ) $(IDMAP_OBJ)
+ $(POPT_LIB_OBJ)
SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
@@ -419,15 +407,11 @@ TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \
SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(SECRETS_OBJ) \
$(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\
- $(UBIQX_OBJ) $(LIB_OBJ) $(KRBCLIENT_OBJ) \
- $(IDMAP_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(KRBCLIENT_OBJ)
PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \
- $(POPT_LIB_OBJ) $(IDMAP_OBJ)
-
-SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \
- $(LIBSAMBA_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) $(IDMAP_OBJ)
+ $(POPT_LIB_OBJ)
RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \
@@ -440,8 +424,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
$(READLINE_OBJ) $(GROUPDB_OBJ) $(KRBCLIENT_OBJ) \
- $(LIBADS_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ) \
- $(IDMAP_OBJ)
+ $(LIBADS_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ)
PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po
@@ -488,8 +471,7 @@ NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(KRBCLIENT_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
- $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \
- $(IDMAP_OBJ)
+ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ)
CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(LIB_OBJ) $(KRBCLIENT_OBJ)
@@ -568,7 +550,7 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \
$(LIB_SMBD_OBJ) $(SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \
$(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \
$(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \
- $(IDMAP_OBJ) $(RPC_ECHO_OBJ)
+ $(RPC_ECHO_OBJ)
NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
$(LIB_OBJ) $(NSSWINS_OBJ)
@@ -583,7 +565,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \
libsmb/smbencrypt.o libsmb/smbdes.o libsmb/nterr.o \
$(PARAM_OBJ) $(LIB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
- $(SECRETS_OBJ) $(UBIQX_OBJ) $(IDMAP_OBJ)
+ $(SECRETS_OBJ) $(UBIQX_OBJ)
PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po)
@@ -591,6 +573,8 @@ WINBINDD_OBJ1 = \
nsswitch/winbindd.o \
nsswitch/winbindd_user.o \
nsswitch/winbindd_group.o \
+ nsswitch/winbindd_idmap.o \
+ nsswitch/winbindd_idmap_tdb.o \
nsswitch/winbindd_util.o \
nsswitch/winbindd_cache.o \
nsswitch/winbindd_pam.o \
@@ -600,14 +584,13 @@ WINBINDD_OBJ1 = \
nsswitch/winbindd_wins.o \
nsswitch/winbindd_rpc.o \
nsswitch/winbindd_ads.o \
- nsswitch/winbindd_dual.o \
- nsswitch/winbindd_passdb.o
+ nsswitch/winbindd_dual.o
WINBINDD_OBJ = \
- $(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
+ $(WINBINDD_OBJ1) $(PASSDB_GET_SET_OBJ) \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
- $(PROFILE_OBJ) $(UNIGRP_OBJ) $(IDMAP_OBJ) \
+ $(PROFILE_OBJ) $(UNIGRP_OBJ) \
$(SECRETS_OBJ) $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ)
WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o $(POPT_LIB_OBJ)
@@ -663,7 +646,7 @@ wins : SHOWFLAGS nsswitch/libnss_wins.@SHLIBEXT@
modules: SHOWFLAGS proto_exists $(MODULES)
-everything: all libsmbclient debug2html smbfilter talloctort torture
+everything: all libsmbclient debug2html smbfilter talloctort modules torture
.SUFFIXES:
.SUFFIXES: .c .o .po .po32 .lo
@@ -710,6 +693,14 @@ dynconfig.po: dynconfig.c Makefile
@BROKEN_CC@ -mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po$$%.o%'` $@
@POBAD_CC@ @mv $*.po.o $@
+smbd/build_options.o: smbd/build_options.c Makefile include/config.h include/build_env.h include/proto.h
+ @echo Compiling $*.c
+ @$(CC) $(FLAGS) $(PATH_FLAGS) -c $< -o $@
+
+smbd/build_options.c: include/config.h.in script/mkbuildoptions.awk
+ @echo Generating $@
+ @$(AWK) -f $(srcdir)/script/mkbuildoptions.awk > $(builddir)/smbd/build_options.c < $(srcdir)/include/config.h.in
+
.c.po:
@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
@@ -819,10 +810,6 @@ bin/samtest@EXEEXT@: $(SAMTEST_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDBLIBS) $(ADSLIBS)
-bin/smbgroupedit@EXEEXT@: $(SMBGROUPEDIT_OBJ) bin/.dummy
- @echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(PASSDBLIBS) $(LDFLAGS) $(DYNEXP) $(LIBS)
-
bin/nmblookup@EXEEXT@: $(NMBLOOKUP_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@
@@ -975,7 +962,7 @@ nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ)
@SONAMEFLAG@`basename $@`
bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy
- @echo Linking $@
+ @echo "Linking $@"
@$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(ADSLIBS) @LDAP_LIBS@
nsswitch/@WINBIND_NSS@: $(WINBIND_NSS_PICOBJS)
@@ -984,7 +971,7 @@ nsswitch/@WINBIND_NSS@: $(WINBIND_NSS_PICOBJS)
@WINBIND_NSS_EXTRA_LIBS@ @SONAMEFLAG@`basename $@`
nsswitch/pam_winbind.@SHLIBEXT@: $(PAM_WINBIND_OBJ) bin/.dummy
- @echo Linking $@
+ @echo "Linking $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) \
@SONAMEFLAG@`basename $@` -lpam
@@ -1036,11 +1023,6 @@ bin/smbpasswd.@SHLIBEXT@: passdb/pdb_smbpasswd.o
@$(SHLD) $(LDSHFLAGS) -o $@ passdb/pdb_smbpasswd.o \
@SONAMEFLAG@`basename $@`
-bin/unixsam.@SHLIBEXT@: passdb/pdb_unix.o
- @echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ passdb/pdb_unix.o \
- @SONAMEFLAG@`basename $@`
-
bin/nisplussam.@SHLIBEXT@: passdb/pdb_nisplus.o
@echo "Building plugin $@"
@$(SHLD) $(LDSHFLAGS) -o $@ passdb/pdb_nisplus.o \
@@ -1112,14 +1094,14 @@ bin/t_stringoverflow@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_stringove
bin/t_doschar@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_doschar.o
$(CC) $(FLAGS) -o $@ $(LIBS) torture/t_doschar.o -L ./bin -lbigballofmud
-
bin/t_push_ucs2@EXEEXT@: bin/libbigballofmud.@SHLIBEXT@ torture/t_push_ucs2.o
$(CC) $(FLAGS) -o $@ $(LIBS) torture/t_push_ucs2.o -L ./bin -lbigballofmud
bin/t_snprintf@EXEEXT@: lib/snprintf.c
$(CC) $(FLAGS) -o $@ -DTEST_SNPRINTF lib/snprintf.c -lm
+install: installbin installman installscripts installdat installswat
-install: installbin installman installscripts installdat installswat installmodules installclientlib
+install-everything: install installmodules
# DESTDIR is used here to prevent packagers wasting their time
# duplicating the Makefile. Remove it and you will have the privelege
@@ -1251,8 +1233,7 @@ modules_clean:
# afterwards.
proto_exists: include/proto.h include/wrepld_proto.h include/build_env.h \
nsswitch/winbindd_proto.h web/swat_proto.h \
- client/client_proto.h utils/net_proto.h
-# include/tdbsam2_parse_info.h
+ client/client_proto.h utils/net_proto.h smbd/build_options.c
delheaders:
@echo Removing prototype headers
@@ -1260,20 +1241,19 @@ delheaders:
@/bin/rm -f $(srcdir)/include/wrepld_proto.h $(srcdir)/nsswitch/winbindd_proto.h
@/bin/rm -f $(srcdir)/web/swat_proto.h
@/bin/rm -f $(srcdir)/client/client_proto.h $(srcdir)/utils/net_proto.h
- @/bin/rm -f $(srcdir)/include/tdbsam2_parse_info.h
+ @/bin/rm -f $(srcdir)/smbd/build_options.c
@/bin/rm -f include/proto.h include/build_env.h include/wrepld_proto.h \
nsswitch/winbindd_proto.h web/swat_proto.h \
- client/client_proto.h utils/net_proto.h
-# include/tdbsam2_parse_info.h
+ client/client_proto.h utils/net_proto.h smbd/build_options.c
-include/proto.h:
+include/proto.h: smbd/build_options.c
@echo Building include/proto.h
@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
-h _PROTO_H_ $(builddir)/include/proto.h \
$(PROTO_OBJ)
-include/build_env.h:
+include/build_env.h: script/build_env.sh
@echo Building include/build_env.h
@cd $(srcdir) && $(SHELL) script/build_env.sh $(srcdir) $(builddir) $(CC) > $(builddir)/include/build_env.h
@@ -1303,29 +1283,19 @@ utils/net_proto.h:
-h _CLIENT_PROTO_H_ utils/net_proto.h \
$(NET_OBJ1)
-# not used yet an perl dependent
-#include/tdbsam2_parse_info.h:
-# @if test -n "$(PERL)"; then \
-# cd $(srcdir) && @PERL@ -w script/genstruct.pl \
-# -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \
-# include/tdbsam2.h; \
-# else \
-# echo Unable to build $@, continuing; \
-# fi
-
# "make headers" or "make proto" calls a subshell because we need to
# make sure these commands are executed in sequence even for a
# parallel make.
headers:
$(MAKE) delheaders; \
+ $(MAKE) smbd/build_options.c; \
$(MAKE) include/proto.h; \
$(MAKE) include/build_env.h; \
$(MAKE) include/wrepld_proto.h; \
$(MAKE) nsswitch/winbindd_proto.h; \
$(MAKE) web/swat_proto.h; \
$(MAKE) client/client_proto.h; \
- $(MAKE) utils/net_proto.h;
-# $(MAKE) include/tdbsam2_parse_info.h
+ $(MAKE) utils/net_proto.h
proto: headers
@@ -1375,7 +1345,10 @@ Makefile: $(srcdir)/Makefile.in config.status
check: check-programs
LD_LIBRARY_PATH="`pwd`/bin:$$LD_LIBRARY_PATH" \
PATH="`pwd`/bin:$$PATH" \
- python stf/standardcheck.py
+ python stf/standardcheck.py; \
+ if test -n "$(PYTHON)"; then \
+ python stf/pythoncheck.py; \
+ fi
# These are called by the test suite and need to be built before
# running it. For the time being we don't build all of BIN_PROGS,
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
index 3411083116..0875c48280 100644
--- a/source3/auth/auth_rhosts.c
+++ b/source3/auth/auth_rhosts.c
@@ -135,20 +135,17 @@ check for a possible hosts equiv or rhosts entry for the user
static BOOL check_hosts_equiv(SAM_ACCOUNT *account)
{
- uid_t uid;
- char *fname = NULL;
+ char *fname = NULL;
- fname = lp_hosts_equiv();
- if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(account), &uid)))
- return False;
+ fname = lp_hosts_equiv();
- /* note: don't allow hosts.equiv on root */
- if (fname && *fname && uid != 0) {
- if (check_user_equiv(pdb_get_username(account),client_name(),fname))
- return True;
- }
+ /* note: don't allow hosts.equiv on root */
+ if (IS_SAM_UNIX_USER(account) && fname && *fname && (pdb_get_uid(account) != 0)) {
+ if (check_user_equiv(pdb_get_username(account),client_name(),fname))
+ return(True);
+ }
- return False;
+ return(False);
}
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 33ea9bc73e..9a619f81f6 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -500,8 +500,6 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context
unless it is one of our aliases. */
if (!is_myname(user_info->domain.str)) {
- DEBUG(7,("The requested user domain is not the local server name. [%s]\\[%s]\n",
- user_info->domain.str,user_info->internal_username.str));
return NT_STATUS_NO_SUCH_USER;
}
@@ -520,52 +518,8 @@ NTSTATUS auth_init_samstrict(struct auth_context *auth_context, const char *para
return NT_STATUS_OK;
}
-/****************************************************************************
-Check SAM security (above) but with a few extra checks if we're a DC.
-****************************************************************************/
-
-static NTSTATUS check_samstrict_dc_security(const struct auth_context *auth_context,
- void *my_private_data,
- TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
-{
-
- if (!user_info || !auth_context) {
- return NT_STATUS_LOGON_FAILURE;
- }
-
- /* If we are a domain member, we must not
- attempt to check the password locally,
- unless it is one of our aliases, empty
- or our domain if we are a logon server.*/
-
-
- if ((!is_myworkgroup(user_info->domain.str))&&
- (!is_myname(user_info->domain.str))) {
- DEBUG(7,("The requested user domain is not the local server name or our domain. [%s]\\[%s]\n",
- user_info->domain.str,user_info->internal_username.str));
- return NT_STATUS_NO_SUCH_USER;
- }
-
- return check_sam_security(auth_context, my_private_data, mem_ctx, user_info, server_info);
-}
-
-/* module initialisation */
-NTSTATUS auth_init_samstrict_dc(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
-{
- if (!make_auth_methods(auth_context, auth_method)) {
- return NT_STATUS_NO_MEMORY;
- }
-
- (*auth_method)->auth = check_samstrict_dc_security;
- (*auth_method)->name = "samstrict_dc";
- return NT_STATUS_OK;
-}
-
NTSTATUS auth_sam_init(void)
{
- smb_register_auth(AUTH_INTERFACE_VERSION, "samstrict_dc", auth_init_samstrict_dc);
smb_register_auth(AUTH_INTERFACE_VERSION, "samstrict", auth_init_samstrict);
smb_register_auth(AUTH_INTERFACE_VERSION, "sam", auth_init_sam);
return NT_STATUS_OK;
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index e8f2af41f3..a3ca0b226f 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -611,21 +611,21 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
NT_USER_TOKEN *token;
int i;
- if (NT_STATUS_IS_ERR(uid_to_sid(&user_sid, uid))) {
+ if (!uid_to_sid(&user_sid, uid)) {
return NULL;
}
- if (NT_STATUS_IS_ERR(gid_to_sid(&group_sid, gid))) {
+ if (!gid_to_sid(&group_sid, gid)) {
return NULL;
}
- group_sids = malloc(sizeof(DOM_SID) * ngroups);
+ group_sids = malloc(sizeof(DOM_SID) * ngroups);
if (!group_sids) {
DEBUG(0, ("create_nt_token: malloc() failed for DOM_SID list!\n"));
return NULL;
}
for (i = 0; i < ngroups; i++) {
- if (NT_STATUS_IS_ERR(gid_to_sid(&(group_sids)[i], (groups)[i]))) {
+ if (!gid_to_sid(&(group_sids)[i], (groups)[i])) {
DEBUG(1, ("create_nt_token: failed to convert gid %ld to a sid!\n", (long int)groups[i]));
SAFE_FREE(group_sids);
return NULL;
@@ -648,7 +648,7 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
* If this samba server is a DC of the domain the user belongs to, it returns
* both domain groups and local / builtin groups. If the user is in a trusted
* domain, or samba is a member server of a domain, then this function returns
- * local and builtin groups the user is a member of.
+ * local and builtin groups the user is a member of.
*
* currently this is a hack, as there is no sam implementation that is capable
* of groups.
@@ -661,18 +661,23 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
gid_t gid;
int n_unix_groups;
int i;
+ struct passwd *usr;
*n_groups = 0;
*groups = NULL;
- if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &uid)) || NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sampass), &gid))) {
- DEBUG(0, ("get_user_groups_from_local_sam: error fetching uid or gid for user!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ if (!IS_SAM_UNIX_USER(sampass)) {
+ DEBUG(1, ("user %s does not have a unix identity!\n", pdb_get_username(sampass)));
+ return NT_STATUS_NO_SUCH_USER;
}
+
+ uid = pdb_get_uid(sampass);
+ gid = pdb_get_gid(sampass);
n_unix_groups = groups_max();
if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) {
DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n"));
+ passwd_free(&usr);
return NT_STATUS_NO_MEMORY;
}
@@ -681,6 +686,7 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups);
if (!groups_tmp) {
SAFE_FREE(*unix_groups);
+ passwd_free(&usr);
return NT_STATUS_NO_MEMORY;
}
*unix_groups = groups_tmp;
@@ -688,6 +694,7 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
if (sys_getgrouplist(pdb_get_username(sampass), gid, *unix_groups, &n_unix_groups) == -1) {
DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n"));
SAFE_FREE(*unix_groups);
+ passwd_free(&usr);
return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */
}
}
@@ -706,7 +713,7 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
*n_groups = n_unix_groups;
for (i = 0; i < *n_groups; i++) {
- if (NT_STATUS_IS_ERR(gid_to_sid(&(*groups)[i], (*unix_groups)[i]))) {
+ if (!gid_to_sid(&(*groups)[i], (*unix_groups)[i])) {
DEBUG(1, ("get_user_groups_from_local_sam: failed to convert gid %ld to a sid!\n", (long int)(*unix_groups)[i+1]));
SAFE_FREE(*groups);
SAFE_FREE(*unix_groups);
@@ -723,8 +730,6 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass,
static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass)
{
- NTSTATUS ret;
-
*server_info = malloc(sizeof(**server_info));
if (!*server_info) {
DEBUG(0,("make_server_info: malloc failed!\n"));
@@ -734,10 +739,6 @@ static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACC
(*server_info)->sam_fill_level = SAM_FILL_ALL;
(*server_info)->sam_account = sampass;
- if (NT_STATUS_IS_ERR(ret = sid_to_uid(pdb_get_user_sid(sampass), &((*server_info)->uid))))
- return ret;
- if (NT_STATUS_IS_ERR(ret = sid_to_gid(pdb_get_group_sid(sampass), &((*server_info)->gid))))
- return ret;
return NT_STATUS_OK;
}
@@ -868,8 +869,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
struct passwd *passwd;
- unid_t u_id, g_id;
- int u_type, g_type;
+ uid_t uid;
+ gid_t gid;
int n_lgroupSIDs;
DOM_SID *lgroupSIDs = NULL;
@@ -906,11 +907,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
domain = domain;
}
- u_type = ID_USERID;
- g_type = ID_GROUPID;
- if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&u_id, &u_type, &user_sid))
- && NT_STATUS_IS_OK(idmap_get_id_from_sid(&g_id, &g_type, &group_sid))
- && ((passwd = getpwuid_alloc(u_id.uid)))) {
+ if (winbind_sid_to_uid(&uid, &user_sid)
+ && winbind_sid_to_gid(&gid, &group_sid)
+ && ((passwd = getpwuid_alloc(uid)))) {
nt_status = pdb_init_sam_pw(&sam_account, passwd);
passwd_free(&passwd);
} else {
diff --git a/source3/bin/.cvsignore b/source3/bin/.cvsignore
index 770100fd31..8188947f75 100644
--- a/source3/bin/.cvsignore
+++ b/source3/bin/.cvsignore
@@ -41,7 +41,6 @@ swat
t_push_ucs2
t_snprintf
t_strcmp
-t_stringoverflow
talloctort
tdbbackup
testparm
diff --git a/source3/change-log b/source3/change-log
index 71f5012484..1f7798b541 100644
--- a/source3/change-log
+++ b/source3/change-log
@@ -2,7 +2,7 @@ SUPERCEDED Change Log for Samba
^^^^^^^^^^
Unless otherwise attributed, all changes were made by
-Andrew.Tridgell@anu.edu.au.
+Andrew.Tridgell@anu.edu.au. All bugs to samba-bugs@samba.org.
NOTE: THIS LOG IS IN CHRONOLOGICAL ORDER
diff --git a/source3/client/client.c b/source3/client/client.c
index f885106275..f5be4e9859 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -2214,181 +2214,40 @@ static int process_command_string(char *cmd)
return rc;
}
+/****************************************************************************
+handle completion of commands for readline
+****************************************************************************/
+static char **completion_fn(char *text, int start, int end)
+{
#define MAX_COMPLETIONS 100
-
-typedef struct {
- pstring dirmask;
char **matches;
- int count, samelen;
- const char *text;
- int len;
-} completion_remote_t;
+ int i, count=0;
-static void completion_remote_filter(file_info *f, const char *mask, void *state)
-{
- completion_remote_t *info = (completion_remote_t *)state;
+ /* for words not at the start of the line fallback to filename completion */
+ if (start) return NULL;
- if ((info->count < MAX_COMPLETIONS - 1) && (strncmp(info->text, f->name, info->len) == 0) && (strcmp(f->name, ".") != 0) && (strcmp(f->name, "..") != 0)) {
- if ((info->dirmask[0] == 0) && !(f->mode & aDIR))
- info->matches[info->count] = strdup(f->name);
- else {
- pstring tmp;
+ matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
+ if (!matches) return NULL;
- if (info->dirmask[0] != 0)
- pstrcpy(tmp, info->dirmask);
- else
- tmp[0] = 0;
- pstrcat(tmp, f->name);
- if (f->mode & aDIR)
- pstrcat(tmp, "/");
- info->matches[info->count] = strdup(tmp);
- }
- if (info->matches[info->count] == NULL)
- return;
- if (f->mode & aDIR)
- smb_readline_ca_char(0);
+ matches[count++] = strdup(text);
+ if (!matches[0]) return NULL;
- if (info->count == 1)
- info->samelen = strlen(info->matches[info->count]);
- else
- while (strncmp(info->matches[info->count], info->matches[info->count-1], info->samelen) != 0)
- info->samelen--;
- info->count++;
+ for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {
+ if (strncmp(text, commands[i].name, strlen(text)) == 0) {
+ matches[count] = strdup(commands[i].name);
+ if (!matches[count]) return NULL;
+ count++;
+ }
}
-}
-
-static char **remote_completion(const char *text, int len)
-{
- pstring dirmask;
- int i;
- completion_remote_t info = { "", NULL, 1, len, text, len };
-
- if (len >= PATH_MAX)
- return(NULL);
-
- info.matches = (char **)malloc(sizeof(info.matches[0])*MAX_COMPLETIONS);
- if (!info.matches) return NULL;
- info.matches[0] = NULL;
-
- for (i = len-1; i >= 0; i--)
- if ((text[i] == '/') || (text[i] == '\\'))
- break;
- info.text = text+i+1;
- info.samelen = info.len = len-i-1;
- if (i > 0) {
- strncpy(info.dirmask, text, i+1);
- info.dirmask[i+1] = 0;
- snprintf(dirmask, sizeof(dirmask), "%s%*s*", cur_dir, i-1, text);
- } else
- snprintf(dirmask, sizeof(dirmask), "%s*", cur_dir);
-
- if (cli_list(cli, dirmask, aDIR | aSYSTEM | aHIDDEN, completion_remote_filter, &info) < 0)
- goto cleanup;
-
- if (info.count == 2)
- info.matches[0] = strdup(info.matches[1]);
- else {
- info.matches[0] = malloc(info.samelen+1);
- if (!info.matches[0])
- goto cleanup;
- strncpy(info.matches[0], info.matches[1], info.samelen);
- info.matches[0][info.samelen] = 0;
+ if (count == 2) {
+ SAFE_FREE(matches[0]);
+ matches[0] = strdup(matches[1]);
}
- info.matches[info.count] = NULL;
- return info.matches;
-
-cleanup:
- for (i = 0; i < info.count; i++)
- free(info.matches[i]);
- free(info.matches);
- return NULL;
+ matches[count] = NULL;
+ return matches;
}
-static char **completion_fn(const char *text, int start, int end)
-{
- smb_readline_ca_char(' ');
-
- if (start) {
- const char *buf, *sp;
- int i;
- char compl_type;
-
- buf = smb_readline_get_line_buffer();
- if (buf == NULL)
- return NULL;
-
- sp = strchr(buf, ' ');
- if (sp == NULL)
- return NULL;
-
- for (i = 0; commands[i].name; i++)
- if ((strncmp(commands[i].name, text, sp - buf) == 0) && (commands[i].name[sp - buf] == 0))
- break;
- if (commands[i].name == NULL)
- return NULL;
-
- while (*sp == ' ')
- sp++;
-
- if (sp == (buf + start))
- compl_type = commands[i].compl_args[0];
- else
- compl_type = commands[i].compl_args[1];
-
- if (compl_type == COMPL_REMOTE)
- return remote_completion(text, end - start);
- else /* fall back to local filename completion */
- return NULL;
- } else {
- char **matches;
- int i, len, samelen, count=1;
-
- matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
- if (!matches) return NULL;
- matches[0] = NULL;
-
- len = strlen(text);
- for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {
- if (strncmp(text, commands[i].name, len) == 0) {
- matches[count] = strdup(commands[i].name);
- if (!matches[count])
- goto cleanup;
- if (count == 1)
- samelen = strlen(matches[count]);
- else
- while (strncmp(matches[count], matches[count-1], samelen) != 0)
- samelen--;
- count++;
- }
- }
-
- switch (count) {
- case 0: /* should never happen */
- case 1:
- goto cleanup;
- case 2:
- matches[0] = strdup(matches[1]);
- break;
- default:
- matches[0] = malloc(samelen+1);
- if (!matches[0])
- goto cleanup;
- strncpy(matches[0], matches[1], samelen);
- matches[0][samelen] = 0;
- }
- matches[count] = NULL;
- return matches;
-
-cleanup:
- while (i >= 0) {
- free(matches[i]);
- i--;
- }
- free(matches);
- return NULL;
- }
-}
/****************************************************************************
make sure we swallow keepalives during idle time
diff --git a/source3/config.sub b/source3/config.sub
index 04baf3d80d..2476310dff 100755
--- a/source3/config.sub
+++ b/source3/config.sub
@@ -1,9 +1,9 @@
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
-timestamp='2003-01-03'
+timestamp='2001-12-03'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -118,7 +118,7 @@ esac
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
- nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ nto-qnx* | linux-gnu* | storm-chaos* | os2-emx* | windows32-*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@@ -227,39 +227,26 @@ case $basic_machine in
1750a | 580 \
| a29k \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
- | clipper \
- | d10v | d30v | dlx | dsp16xx \
- | fr30 | frv \
+ | c4x | clipper \
+ | d10v | d30v | dsp16xx \
+ | fr30 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
- | ip2k \
| m32r | m68000 | m68k | m88k | mcore \
- | mips | mipsbe | mipseb | mipsel | mipsle \
- | mips16 \
- | mips64 | mips64el \
- | mips64vr | mips64vrel \
- | mips64orion | mips64orionel \
- | mips64vr4100 | mips64vr4100el \
- | mips64vr4300 | mips64vr4300el \
- | mips64vr5000 | mips64vr5000el \
- | mipsisa32 | mipsisa32el \
- | mipsisa32r2 | mipsisa32r2el \
- | mipsisa64 | mipsisa64el \
- | mipsisa64sb1 | mipsisa64sb1el \
- | mipsisa64sr71k | mipsisa64sr71kel \
- | mipstx39 | mipstx39el \
+ | mips16 | mips64 | mips64el | mips64orion | mips64orionel \
+ | mips64vr4100 | mips64vr4100el | mips64vr4300 \
+ | mips64vr4300el | mips64vr5000 | mips64vr5000el \
+ | mipsbe | mipseb | mipsel | mipsle | mipstx39 | mipstx39el \
+ | mipsisa32 \
| mn10200 | mn10300 \
- | msp430 \
| ns16k | ns32k \
- | openrisc | or32 \
+ | openrisc \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
- | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
- | sh64 | sh64le \
- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
+ | sh | sh[34] | sh[34]eb | shbe | shle \
+ | sparc | sparc64 | sparclet | sparclite | sparcv9 | sparcv9b \
| strongarm \
| tahoe | thumb | tic80 | tron \
| v850 | v850e \
@@ -291,52 +278,38 @@ case $basic_machine in
580-* \
| a29k-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
- | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
- | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | alphapca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armv*-* \
| avr-* \
| bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \
- | clipper-* | cydra-* \
- | d10v-* | d30v-* | dlx-* \
+ | c[123]* | c30-* | [cjt]90-* | c54x-* \
+ | clipper-* | cray2-* | cydra-* \
+ | d10v-* | d30v-* \
| elxsi-* \
- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | f30[01]-* | f700-* | fr30-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
- | ip2k-* \
| m32r-* \
- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m68000-* | m680[01234]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | mcore-* \
- | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
- | mips16-* \
- | mips64-* | mips64el-* \
- | mips64vr-* | mips64vrel-* \
- | mips64orion-* | mips64orionel-* \
- | mips64vr4100-* | mips64vr4100el-* \
- | mips64vr4300-* | mips64vr4300el-* \
- | mips64vr5000-* | mips64vr5000el-* \
- | mipsisa32-* | mipsisa32el-* \
- | mipsisa32r2-* | mipsisa32r2el-* \
- | mipsisa64-* | mipsisa64el-* \
- | mipsisa64sb1-* | mipsisa64sb1el-* \
- | mipsisa64sr71k-* | mipsisa64sr71kel-* \
- | mipstx39-* | mipstx39el-* \
- | msp430-* \
- | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
+ | mips-* | mips16-* | mips64-* | mips64el-* | mips64orion-* \
+ | mips64orionel-* | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* | mipsbe-* | mipseb-* \
+ | mipsle-* | mipsel-* | mipstx39-* | mipstx39el-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
- | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
- | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \
+ | sh-* | sh[34]-* | sh[34]eb-* | shbe-* | shle-* \
+ | sparc-* | sparc64-* | sparc86x-* | sparclite-* \
+ | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* \
+ | t3e-* | tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
+ | x86-* | x86_64-* | xmp-* | xps100-* | xscale-* | xstormy16-* \
| xtensa-* \
| ymp-* \
| z8k-*)
@@ -402,10 +375,6 @@ case $basic_machine in
basic_machine=ns32k-sequent
os=-dynix
;;
- c90)
- basic_machine=c90-cray
- os=-unicos
- ;;
convex-c1)
basic_machine=c1-convex
os=-bsd
@@ -426,8 +395,16 @@ case $basic_machine in
basic_machine=c38-convex
os=-bsd
;;
- cray | j90)
- basic_machine=j90-cray
+ cray | ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ cray2)
+ basic_machine=cray2-cray
+ os=-unicos
+ ;;
+ [cjt]90)
+ basic_machine=${basic_machine}-cray
os=-unicos
;;
crds | unos)
@@ -442,14 +419,6 @@ case $basic_machine in
decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
basic_machine=mips-dec
;;
- decsystem10* | dec10*)
- basic_machine=pdp10-dec
- os=-tops10
- ;;
- decsystem20* | dec20*)
- basic_machine=pdp10-dec
- os=-tops20
- ;;
delta | 3300 | motorola-3300 | motorola-delta \
| 3300-motorola | delta-motorola)
basic_machine=m68k-motorola
@@ -630,6 +599,14 @@ case $basic_machine in
basic_machine=m68k-atari
os=-mint
;;
+ mipsel*-linux*)
+ basic_machine=mipsel-unknown
+ os=-linux-gnu
+ ;;
+ mips*-linux*)
+ basic_machine=mips-unknown
+ os=-linux-gnu
+ ;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
;;
@@ -644,10 +621,6 @@ case $basic_machine in
basic_machine=m68k-rom68k
os=-coff
;;
- morphos)
- basic_machine=powerpc-unknown
- os=-morphos
- ;;
msdos)
basic_machine=i386-pc
os=-msdos
@@ -720,10 +693,6 @@ case $basic_machine in
np1)
basic_machine=np1-gould
;;
- nv1)
- basic_machine=nv1-cray
- os=-unicosmp
- ;;
nsr-tandem)
basic_machine=nsr-tandem
;;
@@ -731,10 +700,6 @@ case $basic_machine in
basic_machine=hppa1.1-oki
os=-proelf
;;
- or32 | or32-*)
- basic_machine=or32-unknown
- os=-coff
- ;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
os=-ose
@@ -757,13 +722,13 @@ case $basic_machine in
pbb)
basic_machine=m68k-tti
;;
- pc532 | pc532-*)
+ pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
;;
- pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ pentiumpro | p6 | 6x86 | athlon)
basic_machine=i686-pc
;;
pentiumii | pentium2)
@@ -784,22 +749,22 @@ case $basic_machine in
power) basic_machine=power-ibm
;;
ppc) basic_machine=powerpc-unknown
- ;;
+ ;;
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
- ;;
+ ;;
ppcle-* | powerpclittle-*)
basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64) basic_machine=powerpc64-unknown
- ;;
+ ;;
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
basic_machine=powerpc64le-unknown
- ;;
+ ;;
ppc64le-* | powerpc64little-*)
basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
@@ -830,12 +795,6 @@ case $basic_machine in
basic_machine=a29k-amd
os=-udi
;;
- sb1)
- basic_machine=mipsisa64sb1-unknown
- ;;
- sb1el)
- basic_machine=mipsisa64sb1el-unknown
- ;;
sequent)
basic_machine=i386-sequent
;;
@@ -910,17 +869,9 @@ case $basic_machine in
os=-dynix
;;
t3e)
- basic_machine=alphaev5-cray
+ basic_machine=t3e-cray
os=-unicos
;;
- t90)
- basic_machine=t90-cray
- os=-unicos
- ;;
- tic4x | c4x*)
- basic_machine=tic4x-unknown
- os=-coff
- ;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
@@ -931,10 +882,6 @@ case $basic_machine in
tx39el)
basic_machine=mipstx39el-unknown
;;
- toad1)
- basic_machine=pdp10-xkl
- os=-tops20
- ;;
tower | tower-32)
basic_machine=m68k-ncr
;;
@@ -959,8 +906,8 @@ case $basic_machine in
os=-vms
;;
vpp*|vx|vx-*)
- basic_machine=f301-fujitsu
- ;;
+ basic_machine=f301-fujitsu
+ ;;
vxworks960)
basic_machine=i960-wrs
os=-vxworks
@@ -981,13 +928,17 @@ case $basic_machine in
basic_machine=hppa1.1-winbond
os=-proelf
;;
- xps | xps100)
- basic_machine=xps100-honeywell
+ windows32)
+ basic_machine=i386-pc
+ os=-windows32-msvcrt
;;
- ymp)
- basic_machine=ymp-cray
+ xmp)
+ basic_machine=xmp-cray
os=-unicos
;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
z8k-*-coff)
basic_machine=z8k-unknown
os=-sim
@@ -1008,6 +959,13 @@ case $basic_machine in
op60c)
basic_machine=hppa1.1-oki
;;
+ mips)
+ if [ x$os = x-linux-gnu ]; then
+ basic_machine=mips-unknown
+ else
+ basic_machine=mips-mips
+ fi
+ ;;
romp)
basic_machine=romp-ibm
;;
@@ -1027,16 +985,13 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
- sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
+ sh3 | sh4 | sh3eb | sh4eb)
basic_machine=sh-unknown
;;
- sh64)
- basic_machine=sh64-unknown
- ;;
sparc | sparcv9 | sparcv9b)
basic_machine=sparc-sun
;;
- cydra)
+ cydra)
basic_machine=cydra-cydrome
;;
orion)
@@ -1051,6 +1006,10 @@ case $basic_machine in
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
+ c4x*)
+ basic_machine=c4x-none
+ os=-coff
+ ;;
*-unknown)
# Make sure to match an already-canonicalized machine name.
;;
@@ -1113,12 +1072,10 @@ case $os in
| -chorusos* | -chorusrdb* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
- | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
- | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
- | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
- | -powermax* | -dnix* | -microbsd*)
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1130,10 +1087,8 @@ case $os in
;;
esac
;;
- -nto-qnx*)
- ;;
-nto*)
- os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ os=-nto-qnx
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
@@ -1181,11 +1136,8 @@ case $os in
-ctix* | -uts*)
os=-sysv
;;
- -nova*)
- os=-rtmk-nova
- ;;
-ns2 )
- os=-nextstep2
+ os=-nextstep2
;;
-nsk*)
os=-nsk
@@ -1224,8 +1176,8 @@ case $os in
-xenix)
os=-xenix
;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
- os=-mint
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
;;
-none)
;;
@@ -1258,11 +1210,10 @@ case $basic_machine in
arm*-semi)
os=-aout
;;
- # This must come before the *-dec entry.
pdp10-*)
os=-tops20
;;
- pdp11-*)
+ pdp11-*)
os=-none
;;
*-dec | vax-*)
@@ -1289,9 +1240,6 @@ case $basic_machine in
mips*-*)
os=-elf
;;
- or32-*)
- os=-coff
- ;;
*-tti) # must be before sparc entry or we get the wrong os.
os=-sysv3
;;
@@ -1355,19 +1303,19 @@ case $basic_machine in
*-next)
os=-nextstep3
;;
- *-gould)
+ *-gould)
os=-sysv
;;
- *-highlevel)
+ *-highlevel)
os=-bsd
;;
*-encore)
os=-bsd
;;
- *-sgi)
+ *-sgi)
os=-irix
;;
- *-siemens)
+ *-siemens)
os=-sysv4
;;
*-masscomp)
@@ -1439,7 +1387,7 @@ case $basic_machine in
-ptx*)
vendor=sequent
;;
- -vxsim* | -vxworks* | -windiss*)
+ -vxsim* | -vxworks*)
vendor=wrs
;;
-aux*)
diff --git a/source3/configure.in b/source3/configure.in
index 77d160e4cb..18284c5c15 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -172,11 +172,13 @@ AC_ARG_ENABLE(debug,
AC_ARG_ENABLE(developer, [ --enable-developer Turn on developer warnings and debugging (default=no)],
[if eval "test x$enable_developer = xyes"; then
- CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER"
+ developer=yes
+ CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER"
fi])
AC_ARG_ENABLE(krb5developer, [ --enable-krb5developer Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)],
[if eval "test x$enable_krb5developer = xyes"; then
+ developer=yes
CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER"
fi])
@@ -248,9 +250,9 @@ dnl These have to be built static:
default_static_modules="pdb_smbpasswd pdb_tdbsam pdb_unix rpc_lsa rpc_samr rpc_reg rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin idmap_winbind"
dnl These are preferably build shared, and static if dlopen() is not available
-default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_fake_perms vfs_netatalk"
+default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms"
-if test "x$enable_developer" = xyes; then
+if test "x$developer" = xyes; then
default_static_modules="$default_static_modules rpc_echo"
default_shared_modules="$default_shared_modules charset_weird"
fi
@@ -2278,10 +2280,14 @@ LIBS=""
########################################################
# now see if we can find the ldap libs in standard paths
if test x$have_ldap != xyes; then
- AC_CHECK_LIB(ldap, ldap_domain2hostlist, [LIBS="$LIBS -lldap";
- LDAP_OBJ=lib/ldap.o;
- AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])])
- AC_CHECK_HEADERS([ldap.h lber.h], [default_static_modules="$default_static_modules pdb_ldap"])
+ AC_CHECK_LIB(ldap, ldap_init, [
+ LIBS="$LIBS -lldap";
+ AC_CHECK_LIB(ldap, ldap_domain2hostlist, [
+ AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])
+ AC_CHECK_HEADERS([ldap.h lber.h],
+ [default_static_modules="$default_static_modules pdb_ldap"])
+ ])
+ ])
########################################################
# If we have LDAP, does it's rebind procedure take 2 or 3 arguments?
@@ -2292,6 +2298,7 @@ LIBS=""
#include <lber.h>
#include <ldap.h>], [ldap_set_rebind_proc(0, 0, 0);], [pam_ldap_cv_ldap_set_rebind_proc=3], [pam_ldap_cv_ldap_set_rebind_proc=2]) ])
AC_DEFINE_UNQUOTED(LDAP_SET_REBIND_PROC_ARGS, $pam_ldap_cv_ldap_set_rebind_proc, [Number of arguments to ldap_set_rebind_proc])
+ AC_CHECK_FUNCS(ldap_initialize)
fi
LDAP_LIBS="$LIBS";
@@ -2457,27 +2464,6 @@ AC_ARG_WITH(ldapsam,
AC_MSG_RESULT(no)
)
-#################################################
-# check for IDMAP
-
-AC_DEFINE(WITH_IDMAP,1, [Include IDMAP support])
-
-AC_MSG_CHECKING(whether to use IDMAP only for [ug]id mapping)
-AC_ARG_WITH(idmap,
-[ --with-idmap Include experimental IDMAP support (default=yes)],
-[ case "$withval" in
- yes)
- AC_MSG_RESULT(yes)
- AC_DEFINE(WITH_IDMAP,1,[Whether to include experimental IDMAP support])
- ;;
- no)
- AC_MSG_RESULT(no)
- AC_DEFINE(WITH_IDMAP,0,[Whether to include experimental IDMAP support])
- ;;
- esac ],
- AC_MSG_RESULT(yes)
-)
-
########################################################################################
##
## END OF TESTS FOR SAM BACKENDS.
@@ -3283,7 +3269,7 @@ if test x"$HAVE_WINBIND" = x"yes"; then
EXTRA_BIN_PROGS="$EXTRA_BIN_PROGS bin/wbinfo\$(EXEEXT)"
EXTRA_SBIN_PROGS="$EXTRA_SBIN_PROGS bin/winbindd\$(EXEEXT)"
if test x"$BLDSHARED" = x"true"; then
- SHLIB_PROGS="$SHLIB_PROGS nsswitch/$WINBIND_NSS"
+ SHLIB_PROGS="$SHLIB_PROGS nsswitch/$WINBIND_NSS"
if test x"$with_pam" = x"yes"; then
SHLIB_PROGS="$SHLIB_PROGS nsswitch/pam_winbind.$SHLIBEXT"
@@ -3294,31 +3280,15 @@ else
fi
# Solaris has some extra fields in struct passwd that need to be
-# initialised otherwise nscd crashes. Unfortunately autoconf < 2.50
-# doesn't have the AC_CHECK_MEMBER macro which would be handy for checking
-# this.
-
-#AC_CHECK_MEMBER(struct passwd.pw_comment,
-# AC_DEFINE(HAVE_PASSWD_PW_COMMENT, 1, [Defined if struct passwd has pw_comment field]),
-# [#include <pwd.h>])
-
-AC_CACHE_CHECK([whether struct passwd has pw_comment],samba_cv_passwd_pw_comment, [
- AC_TRY_COMPILE([#include <pwd.h>],[struct passwd p; p.pw_comment;],
- samba_cv_passwd_pw_comment=yes,samba_cv_passwd_pw_comment=no)])
-if test x"$samba_cv_passwd_pw_comment" = x"yes"; then
- AC_DEFINE(HAVE_PASSWD_PW_COMMENT,1,[Whether struct passwd has pw_comment])
-fi
-
-#AC_CHECK_MEMBER(struct passwd.pw_age,
-# AC_DEFINE(HAVE_PASSWD_PW_AGE, 1, [Defined if struct passwd has pw_age field]),
-# [#include <pwd.h>])
+# initialised otherwise nscd crashes.
+
+AC_CHECK_MEMBER(struct passwd.pw_comment,
+ AC_DEFINE(HAVE_PASSWD_PW_COMMENT, 1, [Defined if struct passwd has pw_comment field]),,
+ [#include <pwd.h>])
-AC_CACHE_CHECK([whether struct passwd has pw_age],samba_cv_passwd_pw_age, [
- AC_TRY_COMPILE([#include <pwd.h>],[struct passwd p; p.pw_age;],
- samba_cv_passwd_pw_age=yes,samba_cv_passwd_pw_age=no)])
-if test x"$samba_cv_passwd_pw_age" = x"yes"; then
- AC_DEFINE(HAVE_PASSWD_PW_AGE,1,[Whether struct passwd has pw_age])
-fi
+AC_CHECK_MEMBER(struct passwd.pw_age,
+ AC_DEFINE(HAVE_PASSWD_PW_AGE, 1, [Defined if struct passwd has pw_age field]),,
+ [#include <pwd.h>])
#################################################
# Check to see if we should use the included popt
@@ -3430,7 +3400,6 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, "bin/ldapsam.$SHLIBEXT", PDB,
SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB)
SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB)
SMB_MODULE(pdb_nisplussam, passdb/pdb_nisplus.o, "bin/nisplussam.$SHLIBEXT", PDB)
-SMB_MODULE(pdb_unix, passdb/pdb_unix.o, "bin/unixsam.$SHLIBEXT", PDB)
SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB)
SMB_SUBSYSTEM(PDB)
@@ -3445,7 +3414,7 @@ SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), "bin/librpc_samr.$SHLIBEXT", RPC)
SMB_MODULE(rpc_echo, \$(RPC_ECHO_OBJ), "bin/librpc_echo.$SHLIBEXT", RPC)
SMB_SUBSYSTEM(RPC)
-SMB_MODULE(charset_weird, modules/developer.o, "bin/weird.$SHLIBEXT", CHARSET)
+SMB_MODULE(charset_weird, modules/weird.o, "bin/weird.$SHLIBEXT", CHARSET)
SMB_SUBSYSTEM(CHARSET)
SMB_MODULE(auth_rhosts, \$(AUTH_RHOSTS_OBJ), "bin/rhosts.$SHLIBEXT", AUTH)
@@ -3460,8 +3429,8 @@ SMB_SUBSYSTEM(AUTH)
SMB_MODULE(vfs_recycle, \$(VFS_RECYCLE_OBJ), "bin/recycle.$SHLIBEXT", VFS)
SMB_MODULE(vfs_audit, \$(VFS_AUDIT_OBJ), "bin/audit.$SHLIBEXT", VFS)
SMB_MODULE(vfs_extd_audit, \$(VFS_EXTD_AUDIT_OBJ), "bin/extd_audit.$SHLIBEXT", VFS)
-SMB_MODULE(vfs_fake_perms, \$(VFS_FAKE_PERMS_OBJ), "bin/fake_perms.$SHLIBEXT", VFS)
SMB_MODULE(vfs_netatalk, \$(VFS_NETATALK_OBJ), "bin/netatalk.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_fake_perms, \$(VFS_FAKE_PERMS_OBJ), "bin/fake_perms.$SHLIBEXT", VFS)
SMB_SUBSYSTEM(VFS)
AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules])
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 2b7a852688..b718f42f93 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -170,17 +170,17 @@ static BOOL default_group_mapping(void)
/* Add the Wellknown groups */
- add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
- add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+ add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+ add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK);
/* Add the defaults domain groups */
@@ -763,7 +763,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
continue;
-
+
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr)
continue;
@@ -803,7 +803,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
free_privilege(set);
continue;
}
-
+
if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name));
free_privilege(set);
@@ -838,7 +838,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
free_privilege(&(mapt[entries].priv_set));
entries++;
-
}
*num_entries=entries;
diff --git a/source3/include/.cvsignore b/source3/include/.cvsignore
index 4bff170b3b..bff248727f 100644
--- a/source3/include/.cvsignore
+++ b/source3/include/.cvsignore
@@ -3,5 +3,4 @@ config.h
stamp-h
proto.h
wrepld_proto.h
-tdbsam2_parse_info.h
config.h.in
diff --git a/source3/include/auth.h b/source3/include/auth.h
index eb80e3c5b4..626b9f3ba0 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -75,9 +75,6 @@ typedef struct auth_usersupplied_info
typedef struct auth_serversupplied_info
{
BOOL guest;
-
- uid_t uid;
- gid_t gid;
/* This groups info is needed for when we become_user() for this uid */
int n_groups;
diff --git a/source3/include/debug.h b/source3/include/debug.h
index 70f9f7706d..d4f45539f4 100644
--- a/source3/include/debug.h
+++ b/source3/include/debug.h
@@ -88,7 +88,6 @@ extern int DEBUGLEVEL;
#define DBGC_AUTH 10
#define DBGC_WINBIND 11
#define DBGC_VFS 12
-#define DBGC_IDMAP 13
/* So you can define DBGC_CLASS before including debug.h */
#ifndef DBGC_CLASS
diff --git a/source3/include/genparser.h b/source3/include/genparser.h
deleted file mode 100644
index f28cd78249..0000000000
--- a/source3/include/genparser.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_H
-#define _GENPARSER_H
-
-/* these macros are needed for genstruct auto-parsers */
-#ifndef GENSTRUCT
-#define GENSTRUCT
-#define _LEN(x)
-#define _NULLTERM
-#endif
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-/* flag to mark a fixed size array as actually being null terminated */
-#define FLAG_NULLTERM 1
-#define FLAG_ALWAYS 2
-
-struct enum_struct {
- const char *name;
- unsigned value;
-};
-
-/* intermediate dumps are stored in one of these */
-struct parse_string {
- unsigned allocated;
- unsigned length;
- char *s;
-};
-
-typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent);
-typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str);
-
-/* genstruct.pl generates arrays of these */
-struct parse_struct {
- const char *name;
- unsigned ptr_count;
- unsigned size;
- unsigned offset;
- unsigned array_len;
- const char *dynamic_len;
- unsigned flags;
- gen_dump_fn dump_fn;
- gen_parse_fn parse_fn;
-};
-
-#define DUMP_PARSE_DECL(type) \
- int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \
- int gen_parse_ ## type(TALLOC_CTX *, char *, const char *);
-
-DUMP_PARSE_DECL(char)
-DUMP_PARSE_DECL(int)
-DUMP_PARSE_DECL(unsigned)
-DUMP_PARSE_DECL(double)
-DUMP_PARSE_DECL(float)
-
-#define gen_dump_unsigned_char gen_dump_char
-#define gen_parse_unsigned_char gen_parse_char
-
-#endif /* _GENPARSER_H */
diff --git a/source3/include/genparser_samba.h b/source3/include/genparser_samba.h
deleted file mode 100644
index 172ff2362c..0000000000
--- a/source3/include/genparser_samba.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_SAMBA_H
-#define _GENPARSER_SAMBA_H
-
-const struct parse_struct pinfo_security_ace_info[] = {
-{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS},
-{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_acl_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_descriptor_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_luid_attr_info[] = {
-{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-#endif /* _GENPARSER_SAMBA_H */
diff --git a/source3/include/gums.h b/source3/include/gums.h
deleted file mode 100644
index 789acc269f..0000000000
--- a/source3/include/gums.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GUMS_H
-#define _GUMS_H
-
-#define GUMS_VERSION_MAJOR 0
-#define GUMS_VERSION_MINOR 1
-#define GUMS_OBJECT_VERSION 1
-
-#define GUMS_OBJ_DOMAIN 1
-#define GUMS_OBJ_NORMAL_USER 2
-#define GUMS_OBJ_GROUP 3
-#define GUMS_OBJ_ALIAS 4
-#define GUMS_OBJ_WORKSTATION_TRUST 5
-#define GUMS_OBJ_SERVER_TRUST 6
-#define GUMS_OBJ_DOMAIN_TRUST 7
-
-typedef struct gums_user
-{
- DOM_SID *group_sid; /* Primary Group SID */
-
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- char *full_name; /* user's full name string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
-
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
-
- uint32 unknown_3; /* 0x00ff ffff */
-
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 *hours;
-
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
-
-} GUMS_USER;
-
-typedef struct gums_group
-{
- uint32 count; /* Number of SIDs */
- DOM_SID **members; /* SID array */
-
-} GUMS_GROUP;
-
-typedef struct gums_domain
-{
- uint32 next_rid;
-
-} GUMS_DOMAIN;
-
-union gums_obj_p {
- GUMS_USER *user;
- GUMS_GROUP *group;
- GUMS_DOMAIN *domain;
-};
-
-typedef struct gums_object
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
-
- DOM_SID *sid; /* Object Sid */
- char *name; /* Object Name */
- char *description; /* Object Description */
-
- union gums_obj_p data; /* Object Specific data */
-
-} GUMS_OBJECT;
-
-typedef struct gums_data_set
-{
- int type; /* GUMS_SET_xxx */
- void *data;
-
-} GUMS_DATA_SET;
-
-typedef struct gums_commit_set
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object type */
- DOM_SID sid; /* Object Sid */
- uint32 count; /* number of changes */
- GUMS_DATA_SET **data;
-
-} GUMS_COMMIT_SET;
-
-typedef struct gums_privilege
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- LUID_ATTR *privilege; /* Privilege Type */
- char *name; /* Object Name */
- char *description; /* Object Description */
-
- uint32 count;
- DOM_SID **members;
-
-} GUMS_PRIVILEGE;
-
-
-typedef struct gums_functions
-{
- /* Generic object functions */
-
- NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name);
- NTSTATUS (*set_domain_sid) (const DOM_SID *sid);
-
- NTSTATUS (*get_sequence_number) (void);
-
- NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type);
- NTSTATUS (*delete_object) (const DOM_SID *sid);
-
- NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int onj_type);
- /* This function is used to get the list of all objects changed since b_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
- NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
- NTSTATUS (*enumerate_objects_stop) (void *handle);
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (const GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET **data_set);
-
- /* Group related functions */
- NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
- NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
-
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-} GUMS_FUNCTIONS;
-
-/* define value types */
-#define GUMS_SET_PRIMARY_GROUP 0x1
-#define GUMS_SET_SEC_DESC 0x2
-
-#define GUMS_SET_NAME 0x10
-#define GUMS_SET_DESCRIPTION 0x11
-#define GUMS_SET_FULL_NAME 0x12
-
-/* user specific type values */
-#define GUMS_SET_LOGON_TIME 0x20
-#define GUMS_SET_LOGOFF_TIME 0x21
-#define GUMS_SET_KICKOFF_TIME 0x23
-#define GUMS_SET_PASS_LAST_SET_TIME 0x24
-#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25
-#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26
-
-
-#define GUMS_SET_HOME_DIRECTORY 0x31
-#define GUMS_SET_DRIVE 0x32
-#define GUMS_SET_LOGON_SCRIPT 0x33
-#define GUMS_SET_PROFILE_PATH 0x34
-#define GUMS_SET_WORKSTATIONS 0x35
-#define GUMS_SET_UNKNOWN_STRING 0x36
-#define GUMS_SET_MUNGED_DIAL 0x37
-
-#define GUMS_SET_LM_PASSWORD 0x40
-#define GUMS_SET_NT_PASSWORD 0x41
-#define GUMS_SET_PLAINTEXT_PASSWORD 0x42
-#define GUMS_SET_UNKNOWN_3 0x43
-#define GUMS_SET_LOGON_DIVS 0x44
-#define GUMS_SET_HOURS_LEN 0x45
-#define GUMS_SET_HOURS 0x46
-#define GUMS_SET_UNKNOWN_5 0x47
-#define GUMS_SET_UNKNOWN_6 0x48
-
-#define GUMS_SET_MUST_CHANGE_PASS 0x50
-#define GUMS_SET_CANNOT_CHANGE_PASS 0x51
-#define GUMS_SET_PASS_NEVER_EXPIRE 0x52
-#define GUMS_SET_ACCOUNT_DISABLED 0x53
-#define GUMS_SET_ACCOUNT_LOCKOUT 0x54
-
-/*group specific type values */
-#define GUMS_ADD_SID_LIST 0x60
-#define GUMS_DEL_SID_LIST 0x61
-#define GUMS_SET_SID_LIST 0x62
-
-#endif /* _GUMS_H */
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 8fc09c2cae..9e4c508477 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -767,38 +767,22 @@ extern int errno;
#include "debugparse.h"
#include "version.h"
-
#include "smb.h"
-/*
#include "smbw.h"
-*/
-
#include "nameserv.h"
#include "secrets.h"
#include "byteorder.h"
-#include "privileges.h"
-
-#include "rpc_creds.h"
-
-#include "mapping.h"
-
-#include "passdb.h"
-
#include "ntdomain.h"
-#include "rpc_misc.h"
-
-#include "rpc_secdes.h"
-
-#include "nt_printing.h"
-
#include "msdfs.h"
#include "smbprofile.h"
+#include "mapping.h"
+
#include "rap.h"
#include "md5.h"
@@ -808,14 +792,8 @@ extern int errno;
#include "auth.h"
-#include "sam.h"
-
-#include "gums.h"
-
-#include "idmap.h"
+#include "passdb.h"
-#include "client.h"
-#include "smbw.h"
#include "session.h"
#include "asn_1.h"
@@ -824,9 +802,9 @@ extern int errno;
#include "mangle.h"
-#include "nsswitch/winbind_client.h"
+#include "module.h"
-#include "genparser.h"
+#include "nsswitch/winbind_client.h"
/*
* Type for wide character dirent structure.
@@ -872,8 +850,6 @@ struct functable {
struct printjob;
-struct smb_ldap_privates;
-
/***** automatically generated prototypes *****/
#ifndef NO_PROTO_H
#include "proto.h"
@@ -921,7 +897,7 @@ struct smb_ldap_privates;
#define MAP_FILE 0
#endif
-#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP) && !defined(WITH_TDB_SAM))
+#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP))
#define USE_SMBPASS_DB 1
#endif
diff --git a/source3/include/mapping.h b/source3/include/mapping.h
index 0cb31aa040..d4f2d28e6a 100644
--- a/source3/include/mapping.h
+++ b/source3/include/mapping.h
@@ -43,6 +43,7 @@
typedef struct _GROUP_MAP {
+ struct pdb_methods *methods;
gid_t gid;
DOM_SID sid;
enum SID_NAME_USE sid_name_use;
diff --git a/source3/include/module.h b/source3/include/module.h
new file mode 100644
index 0000000000..759ea5bb38
--- /dev/null
+++ b/source3/include/module.h
@@ -0,0 +1,44 @@
+/*
+ Unix SMB/CIFS implementation.
+ Handling of idle/exit events
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _MODULE_H
+#define _MODULE_H
+
+/* Module support */
+typedef NTSTATUS (init_module_function) (void);
+
+#define SMB_IDLE_EVENT_DEFAULT_INTERVAL 180
+#define SMB_IDLE_EVENT_MIN_INTERVAL 30
+
+typedef struct smb_idle_event_struct {
+ struct smb_idle_event_struct *prev,*next;
+ time_t interval;
+ time_t last_run;
+ void *data;
+ void (*fn)(struct smb_idle_event_struct **event, time_t now);
+} smb_idle_event_struct;
+
+typedef struct smb_exit_event_struct {
+ struct smb_exit_event_struct *prev,*next;
+ void *data;
+ void (*fn)(struct smb_exit_event_struct **event);
+} smb_exit_event_struct;
+
+#endif /* _MODULE_H */
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index e14e250d34..06409aa34e 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -3,8 +3,6 @@
passdb structures and parameters
Copyright (C) Gerald Carter 2001
Copyright (C) Luke Kenneth Casson Leighton 1998 - 2000
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Simo Sorce 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -25,149 +23,6 @@
#define _PASSDB_H
-/*
- * bit flags representing initialized fields in SAM_ACCOUNT
- */
-enum pdb_elements {
- PDB_UNINIT,
- PDB_SMBHOME,
- PDB_PROFILE,
- PDB_DRIVE,
- PDB_LOGONSCRIPT,
- PDB_LOGONTIME,
- PDB_LOGOFFTIME,
- PDB_KICKOFFTIME,
- PDB_CANCHANGETIME,
- PDB_MUSTCHANGETIME,
- PDB_PLAINTEXT_PW,
- PDB_USERNAME,
- PDB_FULLNAME,
- PDB_DOMAIN,
- PDB_NTUSERNAME,
- PDB_HOURSLEN,
- PDB_LOGONDIVS,
- PDB_USERSID,
- PDB_GROUPSID,
- PDB_ACCTCTRL,
- PDB_PASSLASTSET,
- PDB_UNIXHOMEDIR,
- PDB_ACCTDESC,
- PDB_WORKSTATIONS,
- PDB_UNKNOWNSTR,
- PDB_MUNGEDDIAL,
- PDB_HOURS,
- PDB_UNKNOWN3,
- PDB_UNKNOWN5,
- PDB_UNKNOWN6,
- PDB_LMPASSWD,
- PDB_NTPASSWD,
-
- /* this must be the last element */
- PDB_COUNT
-};
-
-enum pdb_group_elements {
- PDB_GROUP_NAME,
- PDB_GROUP_SID,
- PDB_GROUP_SID_NAME_USE,
- PDB_GROUP_MEMBERS,
-
- /* this must be the last element */
- PDB_GROUP_COUNT
-};
-
-
-enum pdb_value_state {
- PDB_DEFAULT=0,
- PDB_SET,
- PDB_CHANGED
-};
-
-#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET)
-#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED)
-#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT)
-
-typedef struct sam_passwd
-{
- TALLOC_CTX *mem_ctx;
-
- void (*free_fn)(struct sam_passwd **);
-
- struct pdb_methods *methods;
-
- struct user_data {
- /* initiailization flags */
- struct bitmap *change_flags;
- struct bitmap *set_flags;
-
- time_t logon_time; /* logon time */
- time_t logoff_time; /* logoff time */
- time_t kickoff_time; /* kickoff time */
- time_t pass_last_set_time; /* password last set time */
- time_t pass_can_change_time; /* password can change time */
- time_t pass_must_change_time; /* password must change time */
-
- const char * username; /* UNIX username string */
- const char * domain; /* Windows Domain name */
- const char * nt_username; /* Windows username string */
- const char * full_name; /* user's full name string */
- const char * unix_home_dir; /* UNIX home directory string */
- const char * home_dir; /* home directory string */
- const char * dir_drive; /* home directory drive string */
- const char * logon_script; /* logon script string */
- const char * profile_path; /* profile path string */
- const char * acct_desc ; /* user description string */
- const char * workstations; /* login from workstations string */
- const char * unknown_str ; /* don't know what this is, yet. */
- const char * munged_dial ; /* munged path name and dial-back tel number */
-
- DOM_SID user_sid; /* Primary User SID */
- DOM_SID group_sid; /* Primary Group SID */
-
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
- char* plaintext_pw; /* is Null if not available */
-
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_3; /* 0x00ff ffff */
-
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
-
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
- } private;
-
- /* Lets see if the remaining code can get the hint that you
- are meant to use the pdb_...() functions. */
-
-} SAM_ACCOUNT;
-
-typedef struct sam_group {
- TALLOC_CTX *mem_ctx;
-
- void (*free_fn)(struct sam_group **);
-
- struct pdb_methods *methods;
-
- struct group_data {
- /* initiailization flags */
- struct bitmap *change_flags;
- struct bitmap *set_flags;
-
- const char *name; /* Windows group name string */
-
- DOM_SID sid; /* Group SID */
- enum SID_NAME_USE sid_name_use; /* Group type */
-
- uint32 mem_num; /* Number of member SIDs */
- DOM_SID *members; /* SID array */
- } private;
-
-} SAM_GROUP;
-
-
/*****************************************************************
Functions to be implemented by the new (v2) passdb API
****************************************************************/
@@ -196,7 +51,7 @@ typedef struct pdb_context
NTSTATUS (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username);
NTSTATUS (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid);
-
+
NTSTATUS (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
@@ -249,7 +104,7 @@ typedef struct pdb_methods
NTSTATUS (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username);
- NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid);
+ NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *Sid);
NTSTATUS (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
diff --git a/source3/include/rpc_client_proto.h b/source3/include/rpc_client_proto.h
deleted file mode 100644
index 0ecb195691..0000000000
--- a/source3/include/rpc_client_proto.h
+++ /dev/null
@@ -1,231 +0,0 @@
-#ifndef _RPC_CLIENT_PROTO_H_
-#define _RPC_CLIENT_PROTO_H_
-/* This file is automatically generated with "make proto". DO NOT EDIT */
-
-
-/*The following definitions come from lib/util_list.c */
-
-BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src);
-BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x,
- const RPC_HND_NODE *y);
-BOOL RpcHndList_set_connection(const POLICY_HND *hnd,
- struct cli_connection *con);
-BOOL RpcHndList_del_connection(const POLICY_HND *hnd);
-struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_connect.c */
-
-void init_connections(void);
-void free_connections(void);
-void cli_connection_free(struct cli_connection *con);
-void cli_connection_unlink(struct cli_connection *con);
-BOOL cli_connection_init(const char *srv_name, char *pipe_name,
- struct cli_connection **con);
-BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name,
- struct cli_connection **con,
- cli_auth_fns * auth, void *auth_creds);
-struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con);
-void *cli_conn_get_auth_creds(struct cli_connection *con);
-BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_ok(struct cli_connection *con);
-
-/*The following definitions come from rpc_client/cli_login.c */
-
-BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
-BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd);
-BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char *password,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char lm_chal[8],
- char *lm_chal_resp, char *nt_chal_resp,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_lsarpc.c */
-
-BOOL do_lsa_open_policy(struct cli_state *cli,
- char *system_name, POLICY_HND *hnd,
- BOOL sec_qos);
-BOOL do_lsa_query_info_pol(struct cli_state *cli,
- POLICY_HND *hnd, uint16 info_class,
- fstring domain_name, DOM_SID *domain_sid);
-BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
-BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access);
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names);
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids);
-
-/*The following definitions come from rpc_client/cli_netlogon.c */
-
-BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level);
-BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *srv_chal);
-BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
-BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]);
-BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-BOOL change_trust_account_password( char *domain, char *remote_machine_list);
-
-/*The following definitions come from rpc_client/cli_pipe.c */
-
-BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
- prs_struct *data, prs_struct *rdata);
-BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name);
-void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
-BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name);
-void cli_nt_session_close(struct cli_state *cli);
-
-/*The following definitions come from rpc_client/cli_reg.c */
-
-BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name,
- POLICY_HND *reg_hnd);
-BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd);
-BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd,
- char *class, uint32 *class_len,
- uint32 *num_subkeys, uint32 *max_subkeylen,
- uint32 *max_subkeysize, uint32 *num_values,
- uint32 *max_valnamelen, uint32 *max_valbufsize,
- uint32 *sec_desc, NTTIME *mod_time);
-BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk);
-BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd,
- char *key_value, uint32* key_type);
-BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf);
-BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf);
-BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name);
-BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name);
-BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, char *key_class,
- SEC_ACCESS *sam_access,
- POLICY_HND *key);
-BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
- int key_index, char *key_name,
- uint32 *unk_1, uint32 *unk_2,
- time_t *mod_time);
-BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd,
- char *val_name, uint32 type, BUFFER3 *data);
-BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd,
- int val_index, int max_valnamelen, int max_valbufsize,
- fstring val_name,
- uint32 *val_type, BUFFER2 *value);
-BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, uint32 unk_0,
- POLICY_HND *key_hnd);
-BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_samr.c */
-
-BOOL get_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol_open_domain, uint32 user_rid,
- uint32 *num_groups, DOM_GID *gid);
-BOOL get_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol_open_domain,
- uint32 info_level,
- uint32 user_rid, SAM_USER_INFO_21 *usr);
-BOOL do_samr_chgpasswd_user(struct cli_state *cli,
- char *srv_name, char *user_name,
- char nt_newpass[516], uchar nt_oldhash[16],
- char lm_newpass[516], uchar lm_oldhash[16]);
-BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name);
-BOOL do_samr_query_dom_info(struct cli_state *cli,
- POLICY_HND *domain_pol, uint16 switch_value);
-BOOL do_samr_enum_dom_users(struct cli_state *cli,
- POLICY_HND *pol, uint16 num_entries, uint16 unk_0,
- uint16 acb_mask, uint16 unk_1, uint32 size,
- struct acct_info **sam,
- int *num_sam_users);
-BOOL do_samr_connect(struct cli_state *cli,
- char *srv_name, uint32 unknown_0,
- POLICY_HND *connect_pol);
-BOOL do_samr_open_user(struct cli_state *cli,
- POLICY_HND *pol, uint32 unk_0, uint32 rid,
- POLICY_HND *user_pol);
-BOOL do_samr_open_domain(struct cli_state *cli,
- POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
- POLICY_HND *domain_pol);
-BOOL do_samr_query_unknown_12(struct cli_state *cli,
- POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids,
- uint32 *num_aliases,
- fstring als_names [MAX_LOOKUP_SIDS],
- uint32 num_als_users[MAX_LOOKUP_SIDS]);
-BOOL do_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid);
-BOOL do_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol, uint16 switch_value, void* usr);
-BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_spoolss_notify.c */
-
-BOOL spoolss_disconnect_from_client( struct cli_state *cli);
-BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine);
-BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle);
-BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle,
- uint32 change_low, uint32 change_high, uint32 *status);
-BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status);
-
-/*The following definitions come from rpc_client/cli_srvsvc.c */
-
-BOOL do_srv_net_srv_conn_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_CONN_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_sess_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_share_enum(struct cli_state *cli,
- char *server_name,
- uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o,
- uint32 preferred_len, ENUM_HND *hnd);
-BOOL do_srv_net_srv_file_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_get_info(struct cli_state *cli,
- char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_use.c */
-
-void init_cli_use(void);
-void free_cli_use(void);
-struct cli_state *cli_net_use_add(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL reuse, BOOL *is_new);
-BOOL cli_net_use_del(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL force_close, BOOL *connection_closed);
-void cli_net_use_enum(uint32 *num_cons, struct use_info ***use);
-void cli_use_wait_keyboard(void);
-
-/*The following definitions come from rpc_client/cli_wkssvc.c */
-
-BOOL do_wks_query_info(struct cli_state *cli,
- char *server_name, uint32 switch_value,
- WKS_INFO_100 *wks100);
-
-/*The following definitions come from rpc_client/ncacn_np_use.c */
-
-BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name,
- const vuser_key * key,
- BOOL force_close, BOOL *connection_closed);
-struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc,
- const vuser_key * key);
-struct ncacn_np *ncacn_np_use_add(const char *pipe_name,
- const vuser_key * key,
- const char *srv_name,
- const struct ntuser_creds *ntc,
- BOOL reuse, BOOL *is_new_connection);
-#endif /* _PROTO_H_ */
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index d4136a9fde..33dde6e3cb 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -237,7 +237,7 @@ typedef struct r_lsa_query_sec_obj_info
typedef struct lsa_query_info
{
POLICY_HND pol; /* policy handle */
- uint16 info_class; /* info class */
+ uint16 info_class; /* info class */
} LSA_Q_QUERY_INFO;
@@ -537,6 +537,7 @@ typedef struct
POLICY_HND pol; /* policy handle */
DOM_SID2 sid;
UNISTR2_ARRAY rights;
+ uint32 count;
} LSA_Q_ADD_ACCT_RIGHTS;
/* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
@@ -553,6 +554,7 @@ typedef struct
DOM_SID2 sid;
uint32 removeall;
UNISTR2_ARRAY rights;
+ uint32 count;
} LSA_Q_REMOVE_ACCT_RIGHTS;
/* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */
@@ -561,22 +563,6 @@ typedef struct
NTSTATUS status;
} LSA_R_REMOVE_ACCT_RIGHTS;
-/* LSA_Q_ENUM_ACCT_WITH_RIGHT - LSA enum accounts with right */
-typedef struct
-{
- POLICY_HND pol;
- STRHDR right_hdr;
- UNISTR2 right;
-} LSA_Q_ENUM_ACCT_WITH_RIGHT;
-
-/* LSA_R_ENUM_ACCT_WITH_RIGHT - LSA enum accounts with right */
-typedef struct
-{
- uint32 count;
- SID_ARRAY sids;
- NTSTATUS status;
-} LSA_R_ENUM_ACCT_WITH_RIGHT;
-
/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
typedef struct lsa_q_priv_get_dispname
@@ -661,6 +647,26 @@ typedef struct lsa_q_enumprivsaccount
POLICY_HND pol; /* policy handle */
} LSA_Q_ENUMPRIVSACCOUNT;
+
+typedef struct LUID
+{
+ uint32 low;
+ uint32 high;
+} LUID;
+
+typedef struct LUID_ATTR
+{
+ LUID luid;
+ uint32 attr;
+} LUID_ATTR ;
+
+typedef struct privilege_set
+{
+ uint32 count;
+ uint32 control;
+ LUID_ATTR *set;
+} PRIVILEGE_SET;
+
typedef struct lsa_r_enumprivsaccount
{
uint32 ptr;
diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h
index a0572a0bfd..d04a84d508 100644
--- a/source3/include/rpc_misc.h
+++ b/source3/include/rpc_misc.h
@@ -227,22 +227,6 @@ typedef struct
UNISTR2_ARRAY_EL *strings;
} UNISTR2_ARRAY;
-
-/* an element in a sid array */
-typedef struct
-{
- uint32 ref_id;
- DOM_SID2 sid;
-} SID_ARRAY_EL;
-
-/* an array of sids */
-typedef struct
-{
- uint32 ref_id;
- uint32 count;
- SID_ARRAY_EL *sids;
-} SID_ARRAY;
-
/* DOM_RID2 - domain RID structure for ntlsa pipe */
typedef struct domrid2_info
{
diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index a6b352b02e..df3633d91d 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -113,24 +113,24 @@ size_t __unsafe_string_function_usage_here_char__(void);
#endif /* HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS */
-/* the addition of the DEVELOPER checks in safe_strcpy means we must
- * update a lot of code. To make this a little easier here are some
- * functions that provide the lengths with less pain */
-#define pstrcpy_base(dest, src, pstring_base) \
- safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
-
#define safe_strcpy_base(dest, src, base, size) \
safe_strcpy(dest, src, size-PTR_DIFF(dest,base)-1)
-/* String copy functions - macro hell below adds 'type checking'
- (limited, but the best we can do in C) and may tag with function
- name/number to record the last 'clobber region' on that string */
+/* String copy functions - macro hell below adds 'type checking' (limited,
+ but the best we can do in C) and may tag with function name/number to
+ record the last 'clobber region' on that string */
#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1)
#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1)
#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
+/* the addition of the DEVELOPER checks in safe_strcpy means we must
+ * update a lot of code. To make this a little easier here are some
+ * functions that provide the lengths with less pain */
+#define pstrcpy_base(dest, src, pstring_base) \
+ safe_strcpy(dest, src, sizeof(pstring)-PTR_DIFF(dest,pstring_base)-1)
+
/* Inside the _fn variants of these is a call to clobber_region(), -
* which might destroy the stack on a buggy function. We help the
diff --git a/source3/include/sam.h b/source3/include/sam.h
deleted file mode 100644
index f46a6e7bcb..0000000000
--- a/source3/include/sam.h
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM structures
- Copyright (C) Kai Krueger 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Simo Sorce 2002
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _SAM_H
-#define _SAM_H
-
-/* We want to track down bugs early */
-#if 1
-#define SAM_ASSERT(x) SMB_ASSERT(x)
-#else
-#define SAM_ASSERT(x) while (0) { \
- if (!(x)) {
- DEBUG(0, ("SAM_ASSERT failed!\n"))
- return NT_STATUS_FAIL_CHECK;\
- } \
- }
-#endif
-
-
-/* let it be 0 until we have a stable interface --metze */
-#define SAM_INTERFACE_VERSION 0
-
-/* use this inside a passdb module */
-#define SAM_MODULE_VERSIONING_MAGIC \
-int sam_version(void)\
-{\
- return SAM_INTERFACE_VERSION;\
-}
-
-/* Backend to use by default when no backend was specified */
-#define SAM_DEFAULT_BACKEND "plugin"
-
-typedef struct sam_domain_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_domain_handle **);
- struct domain_data {
- DOM_SID sid; /*SID of the domain. Should not be changed */
- char *name; /* Name of the domain */
- char *servername; /* */
- NTTIME max_passwordage; /* time till next password expiration */
- NTTIME min_passwordage; /* time till password can be changed again */
- NTTIME lockout_duration; /* time till login is allowed again after lockout*/
- NTTIME reset_count; /* time till bad login counter is reset */
- uint16 min_passwordlength; /* minimum number of characters for a password */
- uint16 password_history; /* number of passwords stored in history */
- uint16 lockout_count; /* number of bad login attempts before lockout */
- BOOL force_logoff; /* force logoff after logon hours have expired */
- BOOL login_pwdchange; /* Users need to logon to change their password */
- uint32 num_accounts; /* number of accounts in the domain */
- uint32 num_groups; /* number of global groups */
- uint32 num_aliases; /* number of local groups */
- uint32 sam_sequence_number; /* global sequence number */
- } private;
-} SAM_DOMAIN_HANDLE;
-
-typedef struct sam_account_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_account_handle **);
- struct sam_account_data {
- uint32 init_flag;
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
- char * account_name; /* account_name string */
- SAM_DOMAIN_HANDLE * domain; /* domain of account */
- char *full_name; /* account's full name string */
- char *unix_home_dir; /* UNIX home directory string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *acct_desc; /* account description string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
- DOM_SID account_sid; /* Primary Account SID */
- DOM_SID group_sid; /* Primary Group SID */
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
- char *plaintext_pw; /* if Null not available */
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_1; /* 0x00ff ffff */
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
- uint32 unknown_2; /* 0x0002 0000 */
- uint32 unknown_3; /* 0x0000 04ec */
- } private;
-} SAM_ACCOUNT_HANDLE;
-
-typedef struct sam_group_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_group_handle **);
- struct sam_group_data {
- char *group_name;
- char *group_desc;
- DOM_SID sid;
- uint16 group_ctrl; /* specifies if the group is a local group or a global group */
- uint32 num_members;
- } private;
-} SAM_GROUP_HANDLE;
-
-
-typedef struct sam_group_member {
- DOM_SID sid;
- BOOL group; /* specifies if it is a group or a account */
-} SAM_GROUP_MEMBER;
-
-typedef struct sam_account_enum {
- DOM_SID sid;
- char *account_name;
- char *full_name;
- char *account_desc;
- uint16 acct_ctrl;
-} SAM_ACCOUNT_ENUM;
-
-typedef struct sam_group_enum {
- DOM_SID sid;
- char *group_name;
- char *group_desc;
- uint16 group_ctrl;
-} SAM_GROUP_ENUM;
-
-
-/* bits for group_ctrl: to spezify if the group is global group or alias */
-#define GCB_LOCAL_GROUP 0x0001
-#define GCB_ALIAS_GROUP (GCB_LOCAL_GROUP |GCB_BUILTIN)
-#define GCB_GLOBAL_GROUP 0x0002
-#define GCB_BUILTIN 0x1000
-
-typedef struct sam_context
-{
- struct sam_methods *methods;
- TALLOC_CTX *mem_ctx;
-
- void (*free_fn)(struct sam_context **);
-} SAM_CONTEXT;
-
-typedef struct sam_methods
-{
- struct sam_context *parent;
- struct sam_methods *next;
- struct sam_methods *prev;
- const char *backendname;
- const char *domain_name;
- DOM_SID domain_sid;
- void *private_data;
-
- /* General API */
-
- NTSTATUS (*sam_get_sec_desc) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd);
- NTSTATUS (*sam_set_sec_desc) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd);
-
- NTSTATUS (*sam_lookup_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type);
- NTSTATUS (*sam_lookup_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type);
-
- /* Domain API */
-
- NTSTATUS (*sam_update_domain) (const struct sam_methods *, const SAM_DOMAIN_HANDLE *domain);
- NTSTATUS (*sam_get_domain_handle) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain);
-
- /* Account API */
-
- NTSTATUS (*sam_create_account) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account);
- NTSTATUS (*sam_add_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account);
- NTSTATUS (*sam_update_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account);
- NTSTATUS (*sam_delete_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account);
- NTSTATUS (*sam_enum_accounts) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts);
-
- NTSTATUS (*sam_get_account_by_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account);
- NTSTATUS (*sam_get_account_by_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account);
-
- /* Group API */
-
- NTSTATUS (*sam_create_group) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group);
- NTSTATUS (*sam_add_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group);
- NTSTATUS (*sam_update_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group);
- NTSTATUS (*sam_delete_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group);
- NTSTATUS (*sam_enum_groups) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups);
- NTSTATUS (*sam_get_group_by_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group);
- NTSTATUS (*sam_get_group_by_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group);
-
- NTSTATUS (*sam_add_member_to_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member);
- NTSTATUS (*sam_delete_member_from_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member);
- NTSTATUS (*sam_enum_groupmembers) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members);
-
- NTSTATUS (*sam_get_groups_of_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups);
-
- void (*free_private_data)(void **);
-} SAM_METHODS;
-
-typedef NTSTATUS (*sam_init_function)(SAM_METHODS *, const char *);
-
-struct sam_init_function_entry {
- char *module_name;
- /* Function to create a member of the sam_methods list */
- sam_init_function init;
-};
-
-typedef struct sam_backend_entry {
- char *module_name;
- char *module_params;
- char *domain_name;
- DOM_SID *domain_sid;
-} SAM_BACKEND_ENTRY;
-
-
-#endif /* _SAM_H */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 2ca65ec275..8595dfa1b1 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -251,7 +251,7 @@ enum SID_NAME_USE
SID_NAME_DELETED, /* deleted account: needed for c2 rating */
SID_NAME_INVALID, /* invalid account */
SID_NAME_UNKNOWN, /* unknown sid type */
- SID_NAME_COMPUTER, /* sid for a computer */
+ SID_NAME_COMPUTER /* sid for a computer */
};
/**
@@ -586,6 +586,122 @@ typedef struct {
#define LM_HASH_LEN 16
/*
+ * bit flags representing initialized fields in SAM_ACCOUNT
+ */
+enum pdb_elements {
+ PDB_UNINIT,
+ PDB_UID,
+ PDB_GID,
+ PDB_SMBHOME,
+ PDB_PROFILE,
+ PDB_DRIVE,
+ PDB_LOGONSCRIPT,
+ PDB_LOGONTIME,
+ PDB_LOGOFFTIME,
+ PDB_KICKOFFTIME,
+ PDB_CANCHANGETIME,
+ PDB_MUSTCHANGETIME,
+ PDB_PLAINTEXT_PW,
+ PDB_USERNAME,
+ PDB_FULLNAME,
+ PDB_DOMAIN,
+ PDB_NTUSERNAME,
+ PDB_HOURSLEN,
+ PDB_LOGONDIVS,
+ PDB_USERSID,
+ PDB_GROUPSID,
+ PDB_ACCTCTRL,
+ PDB_PASSLASTSET,
+ PDB_UNIXHOMEDIR,
+ PDB_ACCTDESC,
+ PDB_WORKSTATIONS,
+ PDB_UNKNOWNSTR,
+ PDB_MUNGEDDIAL,
+ PDB_HOURS,
+ PDB_UNKNOWN3,
+ PDB_UNKNOWN5,
+ PDB_UNKNOWN6,
+ PDB_LMPASSWD,
+ PDB_NTPASSWD,
+
+ /* this must be the last element */
+ PDB_COUNT
+};
+
+enum pdb_value_state {
+ PDB_DEFAULT=0,
+ PDB_SET,
+ PDB_CHANGED
+};
+
+#define IS_SAM_UNIX_USER(x) \
+ (( pdb_get_init_flags(x, PDB_UID) != PDB_DEFAULT ) \
+ && ( pdb_get_init_flags(x,PDB_GID) != PDB_DEFAULT ))
+
+#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET)
+#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED)
+#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT)
+
+typedef struct sam_passwd
+{
+ TALLOC_CTX *mem_ctx;
+
+ void (*free_fn)(struct sam_passwd **);
+
+ struct pdb_methods *methods;
+
+ struct user_data {
+ /* initiailization flags */
+ struct bitmap *change_flags;
+ struct bitmap *set_flags;
+
+ time_t logon_time; /* logon time */
+ time_t logoff_time; /* logoff time */
+ time_t kickoff_time; /* kickoff time */
+ time_t pass_last_set_time; /* password last set time */
+ time_t pass_can_change_time; /* password can change time */
+ time_t pass_must_change_time; /* password must change time */
+
+ const char * username; /* UNIX username string */
+ const char * domain; /* Windows Domain name */
+ const char * nt_username; /* Windows username string */
+ const char * full_name; /* user's full name string */
+ const char * unix_home_dir; /* UNIX home directory string */
+ const char * home_dir; /* home directory string */
+ const char * dir_drive; /* home directory drive string */
+ const char * logon_script; /* logon script string */
+ const char * profile_path; /* profile path string */
+ const char * acct_desc ; /* user description string */
+ const char * workstations; /* login from workstations string */
+ const char * unknown_str ; /* don't know what this is, yet. */
+ const char * munged_dial ; /* munged path name and dial-back tel number */
+
+ uid_t uid; /* this is a unix uid_t */
+ gid_t gid; /* this is a unix gid_t */
+ DOM_SID user_sid; /* Primary User SID */
+ DOM_SID group_sid; /* Primary Group SID */
+
+ DATA_BLOB lm_pw; /* .data is Null if no password */
+ DATA_BLOB nt_pw; /* .data is Null if no password */
+ char* plaintext_pw; /* is Null if not available */
+
+ uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+ uint32 unknown_3; /* 0x00ff ffff */
+
+ uint16 logon_divs; /* 168 - number of hours in a week */
+ uint32 hours_len; /* normally 21 bytes */
+ uint8 hours[MAX_HOURS_LEN];
+
+ uint32 unknown_5; /* 0x0002 0000 */
+ uint32 unknown_6; /* 0x0000 04ec */
+ } private;
+
+ /* Lets see if the remaining code can get the hint that you
+ are meant to use the pdb_...() functions. */
+
+} SAM_ACCOUNT;
+
+/*
* Flags for account policy.
*/
#define AP_MIN_PASSWORD_LEN 1
@@ -1516,6 +1632,11 @@ struct pwd_info
uchar sess_key[16];
};
+#include "rpc_creds.h"
+#include "rpc_misc.h"
+#include "rpc_secdes.h"
+#include "nt_printing.h"
+
typedef struct user_struct
{
struct user_struct *next, *prev;
@@ -1555,11 +1676,9 @@ struct unix_error_map {
NTSTATUS nt_error;
};
-/*
#include "ntdomain.h"
#include "client.h"
-*/
/*
* Size of new password account encoding string. This is enough space to
@@ -1616,7 +1735,4 @@ typedef struct {
#include "popt_common.h"
-/* Module support */
-typedef NTSTATUS (init_module_function) (void);
-
#endif /* _SMB_H */
diff --git a/source3/include/smb_ldap.h b/source3/include/smb_ldap.h
deleted file mode 100644
index 1a30b853e7..0000000000
--- a/source3/include/smb_ldap.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- LDAP protocol helper functions for SAMBA
- Copyright (C) Jean François Micouleau 1998
- Copyright (C) Gerald Carter 2001
- Copyright (C) Shahms King 2001
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jim McDonough 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-
-#ifndef SMB_LDAP_H
-#define SMB_LDAP_H
-
-#ifdef HAVE_LDAP
-
-#include <lber.h>
-#include <ldap.h>
-
-struct smb_ldap_privates {
-
- /* Former statics */
- LDAP *ldap_struct;
- LDAPMessage *result;
- LDAPMessage *entry;
- int index;
-
- time_t last_ping;
- /* retrive-once info */
- const char *uri;
-
- BOOL permit_non_unix_accounts;
-
- uint32 low_nua_rid;
- uint32 high_nua_rid;
-
- char *bind_dn;
- char *bind_secret;
-
- struct smb_ldap_privates *next;
-};
-
-#endif
-#endif
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 8e2cb1c818..b39c7a0ebc 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -77,12 +77,15 @@
#define OPEN_CONN(conn) ((conn) && (conn)->open)
#define IS_IPC(conn) ((conn) && (conn)->ipc)
#define IS_PRINT(conn) ((conn) && (conn)->printer)
-#define FNUM_OK(fsp,c) (OPEN_FSP(fsp) && (c)==(fsp)->conn)
+#define FNUM_OK(fsp,c) (OPEN_FSP(fsp) && (c)==(fsp)->conn && current_user.vuid==(fsp)->vuid)
-#define CHECK_FSP(fsp,conn) if (!FNUM_OK(fsp,conn)) \
+#define CHECK_FSP(fsp,conn) do {\
+ extern struct current_user current_user;\
+ if (!FNUM_OK(fsp,conn)) \
return(ERROR_DOS(ERRDOS,ERRbadfid)); \
else if((fsp)->fd == -1) \
- return(ERROR_DOS(ERRDOS,ERRbadaccess))
+ return(ERROR_DOS(ERRDOS,ERRbadaccess));\
+ } while(0)
#define CHECK_READ(fsp) if (!(fsp)->can_read) \
return(ERROR_DOS(ERRDOS,ERRbadaccess))
diff --git a/source3/include/tdbsam2.h b/source3/include/tdbsam2.h
deleted file mode 100644
index 047b4e7c90..0000000000
--- a/source3/include/tdbsam2.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * tdbsam2 genstruct enabled header file
- * Copyright (C) Simo Sorce 2002
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-/* ALL strings assumes UTF8 as encoding */
-
-GENSTRUCT struct tdbsam2_domain_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *dom_sid; /* The Domain SID */
- char *name; _NULLTERM /* NT Domain Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- uint32 next_rid; /* The Next free RID */
-};
-
-GENSTRUCT struct tdbsam2_user_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *user_sid; /* The User SID */
- char *name; _NULLTERM /* NT User Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- DOM_SID *group_sid; /* The Primary Group SID */
-
- NTTIME *logon_time;
- NTTIME *logoff_time;
- NTTIME *kickoff_time;
- NTTIME *pass_last_set_time;
- NTTIME *pass_can_change_time;
- NTTIME *pass_must_change_time;
-
- char *full_name; _NULLTERM /* The Full Name */
- char *home_dir; _NULLTERM /* Home Directory */
- char *dir_drive; _NULLTERM /* Drive Letter the home should be mapped to */
- char *logon_script; _NULLTERM /* Logon script path */
- char *profile_path; _NULLTERM /* Profile is stored here */
- char *workstations; _NULLTERM /* List of Workstation names the user is allowed to LogIn */
- char *unknown_str; _NULLTERM /* Guess ... Unknown */
- char *munged_dial; _NULLTERM /* Callback Number */
-
- /* passwords are 16 byte leght, pointer is null if no password */
- uint8 *lm_pw_ptr; _LEN(16) /* Lanman hashed password */
- uint8 *nt_pw_ptr; _LEN(16) /* NT hashed password */
-
- uint16 logon_divs; /* 168 - num of hours in a week */
- uint32 hours_len; /* normally 21 */
- uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */
-
- uint32 unknown_3; /* 0x00ff ffff */
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
-};
-
-GENSTRUCT struct tdbsam2_group_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *group_sid; /* The Group SID */
- char *name; _NULLTERM /* NT Group Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- uint32 count; /* number of sids */
- DOM_SID **members; _LEN(count) /* SID array */
-};
-
-GENSTRUCT struct tdbsam2_privilege_data {
- uint32 xcounter; /* counter to be updated at any change */
-
- LUID_ATTR *privilege; /* Privilege */
- char *name; _NULLTERM /* NT User Name */
- char *description; _NULLTERM /* Descritpion (Gecos) */
-
- uint32 count; /* number of sids */
- DOM_SID **members; _LEN(count) /* SID array */
-};
-
diff --git a/source3/include/version.h b/source3/include/version.h
index c0a1c702f2..3ee1d8db59 100644
--- a/source3/include/version.h
+++ b/source3/include/version.h
@@ -1 +1 @@
-#define VERSION "post3.0-HEAD"
+#define VERSION "3.0alpha24"
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index fdbd54fafb..dc675037a0 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -154,7 +154,6 @@ static const char *default_classname_table[] = {
"auth", /* DBGC_AUTH */
"winbind", /* DBGC_WINBIND */
"vfs", /* DBGC_VFS */
- "idmap", /* DBGC_IDMAP */
NULL
};
diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c
deleted file mode 100644
index 988f5e5d65..0000000000
--- a/source3/lib/domain_namemap.c
+++ /dev/null
@@ -1,1317 +0,0 @@
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Groupname handling
- Copyright (C) Jeremy Allison 1998.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- * UNIX gid and Local or Domain SID resolution. This module resolves
- * only those entries in the map files, it is *NOT* responsible for
- * resolving UNIX groups not listed: that is an entirely different
- * matter, altogether...
- */
-
-/*
- *
- *
-
- format of the file is:
-
- unixname NT Group name
- unixname Domain Admins (well-known Domain Group)
- unixname DOMAIN_NAME\NT Group name
- unixname OTHER_DOMAIN_NAME\NT Group name
- unixname DOMAIN_NAME\Domain Admins (well-known Domain Group)
- ....
-
- if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
-
- *
- *
- */
-
-
-#include "includes.h"
-extern int DEBUGLEVEL;
-
-extern fstring global_myworkgroup;
-extern DOM_SID global_member_sid;
-extern fstring global_sam_name;
-extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_5_20;
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
- return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
-{
- return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
- return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_group_rid(uint32 gid)
-{
- uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
- return grp_rid;
-}
-
-/******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_alias_rid(uint32 gid)
-{
- uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
- return alias_rid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_uid_to_user_rid(uint32 uid)
-{
- uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
- return user_rid;
-}
-
-/******************************************************************
- converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
-{
- DOM_SID tmp_sid;
- uint32 rid;
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- if (!sid_equal(&global_sam_sid, &tmp_sid))
- {
- return False;
- }
-
- switch (type)
- {
- case SID_NAME_USER:
- {
- *id = pwdb_user_rid_to_uid(rid);
- return True;
- }
- case SID_NAME_ALIAS:
- {
- *id = pwdb_alias_rid_to_gid(rid);
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- *id = pwdb_group_rid_to_gid(rid);
- return True;
- }
- }
- return False;
-}
-
-/******************************************************************
- converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
-{
- sid_copy(sid, &global_sam_sid);
- switch (type)
- {
- case SID_NAME_USER:
- {
- sid_append_rid(sid, pwdb_uid_to_user_rid(id));
- return True;
- }
- case SID_NAME_ALIAS:
- {
- sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- sid_append_rid(sid, pwdb_gid_to_group_rid(id));
- return True;
- }
- }
- return False;
-}
-
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
- return (rid < 1000);
-}
-
-/*******************************************************************
- determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type: SID_ENUM_TYPE.
- */
- if (pwdb_rid_is_well_known(rid))
- {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- {
- return RID_TYPE_USER;
- }
- if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
- {
- return RID_TYPE_GROUP;
- }
- if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
- {
- return RID_TYPE_ALIAS;
- }
- }
- return (rid & RID_TYPE_MASK);
-}
-
-/*******************************************************************
- checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
- return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
-
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct name_map
-{
- ubi_slNode next;
- DOM_NAME_MAP grp;
-
-} name_map_entry;
-
-static ubi_slList groupname_map_list;
-static ubi_slList aliasname_map_list;
-static ubi_slList ntusrname_map_list;
-
-static void delete_name_entry(name_map_entry *gmep)
-{
- if (gmep->grp.nt_name)
- {
- free(gmep->grp.nt_name);
- }
- if (gmep->grp.nt_domain)
- {
- free(gmep->grp.nt_domain);
- }
- if (gmep->grp.unix_name)
- {
- free(gmep->grp.unix_name);
- }
- free((char*)gmep);
-}
-
-/**************************************************************************
- Delete all the entries in the name map list.
-***************************************************************************/
-
-static void delete_map_list(ubi_slList *map_list)
-{
- name_map_entry *gmep;
-
- while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
- {
- delete_name_entry(gmep);
- }
-}
-
-
-/**************************************************************************
- makes a group sid out of a domain sid and a _unix_ gid.
-***************************************************************************/
-static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
-{
- int ret = False;
- fstring sid_str;
-
- if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
- {
- DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
- grp->nt_domain));
- return False;
- }
-
- if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
- {
- /*
- * only builtin aliases are recognised in S-1-5-20
- */
- DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
- grp->nt_name));
-
- if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
- {
- DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
- grp->unix_name, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_USER)
- {
- DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_DOMAIN)
- {
- DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else
- {
- switch (type)
- {
- case DOM_MAP_USER:
- {
- grp->type = SID_NAME_USER;
- break;
- }
- case DOM_MAP_DOMAIN:
- {
- grp->type = SID_NAME_DOM_GRP;
- break;
- }
- case DOM_MAP_LOCAL:
- {
- grp->type = SID_NAME_ALIAS;
- break;
- }
- }
-
- ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
- }
-
- sid_to_string(sid_str, &grp->sid);
- DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n",
- grp->nt_domain, grp->nt_name, grp->unix_id, sid_str));
- return ret;
-}
-
-/**************************************************************************
- makes a group sid out of an nt domain, nt group name or a unix group name.
-***************************************************************************/
-static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type)
-{
- /*
- * Attempt to get the unix gid_t for this name.
- */
-
- DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name));
-
- if (type == DOM_MAP_USER)
- {
- const struct passwd *pwptr = Get_Pwnam(map->unix_name, False);
- if (pwptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)pwptr->pw_uid;
- }
- else
- {
- struct group *gptr = getgrnam(map->unix_name);
- if (gptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)gptr->gr_gid;
- }
-
- DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id));
-
- /*
- * Now map the name to an NT SID+RID.
- */
-
- if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name))
- {
- /* Must add client-call lookup code here, to
- * resolve remote domain's sid and the group's rid,
- * in that domain.
- *
- * NOTE: it is _incorrect_ to put code here that assumes
- * we are responsible for lookups for foriegn domains' RIDs.
- *
- * for foriegn domains for which we are *NOT* the PDC, all
- * we can be responsible for is the unix gid_t to which
- * the foriegn SID+rid maps to, on this _local_ machine.
- * we *CANNOT* make any short-cuts or assumptions about
- * RIDs in a foriegn domain.
- */
-
- if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain)))
- {
- DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n",
- map->nt_domain));
- return False;
- }
- }
-
- return make_mydomain_sid(map, type);
-}
-
-static BOOL make_name_entry(name_map_entry **new_ep,
- char *nt_domain, char *nt_group, char *unix_group,
- DOM_MAP_TYPE type)
-{
- /*
- * Create the list entry and add it onto the list.
- */
-
- DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
-
- (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
- if ((*new_ep) == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
- return False;
- }
-
- ZERO_STRUCTP(*new_ep);
-
- (*new_ep)->grp.nt_name = strdup(nt_group );
- (*new_ep)->grp.nt_domain = strdup(nt_domain );
- (*new_ep)->grp.unix_name = strdup(unix_group);
-
- if ((*new_ep)->grp.nt_name == NULL ||
- (*new_ep)->grp.unix_name == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
- delete_name_entry((*new_ep));
- return False;
- }
-
- /*
- * look up the group names, make the Group-SID and unix gid
- */
-
- if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type))
- {
- delete_name_entry((*new_ep));
- return False;
- }
-
- return True;
-}
-
-/**************************************************************************
- Load a name map file. Sets last accessed timestamp.
-***************************************************************************/
-static ubi_slList *load_name_map(DOM_MAP_TYPE type)
-{
- static time_t groupmap_file_last_modified = (time_t)0;
- static time_t aliasmap_file_last_modified = (time_t)0;
- static time_t ntusrmap_file_last_modified = (time_t)0;
- static BOOL initialised_group = False;
- static BOOL initialised_alias = False;
- static BOOL initialised_ntusr = False;
- char *groupname_map_file = lp_groupname_map();
- char *aliasname_map_file = lp_aliasname_map();
- char *ntusrname_map_file = lp_ntusrname_map();
-
- FILE *fp;
- char *s;
- pstring buf;
- name_map_entry *new_ep;
-
- time_t *file_last_modified = NULL;
- int *initialised = NULL;
- char *map_file = NULL;
- ubi_slList *map_list = NULL;
-
- switch (type)
- {
- case DOM_MAP_DOMAIN:
- {
- file_last_modified = &groupmap_file_last_modified;
- initialised = &initialised_group;
- map_file = groupname_map_file;
- map_list = &groupname_map_list;
-
- break;
- }
- case DOM_MAP_LOCAL:
- {
- file_last_modified = &aliasmap_file_last_modified;
- initialised = &initialised_alias;
- map_file = aliasname_map_file;
- map_list = &aliasname_map_list;
-
- break;
- }
- case DOM_MAP_USER:
- {
- file_last_modified = &ntusrmap_file_last_modified;
- initialised = &initialised_ntusr;
- map_file = ntusrname_map_file;
- map_list = &ntusrname_map_list;
-
- break;
- }
- }
-
- if (!(*initialised))
- {
- DEBUG(10,("initialising map %s\n", map_file));
- ubi_slInitList(map_list);
- (*initialised) = True;
- }
-
- if (!*map_file)
- {
- return map_list;
- }
-
- /*
- * Load the file.
- */
-
- fp = open_file_if_modified(map_file, "r", file_last_modified);
- if (!fp)
- {
- return map_list;
- }
-
- /*
- * Throw away any previous list.
- */
- delete_map_list(map_list);
-
- DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
-
- while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
- {
- pstring unixname;
- pstring nt_name;
- fstring nt_domain;
- fstring ntname;
- char *p;
-
- DEBUG(10,("Read line |%s|\n", s));
-
- memset(nt_name, 0, sizeof(nt_name));
-
- if (!*s || strchr("#;",*s))
- continue;
-
- if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
- continue;
-
- if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
- continue;
-
- trim_string(unixname, " ", " ");
- trim_string(nt_name, " ", " ");
-
- if (!*nt_name)
- continue;
-
- if (!*unixname)
- continue;
-
- p = strchr(nt_name, '\\');
-
- if (p == NULL)
- {
- memset(nt_domain, 0, sizeof(nt_domain));
- fstrcpy(ntname, nt_name);
- }
- else
- {
- *p = 0;
- p++;
- fstrcpy(nt_domain, nt_name);
- fstrcpy(ntname , p);
- }
-
- if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type))
- {
- ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
- DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
- new_ep->grp.unix_name,
- new_ep->grp.nt_domain,
- new_ep->grp.nt_name,
- new_ep->grp.type));
- }
- }
-
- DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
- ubi_slCount(map_list)));
-
- fclose(fp);
-
- return map_list;
-}
-
-static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
-{
- sid_copy(&grp->sid, &from->sid);
- grp->unix_id = from->unix_id;
- grp->nt_name = from->nt_name;
- grp->nt_domain = from->nt_domain;
- grp->unix_name = from->unix_name;
- grp->type = from->type;
-}
-
-#if 0
-/***********************************************************
- Lookup unix name.
-************************************************************/
-static BOOL map_unixname(DOM_MAP_TYPE type,
- char *unixname, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.unix_name, unixname))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-#endif
-
-/***********************************************************
- Lookup nt name.
-************************************************************/
-static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
- DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.nt_name , ntname) &&
- strequal(gmep->grp.nt_domain, ntdomain))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-
-/***********************************************************
- Lookup by SID
-************************************************************/
-static BOOL map_sid(DOM_MAP_TYPE type,
- DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (sid_equal(&gmep->grp.sid, psid))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- Lookup by gid_t.
-************************************************************/
-static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- fstring sid_str;
- sid_to_string(sid_str, &gmep->grp.sid);
- DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
- gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
- if (gmep->grp.unix_id == unix_id)
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n",
- gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- *
- * Call four functions to resolve unix group ids and either
- * local group SIDs or domain group SIDs listed in the local group
- * or domain group map files.
- *
- * Note that it is *NOT* the responsibility of these functions to
- * resolve entries that are not in the map files.
- *
- * Any SID can be in the map files (i.e from any Domain).
- *
- ***********************************************************/
-
-#if 0
-
-/***********************************************************
- Lookup a UNIX Group entry by name.
-************************************************************/
-BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
-}
-
-/***********************************************************
- Lookup a UNIX Alias entry by name.
-************************************************************/
-BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias name entry
-************************************************************/
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry
-************************************************************/
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
-}
-
-#endif
-
-/***********************************************************
- Lookup a Username entry by name.
-************************************************************/
-static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Username entry by SID.
-************************************************************/
-static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_USER, sid, grp_info);
-}
-
-/***********************************************************
- Lookup a Username SID entry by uid.
-************************************************************/
-static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by name.
-************************************************************/
-BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_LOCAL, psid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry by sid.
-************************************************************/
-BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_DOMAIN, psid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by gid_t.
-************************************************************/
-static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group SID entry by gid_t.
-************************************************************/
-static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info);
-}
-
-
-/************************************************************************
- Routine to look up User details by UNIX name
-*************************************************************************/
-BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp)
-{
- uid_t uid;
- DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name));
- if (nametouid(unix_usr_name, &uid))
- {
- return lookupsmbpwuid(uid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
-{
- struct cli_state cli;
- POLICY_HND lsa_pol;
- fstring srv_name;
- extern struct ntuser_creds *usr_creds;
- struct ntuser_creds usr;
-
- BOOL res3 = True;
- BOOL res4 = True;
- uint32 num_sids;
- DOM_SID *sids;
- uint8 *types;
- char *names[1];
-
- usr_creds = &usr;
-
- ZERO_STRUCT(usr);
- pwd_set_nullpwd(&usr.pwd);
-
- DEBUG(5,("lookup_remote_ntname: %s\n", ntname));
-
- if (!cli_connect_serverlist(&cli, lp_passwordserver()))
- {
- return False;
- }
-
- names[0] = ntname;
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, cli.desthost);
- strupper(srv_name);
-
- /* lookup domain controller; receive a policy handle */
- res3 = res3 ? lsa_open_policy( srv_name,
- &lsa_pol, True) : False;
-
- /* send lsa lookup sids call */
- res4 = res3 ? lsa_lookup_names( &lsa_pol,
- 1, names,
- &sids, &types, &num_sids) : False;
-
- res3 = res3 ? lsa_close(&lsa_pol) : False;
-
- if (res4 && res3 && sids != NULL && types != NULL)
- {
- sid_copy(sid, &sids[0]);
- *type = types[0];
- }
- else
- {
- res3 = False;
- }
- if (types != NULL)
- {
- free(types);
- }
-
- if (sids != NULL)
- {
- free(sids);
- }
-
- return res3 && res4;
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type,
- DOM_NAME_MAP *gmep)
-{
- /*
- * check with the PDC to see if it owns the name. if so,
- * the SID is resolved with the PDC database.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type))
- {
- if (sid_front_equal(&gmep->sid, &global_member_sid) &&
- strequal(gmep->nt_domain, global_myworkgroup) &&
- gmep->type == expected_type)
- {
- return True;
- }
- return False;
- }
- }
-
- /*
- * ... otherwise, it's one of ours. map the sid ourselves,
- * which can only happen in our own SAM database.
- */
-
- if (!strequal(gmep->nt_domain, global_sam_name))
- {
- return False;
- }
- if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
- {
- return False;
- }
-
- return True;
-}
-
-/*
- * used by lookup functions below
- */
-
-static fstring nt_name;
-static fstring unix_name;
-static fstring nt_domain;
-
-/*************************************************************************
- looks up a uid, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid));
- if (map_username_uid(uid, gmep))
- {
- return True;
- }
-#if 0
- if (lp_server_role() != ROLE_DOMAIN_NONE)
-#endif
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)uid;
-
- /*
- * ok, assume it's one of ours. then double-check it
- * if we are a member of a domain
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->nt_name, uidtoname(uid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
-#endif
- }
-
- /*
- * ok, it's one of ours.
- */
-
- gmep->nt_domain = global_sam_name;
- pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by NT name, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname));
-
- if (!split_domain_name(fullntname, nt_domain, nt_name))
- {
- return False;
- }
-
- if (map_nt_username(nt_name, nt_domain, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- uid_t uid;
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->unix_name, gmep->nt_name);
- if (!nametouid(gmep->unix_name, &uid))
- {
- return False;
- }
- gmep->unix_id = (uint32)uid;
-
- return get_sid_and_type(fullntname, gmep->type, gmep);
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by RID, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str));
-
- if (map_username_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/************************************************************************
- Routine to look up group / alias / well-known group RID by UNIX name
-*************************************************************************/
-BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp)
-{
- gid_t gid;
- DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name));
- if (nametogid(unix_grp_name, &gid))
- {
- return lookupsmbgrpgid(gid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/*************************************************************************
- looks up a SID, returns name map entry
-*************************************************************************/
-BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str));
-
- if (map_alias_sid(sid, gmep))
- {
- return True;
- }
- if (map_group_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
-
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops */
- return False;
-}
-
-/*************************************************************************
- looks up a gid, returns RID and type local, domain or well-known domain group
-*************************************************************************/
-BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid));
- if (map_alias_gid(gid, gmep))
- {
- return True;
- }
- if (map_group_gid(gid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)gid;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
- {
- return True;
- }
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
- fstrcpy(gmep->nt_name, gidtoname(gid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- return get_sid_and_type(gmep->nt_name, gmep->type, gmep);
- }
-
- /* oops */
- return False;
-}
-
diff --git a/source3/lib/genparser.c b/source3/lib/genparser.c
deleted file mode 100644
index 233050b432..0000000000
--- a/source3/lib/genparser.c
+++ /dev/null
@@ -1,786 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-#include "includes.h"
-
-/* see if a range of memory is all zero. Used to prevent dumping of zero elements */
-static int all_zero(const char *ptr, unsigned size)
-{
- int i;
- if (!ptr) return 1;
- for (i=0;i<size;i++) {
- if (ptr[i]) return 0;
- }
- return 1;
-}
-
-/* encode a buffer of bytes into a escaped string */
-static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len)
-{
- const char *hexdig = "0123456789abcdef";
- char *ret, *p;
- unsigned i;
- ret = talloc(mem_ctx, len*3 + 1); /* worst case size */
- if (!ret) return NULL;
- for (p=ret,i=0;i<len;i++) {
- if (isalnum(ptr[i]) || isspace(ptr[i]) ||
- (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) {
- *p++ = ptr[i];
- } else {
- unsigned char c = *(unsigned char *)(ptr+i);
- if (c == 0 && all_zero(ptr+i, len-i)) break;
- p[0] = '\\';
- p[1] = hexdig[c>>4];
- p[2] = hexdig[c&0xF];
- p += 3;
- }
- }
-
- *p = 0;
-
- return ret;
-}
-
-/* decode an escaped string from encode_bytes() into a buffer */
-static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len)
-{
- char *ret, *p;
- unsigned i;
- int slen = strlen(s) + 1;
-
- ret = talloc(mem_ctx, slen); /* worst case length */
- if (!ret)
- return NULL;
- memset(ret, 0, slen);
-
- if (*s == '{') s++;
-
- for (p=ret,i=0;s[i];i++) {
- if (s[i] == '}') {
- break;
- } else if (s[i] == '\\') {
- unsigned v;
- if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) {
- return NULL;
- }
- *(unsigned char *)p = v;
- p++;
- i += 2;
- } else {
- *p++ = s[i];
- }
- }
- *p = 0;
-
- (*len) = (unsigned)(p - ret);
-
- return ret;
-}
-
-/* the add*() functions deal with adding things to a struct
- parse_string */
-
-/* allocate more space if needed */
-static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n)
-{
- if (p->length + n <= p->allocated) return 0;
- p->allocated = p->length + n + 200;
- p->s = talloc_realloc(mem_ctx, p->s, p->allocated);
- if (!p->s) {
- errno = ENOMEM;
- return -1;
- }
- return 0;
-}
-
-/* add a character to the buffer */
-static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c)
-{
- if (addgen_alloc(mem_ctx, p, 2) != 0) {
- return -1;
- }
- p->s[p->length++] = c;
- p->s[p->length] = 0;
- return 0;
-}
-
-/* add a string to the buffer */
-int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, len+1) != 0) {
- return -1;
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* add a string to the buffer with a tab prefix */
-static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) {
- return -1;
- }
- while (indent--) {
- p->s[p->length++] = '\t';
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* note! this can only be used for results up to 60 chars wide! */
-int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char buf[60];
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vsnprintf(buf, sizeof(buf), fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- return 0;
-}
-
-/*
- this is here to make it easier for people to write dump functions
- for their own types
- */
-int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char *buf = NULL;
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vasprintf(&buf, fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- if (buf) free(buf);
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- if (buf) free(buf);
- return 0;
-}
-
-/* dump a enumerated type */
-int gen_dump_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- unsigned v = *(unsigned *)ptr;
- int i;
- for (i=0;einfo[i].name;i++) {
- if (v == einfo[i].value) {
- addstr(mem_ctx, p, einfo[i].name);
- return 0;
- }
- }
- /* hmm, maybe we should just fail? */
- return gen_dump_unsigned(mem_ctx, p, ptr, indent);
-}
-
-/* dump a single non-array element, hanlding struct and enum */
-static int gen_dump_one(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- unsigned indent)
-{
- if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) {
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addchar(mem_ctx, p,'{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}")) {
- return -1;
- }
- return 0;
- }
-
- return pinfo->dump_fn(mem_ctx, p, ptr, indent);
-}
-
-/* handle dumping of an array of arbitrary type */
-static int gen_dump_array(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- int array_len,
- int indent)
-{
- int i, count=0;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- char *s = encode_bytes(mem_ctx, ptr, array_len);
- if (!s) return -1;
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = {") ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- free(s);
- return 0;
- }
-
- for (i=0;i<array_len;i++) {
- const char *p2 = ptr;
- unsigned size = pinfo->size;
-
- /* generic pointer dereference */
- if (pinfo->ptr_count) {
- p2 = *(const char **)ptr;
- size = sizeof(void *);
- }
-
- if ((count || pinfo->ptr_count) &&
- !(pinfo->flags & FLAG_ALWAYS) &&
- all_zero(ptr, size)) {
- ptr += size;
- continue;
- }
- if (count == 0) {
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addshort(mem_ctx, p, " = %u:", i)) {
- return -1;
- }
- } else {
- if (addshort(mem_ctx, p, ", %u:", i) != 0) {
- return -1;
- }
- }
- if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) {
- return -1;
- }
- ptr += size;
- count++;
- }
- if (count) {
- return addstr(mem_ctx, p, "\n");
- }
- return 0;
-}
-
-/* find a variable by name in a loaded structure and return its value
- as an integer. Used to support dynamic arrays */
-static int find_var(const struct parse_struct *pinfo,
- const char *data,
- const char *var)
-{
- int i;
- const char *ptr;
-
- /* this allows for constant lengths */
- if (isdigit(*var)) {
- return atoi(var);
- }
-
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, var) == 0) break;
- }
- if (!pinfo[i].name) return -1;
-
- ptr = data + pinfo[i].offset;
-
- switch (pinfo[i].size) {
- case sizeof(int):
- return *(int *)ptr;
- case sizeof(char):
- return *(char *)ptr;
- }
-
- return -1;
-}
-
-
-int gen_dump_struct(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1);
- if (!s) return -1;
- if (addstr(mem_ctx, p, "{\n") ||
- addstr(mem_ctx, p, s) ||
- addtabbed(mem_ctx, p, "}", indent)) {
- return -1;
- }
- return 0;
-}
-
-static int gen_dump_string(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- const char *ptr = *(char **)data;
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = ") ||
- addchar(mem_ctx, p, '{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- return 0;
-}
-
-/*
- find the length of a nullterm array
-*/
-static int len_nullterm(const char *ptr, int size, int array_len)
-{
- int len;
-
- if (size == 1) {
- len = strnlen(ptr, array_len);
- } else {
- for (len=0; len < array_len; len++) {
- if (all_zero(ptr+len*size, size)) break;
- }
- }
-
- if (len == 0) len = 1;
-
- return len;
-}
-
-
-/* the generic dump routine. Scans the parse information for this structure
- and processes it recursively */
-char *gen_dump(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- struct parse_string p;
- int i;
-
- p.length = 0;
- p.allocated = 0;
- p.s = NULL;
-
- if (addstr(mem_ctx, &p, "") != 0) {
- return NULL;
- }
-
- for (i=0;pinfo[i].name;i++) {
- const char *ptr = data + pinfo[i].offset;
- unsigned size = pinfo[i].size;
-
- if (pinfo[i].ptr_count) {
- size = sizeof(void *);
- }
-
- /* special handling for array types */
- if (pinfo[i].array_len) {
- unsigned len = pinfo[i].array_len;
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(ptr, size, len);
- }
- if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr,
- len, indent)) {
- goto failed;
- }
- continue;
- }
-
- /* and dynamically sized arrays */
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- struct parse_struct p2 = pinfo[i];
- if (len < 0) {
- goto failed;
- }
- if (len > 0) {
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(*(char **)ptr,
- pinfo[i].size, len);
- }
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- if (gen_dump_array(mem_ctx, &p, &p2,
- *(char **)ptr,
- len, indent) != 0) {
- goto failed;
- }
- }
- continue;
- }
-
- /* don't dump zero elements */
- if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue;
-
- /* assume char* is a null terminated string */
- if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 &&
- pinfo[i].dump_fn == gen_dump_char) {
- if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) {
- goto failed;
- }
- continue;
- }
-
- /* generic pointer dereference */
- if (pinfo[i].ptr_count) {
- ptr = *(const char **)ptr;
- }
-
- if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) ||
- addstr(mem_ctx, &p, " = ") ||
- gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) ||
- addstr(mem_ctx, &p, "\n")) {
- goto failed;
- }
- }
- return p.s;
-
-failed:
- return NULL;
-}
-
-/* search for a character in a string, skipping over sections within
- matching braces */
-static char *match_braces(char *s, char c)
-{
- int depth = 0;
- while (*s) {
- switch (*s) {
- case '}':
- depth--;
- break;
- case '{':
- depth++;
- break;
- }
- if (depth == 0 && *s == c) {
- return s;
- }
- s++;
- }
- return s;
-}
-
-/* parse routine for enumerated types */
-int gen_parse_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- char *ptr,
- const char *str)
-{
- unsigned v;
- int i;
-
- if (isdigit(*str)) {
- if (sscanf(str, "%u", &v) != 1) {
- errno = EINVAL;
- return -1;
- }
- *(unsigned *)ptr = v;
- return 0;
- }
-
- for (i=0;einfo[i].name;i++) {
- if (strcmp(einfo[i].name, str) == 0) {
- *(unsigned *)ptr = einfo[i].value;
- return 0;
- }
- }
-
- /* unknown enum value?? */
- return -1;
-}
-
-
-/* parse all base types */
-static int gen_parse_base(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str)
-{
- if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) {
- unsigned len;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s) return -1;
- *(char **)ptr = s;
- return 0;
- }
-
- if (pinfo->ptr_count) {
- unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size;
- struct parse_struct p2 = *pinfo;
- *(void **)ptr = talloc(mem_ctx, size);
- if (! *(void **)ptr) {
- return -1;
- }
- memset(*(void **)ptr, 0, size);
- ptr = *(char **)ptr;
- p2.ptr_count--;
- return gen_parse_base(mem_ctx, &p2, ptr, str);
- }
-
- return pinfo->parse_fn(mem_ctx, ptr, str);
-}
-
-/* parse a generic array */
-static int gen_parse_array(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str,
- int array_len)
-{
- char *p, *p2;
- unsigned size = pinfo->size;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- unsigned len = 0;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s || (len > array_len)) return -1;
- memset(ptr, 0, array_len);
- memcpy(ptr, s, len);
- return 0;
- }
-
- if (pinfo->ptr_count) {
- size = sizeof(void *);
- }
-
- while (*str) {
- unsigned idx;
- int done;
-
- idx = atoi(str);
- p = strchr(str,':');
- if (!p) break;
- p++;
- p2 = match_braces(p, ',');
- done = (*p2 != ',');
- *p2 = 0;
-
- if (*p == '{') {
- p++;
- p[strlen(p)-1] = 0;
- }
-
- if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) {
- return -1;
- }
-
- if (done) break;
- str = p2+1;
- }
-
- return 0;
-}
-
-/* parse one element, hanlding dynamic and static arrays */
-static int gen_parse_one(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *name,
- char *data,
- const char *str)
-{
- int i;
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, name) == 0) {
- break;
- }
- }
- if (pinfo[i].name == NULL) {
- return 0;
- }
-
- if (pinfo[i].array_len) {
- return gen_parse_array(mem_ctx, &pinfo[i],
- data+pinfo[i].offset,
- str, pinfo[i].array_len);
- }
-
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- if (len < 0) {
- errno = EINVAL;
- return -1;
- }
- if (len > 0) {
- struct parse_struct p2 = pinfo[i];
- char *ptr;
- unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size;
- ptr = talloc(mem_ctx, len*size);
- if (!ptr) {
- errno = ENOMEM;
- return -1;
- }
- memset(ptr, 0, len*size);
- *((char **)(data + pinfo[i].offset)) = ptr;
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- return gen_parse_array(mem_ctx, &p2, ptr, str, len);
- }
- return 0;
- }
-
- return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str);
-}
-
-int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str)
-{
- return gen_parse(mem_ctx, pinfo, ptr, str);
-}
-
-/* the main parse routine */
-int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s)
-{
- char *str, *s0;
-
- s0 = strdup(s);
- str = s0;
-
- while (*str) {
- char *p;
- char *name;
- char *value;
-
- /* skip leading whitespace */
- while (isspace(*str)) str++;
-
- p = strchr(str, '=');
- if (!p) break;
- value = p+1;
- while (p > str && isspace(*(p-1))) {
- p--;
- }
-
- *p = 0;
- name = str;
-
- while (isspace(*value)) value++;
-
- if (*value == '{') {
- str = match_braces(value, '}');
- value++;
- } else {
- str = match_braces(value, '\n');
- }
-
- *str++ = 0;
-
- if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) {
- free(s0);
- return -1;
- }
- }
-
- free(s0);
- return 0;
-}
-
-
-
-/* for convenience supply some standard dumpers and parsers here */
-
-int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned char *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(int *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(time_t *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(double *)ptr = atof(str);
- return 0;
-}
-
-int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(float *)ptr = atof(str);
- return 0;
-}
-
-int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr));
-}
-
-int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%d", *(int *)(ptr));
-}
-
-int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr));
-}
-
-int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(time_t *)(ptr));
-}
-
-int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%lg", *(double *)(ptr));
-}
-
-int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%g", *(float *)(ptr));
-}
diff --git a/source3/lib/genparser_samba.c b/source3/lib/genparser_samba.c
deleted file mode 100644
index bece587747..0000000000
--- a/source3/lib/genparser_samba.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "genparser_samba.h"
-
-/* PARSE functions */
-
-int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint8 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint16 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint32 *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(!string_to_sid((DOM_SID *)ptr, str)) return -1;
- return 0;
-}
-
-int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- int info[GUID_SIZE];
- int i;
- char *sc;
- char *p;
- char *m;
-
- m = strdup(str);
- if (!m) return -1;
- sc = m;
-
- memset(info, 0, sizeof(info));
- for (i = 0; i < GUID_SIZE; i++) {
- p = strchr(sc, ',');
- if (p != NULL) p = '\0';
- info[i] = atoi(sc);
- if (p != NULL) sc = p + 1;
- }
- free(m);
-
- for (i = 0; i < GUID_SIZE; i++) {
- ((GUID *)ptr)->info[i] = info[i];
- }
-
- return 0;
-}
-
-int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str);
-}
-
-int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str);
-}
-
-int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str);
-}
-
-int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str);
-}
-
-int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-
-
-/* DUMP functions */
-
-int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr));
-}
-
-int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr));
-}
-
-int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr));
-}
-
-int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((NTTIME *)(ptr))->high;
- low = ((NTTIME *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
-int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- fstring sidstr;
-
- sid_to_string(sidstr, (DOM_SID *)ptr);
- return addstr(mem_ctx, p, sidstr);
-}
-
-int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask);
-}
-
-int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- int i, r;
-
- for (i = 0; i < (GUID_SIZE - 1); i++) {
- if (!(r = addshort(mem_ctx, p, "%d,", ((GUID *)ptr)->info[i]))) return r;
- }
- return addshort(mem_ctx, p, "%d", ((GUID *)ptr)->info[i]);
-}
-
-int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent);
-}
-
-int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent);
-}
-
-int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((LUID *)(ptr))->high;
- low = ((LUID *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c
index d9160f0d01..c09bff5fd7 100644
--- a/source3/lib/iconv.c
+++ b/source3/lib/iconv.c
@@ -2,7 +2,7 @@
Unix SMB/CIFS implementation.
minimal iconv implementation
Copyright (C) Andrew Tridgell 2001
- Copyright (C) Jelmer Vernooij 2002,2003,2003,2003,2003
+ Copyright (C) Jelmer Vernooij 2002,2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
diff --git a/source3/lib/ldap.c b/source3/lib/ldap.c
deleted file mode 100644
index 917e03a871..0000000000
--- a/source3/lib/ldap.c
+++ /dev/null
@@ -1,719 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- LDAP protocol helper functions for SAMBA
- Copyright (C) Jean François Micouleau 1998
- Copyright (C) Gerald Carter 2001
- Copyright (C) Shahms King 2001
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jim McDonough 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-
-#include "includes.h"
-
-#ifdef HAVE_LDAP
-/* TODO:
-* persistent connections: if using NSS LDAP, many connections are made
-* however, using only one within Samba would be nice
-*
-* Clean up SSL stuff, compile on OpenLDAP 1.x, 2.x, and Netscape SDK
-*
-* Other LDAP based login attributes: accountExpires, etc.
-* (should be the domain of Samba proper, but the sam_password/SAM_ACCOUNT
-* structures don't have fields for some of these attributes)
-*
-* SSL is done, but can't get the certificate based authentication to work
-* against on my test platform (Linux 2.4, OpenLDAP 2.x)
-*/
-
-/* NOTE: this will NOT work against an Active Directory server
-* due to the fact that the two password fields cannot be retrieved
-* from a server; recommend using security = domain in this situation
-* and/or winbind
-*/
-
-#include "smb_ldap.h"
-
-/* We need an internal mapping of LDAP * -> smb_ldap_privates so we implement
- it in terms of a VK list. It's a little backwards but its quite efficent */
-static struct smb_ldap_privates *head;
-
-static struct smb_ldap_privates *get_internal(LDAP *ldap_struct)
-{
- struct smb_ldap_privates *ret = head;
-
- while (NULL != ret && ret->ldap_struct != ldap_struct) {
- ret = ret->next;
- }
-
- return ret;
-}
-
-#define SMB_LDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */
-
-/*******************************************************************
- find the ldap password
-******************************************************************/
-static BOOL smb_ldap_fetch_pw(char **dn, char** pw)
-{
- char *key = NULL;
- size_t size;
-
- *dn = smb_xstrdup(lp_ldap_admin_dn());
-
- if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
- SAFE_FREE(*dn);
- DEBUG(0, ("smb_ldap_fetch_pw: asprintf failed!\n"));
- }
-
- *pw=secrets_fetch(key, &size);
- SAFE_FREE(key);
- if (!size) {
- /* Upgrade 2.2 style entry */
- char *p;
- char* old_style_key = strdup(*dn);
- char *data;
- fstring old_style_pw;
-
- if (!old_style_key) {
- DEBUG(0, ("smb_ldap_fetch_pw: strdup failed!\n"));
- return False;
- }
-
- for (p=old_style_key; *p; p++)
- if (*p == ',') *p = '/';
-
- data=secrets_fetch(old_style_key, &size);
- if (!size && size < sizeof(old_style_pw)) {
- DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n"));
- SAFE_FREE(old_style_key);
- SAFE_FREE(*dn);
- return False;
- }
-
- strncpy(old_style_pw, data, size);
- old_style_pw[size] = 0;
-
- SAFE_FREE(data);
-
- if (!secrets_store_ldap_pw(*dn, old_style_pw)) {
- DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n"));
- SAFE_FREE(old_style_key);
- SAFE_FREE(*dn);
- return False;
- }
- if (!secrets_delete(old_style_key)) {
- DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n"));
- }
-
- SAFE_FREE(old_style_key);
-
- *pw = smb_xstrdup(old_style_pw);
- }
-
- return True;
-}
-
-/*******************************************************************
- open a connection to the ldap server.
-******************************************************************/
-int smb_ldap_open_connection (struct smb_ldap_privates *ldap_state,
- LDAP ** ldap_struct)
-{
- int rc = LDAP_SUCCESS;
- int version;
- BOOL ldap_v3 = False;
-
-#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
- DEBUG(10, ("smb_ldap_open_connection: %s\n", ldap_state->uri));
-
- if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) {
- DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
- return rc;
- }
-
-#else
-
- /* Parse the string manually */
-
- {
- int port = 0;
- fstring protocol;
- fstring host;
- const char *p = ldap_state->uri;
- SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254);
-
- /* skip leading "URL:" (if any) */
- if ( strncasecmp( p, "URL:", 4 ) == 0 ) {
- p += 4;
- }
-
- sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port);
-
- if (port == 0) {
- if (strequal(protocol, "ldap")) {
- port = LDAP_PORT;
- } else if (strequal(protocol, "ldaps")) {
- port = LDAPS_PORT;
- } else {
- DEBUG(0, ("unrecognised protocol (%s)!\n", protocol));
- }
- }
-
- if ((*ldap_struct = ldap_init(host, port)) == NULL) {
- DEBUG(0, ("ldap_init failed !\n"));
- return LDAP_OPERATIONS_ERROR;
- }
-
- if (strequal(protocol, "ldaps")) {
-#ifdef LDAP_OPT_X_TLS
- int tls = LDAP_OPT_X_TLS_HARD;
- if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
- {
- DEBUG(0, ("Failed to setup a TLS session\n"));
- }
-
- DEBUG(3,("LDAPS option set...!\n"));
-#else
- DEBUG(0,("smb_ldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
- return LDAP_OPERATIONS_ERROR;
-#endif
- }
- }
-#endif
-
- if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
- {
- if (version != LDAP_VERSION3)
- {
- version = LDAP_VERSION3;
- if (ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) {
- ldap_v3 = True;
- }
- } else {
- ldap_v3 = True;
- }
- }
-
- if (lp_ldap_ssl() == LDAP_SSL_START_TLS) {
-#ifdef LDAP_OPT_X_TLS
- if (ldap_v3) {
- if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS)
- {
- DEBUG(0,("Failed to issue the StartTLS instruction: %s\n",
- ldap_err2string(rc)));
- return rc;
- }
- DEBUG (3, ("StartTLS issued: using a TLS connection\n"));
- } else {
-
- DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
- return LDAP_OPERATIONS_ERROR;
- }
-#else
- DEBUG(0,("smb_ldap_open_connection: StartTLS not supported by LDAP client libraries!\n"));
- return LDAP_OPERATIONS_ERROR;
-#endif
- }
-
- DEBUG(2, ("smb_ldap_open_connection: connection opened\n"));
- return rc;
-}
-
-
-/*******************************************************************
- a rebind function for authenticated referrals
- This version takes a void* that we can shove useful stuff in :-)
-******************************************************************/
-#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
-#else
-static int rebindproc_with_state (LDAP * ld, char **whop, char **credp,
- int *methodp, int freeit, void *arg)
-{
- struct smb_ldap_privates *ldap_state = arg;
-
- /** @TODO Should we be doing something to check what servers we rebind to?
- Could we get a referral to a machine that we don't want to give our
- username and password to? */
-
- if (freeit) {
- SAFE_FREE(*whop);
- memset(*credp, '\0', strlen(*credp));
- SAFE_FREE(*credp);
- } else {
- DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n",
- ldap_state->bind_dn));
-
- *whop = strdup(ldap_state->bind_dn);
- if (!*whop) {
- return LDAP_NO_MEMORY;
- }
- *credp = strdup(ldap_state->bind_secret);
- if (!*credp) {
- SAFE_FREE(*whop);
- return LDAP_NO_MEMORY;
- }
- *methodp = LDAP_AUTH_SIMPLE;
- }
- return 0;
-}
-#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
-
-/*******************************************************************
- a rebind function for authenticated referrals
- This version takes a void* that we can shove useful stuff in :-)
- and actually does the connection.
-******************************************************************/
-#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
-static int rebindproc_connect_with_state (LDAP *ldap_struct,
- LDAP_CONST char *url,
- ber_tag_t request,
- ber_int_t msgid, void *arg)
-{
- struct smb_ldap_privates *ldap_state = arg;
- int rc;
- DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n",
- ldap_state->bind_dn));
-
- /** @TODO Should we be doing something to check what servers we rebind to?
- Could we get a referral to a machine that we don't want to give our
- username and password to? */
-
- rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret);
-
- return rc;
-}
-#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
-
-/*******************************************************************
- Add a rebind function for authenticated referrals
-******************************************************************/
-#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
-#else
-# if LDAP_SET_REBIND_PROC_ARGS == 2
-static int rebindproc (LDAP *ldap_struct, char **whop, char **credp,
- int *method, int freeit )
-{
- return rebindproc_with_state(ldap_struct, whop, credp,
- method, freeit, get_internal(ldap_struct));
-
-}
-# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/
-#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
-
-/*******************************************************************
- a rebind function for authenticated referrals
- this also does the connection, but no void*.
-******************************************************************/
-#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
-# if LDAP_SET_REBIND_PROC_ARGS == 2
-static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request,
- ber_int_t msgid)
-{
- return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid,
- get_internal(ld));
-}
-# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/
-#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
-
-/*******************************************************************
- connect to the ldap server under system privilege.
-******************************************************************/
-int smb_ldap_connect_system(struct smb_ldap_privates *ldap_state,
- LDAP * ldap_struct)
-{
- int rc;
- char *ldap_dn;
- char *ldap_secret;
-
- if (NULL == get_internal(ldap_struct)) {
- ldap_state->next = head;
- }
-
- /* get the password */
- if (!smb_ldap_fetch_pw(&ldap_dn, &ldap_secret))
- {
- DEBUG(0, ("ldap_connect_system: Failed to retrieve password from secrets.tdb\n"));
- return LDAP_INVALID_CREDENTIALS;
- }
-
- ldap_state->bind_dn = ldap_dn;
- ldap_state->bind_secret = ldap_secret;
-
- /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
- (OpenLDAP) doesnt' seem to support it */
-
- DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n",
- ldap_state->uri, ldap_dn));
-
-#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
-# if LDAP_SET_REBIND_PROC_ARGS == 2
- ldap_set_rebind_proc(ldap_struct, &rebindproc_connect);
-# endif
-# if LDAP_SET_REBIND_PROC_ARGS == 3
- ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state);
-# endif
-#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
-# if LDAP_SET_REBIND_PROC_ARGS == 2
- ldap_set_rebind_proc(ldap_struct, &rebindproc);
-# endif
-# if LDAP_SET_REBIND_PROC_ARGS == 3
- ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state);
-# endif
-#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
-
- rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret);
-
- if (rc != LDAP_SUCCESS) {
- char *ld_error;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
- &ld_error);
- DEBUG(0,
- ("failed to bind to server with dn= %s Error: %s\n\t%s\n",
- ldap_dn, ldap_err2string(rc),
- ld_error));
- free(ld_error);
- return rc;
- }
-
- DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n"));
- return rc;
-}
-
-/**********************************************************************
-Connect to LDAP server
-*********************************************************************/
-int smb_ldap_open(struct smb_ldap_privates *ldap_state)
-{
- int rc;
- SMB_ASSERT(ldap_state);
-
-#ifndef NO_LDAP_SECURITY
- if (geteuid() != 0) {
- DEBUG(0, ("smb_ldap_open: cannot access LDAP when not root..\n"));
- return LDAP_INSUFFICIENT_ACCESS;
- }
-#endif
-
- if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMB_LDAP_DONT_PING_TIME) < time(NULL))) {
- struct sockaddr_un addr;
- socklen_t len;
- int sd;
- if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 &&
- getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
- /* the other end has died. reopen. */
- ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
- ldap_state->ldap_struct = NULL;
- ldap_state->last_ping = (time_t)0;
- } else {
- ldap_state->last_ping = time(NULL);
- }
- }
-
- if (ldap_state->ldap_struct != NULL) {
- DEBUG(5,("smb_ldap_open: allready connected to the LDAP server\n"));
- return LDAP_SUCCESS;
- }
-
- if ((rc = smb_ldap_open_connection(ldap_state, &ldap_state->ldap_struct))) {
- return rc;
- }
-
- if ((rc = smb_ldap_connect_system(ldap_state, ldap_state->ldap_struct))) {
- ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
- ldap_state->ldap_struct = NULL;
- return rc;
- }
-
-
- ldap_state->last_ping = time(NULL);
- DEBUG(4,("The LDAP server is succesful connected\n"));
-
- return LDAP_SUCCESS;
-}
-
-/**********************************************************************
-Disconnect from LDAP server
-*********************************************************************/
-NTSTATUS smb_ldap_close(struct smb_ldap_privates *ldap_state)
-{
- if (!ldap_state)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (ldap_state->ldap_struct != NULL) {
- ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
- ldap_state->ldap_struct = NULL;
- }
-
- DEBUG(5,("The connection to the LDAP server was closed\n"));
- /* maybe free the results here --metze */
-
- return NT_STATUS_OK;
-}
-
-static int smb_ldap_retry_open(struct smb_ldap_privates *ldap_state, int *attempts)
-{
- int rc;
-
- SMB_ASSERT(ldap_state && attempts);
-
- if (*attempts != 0) {
- /* we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds */
- msleep((((*attempts)*(*attempts))/2)*1000);
- }
- (*attempts)++;
-
- if ((rc = smb_ldap_open(ldap_state))) {
- DEBUG(0,("Connection to LDAP Server failed for the %d try!\n",*attempts));
- return rc;
- }
-
- return LDAP_SUCCESS;
-}
-
-
-int smb_ldap_search(struct smb_ldap_privates *ldap_state,
- const char *base, int scope, const char *filter,
- const char *attrs[], int attrsonly,
- LDAPMessage **res)
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- SMB_ASSERT(ldap_state);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_search_s(ldap_state->ldap_struct, base, scope,
- filter, (char **)attrs, attrsonly, res);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- smb_ldap_close(ldap_state);
- }
-
- return rc;
-}
-
-int smb_ldap_modify(struct smb_ldap_privates *ldap_state, char *dn,
- LDAPMod *attrs[])
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_modify_s(ldap_state->ldap_struct, dn, attrs);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- smb_ldap_close(ldap_state);
- }
-
- return rc;
-}
-
-int smb_ldap_add(struct smb_ldap_privates *ldap_state, const char *dn,
- LDAPMod *attrs[])
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_add_s(ldap_state->ldap_struct, dn, attrs);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- smb_ldap_close(ldap_state);
- }
-
- return rc;
-}
-
-int smb_ldap_delete(struct smb_ldap_privates *ldap_state, char *dn)
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_delete_s(ldap_state->ldap_struct, dn);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- smb_ldap_close(ldap_state);
- }
-
- return rc;
-}
-
-int smb_ldap_extended_operation(struct smb_ldap_privates *ldap_state,
- LDAP_CONST char *reqoid,
- struct berval *reqdata,
- LDAPControl **serverctrls,
- LDAPControl **clientctrls, char **retoidp,
- struct berval **retdatap)
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = smb_ldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- smb_ldap_close(ldap_state);
- }
-
- return rc;
-}
-
-/*******************************************************************
-search an attribute and return the first value found.
-******************************************************************/
-BOOL smb_ldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
- const char *attribute, pstring value)
-{
- char **values;
-
- if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) {
- value = NULL;
- DEBUG (10, ("smb_ldap_get_single_attribute: [%s] = [<does not exist>]\n", attribute));
-
- return False;
- }
-
- pstrcpy(value, values[0]);
- ldap_value_free(values);
-#ifdef DEBUG_PASSWORDS
- DEBUG (100, ("smb_ldap_get_single_attribute: [%s] = [%s]\n", attribute, value));
-#endif
- return True;
-}
-
-
-/************************************************************************
-Routine to manage the LDAPMod structure array
-manage memory used by the array, by each struct, and values
-
-************************************************************************/
-void smb_ldap_make_a_mod (LDAPMod *** modlist, int modop,
- const char *attribute, const char *value)
-{
- LDAPMod **mods;
- int i;
- int j;
-
- mods = *modlist;
-
- if (attribute == NULL || *attribute == '\0')
- return;
-
- if (value == NULL || *value == '\0')
- return;
-
- if (mods == NULL)
- {
- mods = (LDAPMod **) malloc(sizeof(LDAPMod *));
- if (mods == NULL)
- {
- DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n"));
- return;
- }
- mods[0] = NULL;
- }
-
- for (i = 0; mods[i] != NULL; ++i) {
- if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute))
- break;
- }
-
- if (mods[i] == NULL)
- {
- mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *));
- if (mods == NULL)
- {
- DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n"));
- return;
- }
- mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
- if (mods[i] == NULL)
- {
- DEBUG(0, ("smb_ldap_make_a_mod: out of memory!\n"));
- return;
- }
- mods[i]->mod_op = modop;
- mods[i]->mod_values = NULL;
- mods[i]->mod_type = strdup(attribute);
- mods[i + 1] = NULL;
- }
-
- if (value != NULL)
- {
- j = 0;
- if (mods[i]->mod_values != NULL) {
- for (; mods[i]->mod_values[j] != NULL; j++);
- }
- mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values,
- (j + 2) * sizeof (char *));
-
- if (mods[i]->mod_values == NULL) {
- DEBUG (0, ("smb_ldap_make_a_mod: Memory allocation failure!\n"));
- return;
- }
- mods[i]->mod_values[j] = strdup(value);
- mods[i]->mod_values[j + 1] = NULL;
- }
- *modlist = mods;
-}
-
-#endif
diff --git a/source3/lib/module.c b/source3/lib/module.c
index 087c964d3c..811efae311 100644
--- a/source3/lib/module.c
+++ b/source3/lib/module.c
@@ -2,7 +2,8 @@
Unix SMB/CIFS implementation.
module loading system
- Copyright (C) Jelmer Vernooij 2002
+ Copyright (C) Jelmer Vernooij 2002-2003
+ Copyright (C) Stefan (metze) Metzmacher 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -80,7 +81,12 @@ NTSTATUS smb_probe_module(const char *subsystem, const char *module)
pstring full_path;
/* Check for absolute path */
- if(module[0] == '/')return smb_load_module(module);
+
+ /* if we make any 'samba multibyte string'
+ calls here, we break
+ for loading string modules */
+ if (module[0] == '/')
+ return smb_load_module(module);
pstrcpy(full_path, lib_path(subsystem));
pstrcat(full_path, "/");
@@ -97,19 +103,19 @@ NTSTATUS smb_probe_module(const char *subsystem, const char *module)
NTSTATUS smb_load_module(const char *module_name)
{
- DEBUG(0,("This samba executable has not been built with plugin support"));
+ DEBUG(0,("This samba executable has not been built with plugin support\n"));
return NT_STATUS_NOT_SUPPORTED;
}
int smb_load_modules(const char **modules)
{
- DEBUG(0,("This samba executable has not been built with plugin support"));
+ DEBUG(0,("This samba executable has not been built with plugin support\n"));
return -1;
}
NTSTATUS smb_probe_module(const char *subsystem, const char *module)
{
- DEBUG(0,("This samba executable has not been built with plugin support, not probing"));
+ DEBUG(0,("This samba executable has not been built with plugin support, not probing\n"));
return NT_STATUS_NOT_SUPPORTED;
}
@@ -145,3 +151,107 @@ void module_path_get_name(const char *path, pstring name)
}
}
}
+
+
+/***************************************************************************
+ * This Function registers a idle event
+ *
+ * the registered funtions are run periodically
+ * and maybe shutdown idle connections (e.g. to an LDAP server)
+ ***************************************************************************/
+static smb_idle_event_struct *smb_idle_event_list = NULL;
+NTSTATUS smb_register_idle_event(smb_idle_event_struct *idle_event)
+{
+ if (!idle_event) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ idle_event->last_run = 0;
+
+ DLIST_ADD(smb_idle_event_list,idle_event);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS smb_unregister_idle_event(smb_idle_event_struct *idle_event)
+{
+ if (!idle_event) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ DLIST_REMOVE(smb_idle_event_list,idle_event);
+
+ return NT_STATUS_OK;
+}
+
+void smb_run_idle_events(time_t now)
+{
+ smb_idle_event_struct *tmp_event = smb_idle_event_list;
+
+ while (tmp_event) {
+ time_t interval;
+
+ if (tmp_event->fn) {
+ if (tmp_event->interval >= SMB_IDLE_EVENT_MIN_INTERVAL) {
+ interval = tmp_event->interval;
+ } else {
+ interval = SMB_IDLE_EVENT_DEFAULT_INTERVAL;
+ }
+ if (now >(tmp_event->last_run+interval)) {
+ tmp_event->fn(&tmp_event,now);
+ tmp_event->last_run = now;
+ }
+ }
+
+ tmp_event = tmp_event->next;
+ }
+
+ return;
+}
+
+/***************************************************************************
+ * This Function registers a exit event
+ *
+ * the registered funtions are run on exit()
+ * and maybe shutdown idle connections (e.g. to an LDAP server)
+ ***************************************************************************/
+static smb_exit_event_struct *smb_exit_event_list = NULL;
+NTSTATUS smb_register_exit_event(smb_exit_event_struct *exit_event)
+{
+ if (!exit_event) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ DLIST_ADD(smb_exit_event_list,exit_event);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS smb_unregister_exit_event(smb_exit_event_struct *exit_event)
+{
+ if (!exit_event) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ DLIST_REMOVE(smb_exit_event_list,exit_event);
+
+ return NT_STATUS_OK;
+}
+
+void smb_run_exit_events(void)
+{
+ smb_exit_event_struct *tmp_event = smb_exit_event_list;
+
+ while (tmp_event) {
+ if (tmp_event->fn) {
+ tmp_event->fn(&tmp_event);
+ }
+ tmp_event = tmp_event->next;
+ }
+
+ /* run exit_events only once */
+ smb_exit_event_list = NULL;
+
+ return;
+}
+
diff --git a/source3/lib/readline.c b/source3/lib/readline.c
index ceb02ef749..8b90c32c7f 100644
--- a/source3/lib/readline.c
+++ b/source3/lib/readline.c
@@ -116,29 +116,6 @@ char *smb_readline(char *prompt, void (*callback)(void),
}
/****************************************************************************
- * return line buffer text
- ****************************************************************************/
-const char *smb_readline_get_line_buffer(void)
-{
-#if defined(HAVE_LIBREADLINE)
- return rl_line_buffer;
-#else
- return NULL;
-#endif
-}
-
-
-/****************************************************************************
- * set completion append character
- ***************************************************************************/
-void smb_readline_ca_char(char c)
-{
-#if defined(HAVE_LIBREADLINE)
- rl_completion_append_character = c;
-#endif
-}
-
-/****************************************************************************
history
****************************************************************************/
int cmd_history(void)
@@ -158,4 +135,3 @@ int cmd_history(void)
return 0;
}
-
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index ef68bce985..7ba8648156 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -40,6 +40,17 @@ void set_local_machine_name(const char* local_name, BOOL perm)
static BOOL already_perm = False;
fstring tmp_local_machine;
+ /*
+ * Windows NT/2k uses "*SMBSERVER" and XP uses "*SMBSERV"
+ * arrggg!!!
+ */
+
+ if (strcasecmp(local_name, "*SMBSERVER")==0)
+ return;
+
+ if (strcasecmp(local_name, "*SMBSERV")==0)
+ return;
+
if (already_perm)
return;
diff --git a/source3/lib/username.c b/source3/lib/username.c
index d8f4ff80ed..b8f33494ee 100644
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -339,7 +339,7 @@ static BOOL user_in_winbind_group_list(const char *user, const char *gname, BOOL
goto err;
}
- if (!lp_idmap_gid(&gid_low, &gid_high)) {
+ if (!lp_winbind_gid(&gid_low, &gid_high)) {
DEBUG(4, ("winbind gid range not configured, therefore %s cannot be a winbind group\n", gname));
goto err;
}
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 9dc0c8ca18..e239ef56c7 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -642,8 +642,9 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src)
if(!src)
return NULL;
- if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL)
+ if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) {
sid_copy( dst, src);
+ }
return dst;
}
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index c974050b43..8c171852ab 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -764,6 +764,19 @@ char *client_addr(void)
return get_socket_addr(client_fd);
}
+struct in_addr *client_inaddr(struct sockaddr *sa)
+{
+ struct sockaddr_in *sockin = (struct sockaddr_in *) (sa);
+ int length = sizeof(*sa);
+
+ if (getpeername(client_fd, sa, &length) < 0) {
+ DEBUG(0,("getpeername failed. Error was %s\n", strerror(errno) ));
+ return NULL;
+ }
+
+ return &sockin->sin_addr;
+}
+
/*******************************************************************
matchname - determine if host name matches IP address. Used to
confirm a hostname lookup to prevent spoof attacks
diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
index 08bb03986f..5df0828295 100644
--- a/source3/lib/util_unistr.c
+++ b/source3/lib/util_unistr.c
@@ -229,7 +229,10 @@ char *skip_unibuf(char *src, size_t len)
*/
int rpcstr_pull(char* dest, void *src, int dest_len, int src_len, int flags)
{
- if (!src) return 0;
+ if (!src) {
+ dest[0] = 0;
+ return 0;
+ }
if(dest_len==-1) dest_len=MAXUNI-3;
return pull_ucs2(NULL, dest, src, dest_len, src_len, flags|STR_UNICODE|STR_NOALIGN);
}
diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c
index 626c177926..750940e336 100644
--- a/source3/libads/ads_utils.c
+++ b/source3/libads/ads_utils.c
@@ -89,52 +89,6 @@ uint32 ads_uf2atype(uint32 uf)
}
/*
-translated the GROUP_CTRL Flags to GroupType (groupType)
-*/
-uint32 ads_gcb2gtype(uint16 gcb)
-{
- uint32 gtype = 0x00000000;
-
- if (gcb & GCB_ALIAS_GROUP) gtype |= GTYPE_SECURITY_BUILTIN_LOCAL_GROUP;
- else if(gcb & GCB_LOCAL_GROUP) gtype |= GTYPE_SECURITY_DOMAIN_LOCAL_GROUP;
- if (gcb & GCB_GLOBAL_GROUP) gtype |= GTYPE_SECURITY_GLOBAL_GROUP;
-
- return gtype;
-}
-
-/*
-translated the GroupType (groupType) to GROUP_CTRL Flags
-*/
-uint16 ads_gtype2gcb(uint32 gtype)
-{
- uint16 gcb = 0x0000;
-
- switch(gtype) {
- case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
- gcb = GCB_ALIAS_GROUP;
- break;
- case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
- gcb = GCB_LOCAL_GROUP;
- break;
- case GTYPE_SECURITY_GLOBAL_GROUP:
- gcb = GCB_GLOBAL_GROUP;
- break;
-
- case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
- gcb = GCB_GLOBAL_GROUP;
- break;
- case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
- gcb = GCB_LOCAL_GROUP;
- break;
- case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
- gcb = GCB_GLOBAL_GROUP;
- break;
- }
-
- return gcb;
-}
-
-/*
get the accountType from the groupType
*/
uint32 ads_gtype2atype(uint32 gtype)
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 214871b3fb..856809decc 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -677,7 +677,7 @@ ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
we need to use the '$' form of the name here, as otherwise the
server might end up setting the password for a user instead
*/
- asprintf(&principal, "%s$@%s", host, ads->auth.realm);
+ asprintf(&principal, "%s$@%s", host, ads->config.realm);
status = krb5_set_password(ads->auth.kdc_server, principal, password, ads->auth.time_offset);
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 4bfa694e63..982cbfff06 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -261,7 +261,7 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user,
server_chal = data_blob(cli->secblob.data, MIN(cli->secblob.length, 8));
if (!SMBNTLMv2encrypt(user, workgroup, pass, server_chal,
- &lm_response, &nt_response, &session_key)) {
+ &lm_response, &nt_response, NULL, &session_key)) {
data_blob_free(&server_chal);
return False;
}
@@ -810,9 +810,6 @@ BOOL cli_send_tconX(struct cli_state *cli,
clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
- if (strcasecmp(share,"IPC$")==0)
- fstrcpy(cli->dev, "IPC");
-
if (cli->protocol >= PROTOCOL_NT1 &&
smb_buflen(cli->inbuf) == 3) {
/* almost certainly win95 - enable bug fixes */
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index d54655d17f..356bb0c4fe 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -501,7 +501,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_client_state *ntlmssp_st
if (!SMBNTLMv2encrypt(ntlmssp_state->user,
ntlmssp_state->domain,
ntlmssp_state->password, challenge_blob,
- &lm_response, &nt_response, &session_key)) {
+ &lm_response, &nt_response, NULL, &session_key)) {
data_blob_free(&challenge_blob);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 4e9b895a1b..76e3eb8988 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -21,6 +21,15 @@
#include "includes.h"
+/* the SNIA Technical Reference tells us that this is '40 or 44' bytes
+ long, but NTLM only uses 40, and we don't know what value to use for
+ NTLMv2 */
+
+/* my guess is 64, and other evidence indicates we don't setup the
+ session key correctly, so that's why it's failing */
+
+#define SIMPLE_SMB_SIGNING_MAC_KEY_LEN 64
+
struct smb_basic_signing_context {
DATA_BLOB mac_key;
uint32 send_seq_num;
@@ -111,6 +120,9 @@ static void cli_simple_sign_outgoing_message(struct cli_state *cli)
/*
* Firstly put the sequence number into the first 4 bytes.
* and zero out the next 4 bytes.
+ *
+ * We put the sequence into the packet, becouse we are going
+ * to copy over it anyway.
*/
SIVAL(cli->outbuf, smb_ss_field,
data->send_seq_num);
@@ -132,7 +144,7 @@ static void cli_simple_sign_outgoing_message(struct cli_state *cli)
memcpy(&cli->outbuf[smb_ss_field], calc_md5_mac, 8);
/* cli->outbuf[smb_ss_field+2]=0;
- Uncomment this to test if the remote server actually verifies signitures...*/
+ Uncomment this to test if the remote server actually verifies signatures...*/
data->send_seq_num++;
data->reply_seq_num = data->send_seq_num;
data->send_seq_num++;
@@ -155,6 +167,8 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
/*
* Firstly put the sequence number into the first 4 bytes.
* and zero out the next 4 bytes.
+ *
+ * We do this here, to avoid modifying the packet.
*/
SIVAL(sequence_buf, 0, data->reply_seq_num);
@@ -163,15 +177,28 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
/* get a copy of the server-sent mac */
memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
- /* Calculate the 16 byte MAC and place first 8 bytes into the field. */
+ /* Calculate the 16 byte MAC - but don't alter the data in the
+ incoming packet.
+
+ This makes for a bit for fussing about, but it's not too bad.
+ */
MD5Init(&md5_ctx);
+
+ /* intialise with the key */
MD5Update(&md5_ctx, data->mac_key.data,
data->mac_key.length);
+
+ /* copy in the first bit of the SMB header */
MD5Update(&md5_ctx, cli->inbuf + 4, smb_ss_field - 4);
+
+ /* copy in the sequence number, instead of the signature */
MD5Update(&md5_ctx, sequence_buf, sizeof(sequence_buf));
-
+
+ /* copy in the rest of the packet in, skipping the signature */
MD5Update(&md5_ctx, cli->inbuf + offset_end_of_sig,
smb_len(cli->inbuf) - (offset_end_of_sig - 4));
+
+ /* caclulate the MD5 sig */
MD5Final(calc_md5_mac, &md5_ctx);
good = (memcmp(server_sent_mac, calc_md5_mac, 8) == 0);
@@ -219,10 +246,10 @@ BOOL cli_simple_set_signing(struct cli_state *cli, const uchar user_session_key[
data = smb_xmalloc(sizeof(*data));
cli->sign_info.signing_context = data;
- data->mac_key = data_blob(NULL, MIN(response.length + 16, 40));
+ data->mac_key = data_blob(NULL, MIN(response.length + 16, SIMPLE_SMB_SIGNING_MAC_KEY_LEN));
memcpy(&data->mac_key.data[0], user_session_key, 16);
- memcpy(&data->mac_key.data[16],response.data, MIN(response.length, 40 - 16));
+ memcpy(&data->mac_key.data[16],response.data, MIN(response.length, SIMPLE_SMB_SIGNING_MAC_KEY_LEN - 16));
/* Initialise the sequence number */
data->send_seq_num = 0;
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 28160d9609..bab18a07b1 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -76,10 +76,9 @@ void E_deshash(const char *passwd, uchar p16[16])
{
fstring dospwd;
ZERO_STRUCT(dospwd);
- ZERO_STRUCTP(p16);
/* Password must be converted to DOS charset - null terminated, uppercase. */
- push_ascii(dospwd, (const char *)passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
+ push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE);
/* Only the fisrt 14 chars are considered, password need not be null terminated. */
E_P16(dospwd, p16);
@@ -324,7 +323,8 @@ static DATA_BLOB NTLMv2_generate_response(uchar ntlm_v2_hash[16],
BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
const DATA_BLOB server_chal,
DATA_BLOB *lm_response, DATA_BLOB *nt_response,
- DATA_BLOB *session_key)
+ DATA_BLOB *lm_session_key,
+ DATA_BLOB *nt_session_key)
{
uchar nt_hash[16];
uchar ntlm_v2_hash[16];
@@ -338,18 +338,30 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
return False;
}
- *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
+ if (nt_response) {
+ *nt_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 64 /* pick a number, > 8 */);
+ if (nt_session_key) {
+ *nt_session_key = data_blob(NULL, 16);
+
+ /* The NTLMv2 calculations also provide a session key, for signing etc later */
+ /* use only the first 16 bytes of nt_response for session key */
+ SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, nt_session_key->data);
+ }
+ }
/* LMv2 */
- *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
-
- *session_key = data_blob(NULL, 16);
+ if (lm_response) {
+ *lm_response = NTLMv2_generate_response(ntlm_v2_hash, server_chal, 8);
+ if (lm_session_key) {
+ *lm_session_key = data_blob(NULL, 16);
+
+ /* The NTLMv2 calculations also provide a session key, for signing etc later */
+ /* use only the first 16 bytes of nt_response for session key */
+ SMBsesskeygen_ntv2(ntlm_v2_hash, lm_response->data, lm_session_key->data);
+ }
+ }
- /* The NTLMv2 calculations also provide a session key, for signing etc later */
- /* use only the first 16 bytes of nt_response for session key */
- SMBsesskeygen_ntv2(ntlm_v2_hash, nt_response->data, session_key->data);
-
return True;
}
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index d5a02bb625..6244c844f2 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_
result = cli_nt_setup_creds(cli, sec_channel_type, orig_trust_passwd_hash, &neg_flags, 2);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(1,("just_change_the_password: unable to setup creds (%s)!\n",
+ DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n",
nt_errstr(result)));
return result;
}
diff --git a/source3/mainpage.dox b/source3/mainpage.dox
new file mode 100644
index 0000000000..8b72f80462
--- /dev/null
+++ b/source3/mainpage.dox
@@ -0,0 +1,7 @@
+/**
+
+@mainpage
+
+@li \ref CodingSuggestions
+
+**/
diff --git a/source3/modules/developer.c b/source3/modules/weird.c
index 7ffc3ff50d..444853f383 100644
--- a/source3/modules/developer.c
+++ b/source3/modules/weird.c
@@ -125,8 +125,7 @@ static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft,
struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push};
-int charset_weird_init(void)
+NTSTATUS charset_weird_init(void)
{
- smb_register_charset(&weird_functions);
- return True;
+ return smb_register_charset(&weird_functions);
}
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index eec447688f..d9300f4668 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -30,13 +30,13 @@ int global_nmb_port = -1;
extern BOOL global_in_nmbd;
/* are we running as a daemon ? */
-static BOOL is_daemon = False;
+static BOOL is_daemon;
/* fork or run in foreground ? */
static BOOL Fork = True;
/* log to standard output ? */
-static BOOL log_stdout = False;
+static BOOL log_stdout;
/* have we found LanMan clients yet? */
BOOL found_lm_clients = False;
@@ -573,8 +573,10 @@ static BOOL open_sockets(BOOL isdaemon, int port)
**************************************************************************** */
int main(int argc, const char *argv[])
{
- static BOOL opt_interactive = False;
+ pstring logfile;
+ static BOOL opt_interactive;
poptContext pc;
+ int opt;
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_VAL, &is_daemon, True, "Become a daemon(default)" },
@@ -586,46 +588,47 @@ static BOOL open_sockets(BOOL isdaemon, int port)
POPT_COMMON_SAMBA
{ NULL }
};
- pstring logfile;
-
- global_nmb_port = NMB_PORT;
- global_in_nmbd = True;
-
- StartupTime = time(NULL);
-
- sys_srandom(time(NULL) ^ sys_getpid());
- slprintf(logfile, sizeof(logfile)-1, "%s/log.nmbd", dyn_LOGFILEBASE);
- lp_set_logfile(logfile);
+ global_nmb_port = NMB_PORT;
- fault_setup((void (*)(void *))fault_continue );
-
- /* POSIX demands that signals are inherited. If the invoking process has
- * these signals masked, we will have problems, as we won't receive them. */
- BlockSignals(False, SIGHUP);
- BlockSignals(False, SIGUSR1);
- BlockSignals(False, SIGTERM);
-
- CatchSignal( SIGHUP, SIGNAL_CAST sig_hup );
- CatchSignal( SIGTERM, SIGNAL_CAST sig_term );
+ pc = poptGetContext("nmbd", argc, argv, long_options, 0);
+ while ((opt = poptGetNextOpt(pc)) != -1) ;
+ poptFreeContext(pc);
+ global_in_nmbd = True;
+
+ StartupTime = time(NULL);
+
+ sys_srandom(time(NULL) ^ sys_getpid());
+
+ slprintf(logfile, sizeof(logfile)-1, "%s/log.nmbd", dyn_LOGFILEBASE);
+ lp_set_logfile(logfile);
+
+ fault_setup((void (*)(void *))fault_continue );
+
+ /* POSIX demands that signals are inherited. If the invoking process has
+ * these signals masked, we will have problems, as we won't receive them. */
+ BlockSignals(False, SIGHUP);
+ BlockSignals(False, SIGUSR1);
+ BlockSignals(False, SIGTERM);
+
+ CatchSignal( SIGHUP, SIGNAL_CAST sig_hup );
+ CatchSignal( SIGTERM, SIGNAL_CAST sig_term );
+
#if defined(SIGFPE)
- /* we are never interested in SIGFPE */
- BlockSignals(True,SIGFPE);
+ /* we are never interested in SIGFPE */
+ BlockSignals(True,SIGFPE);
#endif
- /* We no longer use USR2... */
+ /* We no longer use USR2... */
#if defined(SIGUSR2)
- BlockSignals(True, SIGUSR2);
+ BlockSignals(True, SIGUSR2);
#endif
- pc = poptGetContext("nmbd", argc, argv, long_options, 0);
-
- poptFreeContext(pc);
- if ( opt_interactive ) {
- Fork = False;
- log_stdout = True;
- }
+ if ( opt_interactive ) {
+ Fork = False;
+ log_stdout = True;
+ }
if ( log_stdout && Fork ) {
DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n"));
diff --git a/source3/nmbd/nmbd_become_lmb.c b/source3/nmbd/nmbd_become_lmb.c
index 6f8e7efb1a..d390bf72e9 100644
--- a/source3/nmbd/nmbd_become_lmb.c
+++ b/source3/nmbd/nmbd_become_lmb.c
@@ -600,6 +600,5 @@ local_master_browser_name for workgroup %s to workgroup name.\n",
}
#endif
- StrnCpy(work->local_master_browser_name, newname,
- sizeof(work->local_master_browser_name)-1);
+ fstrcpy(work->local_master_browser_name, newname);
}
diff --git a/source3/nmbd/nmbd_browserdb.c b/source3/nmbd/nmbd_browserdb.c
index a4ef98e265..d7c852605e 100644
--- a/source3/nmbd/nmbd_browserdb.c
+++ b/source3/nmbd/nmbd_browserdb.c
@@ -107,8 +107,8 @@ struct browse_cache_record *create_browser_in_lmb_cache( char *work_name,
/* Allow the new lmb to miss an announce period before we remove it. */
browc->death_time = now + ( (CHECK_TIME_MST_ANNOUNCE + 2) * 60 );
- StrnCpy( browc->lmb_name, browser_name, sizeof(browc->lmb_name)-1 );
- StrnCpy( browc->work_group, work_name, sizeof(browc->work_group)-1 );
+ pstrcpy( browc->lmb_name, browser_name);
+ pstrcpy( browc->work_group, work_name);
strupper( browc->lmb_name );
strupper( browc->work_group );
diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c
index b9082ee1c3..ca8d269cb0 100644
--- a/source3/nmbd/nmbd_browsesync.c
+++ b/source3/nmbd/nmbd_browsesync.c
@@ -106,6 +106,7 @@ As a local master browser, send an announce packet to the domain master browser.
static void announce_local_master_browser_to_domain_master_browser( struct work_record *work)
{
pstring outbuf;
+ fstring myname;
char *p;
if(ismyip(work->dmb_addr))
@@ -125,8 +126,11 @@ static void announce_local_master_browser_to_domain_master_browser( struct work_
SCVAL(p,0,ANN_MasterAnnouncement);
p++;
- StrnCpy(p,global_myname(),15);
- strupper(p);
+ fstrcpy(myname, global_myname());
+ strupper(myname);
+ myname[15]='\0';
+ push_pstring_base(p, myname, outbuf);
+
p = skip_string(p,1);
if( DEBUGLVL( 4 ) )
diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c
index cd6954fc62..16fecbccd9 100644
--- a/source3/nmbd/nmbd_incomingdgrams.c
+++ b/source3/nmbd/nmbd_incomingdgrams.c
@@ -172,7 +172,7 @@ void process_host_announce(struct subnet_record *subrec, struct packet_struct *p
/* Update the record. */
servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
update_server_ttl( servrec, ttl);
- StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+ fstrcpy(servrec->serv.comment,comment);
}
}
else
@@ -343,7 +343,7 @@ a local master browser for workgroup %s and we think we are master. Forcing elec
/* Update the record. */
servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
update_server_ttl(servrec, ttl);
- StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+ fstrcpy(servrec->serv.comment,comment);
}
set_workgroup_local_master_browser_name( work, server_name );
@@ -520,7 +520,7 @@ originate from OS/2 Warp client. Ignoring packet.\n"));
/* Update the record. */
servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
update_server_ttl( servrec, ttl);
- StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+ fstrcpy(servrec->serv.comment,comment);
}
}
else
@@ -559,6 +559,7 @@ static void send_backup_list_response(struct subnet_record *subrec,
#if 0
struct server_record *servrec;
#endif
+ fstring myname;
memset(outbuf,'\0',sizeof(outbuf));
@@ -578,8 +579,11 @@ static void send_backup_list_response(struct subnet_record *subrec,
/* We always return at least one name - our own. */
count = 1;
- StrnCpy(p,global_myname(),15);
- strupper(p);
+ fstrcpy(myname, global_myname());
+ strupper(myname);
+ myname[15]='\0';
+ push_pstring_base(p, myname, outbuf);
+
p = skip_string(p,1);
/* Look for backup browsers in this workgroup. */
diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c
index 40d07aae16..8501acf9ba 100644
--- a/source3/nmbd/nmbd_sendannounce.c
+++ b/source3/nmbd/nmbd_sendannounce.c
@@ -555,6 +555,7 @@ void browse_sync_remote(time_t t)
struct work_record *work;
pstring outbuf;
char *p;
+ fstring myname;
if (last_time && (t < (last_time + REMOTE_ANNOUNCE_INTERVAL)))
return;
@@ -589,8 +590,11 @@ for workgroup %s on subnet %s.\n", lp_workgroup(), FIRST_SUBNET->subnet_name ));
SCVAL(p,0,ANN_MasterAnnouncement);
p++;
- StrnCpy(p,global_myname(),15);
- strupper(p);
+ fstrcpy(myname, global_myname());
+ strupper(myname);
+ myname[15]='\0';
+ push_pstring_base(p, myname, outbuf);
+
p = skip_string(p,1);
for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); )
diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
index ee0c021d5d..e99599e16f 100644
--- a/source3/nmbd/nmbd_serverlistdb.c
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -153,8 +153,8 @@ workgroup %s. This is a bug.\n", name, work->work_group));
servrec->subnet = work->subnet;
- StrnCpy(servrec->serv.name,name,sizeof(servrec->serv.name)-1);
- StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+ fstrcpy(servrec->serv.name,name);
+ fstrcpy(servrec->serv.comment,comment);
strupper(servrec->serv.name);
servrec->serv.type = servertype;
diff --git a/source3/nmbd/nmbd_workgroupdb.c b/source3/nmbd/nmbd_workgroupdb.c
index b8ea60dec0..2357fd637b 100644
--- a/source3/nmbd/nmbd_workgroupdb.c
+++ b/source3/nmbd/nmbd_workgroupdb.c
@@ -57,7 +57,7 @@ static struct work_record *create_workgroup(const char *name, int ttl)
}
memset((char *)work, '\0', sizeof(*work));
- StrnCpy(work->work_group,name,sizeof(work->work_group)-1);
+ fstrcpy(work->work_group,name);
work->serverlist = NULL;
work->RunningElection = False;
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index da2540f5d9..fb6f67625c 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -128,6 +128,7 @@ static void winbindd_status(void)
static void print_winbindd_status(void)
{
winbindd_status();
+ winbindd_idmap_status();
winbindd_cm_status();
}
@@ -145,7 +146,7 @@ static void terminate(void)
{
pstring path;
- idmap_close();
+ winbindd_idmap_close();
/* Remove socket file */
snprintf(path, sizeof(path), "%s/%s",
@@ -729,62 +730,6 @@ static void process_loop(void)
}
}
-
-/*
- these are split out from the main winbindd for use by the background daemon
- */
-BOOL winbind_setup_common(void)
-{
- load_interfaces();
-
- if (!secrets_init()) {
-
- DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
- return False;
- }
-
- namecache_enable(); /* Enable netbios namecache */
-
- /* Check winbindd parameters are valid */
-
- ZERO_STRUCT(server_state);
-
- if (!winbindd_param_init())
- return False;
-
- /* Winbind daemon initialisation */
-
- if (!idmap_init())
- return False;
-
- if (!idmap_init_wellknown_sids())
- return False;
-
- /* Unblock all signals we are interested in as they may have been
- blocked by the parent process. */
-
- BlockSignals(False, SIGINT);
- BlockSignals(False, SIGQUIT);
- BlockSignals(False, SIGTERM);
- BlockSignals(False, SIGUSR1);
- BlockSignals(False, SIGUSR2);
- BlockSignals(False, SIGHUP);
-
- /* Setup signal handlers */
-
- CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */
- CatchSignal(SIGQUIT, termination_handler);
- CatchSignal(SIGTERM, termination_handler);
-
- CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */
-
- CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */
- CatchSignal(SIGHUP, sighup_handler);
-
- return True;
-}
-
-
/* Main function */
struct winbindd_state server_state; /* Server state information */
@@ -868,6 +813,51 @@ int main(int argc, char **argv)
if (!init_names())
exit(1);
+ load_interfaces();
+
+ if (!secrets_init()) {
+
+ DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
+ return False;
+ }
+
+ /* Enable netbios namecache */
+
+ namecache_enable();
+
+ /* Check winbindd parameters are valid */
+
+ ZERO_STRUCT(server_state);
+
+ if (!winbindd_param_init())
+ return 1;
+
+ /* Winbind daemon initialisation */
+
+ if (!winbindd_idmap_init())
+ return 1;
+
+ /* Unblock all signals we are interested in as they may have been
+ blocked by the parent process. */
+
+ BlockSignals(False, SIGINT);
+ BlockSignals(False, SIGQUIT);
+ BlockSignals(False, SIGTERM);
+ BlockSignals(False, SIGUSR1);
+ BlockSignals(False, SIGUSR2);
+ BlockSignals(False, SIGHUP);
+
+ /* Setup signal handlers */
+
+ CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */
+ CatchSignal(SIGQUIT, termination_handler);
+ CatchSignal(SIGTERM, termination_handler);
+
+ CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */
+
+ CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */
+ CatchSignal(SIGHUP, sighup_handler);
+
if (!interactive)
become_daemon(Fork);
@@ -882,10 +872,6 @@ int main(int argc, char **argv)
setpgid( (pid_t)0, (pid_t)0);
#endif
- if (!winbind_setup_common()) {
- return 1;
- }
-
if (opt_dual_daemon) {
do_dual_daemon();
}
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 27e168b6f9..5eabcfca20 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -100,12 +100,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
ret = smb_xmalloc(sizeof(*ret));
ZERO_STRUCTP(ret);
-
- if (!strcmp(domain->name, lp_workgroup()) && (lp_security() == SEC_USER)) {
- extern struct winbindd_methods passdb_methods;
- ret->backend = &passdb_methods;
-
- } else switch (lp_security()) {
+ switch (lp_security()) {
#ifdef HAVE_ADS
case SEC_ADS: {
extern struct winbindd_methods ads_methods;
diff --git a/source3/nsswitch/winbindd_dual.c b/source3/nsswitch/winbindd_dual.c
index 3597171005..167630b0e1 100644
--- a/source3/nsswitch/winbindd_dual.c
+++ b/source3/nsswitch/winbindd_dual.c
@@ -166,9 +166,6 @@ void do_dual_daemon(void)
_exit(0);
}
- if (!winbind_setup_common())
- _exit(0);
-
dual_daemon_pipe = -1;
opt_dual_daemon = False;
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 14ebb78466..b3ded2a2f4 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -193,8 +193,8 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
enum SID_NAME_USE name_type;
fstring name_domain, name_group;
char *tmp, *gr_mem;
- int gr_mem_len;
gid_t gid;
+ int gr_mem_len;
/* Ensure null termination */
state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0';
@@ -210,6 +210,11 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
if (!parse_domain_user(tmp, name_domain, name_group))
return WINBINDD_ERROR;
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) )
+ return WINBINDD_ERROR;
+
/* Get info for the domain */
if ((domain = find_domain_from_name(name_domain)) == NULL) {
@@ -233,7 +238,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
}
- if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &gid))) {
+ if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) {
DEBUG(1, ("error converting unix gid to sid\n"));
return WINBINDD_ERROR;
}
@@ -278,7 +283,8 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
/* Get rid from gid */
- if (NT_STATUS_IS_ERR(uid_to_sid(&group_sid, state->request.data.gid))) {
+
+ if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &group_sid)) {
DEBUG(1, ("could not convert gid %d to rid\n",
state->request.data.gid));
return WINBINDD_ERROR;
@@ -404,6 +410,9 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
if (ent->got_sam_entries)
return False;
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp(lp_workgroup(), ent->domain_name))
+ return False;
if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)",
ent->domain_name))) {
@@ -589,7 +598,9 @@ enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
sid_copy(&group_sid, &domain->sid);
sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
- if (NT_STATUS_IS_ERR(sid_to_gid(&group_sid, &group_gid))) {
+ if (!winbindd_idmap_get_gid_from_sid(
+ &group_sid,
+ &group_gid)) {
DEBUG(1, ("could not look up gid for group %s\n",
name_list[ent->sam_entry_index].acct_name));
@@ -738,6 +749,11 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
for (domain = domain_list(); domain; domain = domain->next) {
struct getent_state groups;
+
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( domain->name, lp_workgroup()) )
+ continue;
ZERO_STRUCT(groups);
@@ -830,6 +846,11 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
name_user))
goto done;
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) )
+ return WINBINDD_ERROR;
+
/* Get info for the domain */
if ((domain = find_domain_from_name(name_domain)) == NULL) {
@@ -866,16 +887,16 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
goto done;
for (i = 0; i < num_groups; i++) {
- gid_t gid;
-
- if (NT_STATUS_IS_ERR(sid_to_gid(user_gids[i], &gid))) {
+ if (!winbindd_idmap_get_gid_from_sid(
+ user_gids[i],
+ &gid_list[num_gids])) {
fstring sid_string;
DEBUG(1, ("unable to convert group sid %s to gid\n",
sid_to_string(sid_string, user_gids[i])));
continue;
}
- gid_list[num_gids] = gid;
+
num_gids++;
}
diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c
new file mode 100644
index 0000000000..3b23089200
--- /dev/null
+++ b/source3/nsswitch/winbindd_idmap.c
@@ -0,0 +1,194 @@
+/*
+ Unix SMB/CIFS implementation.
+ Winbind ID Mapping
+ Copyright (C) Tim Potter 2000
+ Copyright (C) Anthony Liguori <aliguor@us.ibm.com> 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+static struct {
+ const char *name;
+ /* Function to create a member of the idmap_methods list */
+ BOOL (*reg_meth)(struct winbindd_idmap_methods **methods);
+ struct winbindd_idmap_methods *methods;
+} builtin_winbindd_idmap_functions[] = {
+ { "tdb", winbind_idmap_reg_tdb, NULL },
+ { NULL, NULL, NULL }
+};
+
+/* singleton pattern: uberlazy evaluation */
+static struct winbindd_idmap_methods *impl;
+
+static struct winbindd_idmap_methods *get_impl(const char *name)
+{
+ int i = 0;
+ struct winbindd_idmap_methods *ret = NULL;
+
+ while (builtin_winbindd_idmap_functions[i].name &&
+ strcmp(builtin_winbindd_idmap_functions[i].name, name)) {
+ i++;
+ }
+
+ if (builtin_winbindd_idmap_functions[i].name) {
+ if (!builtin_winbindd_idmap_functions[i].methods) {
+ builtin_winbindd_idmap_functions[i].reg_meth(&builtin_winbindd_idmap_functions[i].methods);
+ }
+
+ ret = builtin_winbindd_idmap_functions[i].methods;
+ }
+
+ return ret;
+}
+
+/* Initialize backend */
+BOOL winbindd_idmap_init(void)
+{
+ BOOL ret = False;
+
+ DEBUG(3, ("winbindd_idmap_init: using '%s' as backend\n",
+ lp_winbind_backend()));
+
+ if (!impl) {
+ impl = get_impl(lp_winbind_backend());
+ if (!impl) {
+ DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+ lp_winbind_backend()));
+ }
+ }
+
+ if (impl) {
+ ret = impl->init();
+ }
+
+ DEBUG(3, ("winbind_idmap_init: returning %s\n", ret ? "true" : "false"));
+
+ return ret;
+}
+
+/* Get UID from SID */
+BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid)
+{
+ BOOL ret = False;
+
+ if (!impl) {
+ impl = get_impl(lp_winbind_backend());
+ if (!impl) {
+ DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+ lp_winbind_backend()));
+ }
+ }
+
+ if (impl) {
+ ret = impl->get_uid_from_sid(sid, uid);
+ }
+
+ return ret;
+}
+
+/* Get GID from SID */
+BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid)
+{
+ BOOL ret = False;
+
+ if (!impl) {
+ impl = get_impl(lp_winbind_backend());
+ if (!impl) {
+ DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+ lp_winbind_backend()));
+ }
+ }
+
+ if (impl) {
+ ret = impl->get_gid_from_sid(sid, gid);
+ }
+
+ return ret;
+}
+
+/* Get SID from UID */
+BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid)
+{
+ BOOL ret = False;
+
+ if (!impl) {
+ impl = get_impl(lp_winbind_backend());
+ if (!impl) {
+ DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+ lp_winbind_backend()));
+ }
+ }
+
+ if (impl) {
+ ret = impl->get_sid_from_uid(uid, sid);
+ }
+
+ return ret;
+}
+
+/* Get SID from GID */
+BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid)
+{
+ BOOL ret = False;
+
+ if (!impl) {
+ impl = get_impl(lp_winbind_backend());
+ }
+
+ if (impl) {
+ ret = impl->get_sid_from_gid(gid, sid);
+ } else {
+ DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+ lp_winbind_backend()));
+ }
+
+ return ret;
+}
+
+/* Close backend */
+BOOL winbindd_idmap_close(void)
+{
+ BOOL ret = False;
+
+ if (!impl) {
+ impl = get_impl(lp_winbind_backend());
+ }
+
+ if (impl) {
+ ret = impl->close();
+ } else {
+ DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+ lp_winbind_backend()));
+ }
+
+ return ret;
+}
+
+/* Dump backend status */
+void winbindd_idmap_status(void)
+{
+ if (!impl) {
+ impl = get_impl(lp_winbind_backend());
+ }
+
+ if (impl) {
+ impl->status();
+ } else {
+ DEBUG(0, ("winbindd_idmap_init: could not load backend '%s'\n",
+ lp_winbind_backend()));
+ }
+}
diff --git a/source3/nsswitch/winbindd_idmap_tdb.c b/source3/nsswitch/winbindd_idmap_tdb.c
new file mode 100644
index 0000000000..12d6972bae
--- /dev/null
+++ b/source3/nsswitch/winbindd_idmap_tdb.c
@@ -0,0 +1,459 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Winbind daemon - user related function
+
+ Copyright (C) Tim Potter 2000
+ Copyright (C) Anthony Liguori 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_WINBIND
+
+/* High water mark keys */
+#define HWM_GROUP "GROUP HWM"
+#define HWM_USER "USER HWM"
+
+/* idmap version determines auto-conversion */
+#define IDMAP_VERSION 2
+
+/* Globals */
+static TDB_CONTEXT *idmap_tdb;
+
+/* convert one record to the new format */
+static int tdb_convert_fn(TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data,
+ void *ignored)
+{
+ struct winbindd_domain *domain;
+ char *p;
+ DOM_SID sid;
+ uint32 rid;
+ fstring keystr;
+ fstring dom_name;
+ TDB_DATA key2;
+
+ p = strchr(key.dptr, '/');
+ if (!p)
+ return 0;
+
+ *p = 0;
+ fstrcpy(dom_name, key.dptr);
+ *p++ = '/';
+
+ domain = find_domain_from_name(dom_name);
+ if (!domain) {
+ /* We must delete the old record. */
+ DEBUG(0,
+ ("winbindd: tdb_convert_fn : Unable to find domain %s\n",
+ dom_name));
+ DEBUG(0,
+ ("winbindd: tdb_convert_fn : deleting record %s\n",
+ key.dptr));
+ tdb_delete(idmap_tdb, key);
+ return 0;
+ }
+
+ rid = atoi(p);
+
+ sid_copy(&sid, &domain->sid);
+ sid_append_rid(&sid, rid);
+
+ sid_to_string(keystr, &sid);
+ key2.dptr = keystr;
+ key2.dsize = strlen(keystr) + 1;
+
+ if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) {
+ /* not good! */
+ DEBUG(0,
+ ("winbindd: tdb_convert_fn : Unable to update record %s\n",
+ key2.dptr));
+ DEBUG(0,
+ ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
+ return -1;
+ }
+
+ if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) {
+ /* not good! */
+ DEBUG(0,
+ ("winbindd: tdb_convert_fn : Unable to update record %s\n",
+ data.dptr));
+ DEBUG(0,
+ ("winbindd: tdb_convert_fn : conversion failed - idmap corrupt ?\n"));
+ return -1;
+ }
+
+ tdb_delete(idmap_tdb, key);
+
+ return 0;
+}
+
+/*****************************************************************************
+ Convert the idmap database from an older version.
+*****************************************************************************/
+static BOOL tdb_idmap_convert(void)
+{
+ int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
+ BOOL bigendianheader =
+ (idmap_tdb->flags & TDB_BIGENDIAN) ? True : False;
+
+ if (vers == IDMAP_VERSION)
+ return True;
+
+ if (((vers == -1) && bigendianheader)
+ || (IREV(vers) == IDMAP_VERSION)) {
+ /* Arrggghh ! Bytereversed or old big-endian - make order independent ! */
+ /*
+ * high and low records were created on a
+ * big endian machine and will need byte-reversing.
+ */
+
+ int32 wm;
+
+ wm = tdb_fetch_int32(idmap_tdb, HWM_USER);
+
+ if (wm != -1) {
+ wm = IREV(wm);
+ } else
+ wm = server_state.uid_low;
+
+ if (tdb_store_int32(idmap_tdb, HWM_USER, wm) == -1) {
+ DEBUG(0,
+ ("tdb_idmap_convert: Unable to byteswap user hwm in idmap database\n"));
+ return False;
+ }
+
+ wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP);
+ if (wm != -1) {
+ wm = IREV(wm);
+ } else
+ wm = server_state.gid_low;
+
+ if (tdb_store_int32(idmap_tdb, HWM_GROUP, wm) == -1) {
+ DEBUG(0,
+ ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+ return False;
+ }
+ }
+
+ /* the old format stored as DOMAIN/rid - now we store the SID direct */
+ tdb_traverse(idmap_tdb, tdb_convert_fn, NULL);
+
+ if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) ==
+ -1) {
+ DEBUG(0,
+ ("tdb_idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+ return False;
+ }
+
+ return True;
+}
+
+/* Allocate either a user or group id from the pool */
+static BOOL tdb_allocate_id(uid_t * id, BOOL isgroup)
+{
+ int hwm;
+
+ /* Get current high water mark */
+ if ((hwm = tdb_fetch_int32(idmap_tdb,
+ isgroup ? HWM_GROUP : HWM_USER)) ==
+ -1) {
+ return False;
+ }
+
+ /* Return next available uid in list */
+ if ((isgroup && (hwm > server_state.gid_high)) ||
+ (!isgroup && (hwm > server_state.uid_high))) {
+ DEBUG(0,
+ ("winbind %sid range full!\n", isgroup ? "g" : "u"));
+ return False;
+ }
+
+ if (id) {
+ *id = hwm;
+ }
+
+ hwm++;
+
+ /* Store new high water mark */
+ tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm);
+
+ return True;
+}
+
+/* Get a sid from an id */
+static BOOL tdb_get_sid_from_id(int id, DOM_SID * sid, BOOL isgroup)
+{
+ TDB_DATA key, data;
+ fstring keystr;
+ BOOL result = False;
+
+ slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID",
+ id);
+
+ key.dptr = keystr;
+ key.dsize = strlen(keystr) + 1;
+
+ data = tdb_fetch(idmap_tdb, key);
+
+ if (data.dptr) {
+ result = string_to_sid(sid, data.dptr);
+ SAFE_FREE(data.dptr);
+ }
+
+ return result;
+}
+
+/* Get an id from a sid */
+static BOOL tdb_get_id_from_sid(DOM_SID * sid, uid_t * id, BOOL isgroup)
+{
+ TDB_DATA data, key;
+ fstring keystr;
+ BOOL result = False;
+
+ /* Check if sid is present in database */
+ sid_to_string(keystr, sid);
+
+ key.dptr = keystr;
+ key.dsize = strlen(keystr) + 1;
+
+ data = tdb_fetch(idmap_tdb, key);
+
+ if (data.dptr) {
+ fstring scanstr;
+ int the_id;
+
+ /* Parse and return existing uid */
+ fstrcpy(scanstr, isgroup ? "GID" : "UID");
+ fstrcat(scanstr, " %d");
+
+ if (sscanf(data.dptr, scanstr, &the_id) == 1) {
+ /* Store uid */
+ if (id) {
+ *id = the_id;
+ }
+
+ result = True;
+ }
+
+ SAFE_FREE(data.dptr);
+ } else {
+
+ /* Allocate a new id for this sid */
+ if (id && tdb_allocate_id(id, isgroup)) {
+ fstring keystr2;
+
+ /* Store new id */
+ slprintf(keystr2, sizeof(keystr2), "%s %d",
+ isgroup ? "GID" : "UID", *id);
+
+ data.dptr = keystr2;
+ data.dsize = strlen(keystr2) + 1;
+
+ tdb_store(idmap_tdb, key, data, TDB_REPLACE);
+ tdb_store(idmap_tdb, data, key, TDB_REPLACE);
+
+ result = True;
+ }
+ }
+
+ return result;
+}
+
+/*****************************************************************************
+ Initialise idmap database.
+*****************************************************************************/
+static BOOL tdb_idmap_init(void)
+{
+ SMB_STRUCT_STAT stbuf;
+
+ /* move to the new database on first startup */
+ if (!file_exist(lock_path("idmap.tdb"), &stbuf)) {
+ if (file_exist(lock_path("winbindd_idmap.tdb"), &stbuf)) {
+ char *cmd = NULL;
+
+ /* lazy file copy */
+ if (asprintf(&cmd, "cp -p %s/winbindd_idmap.tdb %s/idmap.tdb", lp_lockdir(), lp_lockdir()) != -1) {
+ system(cmd);
+ free(cmd);
+ }
+ if (!file_exist(lock_path("idmap.tdb"), &stbuf)) {
+ DEBUG(0, ("idmap_init: Unable to make a new database copy\n"));
+ return False;
+ }
+ }
+ }
+
+ /* Open tdb cache */
+ if (!(idmap_tdb = tdb_open_log(lock_path("idmap.tdb"), 0,
+ TDB_DEFAULT, O_RDWR | O_CREAT,
+ 0600))) {
+ DEBUG(0,
+ ("winbindd_idmap_init: Unable to open idmap database\n"));
+ return False;
+ }
+
+ /* possibly convert from an earlier version */
+ if (!tdb_idmap_convert()) {
+ DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n"));
+ return False;
+ }
+
+ /* Create high water marks for group and user id */
+ if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
+ if (tdb_store_int32
+ (idmap_tdb, HWM_USER, server_state.uid_low) == -1) {
+ DEBUG(0,
+ ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n"));
+ return False;
+ }
+ }
+
+ if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
+ if (tdb_store_int32
+ (idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) {
+ DEBUG(0,
+ ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n"));
+ return False;
+ }
+ }
+
+ return True;
+}
+
+/* Get a sid from a uid */
+static BOOL tdb_get_sid_from_uid(uid_t uid, DOM_SID * sid)
+{
+ return tdb_get_sid_from_id((int) uid, sid, False);
+}
+
+/* Get a sid from a gid */
+static BOOL tdb_get_sid_from_gid(gid_t gid, DOM_SID * sid)
+{
+ return tdb_get_sid_from_id((int) gid, sid, True);
+}
+
+/* Get a uid from a sid */
+static BOOL tdb_get_uid_from_sid(DOM_SID * sid, uid_t * uid)
+{
+ return tdb_get_id_from_sid(sid, uid, False);
+}
+
+/* Get a gid from a group sid */
+static BOOL tdb_get_gid_from_sid(DOM_SID * sid, gid_t * gid)
+{
+ return tdb_get_id_from_sid(sid, gid, True);
+}
+
+/* Close the tdb */
+static BOOL tdb_idmap_close(void)
+{
+ if (idmap_tdb)
+ return (tdb_close(idmap_tdb) == 0);
+ return True;
+}
+
+
+/* Dump status information to log file. Display different stuff based on
+ the debug level:
+
+ Debug Level Information Displayed
+ =================================================================
+ 0 Percentage of [ug]id range allocated
+ 0 High water marks (next allocated ids)
+*/
+
+#define DUMP_INFO 0
+
+static void tdb_idmap_status(void)
+{
+ int user_hwm, group_hwm;
+
+ DEBUG(0, ("winbindd idmap status:\n"));
+
+ /* Get current high water marks */
+
+ if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
+ DEBUG(DUMP_INFO,
+ ("\tCould not get userid high water mark!\n"));
+ }
+
+ if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
+ DEBUG(DUMP_INFO,
+ ("\tCould not get groupid high water mark!\n"));
+ }
+
+ /* Display next ids to allocate */
+
+ if (user_hwm != -1) {
+ DEBUG(DUMP_INFO,
+ ("\tNext userid to allocate is %d\n", user_hwm));
+ }
+
+ if (group_hwm != -1) {
+ DEBUG(DUMP_INFO,
+ ("\tNext groupid to allocate is %d\n", group_hwm));
+ }
+
+ /* Display percentage of id range already allocated. */
+
+ if (user_hwm != -1) {
+ int num_users = user_hwm - server_state.uid_low;
+ int total_users =
+ server_state.uid_high - server_state.uid_low;
+
+ DEBUG(DUMP_INFO,
+ ("\tUser id range is %d%% full (%d of %d)\n",
+ num_users * 100 / total_users, num_users,
+ total_users));
+ }
+
+ if (group_hwm != -1) {
+ int num_groups = group_hwm - server_state.gid_low;
+ int total_groups =
+ server_state.gid_high - server_state.gid_low;
+
+ DEBUG(DUMP_INFO,
+ ("\tGroup id range is %d%% full (%d of %d)\n",
+ num_groups * 100 / total_groups, num_groups,
+ total_groups));
+ }
+
+ /* Display complete mapping of users and groups to rids */
+}
+
+struct winbindd_idmap_methods tdb_idmap_methods = {
+ tdb_idmap_init,
+
+ tdb_get_sid_from_uid,
+ tdb_get_sid_from_gid,
+
+ tdb_get_uid_from_sid,
+ tdb_get_gid_from_sid,
+
+ tdb_idmap_close,
+
+ tdb_idmap_status
+};
+
+BOOL winbind_idmap_reg_tdb(struct winbindd_idmap_methods **meth)
+{
+ *meth = &tdb_idmap_methods;
+
+ return True;
+}
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
index f5dd904dc1..41bda7e5bc 100644
--- a/source3/nsswitch/winbindd_sid.c
+++ b/source3/nsswitch/winbindd_sid.c
@@ -98,6 +98,11 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
name_domain = state->request.data.name.dom_name;
name_user = state->request.data.name.name;
+ /* fail if we are a PDC and this is our domain; should be done by passdb */
+
+ if ( lp_server_role() == ROLE_DOMAIN_PDC && 0==StrCaseCmp( name_domain, lp_workgroup()) )
+ return WINBINDD_ERROR;
+
if ((domain = find_domain_from_name(name_domain)) == NULL) {
DEBUG(0, ("could not find domain entry for domain %s\n",
name_domain));
@@ -137,7 +142,7 @@ enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
}
/* Find uid for this sid and return it */
- if (NT_STATUS_IS_ERR(sid_to_uid(&sid, &(state->response.data.uid)))) {
+ if (!winbindd_idmap_get_uid_from_sid(&sid, &state->response.data.uid)) {
DEBUG(1, ("Could not get uid for sid %s\n",
state->request.data.sid));
return WINBINDD_ERROR;
@@ -166,7 +171,7 @@ enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
}
/* Find gid for this sid and return it */
- if (NT_STATUS_IS_ERR(sid_to_gid(&sid, &(state->response.data.gid)))) {
+ if (!winbindd_idmap_get_gid_from_sid(&sid, &state->response.data.gid)) {
DEBUG(1, ("Could not get gid for sid %s\n",
state->request.data.sid));
return WINBINDD_ERROR;
@@ -192,7 +197,7 @@ enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state)
state->request.data.uid));
/* Lookup rid for this uid */
- if (NT_STATUS_IS_ERR(uid_to_sid(&sid, state->request.data.uid))) {
+ if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, &sid)) {
DEBUG(1, ("Could not convert uid %d to rid\n",
state->request.data.uid));
return WINBINDD_ERROR;
@@ -221,7 +226,7 @@ enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state)
state->request.data.gid));
/* Lookup sid for this uid */
- if (NT_STATUS_IS_ERR(gid_to_sid(&sid, state->request.data.gid))) {
+ if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &sid)) {
DEBUG(1, ("Could not convert gid %d to sid\n",
state->request.data.gid));
return WINBINDD_ERROR;
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index dc07bc42e7..d2bd231918 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -41,15 +41,17 @@ static BOOL winbindd_fill_pwent(char *dom_name, char *user_name,
return False;
/* Resolve the uid number */
-
- if (NT_STATUS_IS_ERR(sid_to_uid(user_sid, &(pw->pw_uid)))) {
+
+ if (!winbindd_idmap_get_uid_from_sid(user_sid,
+ &pw->pw_uid)) {
DEBUG(1, ("error getting user id for sid %s\n", sid_to_string(sid_string, user_sid)));
return False;
}
/* Resolve the gid number */
-
- if (NT_STATUS_IS_ERR(sid_to_gid(group_sid, &(pw->pw_gid)))) {
+
+ if (!winbindd_idmap_get_gid_from_sid(group_sid,
+ &pw->pw_gid)) {
DEBUG(1, ("error getting group id for sid %s\n", sid_to_string(sid_string, group_sid)));
return False;
}
@@ -176,9 +178,9 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
fstring user_name;
enum SID_NAME_USE name_type;
WINBIND_USERINFO user_info;
+ gid_t gid;
TALLOC_CTX *mem_ctx;
NTSTATUS status;
- gid_t gid;
/* Bug out if the uid isn't in the winbind range */
@@ -191,7 +193,8 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
/* Get rid from uid */
- if (NT_STATUS_IS_ERR(uid_to_sid(&user_sid, state->request.data.uid))) {
+ if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid,
+ &user_sid)) {
DEBUG(1, ("could not convert uid %d to SID\n",
state->request.data.uid));
return WINBINDD_ERROR;
@@ -233,9 +236,9 @@ enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
}
- /* Check group has a gid number */
+ /* Resolve gid number */
- if (NT_STATUS_IS_ERR(sid_to_gid(user_info.group_sid, &gid))) {
+ if (!winbindd_idmap_get_gid_from_sid(user_info.group_sid, &gid)) {
DEBUG(1, ("error getting group id for user %s\n", user_name));
talloc_destroy(mem_ctx);
return WINBINDD_ERROR;
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index ac0b317b42..ef030e2c7b 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -126,7 +126,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
/* see if this is a native mode win2k domain, but only for our own domain */
- if ( strequal( lp_workgroup(), domain_name) ) {
+ if ( lp_server_role() != ROLE_DOMAIN_PDC && strequal( lp_workgroup(), domain_name) ) {
domain->native_mode = cm_check_for_native_mode_win2k( domain_name );
DEBUG(3,("add_trusted_domain: %s is a %s mode domain\n", domain_name,
domain->native_mode ? "native" : "mixed" ));
@@ -211,6 +211,7 @@ BOOL init_domain_list(void)
/* Add ourselves as the first entry */
domain = add_trusted_domain(lp_workgroup(), NULL, &cache_methods, NULL);
+
if (!secrets_fetch_domain_sid(domain->name, &domain->sid)) {
DEBUG(1, ("Could not fetch sid for our domain %s\n",
domain->name));
@@ -219,7 +220,7 @@ BOOL init_domain_list(void)
/* get any alternate name for the primary domain */
cache_methods.alternate_name(domain);
-
+
/* do an initial scan for trusted domains */
rescan_trusted_domains(True);
@@ -380,12 +381,12 @@ BOOL winbindd_param_init(void)
{
/* Parse winbind uid and winbind_gid parameters */
- if (!lp_idmap_uid(&server_state.uid_low, &server_state.uid_high)) {
+ if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) {
DEBUG(0, ("winbind uid range missing or invalid\n"));
return False;
}
- if (!lp_idmap_gid(&server_state.gid_low, &server_state.gid_high)) {
+ if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) {
DEBUG(0, ("winbind gid range missing or invalid\n"));
return False;
}
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 78b89c60b7..9e75efccf4 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -295,21 +295,14 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
retval = smb_update_db(pamh, ctrl, user, pass_new);
if (retval == PAM_SUCCESS) {
- uid_t uid;
-
/* password updated */
- if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &uid))) {
- _log_err( LOG_NOTICE, "Unable to get uid for user %s",
- pdb_get_username(sampass));
- _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
- user, uidtoname(getuid()), getuid());
- } else {
- _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
- user, uid, uidtoname(getuid()), getuid());
- }
- } else {
- _log_err( LOG_ERR, "password change failed for user %s", user);
- }
+ _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)"
+ , user, pdb_get_uid(sampass), uidtoname( getuid() )
+ , getuid() );
+ } else {
+ _log_err( LOG_ERR, "password change failed for user %s"
+ , user );
+ }
pass_old = pass_new = NULL;
if (sampass) {
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 62cc866fae..11de306d13 100644
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -308,6 +308,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
const char *p, unsigned int ctrl )
{
+ uchar hash_pass[16];
uchar lm_pw[16];
uchar nt_pw[16];
int retval = PAM_AUTH_ERR;
@@ -338,8 +339,11 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
const char *service;
pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
- _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
- uidtoname(getuid()), service ? service : "**unknown**", name);
+ _log_err( LOG_NOTICE
+ , "failed auth request by %s for service %s as %s(%d)"
+ , uidtoname( getuid() )
+ , service ? service : "**unknown**", name
+ , pdb_get_uid(sampass) );
return PAM_AUTH_ERR;
}
}
@@ -393,34 +397,32 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
retval = PAM_MAXTRIES;
}
} else {
- _log_err(LOG_NOTICE,
- "failed auth request by %s for service %s as %s",
- uidtoname(getuid()),
- service ? service : "**unknown**", name);
+ _log_err( LOG_NOTICE
+ , "failed auth request by %s for service %s as %s(%d)"
+ , uidtoname( getuid() )
+ , service ? service : "**unknown**", name
+ , pdb_get_uid(sampass) );
new->count = 1;
}
- if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &(new->id)))) {
- _log_err(LOG_NOTICE,
- "failed auth request by %s for service %s as %s",
- uidtoname(getuid()),
- service ? service : "**unknown**", name);
- }
new->user = smbpXstrDup( name );
+ new->id = pdb_get_uid(sampass);
new->agent = smbpXstrDup( uidtoname( getuid() ) );
pam_set_data( pamh, data_name, new, _cleanup_failures );
} else {
_log_err( LOG_CRIT, "no memory for failure recorder" );
- _log_err(LOG_NOTICE,
- "failed auth request by %s for service %s as %s(%d)",
- uidtoname(getuid()),
- service ? service : "**unknown**", name);
+ _log_err( LOG_NOTICE
+ , "failed auth request by %s for service %s as %s(%d)"
+ , uidtoname( getuid() )
+ , service ? service : "**unknown**", name
+ , pdb_get_uid(sampass) );
}
} else {
- _log_err(LOG_NOTICE,
- "failed auth request by %s for service %s as %s(%d)",
- uidtoname(getuid()),
- service ? service : "**unknown**", name);
+ _log_err( LOG_NOTICE
+ , "failed auth request by %s for service %s as %s(%d)"
+ , uidtoname( getuid() )
+ , service ? service : "**unknown**", name
+ , pdb_get_uid(sampass) );
retval = PAM_AUTH_ERR;
}
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 5399969f9f..9b9922d8e9 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -8,7 +8,6 @@
Copyright (C) Simo Sorce 2001
Copyright (C) Alexander Bokovoy 2002
Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Anthony Liguori 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -162,11 +161,10 @@ typedef struct
BOOL bUtmp;
#endif
char *szSourceEnv;
- char *szIdmapUID;
- char *szIdmapGID;
- BOOL *bIdmapOnly;
+ char *szWinbindUID;
+ char *szWinbindGID;
char *szNonUnixAccountRange;
- int AlgorithmicRidBase;
+ BOOL bAlgorithmicRidBase;
char *szTemplateHomedir;
char *szTemplateShell;
char *szWinbindSeparator;
@@ -174,7 +172,6 @@ typedef struct
BOOL bWinbindEnumGroups;
BOOL bWinbindUseDefaultDomain;
char *szWinbindBackend;
- char *szIdmapBackend;
char *szAddShareCommand;
char *szChangeShareCommand;
char *szDeleteShareCommand;
@@ -339,7 +336,7 @@ typedef struct
char **printer_admin;
char *volume;
char *fstype;
- char *szVfsObjectFile;
+ char **szVfsObjectFile;
char *szVfsOptions;
char *szVfsPath;
char *szMSDfsProxy;
@@ -555,8 +552,8 @@ static BOOL handle_include(const char *pszParmValue, char **ptr);
static BOOL handle_copy(const char *pszParmValue, char **ptr);
static BOOL handle_source_env(const char *pszParmValue, char **ptr);
static BOOL handle_netbios_name(const char *pszParmValue, char **ptr);
-static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr);
-static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr);
+static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr);
+static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr);
static BOOL handle_debug_list( const char *pszParmValue, char **ptr );
static BOOL handle_workgroup( const char *pszParmValue, char **ptr );
static BOOL handle_netbios_aliases( const char *pszParmValue, char **ptr );
@@ -751,8 +748,8 @@ static struct parm_struct parm_table[] = {
{"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
- {"client schannel", P_ENUM, P_GLOBAL, &Globals.clientSchannel, NULL, enum_bool_auto, FLAG_BASIC},
- {"server schannel", P_ENUM, P_GLOBAL, &Globals.serverSchannel, NULL, enum_bool_auto, FLAG_BASIC},
+ {"client schannel", P_ENUM, P_GLOBAL, &Globals.clientSchannel, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"server schannel", P_ENUM, P_GLOBAL, &Globals.serverSchannel, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED | FLAG_DEVELOPER},
{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -763,8 +760,8 @@ static struct parm_struct parm_table[] = {
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
+ {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.bAlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE | FLAG_DEVELOPER},
@@ -804,12 +801,12 @@ static struct parm_struct parm_table[] = {
{"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE},
{"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
- {"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+ {"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL},
{"force create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"security mask", P_OCTAL, P_LOCAL, &sDefault.iSecurity_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"force security mode", P_OCTAL, P_LOCAL, &sDefault.iSecurity_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"directory mask", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
- {"directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+ {"directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL},
{"force directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"directory security mask", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"force directory security mode", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
@@ -856,11 +853,11 @@ static struct parm_struct parm_table[] = {
{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, FLAG_DEVELOPER},
{"disable netbios", P_BOOL, P_GLOBAL, &Globals.bDisableNetbios, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"acl compatibility", P_STRING, P_GLOBAL, &Globals.szAclCompat, handle_acl_compatibility, NULL, FLAG_SHARE | FLAG_GLOBAL | FLAG_ADVANCED},
- {"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
+ {"acl compatibility", P_STRING, P_GLOBAL, &Globals.szAclCompat, handle_acl_compatibility, NULL, FLAG_SHARE | FLAG_GLOBAL | FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"nt acl support", P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_DEVELOPER},
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"profile acls", P_BOOL, P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED | FLAG_WIZARD},
+ {"profile acls", P_BOOL, P_LOCAL, &sDefault.bProfileAcls, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE | FLAG_ADVANCED},
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_DEVELOPER},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_DEVELOPER},
@@ -1004,6 +1001,7 @@ static struct parm_struct parm_table[] = {
{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL, FLAG_DEVELOPER | FLAG_ADVANCED},
{"WINS Options", P_SEP, P_SEPARATOR},
+
{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -1028,7 +1026,7 @@ static struct parm_struct parm_table[] = {
{"oplock contention limit", P_INTEGER, P_LOCAL, &sDefault.iOplockContentionLimit, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"posix locking", P_BOOL, P_LOCAL, &sDefault.bPosixLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
- {"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE|FLAG_GLOBAL},
+ {"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"Ldap Options", P_SEP, P_SEPARATOR},
@@ -1117,12 +1115,8 @@ static struct parm_struct parm_table[] = {
{"Winbind options", P_SEP, P_SEPARATOR},
- {"idmap only", P_BOOL, P_GLOBAL, &Globals.bIdmapOnly, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"idmap backend", P_STRING, P_GLOBAL, &Globals.szIdmapBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"idmap uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"winbind uid", P_STRING, P_GLOBAL, &Globals.szIdmapUID, handle_idmap_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE},
- {"idmap gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
- {"winbind gid", P_STRING, P_GLOBAL, &Globals.szIdmapGID, handle_idmap_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER | FLAG_HIDE},
+ {"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -1130,6 +1124,7 @@ static struct parm_struct parm_table[] = {
{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"winbind backend", P_STRING, P_GLOBAL, &Globals.szWinbindBackend, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
@@ -1318,7 +1313,7 @@ static void init_globals(void)
string_set(&Globals.szNameResolveOrder, "lmhosts wins host bcast");
string_set(&Globals.szPasswordServer, "*");
- Globals.AlgorithmicRidBase = BASE_RID;
+ Globals.bAlgorithmicRidBase = BASE_RID;
Globals.bLoadPrinters = True;
Globals.mangled_stack = 50;
@@ -1342,8 +1337,8 @@ static void init_globals(void)
Globals.paranoid_server_security = True;
Globals.bEncryptPasswords = True;
Globals.bUpdateEncrypt = False;
- Globals.clientSchannel = False;
- Globals.serverSchannel = False;
+ Globals.clientSchannel = Auto;
+ Globals.serverSchannel = Auto;
Globals.bReadRaw = True;
Globals.bWriteRaw = True;
Globals.bReadPrediction = False;
@@ -1411,7 +1406,7 @@ static void init_globals(void)
#ifdef WITH_LDAP_SAMCONFIG
string_set(&Globals.szLdapServer, "localhost");
Globals.ldap_port = 636;
- Globals.szPassdbBackend = str_list_make("ldapsam guest", NULL);
+ Globals.szPassdbBackend = str_list_make("ldapsam_compat guest", NULL);
#else
Globals.szPassdbBackend = str_list_make("smbpasswd guest", NULL);
#endif /* WITH_LDAP_SAMCONFIG */
@@ -1465,7 +1460,7 @@ static void init_globals(void)
Globals.bWinbindEnumGroups = True;
Globals.bWinbindUseDefaultDomain = False;
- Globals.bIdmapOnly = False;
+ string_set(&Globals.szWinbindBackend, "tdb");
Globals.name_cache_timeout = 660; /* In seconds */
@@ -1517,17 +1512,17 @@ static char *lp_string(const char *s)
if (!ret)
return NULL;
- /* Note: StrnCpy touches len+1 bytes, but we allocate 100
+ /* Note: safe_strcpy touches len+1 bytes, but we allocate 100
* extra bytes so we're OK. */
if (!s)
*ret = 0;
else
- StrnCpy(ret, s, len);
+ safe_strcpy(ret, s, len+99);
if (trim_string(ret, "\"", "\"")) {
if (strchr(ret,'"') != NULL)
- StrnCpy(ret, s, len);
+ safe_strcpy(ret, s, len+99);
}
standard_sub_basic(current_user_info.smb_name,ret,len+100);
@@ -1641,9 +1636,7 @@ FN_GLOBAL_STRING(lp_acl_compatibility, &Globals.szAclCompat)
FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
-
-FN_GLOBAL_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
-FN_GLOBAL_BOOL(lp_idmap_only, &Globals.bIdmapOnly)
+FN_GLOBAL_STRING(lp_winbind_backend, &Globals.szWinbindBackend)
#ifdef WITH_LDAP_SAMCONFIG
FN_GLOBAL_STRING(lp_ldap_server, &Globals.szLdapServer)
@@ -1857,7 +1850,7 @@ FN_LOCAL_INTEGER(lp_block_size, iBlock_size)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
-FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
+FN_GLOBAL_BOOL(lp_algorithmic_rid_base, &Globals.bAlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
FN_GLOBAL_BOOL(lp_client_signing, &Globals.client_signing)
@@ -2261,6 +2254,7 @@ BOOL lp_add_home(const char *pszHomename, int iDefaultService,
} else {
pstrcpy(newHomedir, lp_pathname(iDefaultService));
string_sub(newHomedir,"%H", pszHomedir, sizeof(newHomedir));
+ string_sub(newHomedir,"%S", pszHomename, sizeof(newHomedir));
}
string_set(&ServicePtrs[i]->szPath, newHomedir);
@@ -2848,55 +2842,55 @@ static BOOL handle_copy(const char *pszParmValue, char **ptr)
}
/***************************************************************************
- Handle idmap/non unix account uid and gid allocation parameters. The format of these
+ Handle winbind uid and gid allocation parameters. The format of these
parameters is:
[global]
- idmap uid = 1000-1999
- idmap gid = 700-899
+ winbind uid = 1000-1999
+ winbind gid = 700-899
We only do simple parsing checks here. The strings are parsed into useful
- structures in the idmap daemon code.
+ structures in the winbind daemon code.
***************************************************************************/
-/* Some lp_ routines to return idmap [ug]id information */
+/* Some lp_ routines to return winbind [ug]id information */
-static uid_t idmap_uid_low, idmap_uid_high;
-static gid_t idmap_gid_low, idmap_gid_high;
+static uid_t winbind_uid_low, winbind_uid_high;
+static gid_t winbind_gid_low, winbind_gid_high;
-BOOL lp_idmap_uid(uid_t *low, uid_t *high)
+BOOL lp_winbind_uid(uid_t *low, uid_t *high)
{
- if (idmap_uid_low == 0 || idmap_uid_high == 0)
+ if (winbind_uid_low == 0 || winbind_uid_high == 0)
return False;
if (low)
- *low = idmap_uid_low;
+ *low = winbind_uid_low;
if (high)
- *high = idmap_uid_high;
+ *high = winbind_uid_high;
return True;
}
-BOOL lp_idmap_gid(gid_t *low, gid_t *high)
+BOOL lp_winbind_gid(gid_t *low, gid_t *high)
{
- if (idmap_gid_low == 0 || idmap_gid_high == 0)
+ if (winbind_gid_low == 0 || winbind_gid_high == 0)
return False;
if (low)
- *low = idmap_gid_low;
+ *low = winbind_gid_low;
if (high)
- *high = idmap_gid_high;
+ *high = winbind_gid_high;
return True;
}
-/* Do some simple checks on "idmap [ug]id" parameter values */
+/* Do some simple checks on "winbind [ug]id" parameter values */
-static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr)
+static BOOL handle_winbind_uid(const char *pszParmValue, char **ptr)
{
uint32 low, high;
@@ -2907,13 +2901,13 @@ static BOOL handle_idmap_uid(const char *pszParmValue, char **ptr)
string_set(ptr, pszParmValue);
- idmap_uid_low = low;
- idmap_uid_high = high;
+ winbind_uid_low = low;
+ winbind_uid_high = high;
return True;
}
-static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr)
+static BOOL handle_winbind_gid(const char *pszParmValue, char **ptr)
{
uint32 low, high;
@@ -2924,8 +2918,8 @@ static BOOL handle_idmap_gid(const char *pszParmValue, char **ptr)
string_set(ptr, pszParmValue);
- idmap_gid_low = low;
- idmap_gid_high = high;
+ winbind_gid_low = low;
+ winbind_gid_high = high;
return True;
}
@@ -3809,18 +3803,7 @@ static void set_server_role(void)
DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
break;
case SEC_SERVER:
- if (lp_domain_logons())
- DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
- server_role = ROLE_DOMAIN_MEMBER;
- break;
case SEC_DOMAIN:
- if (lp_domain_logons()) {
- DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
- server_role = ROLE_DOMAIN_BDC;
- break;
- }
- server_role = ROLE_DOMAIN_MEMBER;
- break;
case SEC_ADS:
if (lp_domain_logons()) {
server_role = ROLE_DOMAIN_PDC;
@@ -4244,7 +4227,7 @@ void lp_set_logfile(const char *name)
}
/*******************************************************************
- Return the NetBIOS called name.
+ Return the NetBIOS called name, or my IP - but never global_myname().
********************************************************************/
const char *get_called_name(void)
@@ -4252,22 +4235,11 @@ const char *get_called_name(void)
extern fstring local_machine;
static fstring called_name;
- if (! *local_machine)
- return global_myname();
-
- /*
- * Windows NT/2k uses "*SMBSERVER" and XP uses "*SMBSERV"
- * arrggg!!! but we've already rewritten the client's
- * netbios name at this point...
- */
-
- if (*local_machine) {
- if (!StrCaseCmp(local_machine, "_SMBSERVER") || !StrCaseCmp(local_machine, "_SMBSERV")) {
- fstrcpy(called_name, get_my_primary_ip());
- DEBUG(8,("get_called_name: assuming that client used IP address [%s] as called name.\n",
- called_name));
- return called_name;
- }
+ if (!*local_machine) {
+ fstrcpy(called_name, get_my_primary_ip());
+ DEBUG(8,("get_called_name: assuming that client used IP address [%s] as called name.\n",
+ called_name));
+ return called_name;
}
return local_machine;
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index aa378ecd6e..bbccb86d82 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -5,7 +5,6 @@
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
Copyright (C) Gerald (Jerry) Carter 2000-2001
Copyright (C) Andrew Bartlett 2001-2002
- Copyright (C) Simo Sorce 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -37,7 +36,7 @@
Fill the SAM_ACCOUNT with default values.
***********************************************************/
-void pdb_fill_default_sam(SAM_ACCOUNT *user)
+static void pdb_fill_default_sam(SAM_ACCOUNT *user)
{
ZERO_STRUCT(user->private); /* Don't touch the talloc context */
@@ -47,6 +46,8 @@ void pdb_fill_default_sam(SAM_ACCOUNT *user)
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
+ user->private.uid = user->private.gid = -1;
+
user->private.logon_time = (time_t)0;
user->private.pass_last_set_time = (time_t)0;
user->private.pass_can_change_time = (time_t)0;
@@ -162,7 +163,13 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user)
NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
{
- NTSTATUS ret;
+ GROUP_MAP map;
+
+ const char *guest_account = lp_guestaccount();
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if (!pwd) {
return NT_STATUS_UNSUCCESSFUL;
@@ -176,6 +183,9 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
+
+ pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
+ pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
/* When we get a proper uid -> SID and SID -> uid allocation
mechinism, we should call it here.
@@ -187,8 +197,37 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
-- abartlet 11-May-02
*/
- ret = pdb_set_sam_sids(sam_account, pwd);
- if (NT_STATUS_IS_ERR(ret)) return ret;
+
+ /* Ensure this *must* be set right */
+ if (strcmp(pwd->pw_name, guest_account) == 0) {
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_SET)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_SET)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ } else {
+
+ if (!pdb_set_user_sid_from_rid(sam_account,
+ fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+ DEBUG(0,("Can't set User SID from RID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* call the mapping code here */
+ if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
+ DEBUG(0,("Can't set Group SID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ else {
+ if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+ DEBUG(0,("Can't set Group SID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ }
/* check if this is a user account or a machine account */
if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
@@ -281,7 +320,6 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
return nt_status;
}
} else {
- DOM_SID g_sid;
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) {
*new_sam_acct = NULL;
return nt_status;
@@ -290,13 +328,6 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
pdb_free_sam(new_sam_acct);
return nt_status;
}
-
- pdb_set_domain (*new_sam_acct, lp_workgroup(), PDB_DEFAULT);
-
- /* set Domain Users by default ! */
- sid_copy(&g_sid, get_global_sam_sid());
- sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
- pdb_set_group_sid(*new_sam_acct, &g_sid, PDB_SET);
}
return NT_STATUS_OK;
}
@@ -369,63 +400,6 @@ NTSTATUS pdb_free_sam(SAM_ACCOUNT **user)
return NT_STATUS_OK;
}
-/**************************************************************************
- * This function will take care of all the steps needed to correctly
- * allocate and set the user SID, please do use this function to create new
- * users, messing with SIDs is not good.
- *
- * account_data must be provided initialized, pwd may be null.
- * SSS
- ***************************************************************************/
-
-NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd)
-{
- const char *guest_account = lp_guestaccount();
- GROUP_MAP map;
-
- if (!account_data || !pwd) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* this is a hack this thing should not be set
- this way --SSS */
- if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
- return NT_STATUS_UNSUCCESSFUL;
- } else {
- /* Ensure this *must* be set right */
- if (strcmp(pwd->pw_name, guest_account) == 0) {
- if (!pdb_set_user_sid_from_rid(account_data, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (!pdb_set_group_sid_from_rid(account_data, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
- }
- }
-
- if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
- DEBUG(0,("Can't set User SID from RID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* call the mapping code here */
- if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
- if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
- DEBUG(0,("Can't set Group SID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- else {
- if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
- DEBUG(0,("Can't set Group SID\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
-
- return NT_STATUS_OK;
-}
/**********************************************************
Encode the account control bits into a string.
@@ -555,6 +529,10 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd)
return (True);
}
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
static int algorithmic_rid_base(void)
{
static int rid_offset = 0;
@@ -577,16 +555,14 @@ static int algorithmic_rid_base(void)
return rid_offset;
}
-/*******************************************************************
- Converts NT user RID to a UNIX uid.
- ********************************************************************/
uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
{
int rid_offset = algorithmic_rid_base();
- return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER);
+ return (uid_t)(((user_rid & (~USER_RID_TYPE))- rid_offset)/RID_MULTIPLIER);
}
+
/*******************************************************************
converts UNIX uid to an NT User RID.
********************************************************************/
@@ -637,7 +613,7 @@ static BOOL pdb_rid_is_well_known(uint32 rid)
Decides if a RID is a user or group RID.
********************************************************************/
-BOOL fallback_pdb_rid_is_user(uint32 rid)
+BOOL pdb_rid_is_user(uint32 rid)
{
/* lkcl i understand that NT attaches an enumeration to a RID
* such that it can be identified as either a user, group etc
@@ -670,7 +646,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
GROUP_MAP map;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
- DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n",
+ DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
sid_string_static(&map.sid)));
return False;
}
@@ -727,7 +703,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
return True;
}
- if (fallback_pdb_rid_is_user(rid)) {
+ if (pdb_rid_is_user(rid)) {
uid_t uid;
DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid));
@@ -860,6 +836,190 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
return True;
}
+/****************************************************************************
+ Convert a uid to SID - locally.
+****************************************************************************/
+
+DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
+{
+ struct passwd *pass;
+ SAM_ACCOUNT *sam_user = NULL;
+ fstring str; /* sid string buffer */
+
+ sid_copy(psid, get_global_sam_sid());
+
+ if((pass = getpwuid_alloc(uid))) {
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+ passwd_free(&pass);
+ return NULL;
+ }
+
+ if (pdb_getsampwnam(sam_user, pass->pw_name)) {
+ sid_copy(psid, pdb_get_user_sid(sam_user));
+ } else {
+ sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
+ }
+
+ DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (%s).\n",
+ (unsigned)uid, sid_to_string( str, psid),
+ pass->pw_name ));
+
+ passwd_free(&pass);
+ pdb_free_sam(&sam_user);
+
+ } else {
+ sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
+
+ DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (unknown user).\n",
+ (unsigned)uid, sid_to_string( str, psid)));
+ }
+
+ return psid;
+}
+
+/****************************************************************************
+ Convert a SID to uid - locally.
+****************************************************************************/
+
+BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
+{
+ fstring str;
+ SAM_ACCOUNT *sam_user = NULL;
+
+ *name_type = SID_NAME_UNKNOWN;
+
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+ return False;
+
+ if (pdb_getsampwsid(sam_user, psid)) {
+
+ if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) {
+ pdb_free_sam(&sam_user);
+ return False;
+ }
+
+ *puid = pdb_get_uid(sam_user);
+
+ DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
+ (unsigned int)*puid, pdb_get_username(sam_user)));
+ pdb_free_sam(&sam_user);
+ } else {
+
+ DOM_SID dom_sid;
+ uint32 rid;
+ GROUP_MAP map;
+
+ pdb_free_sam(&sam_user);
+
+ if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
+ DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid)));
+ /* It's a group, not a user... */
+ return False;
+ }
+
+ sid_copy(&dom_sid, psid);
+ if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+ DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
+ return False;
+ }
+
+ if (!pdb_rid_is_user(rid)) {
+ DEBUG(3, ("local_sid_to_uid: sid '%s' cannot be mapped to a uid algorithmicly becouse it is a group\n", sid_to_string(str, psid)));
+ return False;
+ }
+
+ *puid = fallback_pdb_user_rid_to_uid(rid);
+
+ DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n",
+ sid_to_string(str, psid), (signed long int)(*puid)));
+ }
+
+ *name_type = SID_NAME_USER;
+
+ return True;
+}
+
+/****************************************************************************
+ Convert a gid to SID - locally.
+****************************************************************************/
+
+DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+ GROUP_MAP map;
+
+ sid_copy(psid, get_global_sam_sid());
+
+ if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+ sid_copy(psid, &map.sid);
+ }
+ else {
+ sid_append_rid(psid, pdb_gid_to_group_rid(gid));
+ }
+
+ return psid;
+}
+
+/****************************************************************************
+ Convert a SID to gid - locally.
+****************************************************************************/
+
+BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
+{
+ fstring str;
+ GROUP_MAP map;
+
+ *name_type = SID_NAME_UNKNOWN;
+
+ /*
+ * We can only convert to a gid if this is our local
+ * Domain SID (ie. we are the controling authority).
+ *
+ * Or in the Builtin SID too. JFM, 11/30/2001
+ */
+
+ if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
+
+ /* the SID is in the mapping table but not mapped */
+ if (map.gid==(gid_t)-1)
+ return False;
+
+ *pgid = map.gid;
+ *name_type = map.sid_name_use;
+ DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n",
+ sid_to_string( str, psid),
+ map.nt_name, (unsigned int)*pgid));
+
+ } else {
+ uint32 rid;
+ SAM_ACCOUNT *sam_user = NULL;
+ if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+ return False;
+
+ if (pdb_getsampwsid(sam_user, psid)) {
+ return False;
+ pdb_free_sam(&sam_user);
+ }
+
+ pdb_free_sam(&sam_user);
+
+ if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+ DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
+ return False;
+ }
+
+ if (pdb_rid_is_user(rid))
+ return False;
+
+ *pgid = pdb_group_rid_to_gid(rid);
+ *name_type = SID_NAME_ALIAS;
+ DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u).\n", sid_to_string( str, psid),
+ (unsigned int)*pgid));
+ }
+
+ return True;
+}
+
/*************************************************************
Change a password entry in the local smbpasswd file.
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 4370dc2c36..a86d936263 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -202,6 +202,22 @@ enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_el
return ret;
}
+uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->private.uid);
+ else
+ return (-1);
+}
+
+gid_t pdb_get_gid (const SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->private.gid);
+ else
+ return (-1);
+}
+
const char* pdb_get_username (const SAM_ACCOUNT *sampass)
{
if (sampass)
@@ -493,6 +509,32 @@ BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum p
return True;
}
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag)
+{
+ if (!sampass)
+ return False;
+
+ DEBUG(10, ("pdb_set_uid: setting uid %d, was %d\n",
+ (int)uid, (int)sampass->private.uid));
+
+ sampass->private.uid = uid;
+
+ return pdb_set_init_flags(sampass, PDB_UID, flag);
+}
+
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag)
+{
+ if (!sampass)
+ return False;
+
+ DEBUG(10, ("pdb_set_gid: setting gid %d, was %d\n",
+ (int)gid, (int)sampass->private.gid));
+
+ sampass->private.gid = gid;
+
+ return pdb_set_init_flags(sampass, PDB_GID, flag);
+}
+
BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag)
{
if (!sampass || !u_sid)
diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c
index 9bcdccc7e7..7ecfa7d4c3 100644
--- a/source3/passdb/pdb_guest.c
+++ b/source3/passdb/pdb_guest.c
@@ -24,16 +24,11 @@
Lookup a name in the SAM database
******************************************************************/
-static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname)
+static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
{
NTSTATUS nt_status;
+ struct passwd *pass;
const char *guest_account = lp_guestaccount();
-
- if (!sam_account || !sname) {
- DEBUG(0,("invalid name specified"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
if (!(guest_account && *guest_account)) {
DEBUG(1, ("NULL guest account!?!?\n"));
return NT_STATUS_UNSUCCESSFUL;
@@ -43,31 +38,21 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
DEBUG(0,("invalid methods\n"));
return NT_STATUS_UNSUCCESSFUL;
}
+ if (!sname) {
+ DEBUG(0,("invalid name specified"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
if (!strequal(guest_account, sname)) {
return NT_STATUS_NO_SUCH_USER;
}
- pdb_fill_default_sam(sam_account);
-
- if (!pdb_set_username(sam_account, guest_account, PDB_SET))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!pdb_set_fullname(sam_account, guest_account, PDB_SET))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!pdb_set_domain(sam_account, lp_workgroup(), PDB_DEFAULT))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT))
- return NT_STATUS_UNSUCCESSFUL;
+ pass = getpwnam_alloc(guest_account);
- return NT_STATUS_OK;
+ nt_status = pdb_fill_sam_pw(user, pass);
+
+ passwd_free(&pass);
+ return nt_status;
}
@@ -76,17 +61,35 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
**************************************************************************/
static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods,
- SAM_ACCOUNT *sam_account, uint32 rid)
+ SAM_ACCOUNT *user, uint32 rid)
{
- if (rid != DOMAIN_USER_RID_GUEST) {
- return NT_STATUS_NO_SUCH_USER;
+ NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+ struct passwd *pass = NULL;
+ const char *guest_account = lp_guestaccount();
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return nt_status;
}
- if (!sam_account) {
- return NT_STATUS_INVALID_PARAMETER;
+ if (!methods) {
+ DEBUG(0,("invalid methods\n"));
+ return nt_status;
+ }
+
+ if (rid == DOMAIN_USER_RID_GUEST) {
+ pass = getpwnam_alloc(guest_account);
+ if (!pass) {
+ DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+ } else {
+ return NT_STATUS_NO_SUCH_USER;
}
- return guestsam_getsampwnam (methods, sam_account, lp_guestaccount());
+ nt_status = pdb_fill_sam_pw(user, pass);
+ passwd_free(&pass);
+
+ return nt_status;
}
static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
@@ -94,7 +97,6 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
uint32 rid;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return NT_STATUS_NO_SUCH_USER;
-
return guestsam_getsampwrid(my_methods, user, rid);
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index b23b7286ea..4abc7b569c 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1533,11 +1533,12 @@ Initialize SAM_ACCOUNT from an LDAP query (unix attributes only)
*********************************************************************/
static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
SAM_ACCOUNT * sampass,
- LDAPMessage * entry,
- gid_t *gid)
+ LDAPMessage * entry)
{
pstring homedir;
pstring temp;
+ uid_t uid;
+ gid_t gid;
char **ldap_values;
char **values;
@@ -1562,12 +1563,19 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir))
return False;
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp))
+ return False;
+
+ uid = (uid_t)atol(temp);
+
if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp))
return False;
gid = (gid_t)atol(temp);
pdb_set_unix_homedir(sampass, homedir, PDB_SET);
+ pdb_set_uid(sampass, uid, PDB_SET);
+ pdb_set_gid(sampass, gid, PDB_SET);
DEBUG(10, ("user has posixAcccount attributes\n"));
return True;
@@ -1609,7 +1617,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
uint8 hours[MAX_HOURS_LEN];
pstring temp;
uid_t uid = -1;
- gid_t gid = getegid();
+ gid_t gid = getegid();
+
/*
* do a little initialization
@@ -1681,17 +1690,40 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
* If so configured, try and get the values from LDAP
*/
- if (!lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) {
+ if (!lp_ldap_trust_ids() || (!get_unix_attributes(ldap_state, sampass, entry))) {
- if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) {
- GROUP_MAP map;
- /* call the mapping code here */
- if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
- pdb_set_group_sid(sampass, &map.sid, PDB_SET);
- }
- else {
- pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
+ /*
+ * Otherwise just ask the system getpw() calls.
+ */
+
+ pw = getpwnam_alloc(username);
+ if (pw == NULL) {
+ if (! ldap_state->permit_non_unix_accounts) {
+ DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username));
+ return False;
}
+ } else {
+ uid = pw->pw_uid;
+ pdb_set_uid(sampass, uid, PDB_SET);
+ gid = pw->pw_gid;
+ pdb_set_gid(sampass, gid, PDB_SET);
+
+ pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
+
+ passwd_free(&pw);
+ }
+ }
+
+ if ((pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT)
+ && (pdb_get_init_flags(sampass,PDB_GID) != PDB_DEFAULT)) {
+ GROUP_MAP map;
+ gid = pdb_get_gid(sampass);
+ /* call the mapping code here */
+ if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+ pdb_set_group_sid(sampass, &map.sid, PDB_SET);
+ }
+ else {
+ pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
}
}
@@ -3069,7 +3101,7 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
return NT_STATUS_OK;
}
-static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
@@ -3133,7 +3165,7 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) {
return nt_status;
}
@@ -3165,54 +3197,50 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
return NT_STATUS_OK;
}
-static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+static NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
- uint32 low_idmap_uid, high_idmap_uid;
- uint32 low_idmap_gid, high_idmap_gid;
+ uint32 low_winbind_uid, high_winbind_uid;
+ uint32 low_winbind_gid, high_winbind_gid;
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) {
return nt_status;
}
- (*pdb_method)->name = "ldapsam";
+ (*pdb_method)->name = "ldapsam_nua";
ldap_state = (*pdb_method)->private_data;
ldap_state->permit_non_unix_accounts = True;
/* We know these uids can't turn up as allogorithmic RIDs */
- if (!lp_idmap_uid(&low_idmap_uid, &high_idmap_uid)) {
- DEBUG(0, ("cannot use ldapsam_nua without 'idmap uid' range in smb.conf!\n"));
+ if (!lp_winbind_uid(&low_winbind_uid, &high_winbind_uid)) {
+ DEBUG(0, ("cannot use ldapsam_nua without 'winbind uid' range in smb.conf!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
/* We know these gids can't turn up as allogorithmic RIDs */
- if (!lp_idmap_gid(&low_idmap_gid, &high_idmap_gid)) {
+ if (!lp_winbind_gid(&low_winbind_gid, &high_winbind_gid)) {
DEBUG(0, ("cannot use ldapsam_nua without 'wibnind gid' range in smb.conf!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_idmap_uid);
+ ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_winbind_uid);
- ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_idmap_uid);
+ ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_winbind_uid);
- ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_idmap_gid);
+ ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_winbind_gid);
- ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_idmap_gid);
+ ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_winbind_gid);
return NT_STATUS_OK;
}
NTSTATUS pdb_ldap_init(void)
{
- NTSTATUS nt_status;
- if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam)))
- return nt_status;
-
- if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat)))
- return nt_status;
-
+ smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam);
+ smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat);
+ smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_nua", pdb_init_ldapsam_nua);
return NT_STATUS_OK;
}
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c
index 4e4aaed02b..cd9288fed0 100644
--- a/source3/passdb/pdb_nisplus.c
+++ b/source3/passdb/pdb_nisplus.c
@@ -876,6 +876,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf,
pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET);
pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT);
+ pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET);
+ pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET);
pdb_set_user_sid_from_rid (pw_buf,
atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET);
pdb_set_group_sid_from_rid (pw_buf,
@@ -947,8 +949,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf,
if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) &&
strncasecmp (ptr, "NO PASSWORD", 11)) {
if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbntpwd)) {
- DEBUG (0, ("malformed NT pwd entry:\ %s.\n",
- pdb_get_username (pw_buf)));
+ DEBUG (0, ("malformed NT pwd entry:\
+ uid = %d.\n", pdb_get_uid (pw_buf)));
return False;
}
if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET))
@@ -1045,8 +1047,6 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
BOOL need_to_modify = False;
const char *name = pdb_get_username (sampass); /* from SAM */
- uint32 u_rid;
- uint32 g_rid;
/* these must be static or allocate and free entry columns! */
static fstring uid; /* from SAM */
static fstring user_rid; /* from SAM */
@@ -1065,15 +1065,31 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
static fstring acct_desc; /* from SAM */
static char empty[1]; /* just an empty string */
- if (!(u_rid = pdb_get_user_rid (sampass)))
- return False;
- if (!(g_rid = pdb_get_group_rid (sampass)))
- return False;
+ slprintf (uid, sizeof (uid) - 1, "%u", pdb_get_uid (sampass));
+ slprintf (user_rid, sizeof (user_rid) - 1, "%u",
+ pdb_get_user_rid (sampass) ? pdb_get_user_rid (sampass) :
+ fallback_pdb_uid_to_user_rid (pdb_get_uid (sampass)));
+ slprintf (gid, sizeof (gid) - 1, "%u", pdb_get_gid (sampass));
+
+ {
+ uint32 rid;
+ GROUP_MAP map;
+
+ rid = pdb_get_group_rid (sampass);
+
+ if (rid == 0) {
+ if (pdb_getgrgid(&map, pdb_get_gid (sampass),
+ MAPPING_WITHOUT_PRIV)) {
+ if (!sid_peek_check_rid
+ (get_global_sam_sid (), &map.sid, &rid))
+ return False;
+ } else
+ rid = pdb_gid_to_group_rid (pdb_get_gid
+ (sampass));
+ }
- slprintf (uid, sizeof (uid) - 1, "%u", fallback_pdb_user_rid_to_uid (u_rid));
- slprintf (user_rid, sizeof (user_rid) - 1, "%u", u_rid);
- slprintf (gid, sizeof (gid) - 1, "%u", fallback_pdb_group_rid_to_uid (g_rid));
- slprintf (group_rid, sizeof (group_rid) - 1, "%u", g_rid);
+ slprintf (group_rid, sizeof (group_rid) - 1, "%u", rid);
+ }
acb = pdb_encode_acct_ctrl (pdb_get_acct_ctrl (sampass),
NEW_PW_FORMAT_SPACE_PADDED_LEN);
@@ -1117,27 +1133,51 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
/* uid */
- if (!ENTRY_VAL (old, NPF_UID) || strcmp (ENTRY_VAL (old, NPF_UID), uid)) {
+ if (pdb_get_uid (sampass) != -1) {
+ if (!ENTRY_VAL (old, NPF_UID)
+ || strcmp (ENTRY_VAL (old, NPF_UID), uid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_UID, uid, strlen (uid), EN_MODIFIED);
+ set_single_attribute (obj, NPF_UID, uid,
+ strlen (uid),
+ EN_MODIFIED);
+ }
}
/* user_rid */
- if (!ENTRY_VAL (old, NPF_USER_RID) || strcmp (ENTRY_VAL (old, NPF_USER_RID), user_rid)) {
+ if (pdb_get_user_rid (sampass)) {
+ if (!ENTRY_VAL (old, NPF_USER_RID) ||
+ strcmp (ENTRY_VAL (old, NPF_USER_RID),
+ user_rid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_USER_RID, user_rid, strlen (user_rid), EN_MODIFIED);
+ set_single_attribute (obj, NPF_USER_RID,
+ user_rid,
+ strlen (user_rid),
+ EN_MODIFIED);
+ }
}
/* smb_grpid */
- if (!ENTRY_VAL (old, NPF_SMB_GRPID) || strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) {
+ if (pdb_get_gid (sampass) != -1) {
+ if (!ENTRY_VAL (old, NPF_SMB_GRPID) ||
+ strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_SMB_GRPID, gid, strlen (gid), EN_MODIFIED);
+ set_single_attribute (obj, NPF_SMB_GRPID, gid,
+ strlen (gid),
+ EN_MODIFIED);
+ }
}
/* group_rid */
- if (!ENTRY_VAL (old, NPF_GROUP_RID) || strcmp (ENTRY_VAL (old, NPF_GROUP_RID), group_rid)) {
+ if (pdb_get_group_rid (sampass)) {
+ if (!ENTRY_VAL (old, NPF_GROUP_RID) ||
+ strcmp (ENTRY_VAL (old, NPF_GROUP_RID),
+ group_rid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_GROUP_RID, group_rid, strlen (group_rid), EN_MODIFIED);
+ set_single_attribute (obj, NPF_GROUP_RID,
+ group_rid,
+ strlen (group_rid),
+ EN_MODIFIED);
+ }
}
/* acb */
diff --git a/source3/sam/sam_plugin.c b/source3/passdb/pdb_plugin.c
index fd26c4b8d3..ea67da23a5 100644
--- a/source3/sam/sam_plugin.c
+++ b/source3/passdb/pdb_plugin.c
@@ -1,9 +1,8 @@
/*
Unix SMB/CIFS implementation.
- Loadable san module interface.
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
+ Loadable passdb module interface.
+ Copyright (C) Jelmer Vernooij 2002
+ Copyright (C) Andrew Bartlett 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -23,57 +22,57 @@
#include "includes.h"
#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
+#define DBGC_CLASS DBGC_PASSDB
-NTSTATUS sam_init_plugin(SAM_METHODS *sam_methods, const char *module_params)
+NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
- void *dl_handle;
- char *plugin_params, *plugin_name, *p;
- sam_init_function plugin_init;
+ void * dl_handle;
+ char *plugin_location, *plugin_name, *p;
+ pdb_init_function plugin_init;
int (*plugin_version)(void);
- if (module_params == NULL) {
+ if (location == NULL) {
DEBUG(0, ("The plugin module needs an argument!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- plugin_name = smb_xstrdup(module_params);
+ plugin_name = smb_xstrdup(location);
p = strchr(plugin_name, ':');
if (p) {
*p = 0;
- plugin_params = p+1;
- trim_string(plugin_params, " ", " ");
- } else plugin_params = NULL;
+ plugin_location = p+1;
+ trim_string(plugin_location, " ", " ");
+ } else plugin_location = NULL;
trim_string(plugin_name, " ", " ");
DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name));
- dl_handle = sys_dlopen(plugin_name, RTLD_NOW);
+ dl_handle = sys_dlopen(plugin_name, RTLD_NOW );
if (!dl_handle) {
DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
- plugin_version = sys_dlsym(dl_handle, "sam_version");
+ plugin_version = sys_dlsym(dl_handle, "pdb_version");
if (!plugin_version) {
sys_dlclose(dl_handle);
- DEBUG(0, ("Failed to find function 'sam_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
+ DEBUG(0, ("Failed to find function 'pdb_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
- if (plugin_version()!=SAM_INTERFACE_VERSION) {
+ if (plugin_version() != PASSDB_INTERFACE_VERSION) {
sys_dlclose(dl_handle);
- DEBUG(0, ("Wrong SAM_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n",
- plugin_version(),SAM_INTERFACE_VERSION));
+ DEBUG(0, ("Wrong PASSDB_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n",
+ plugin_version(),PASSDB_INTERFACE_VERSION));
return NT_STATUS_UNSUCCESSFUL;
}
- plugin_init = sys_dlsym(dl_handle, "sam_init");
+ plugin_init = sys_dlsym(dl_handle, "pdb_init");
if (!plugin_init) {
sys_dlclose(dl_handle);
- DEBUG(0, ("Failed to find function 'sam_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
+ DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
- DEBUG(5, ("Starting sam plugin %s with parameters %s for domain %s\n", plugin_name, plugin_params, sam_methods->domain_name));
- return plugin_init(sam_methods, plugin_params);
+ DEBUG(5, ("Starting sam plugin %s with location %s\n", plugin_name, plugin_location));
+ return plugin_init(pdb_context, pdb_method, plugin_location);
}
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 91fc7bc8e0..cd66cf269c 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1134,23 +1134,28 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
uid_t uid;
- uint32 rid;
if (sampass == NULL)
return False;
- rid = pdb_get_user_rid(sampass);
-
- /* If the user specified a RID, make sure its able to be both stored and retreived */
- if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) {
- DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
- return False;
- }
-
ZERO_STRUCTP(smb_pw);
+
+ if (!IS_SAM_UNIX_USER(sampass)) {
+ smb_pw->smb_userid_set = False;
+ DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n"));
+ } else {
+ uint32 rid = pdb_get_user_rid(sampass);
+ smb_pw->smb_userid_set = True;
+ uid = pdb_get_uid(sampass);
- smb_pw->smb_userid_set = True;
- smb_pw->smb_userid=uid;
+ /* If the user specified a RID, make sure its able to be both stored and retreived */
+ if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+ return False;
+ }
+
+ smb_pw->smb_userid=uid;
+ }
smb_pw->smb_name=(const char*)pdb_get_username(sampass);
@@ -1502,6 +1507,7 @@ static void free_private_data(void **vp)
/* No need to free any further, as it is talloc()ed */
}
+
NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
@@ -1548,16 +1554,35 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
(*pdb_method)->free_private_data = free_private_data;
- if (lp_idmap_uid(&privates->low_nua_userid, &privates->high_nua_userid)) {
- DEBUG(0, ("idmap uid range defined, non unix accounts enabled\n"));
- privates->permit_non_unix_accounts = True;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS pdb_init_smbpasswd_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+ NTSTATUS nt_status;
+ struct smbpasswd_privates *privates;
+
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_smbpasswd(pdb_context, pdb_method, location))) {
+ return nt_status;
+ }
+
+ (*pdb_method)->name = "smbpasswd_nua";
+
+ privates = (*pdb_method)->private_data;
+
+ privates->permit_non_unix_accounts = True;
+
+ if (!lp_winbind_uid(&privates->low_nua_userid, &privates->high_nua_userid)) {
+ DEBUG(0, ("cannot use smbpasswd_nua without 'winbind uid' range in smb.conf!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
-int pdb_smbpasswd_init(void)
+NTSTATUS pdb_smbpasswd_init(void)
{
smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
- return True;
+ smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd_nua", pdb_init_smbpasswd_nua);
+ return NT_STATUS_OK;
}
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 74437cba6f..c3538042ee 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -101,7 +101,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
BOOL ret = True;
struct passwd *pw;
uid_t uid = -1;
- gid_t gid = -1;
+ gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
if(sampass == NULL || buf == NULL) {
DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n"));
@@ -145,6 +145,30 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
goto done;
}
+ /* validate the account and fill in UNIX uid and gid. Standard
+ * getpwnam() is used instead of Get_Pwnam() as we do not need
+ * to try case permutations
+ */
+ if (!username || !(pw = getpwnam_alloc(username))) {
+ if (!(tdb_state->permit_non_unix_accounts)) {
+ DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username));
+ ret = False;
+ goto done;
+ }
+ }
+
+ if (pw) {
+ uid = pw->pw_uid;
+ gid = pw->pw_gid;
+
+ pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
+
+ passwd_free(&pw);
+
+ pdb_set_uid(sampass, uid, PDB_SET);
+ pdb_set_gid(sampass, gid, PDB_SET);
+ }
+
pdb_set_logon_time(sampass, logon_time, PDB_SET);
pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
@@ -640,7 +664,7 @@ static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT
return nt_status;
}
- fstrcpy(name, data.dptr);
+ fstrcpy (name, data.dptr);
SAFE_FREE(data.dptr);
tdb_close (pwd_tdb);
@@ -744,40 +768,54 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
return False;
}
- if (!pdb_get_group_rid(newpwd)) {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
- ret = False;
- goto done;
- }
-
/* if flag == TDB_INSERT then make up a new RID else throw an error. */
if (!(user_rid = pdb_get_user_rid(newpwd))) {
- if ((flag & TDB_INSERT) && tdb_state->permit_non_unix_accounts) {
- uint32 lowrid, highrid;
- if (!idmap_get_free_rid_range(&lowrid, &highrid)) {
- /* should never happen */
- DEBUG(0, ("tdbsam: something messed up, no high/low rids but nua enabled ?!\n"));
- ret = False;
- goto done;
- }
- user_rid = lowrid;
- tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
- if (!tdb_ret) {
- ret = False;
- goto done;
+ if (flag & TDB_INSERT) {
+ if (IS_SAM_UNIX_USER(newpwd)) {
+ if (tdb_state->algorithmic_rids) {
+ user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd));
+ } else {
+ user_rid = BASE_RID;
+ tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
+ if (!tdb_ret) {
+ ret = False;
+ goto done;
+ }
+ }
+ pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
+ } else {
+ user_rid = tdb_state->low_nua_rid;
+ tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
+ if (!tdb_ret) {
+ ret = False;
+ goto done;
+ }
+ if (user_rid > tdb_state->high_nua_rid) {
+ DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd)));
+ ret = False;
+ goto done;
+ }
+ pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
}
- if (user_rid > highrid) {
- DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd)));
- ret = False;
- goto done;
- }
- if (!pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED)) {
- DEBUG(0, ("tdbsam: not able to set new allocated user RID into sam account!\n"));
+ } else {
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
+ ret = False;
+ goto done;
+ }
+ }
+
+ if (!pdb_get_group_rid(newpwd)) {
+ if (flag & TDB_INSERT) {
+ if (!tdb_state->permit_non_unix_accounts) {
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
ret = False;
goto done;
+ } else {
+ /* This seems like a good default choice for non-unix users */
+ pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
}
} else {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
ret = False;
goto done;
}
@@ -799,7 +837,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
/* setup the USER index key */
slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
+ key.dsize = strlen (keystr) + 1;
/* add the account */
if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
@@ -811,7 +849,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
}
/* setup RID data */
- data.dsize = strlen(name) + 1;
+ data.dsize = sizeof(fstring);
data.dptr = name;
/* setup the RID index key */
@@ -836,49 +874,6 @@ done:
return (ret);
}
-#if 0
-/***************************************************************************
- Allocates a new RID and returns it to the caller as a domain sid
-
- NOTE: Use carefullt, do not waste RIDs they are a limited resource!
- - SSS
- ***************************************************************************/
-
-static NTSTATUS tdbsam_get_next_sid (struct pdb_methods *my_methods, DOM_SID *sid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
- TDB_CONTEXT *pwd_tdb;
- uint32 rid;
-
- if (sid == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
- if (!pwd_tdb)
- {
- DEBUG(0, ("tdbsam_get_next_sid: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- rid = BASE_RID;
- if (tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &rid, 1)) {
-
- sid_copy(sid, get_global_sam_sid());
- if (!sid_append_rid(sid, rid)) {
- goto done;
- }
-
- ret = NT_STATUS_OK;
- }
-
-done:
- tdb_close (pwd_tdb);
- return ret;
-}
-#endif
-
/***************************************************************************
Modifies an existing SAM_ACCOUNT
****************************************************************************/
@@ -917,7 +912,14 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
{
NTSTATUS nt_status;
struct tdbsam_privates *tdb_state;
- uint32 low_nua_uid, high_nua_uid;
+
+#if 0 /* when made a module use this */
+ tdbsam_debug_level = debug_add_class("tdbsam");
+ if(tdbsam_debug_level == -1) {
+ tdbsam_debug_level = DBGC_ALL;
+ DEBUG(0, ("tdbsam: Couldn't register custom debugging class!\n"));
+ }
+#endif
if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
return nt_status;
@@ -951,29 +953,47 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile);
}
+ tdb_state->algorithmic_rids = True;
+
(*pdb_method)->private_data = tdb_state;
(*pdb_method)->free_private_data = free_private_data;
- if (lp_idmap_uid(&low_nua_uid, &high_nua_uid)) {
- DEBUG(0, ("idmap uid range defined, non unix accounts enabled\n"));
+ return NT_STATUS_OK;
+}
- tdb_state->permit_non_unix_accounts = True;
+NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+ NTSTATUS nt_status;
+ struct tdbsam_privates *tdb_state;
+ uint32 low_nua_uid, high_nua_uid;
- tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_tdbsam(pdb_context, pdb_method, location))) {
+ return nt_status;
+ }
- tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
+ (*pdb_method)->name = "tdbsam_nua";
- } else {
- tdb_state->algorithmic_rids = True;
+ tdb_state = (*pdb_method)->private_data;
+
+ tdb_state->permit_non_unix_accounts = True;
+
+ if (!lp_winbind_uid(&low_nua_uid, &high_nua_uid)) {
+ DEBUG(0, ("cannot use tdbsam_nua without 'winbind uid' range in smb.conf!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
}
+ tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
+
+ tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
+
return NT_STATUS_OK;
}
-int pdb_tdbsam_init(void)
+NTSTATUS pdb_tdbsam_init(void)
{
smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam);
- return True;
+ smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam_nua", pdb_init_tdbsam_nua);
+ return NT_STATUS_OK;
}
diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c
deleted file mode 100644
index 395795758f..0000000000
--- a/source3/passdb/pdb_unix.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Unix password backend for samba
- * Copyright (C) Jelmer Vernooij 2002
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-/******************************************************************
- Lookup a name in the SAM database
- ******************************************************************/
-
-static NTSTATUS unixsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
-{
- struct passwd *pass;
- if (!methods) {
- DEBUG(0,("invalid methods\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (!sname) {
- DEBUG(0,("invalid name specified"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- pass = Get_Pwnam(sname);
-
- return pdb_fill_sam_pw(user, pass);
-}
-
-
-/***************************************************************************
- Search by rid
- **************************************************************************/
-
-static NTSTATUS unixsam_getsampwrid (struct pdb_methods *methods,
- SAM_ACCOUNT *user, uint32 rid)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct passwd *pass = NULL;
- const char *guest_account = lp_guestaccount();
- if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
- return nt_status;
- }
-
- if (!methods) {
- DEBUG(0,("invalid methods\n"));
- return nt_status;
- }
-
- if (rid == DOMAIN_USER_RID_GUEST) {
- pass = getpwnam_alloc(guest_account);
- if (!pass) {
- DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
- return nt_status;
- }
- } else if (fallback_pdb_rid_is_user(rid)) {
- pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
- }
-
- if (pass == NULL) {
- return nt_status;
- }
-
- nt_status = pdb_fill_sam_pw(user, pass);
- passwd_free(&pass);
-
- return nt_status;
-}
-
-static NTSTATUS unixsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
-{
- uint32 rid;
- if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
- return NT_STATUS_UNSUCCESSFUL;
- return unixsam_getsampwrid(my_methods, user, rid);
-}
-
-/***************************************************************************
- Updates a SAM_ACCOUNT
-
- This isn't a particulary practical option for pdb_unix. We certainly don't
- want to twidde the filesystem, so what should we do?
-
- Current plan is to transparently add the account. It should appear
- as if the pdb_unix version was modified, but its actually stored somehwere.
- ****************************************************************************/
-
-static NTSTATUS unixsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
-{
- return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
-}
-
-NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
-{
- NTSTATUS nt_status;
-
- if (!pdb_context) {
- DEBUG(0, ("invalid pdb_context specified\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
- return nt_status;
- }
-
- (*pdb_method)->name = "unixsam";
- (*pdb_method)->update_sam_account = unixsam_update_sam_account;
- (*pdb_method)->getsampwnam = unixsam_getsampwnam;
- (*pdb_method)->getsampwsid = unixsam_getsampwsid;
-
- /* There's not very much to initialise here */
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_unix_init(void)
-{
- return smb_register_passdb(PASSDB_INTERFACE_VERSION, "unixsam", pdb_init_unixsam);
-}
diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c
index 7a5c0e2b53..de2ee4594c 100644
--- a/source3/passdb/pdb_xml.c
+++ b/source3/passdb/pdb_xml.c
@@ -524,7 +524,7 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method
return nt_status;
}
- (*pdb_method)->name = "xmlsam";
+ (*pdb_method)->name = "xml";
(*pdb_method)->setsampwent = xmlsam_setsampwent;
(*pdb_method)->endsampwent = xmlsam_endsampwent;
diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c
index c845170749..b2f45ad366 100644
--- a/source3/printing/lpq_parse.c
+++ b/source3/printing/lpq_parse.c
@@ -145,8 +145,8 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
buf->size = atoi(tok[TOTALTOK]);
buf->status = strequal(tok[RANKTOK],"active")?LPQ_PRINTING:LPQ_QUEUED;
buf->time = time(NULL);
- StrnCpy(buf->fs_user,tok[USERTOK],sizeof(buf->fs_user)-1);
- StrnCpy(buf->fs_file,tok[FILETOK],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_user,tok[USERTOK]);
+ fstrcpy(buf->fs_file,tok[FILETOK]);
if ((FILETOK + 1) != TOTALTOK) {
int i;
@@ -266,7 +266,7 @@ static BOOL parse_lpq_lprng(char *line,print_queue_struct *buf,BOOL first)
buf->time = LPRng_time(tokarr[LPRNG_TIMETOK]);
- StrnCpy(buf->fs_user,tokarr[LPRNG_USERTOK],sizeof(buf->fs_user)-1);
+ fstrcpy(buf->fs_user,tokarr[LPRNG_USERTOK]);
/* The '@hostname' prevents windows from displaying the printing icon
* for the current user on the taskbar. Plop in a null.
@@ -276,7 +276,7 @@ static BOOL parse_lpq_lprng(char *line,print_queue_struct *buf,BOOL first)
*ptr = '\0';
}
- StrnCpy(buf->fs_file,tokarr[LPRNG_FILETOK],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_file,tokarr[LPRNG_FILETOK]);
if ((LPRNG_FILETOK + 1) != LPRNG_TOTALTOK) {
int i;
@@ -353,8 +353,8 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
buf->status = strequal(tok[0],"HELD")?LPQ_PAUSED:LPQ_QUEUED;
buf->priority = 0;
buf->time = time(NULL);
- StrnCpy(buf->fs_user,tok[3],sizeof(buf->fs_user)-1);
- StrnCpy(buf->fs_file,tok[2],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_user,tok[3]);
+ fstrcpy(buf->fs_file,tok[2]);
}
else
{
@@ -387,8 +387,8 @@ static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
buf->status = strequal(tok[2],"RUNNING")?LPQ_PRINTING:LPQ_QUEUED;
buf->priority = 0;
buf->time = time(NULL);
- StrnCpy(buf->fs_user,tok[5],sizeof(buf->fs_user)-1);
- StrnCpy(buf->fs_file,tok[4],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_user,tok[5]);
+ fstrcpy(buf->fs_file,tok[4]);
}
@@ -449,14 +449,14 @@ static BOOL parse_lpq_hpux(char *line, print_queue_struct *buf, BOOL first)
fstrcpy(tok[0],"STDIN");
buf->size = atoi(tok[1]);
- StrnCpy(buf->fs_file,tok[0],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_file,tok[0]);
/* fill things from header line */
buf->time = jobtime;
buf->job = jobid;
buf->status = jobstat;
buf->priority = jobprio;
- StrnCpy(buf->fs_user,jobuser,sizeof(buf->fs_user)-1);
+ fstrcpy(buf->fs_user,jobuser);
return(True);
}
@@ -482,7 +482,7 @@ static BOOL parse_lpq_hpux(char *line, print_queue_struct *buf, BOOL first)
/* the 2nd, 5th & 7th column must be integer */
if (!isdigit((int)*tok[1]) || !isdigit((int)*tok[4]) || !isdigit((int)*tok[6])) return(False);
jobid = atoi(tok[1]);
- StrnCpy(jobuser,tok[2],sizeof(buf->fs_user)-1);
+ fstrcpy(jobuser,tok[2]);
jobprio = atoi(tok[4]);
/* process time */
@@ -573,8 +573,8 @@ static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
buf->status = LPQ_QUEUED;
buf->priority = 0;
buf->time = EntryTime(tok, 4, count, 7);
- StrnCpy(buf->fs_user,tok[2],sizeof(buf->fs_user)-1);
- StrnCpy(buf->fs_file,tok[2],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_user,tok[2]);
+ fstrcpy(buf->fs_file,tok[2]);
return(True);
}
@@ -633,8 +633,8 @@ static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
buf->status = strequal(tok[3],"active")?LPQ_PRINTING:LPQ_QUEUED;
buf->priority = 0;
buf->time = time(NULL);
- StrnCpy(buf->fs_user,tok[1],sizeof(buf->fs_user)-1);
- StrnCpy(buf->fs_file,tok[6],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_user,tok[1]);
+ fstrcpy(buf->fs_file,tok[6]);
return(True);
}
@@ -704,8 +704,8 @@ static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
buf->status = strequal(tok[0],"active")?LPQ_PRINTING:LPQ_QUEUED;
buf->priority = 0;
buf->time = time(NULL);
- StrnCpy(buf->fs_user,tok[1],sizeof(buf->fs_user)-1);
- StrnCpy(buf->fs_file,tok[6],sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_user,tok[1]);
+ fstrcpy(buf->fs_file,tok[6]);
return(True);
}
@@ -779,8 +779,8 @@ static BOOL parse_lpq_nt(char *line,print_queue_struct *buf,BOOL first)
buf->priority = 0;
buf->size = atoi(parse_line.size);
buf->time = time(NULL);
- StrnCpy(buf->fs_user, parse_line.owner, sizeof(buf->fs_user)-1);
- StrnCpy(buf->fs_file, parse_line.jobname, sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_user, parse_line.owner);
+ fstrcpy(buf->fs_file, parse_line.jobname);
if (strequal(parse_line.status, LPRNT_PRINTING))
buf->status = LPQ_PRINTING;
else if (strequal(parse_line.status, LPRNT_PAUSED))
@@ -838,7 +838,7 @@ static BOOL parse_lpq_os2(char *line,print_queue_struct *buf,BOOL first)
/* Get the job name */
parse_line.space2[0] = '\0';
trim_string(parse_line.jobname, NULL, " ");
- StrnCpy(buf->fs_file, parse_line.jobname, sizeof(buf->fs_file)-1);
+ fstrcpy(buf->fs_file, parse_line.jobname);
buf->priority = 0;
buf->size = atoi(parse_line.size);
@@ -856,7 +856,7 @@ static BOOL parse_lpq_os2(char *line,print_queue_struct *buf,BOOL first)
!strequal(parse_line.status, LPROS2_WAITING))
return(False);
- StrnCpy(buf->fs_user, parse_line.owner, sizeof(buf->fs_user)-1);
+ fstrcpy(buf->fs_user, parse_line.owner);
if (strequal(parse_line.status, LPROS2_PRINTING))
buf->status = LPQ_PRINTING;
else if (strequal(parse_line.status, LPROS2_PAUSED))
@@ -990,23 +990,23 @@ BOOL parse_lpq_entry(int snum,char *line,
case LPSTAT_OK:
for (i=0; stat0_strings[i]; i++)
if (strstr(line,stat0_strings[i])) {
- StrnCpy(status->message,line,sizeof(status->message)-1);
- status->status=LPSTAT_OK;
- return ret;
+ fstrcpy(status->message,line);
+ status->status=LPSTAT_OK;
+ return ret;
}
case LPSTAT_STOPPED:
for (i=0; stat1_strings[i]; i++)
if (strstr(line,stat1_strings[i])) {
- StrnCpy(status->message,line,sizeof(status->message)-1);
- status->status=LPSTAT_STOPPED;
- return ret;
+ fstrcpy(status->message,line);
+ status->status=LPSTAT_STOPPED;
+ return ret;
}
case LPSTAT_ERROR:
for (i=0; stat2_strings[i]; i++)
if (strstr(line,stat2_strings[i])) {
- StrnCpy(status->message,line,sizeof(status->message)-1);
- status->status=LPSTAT_ERROR;
- return ret;
+ fstrcpy(status->message,line);
+ status->status=LPSTAT_ERROR;
+ return ret;
}
break;
}
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index a486fb9c00..685f5ff499 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -198,6 +198,22 @@ static const nt_forms_struct default_forms[] = {
{"PRC Envelope #10 Rotated",0x1,0x6fd10,0x4f1a0,0x0,0x0,0x6fd10,0x4f1a0}
};
+struct table_node {
+ const char *long_archi;
+ const char *short_archi;
+ int version;
+};
+
+static const struct table_node archi_table[]= {
+
+ {"Windows 4.0", "WIN40", 0 },
+ {"Windows NT x86", "W32X86", 2 },
+ {"Windows NT R4000", "W32MIPS", 2 },
+ {"Windows NT Alpha_AXP", "W32ALPHA", 2 },
+ {"Windows NT PowerPC", "W32PPC", 2 },
+ {NULL, "", -1 }
+};
+
static BOOL upgrade_to_version_3(void)
{
TDB_DATA kbuf, newkey, dbuf;
@@ -638,12 +654,12 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count)
int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
{
int total=0;
- fstring short_archi;
+ const char *short_archi;
fstring *fl;
pstring key;
TDB_DATA kbuf, newkey;
- get_short_archi(short_archi, architecture);
+ short_archi = get_short_archi(architecture);
slprintf(key, sizeof(key)-1, "%s%s/%d/", DRIVERS_PREFIX, short_archi, version);
for (kbuf = tdb_firstkey(tdb_drivers);
@@ -667,52 +683,32 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
}
/****************************************************************************
- Function to do the mapping between the long architecture name and
- the short one.
+function to do the mapping between the long architecture name and
+the short one.
****************************************************************************/
-BOOL get_short_archi(char *short_archi, const char *long_archi)
+const char *get_short_archi(const char *long_archi)
{
- struct table {
- const char *long_archi;
- const char *short_archi;
- };
-
- struct table archi_table[]=
- {
- {"Windows 4.0", "WIN40" },
- {"Windows NT x86", "W32X86" },
- {"Windows NT R4000", "W32MIPS" },
- {"Windows NT Alpha_AXP", "W32ALPHA" },
- {"Windows NT PowerPC", "W32PPC" },
- {NULL, "" }
- };
-
- int i=-1;
+ int i=-1;
- DEBUG(107,("Getting architecture dependant directory\n"));
+ DEBUG(107,("Getting architecture dependant directory\n"));
+ do {
+ i++;
+ } while ( (archi_table[i].long_archi!=NULL ) &&
+ StrCaseCmp(long_archi, archi_table[i].long_archi) );
- if (long_archi == NULL) {
- DEBUGADD(107,("Bad long_archi param.!\n"));
- return False;
- }
+ if (archi_table[i].long_archi==NULL) {
+ DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi));
+ return NULL;
+ }
- do {
- i++;
- } while ( (archi_table[i].long_archi!=NULL ) &&
- StrCaseCmp(long_archi, archi_table[i].long_archi) );
+ /* this might be client code - but shouldn't this be an fstrcpy etc? */
- if (archi_table[i].long_archi==NULL) {
- DEBUGADD(107,("Unknown architecture [%s] !\n", long_archi));
- return False;
- }
- StrnCpy (short_archi, archi_table[i].short_archi, strlen(archi_table[i].short_archi));
+ DEBUGADD(108,("index: [%d]\n", i));
+ DEBUGADD(108,("long architecture: [%s]\n", archi_table[i].long_archi));
+ DEBUGADD(108,("short architecture: [%s]\n", archi_table[i].short_archi));
- DEBUGADD(108,("index: [%d]\n", i));
- DEBUGADD(108,("long architecture: [%s]\n", long_archi));
- DEBUGADD(108,("short architecture: [%s]\n", short_archi));
-
- return True;
+ return archi_table[i].short_archi;
}
/****************************************************************************
@@ -1066,7 +1062,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr
/****************************************************************************
Determine the correct cVersion associated with an architecture and driver
****************************************************************************/
-static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in,
+static uint32 get_correct_cversion(const char *architecture, fstring driverpath_in,
struct current_user *user, WERROR *perr)
{
int cversion;
@@ -1111,7 +1107,7 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in,
}
/* We are temporarily becoming the connection user. */
- if (!become_user(conn, conn->vuid)) {
+ if (!become_user(conn, user->vuid)) {
DEBUG(0,("get_correct_cversion: Can't become user!\n"));
*perr = WERR_ACCESS_DENIED;
return -1;
@@ -1192,7 +1188,7 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in,
static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver,
struct current_user *user)
{
- fstring architecture;
+ const char *architecture;
fstring new_name;
char *p;
int i;
@@ -1232,7 +1228,7 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri
}
}
- get_short_archi(architecture, driver->environment);
+ architecture = get_short_archi(driver->environment);
/* jfm:7/16/2000 the client always sends the cversion=0.
* The server should check which version the driver is by reading
@@ -1256,7 +1252,7 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri
****************************************************************************/
static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver, struct current_user *user)
{
- fstring architecture;
+ const char *architecture;
fstring new_name;
char *p;
int i;
@@ -1296,7 +1292,7 @@ static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *dri
}
}
- get_short_archi(architecture, driver->environment);
+ architecture = get_short_archi(driver->environment);
/* jfm:7/16/2000 the client always sends the cversion=0.
* The server should check which version the driver is by reading
@@ -1382,7 +1378,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
{
NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver;
NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver;
- fstring architecture;
+ const char *architecture;
pstring new_dir;
pstring old_name;
pstring new_name;
@@ -1409,7 +1405,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
return False;
}
- get_short_archi(architecture, driver->environment);
+ architecture = get_short_archi(driver->environment);
/*
* Connect to the print$ share under the same account as the user connected to the rpc pipe.
@@ -1589,7 +1585,7 @@ BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver)
{
int len, buflen;
- fstring architecture;
+ const char *architecture;
pstring directory;
fstring temp_name;
pstring key;
@@ -1597,7 +1593,7 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver)
int i, ret;
TDB_DATA kbuf, dbuf;
- get_short_archi(architecture, driver->environment);
+ architecture = get_short_archi(driver->environment);
/* The names are relative. We store them in the form: \print$\arch\version\driver.xxx
* \\server is added in the rpc server layer.
@@ -1751,14 +1747,14 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr,
{
NT_PRINTER_DRIVER_INFO_LEVEL_3 driver;
TDB_DATA kbuf, dbuf;
- fstring architecture;
+ const char *architecture;
int len = 0;
int i;
pstring key;
ZERO_STRUCT(driver);
- get_short_archi(architecture, arch);
+ architecture = get_short_archi(arch);
DEBUG(8,("get_a_printer_driver_3: [%s%s/%d/%s]\n", DRIVERS_PREFIX, architecture, version, drivername));
@@ -2611,6 +2607,10 @@ static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer)
DEBUG(3, ("ads_init() failed\n"));
return WERR_SERVER_UNAVAILABLE;
}
+ setenv("KRB5CCNAME", "MEMORY:prtpub_cache", 1);
+ SAFE_FREE(ads->auth.password);
+ ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+ NULL, NULL);
ads_rc = ads_connect(ads);
if (!ADS_ERR_OK(ads_rc)) {
DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
@@ -2668,6 +2668,10 @@ WERROR unpublish_it(NT_PRINTER_INFO_LEVEL *printer)
DEBUG(3, ("ads_init() failed\n"));
return WERR_SERVER_UNAVAILABLE;
}
+ setenv("KRB5CCNAME", "MEMORY:prtpub_cache", 1);
+ SAFE_FREE(ads->auth.password);
+ ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
+ NULL, NULL);
ads_rc = ads_connect(ads);
if (!ADS_ERR_OK(ads_rc)) {
DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
@@ -4405,13 +4409,13 @@ WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct cur
uint32 version, BOOL delete_files )
{
pstring key;
- fstring arch;
+ const char *arch;
TDB_DATA kbuf, dbuf;
NT_PRINTER_DRIVER_INFO_LEVEL ctr;
/* delete the tdb data first */
- get_short_archi(arch, info_3->environment);
+ arch = get_short_archi(info_3->environment);
slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX,
arch, version, info_3->name);
diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
index c399c3c6cc..1bdbf4a789 100644
--- a/source3/printing/pcap.c
+++ b/source3/printing/pcap.c
@@ -384,7 +384,7 @@ void pcap_printer_fn(void (*fn)(char *, char *))
if (strlen(p)>strlen(comment) && has_punctuation)
{
- StrnCpy(comment,p,sizeof(comment)-1);
+ pstrcpy(comment,p);
continue;
}
@@ -398,8 +398,8 @@ void pcap_printer_fn(void (*fn)(char *, char *))
if (!strchr_m(comment,' ') &&
strlen(p) > strlen(comment))
{
- StrnCpy(comment,p,sizeof(comment)-1);
- continue;
+ pstrcpy(comment,p);
+ continue;
}
}
diff --git a/source3/python/py_winbind.c b/source3/python/py_winbind.c
index 0c40861c70..db66be2321 100644
--- a/source3/python/py_winbind.c
+++ b/source3/python/py_winbind.c
@@ -261,12 +261,12 @@ static PyObject *py_config_dict(void)
/* Winbind uid/gid range */
- if (lp_idmap_uid(&ulow, &uhi)) {
+ if (lp_winbind_uid(&ulow, &uhi)) {
PyDict_SetItemString(result, "uid_low", PyInt_FromLong(ulow));
PyDict_SetItemString(result, "uid_high", PyInt_FromLong(uhi));
}
- if (lp_idmap_gid(&glow, &ghi)) {
+ if (lp_winbind_gid(&glow, &ghi)) {
PyDict_SetItemString(result, "gid_low", PyInt_FromLong(glow));
PyDict_SetItemString(result, "gid_high", PyInt_FromLong(ghi));
}
diff --git a/source3/python/setup.py b/source3/python/setup.py
index 6569331031..a9f220f195 100755
--- a/source3/python/setup.py
+++ b/source3/python/setup.py
@@ -41,15 +41,24 @@ samba_srcdir = os.environ.get("SRCDIR", "")
samba_libs = os.environ.get("LIBS", "")
-# Convert libs and objs from space separated strings to lists of strings
-# for distutils to digest. Split "-l" prefix off library list.
-
obj_list = string.split(samba_objs)
-lib_list = []
+# Unfortunately the samba_libs variable contains both shared libraries
+# and linker flags. The python distutils doesn't like this so we have
+# to split $samba_libs into a flags component and a library component.
+
+libraries = []
+library_dirs = []
for lib in string.split(samba_libs):
- lib_list.append(string.replace(lib, "-l", ""))
+ if lib[0:2] == "-l":
+ libraries.append(lib[2:])
+ continue
+ if lib[0:2] == "-L":
+ library_dirs.append(lib[2:])
+ continue
+ print "Unknown entry '%s' in $LIBS variable passed to setup.py" % lib
+ sys.exit(1)
flags_list = string.split(samba_cflags)
@@ -96,8 +105,8 @@ setup(
samba_srcdir + "python/py_spoolss_jobs.c",
samba_srcdir + "python/py_spoolss_jobs_conv.c",
],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
@@ -107,8 +116,8 @@ setup(
sources = [samba_srcdir + "python/py_lsa.c",
samba_srcdir + "python/py_common.c",
samba_srcdir + "python/py_ntsec.c"],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
@@ -119,8 +128,8 @@ setup(
samba_srcdir + "python/py_conv.c",
samba_srcdir + "python/py_samr_conv.c",
samba_srcdir + "python/py_common.c"],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
@@ -131,8 +140,8 @@ setup(
samba_srcdir + "python/py_winbind_conv.c",
samba_srcdir + "python/py_conv.c",
samba_srcdir + "python/py_common.c"],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
@@ -141,8 +150,8 @@ setup(
Extension(name = "winreg",
sources = [samba_srcdir + "python/py_winreg.c",
samba_srcdir + "python/py_common.c"],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
@@ -153,8 +162,8 @@ setup(
samba_srcdir + "python/py_conv.c",
samba_srcdir + "python/py_srvsvc_conv.c",
samba_srcdir + "python/py_common.c"],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
@@ -162,8 +171,8 @@ setup(
Extension(name = "tdb",
sources = [samba_srcdir + "python/py_tdb.c"],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
@@ -173,8 +182,8 @@ setup(
sources = [samba_srcdir + "python/py_smb.c",
samba_srcdir + "python/py_common.c",
samba_srcdir + "python/py_ntsec.c"],
- libraries = lib_list,
- library_dirs = ["/usr/kerberos/lib"],
+ libraries = libraries,
+ library_dirs = ["/usr/kerberos/lib"] + library_dirs,
extra_compile_args = flags_list,
extra_objects = obj_list),
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 9002ad3d1b..db873236e4 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -1164,7 +1164,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx,
LSA_Q_ENUM_ACCT_RIGHTS q;
LSA_R_ENUM_ACCT_RIGHTS r;
NTSTATUS result;
- unsigned int i;
+ int i;
ZERO_STRUCT(q);
ZERO_STRUCT(r);
@@ -1199,7 +1199,7 @@ NTSTATUS cli_lsa_enum_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ctx,
*privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **));
for (i=0;i<*count;i++) {
- (*privs_name)[i] = unistr2_tdup(mem_ctx, &r.rights.strings[i].string);
+ pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer);
}
done:
@@ -1293,58 +1293,6 @@ done:
}
-/* list account SIDs that have the specified right */
-
-NTSTATUS cli_lsa_enum_account_with_right(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *pol, const char *right,
- uint32 *count, DOM_SID **sids)
-{
- prs_struct qbuf, rbuf;
- LSA_Q_ENUM_ACCT_WITH_RIGHT q;
- LSA_R_ENUM_ACCT_WITH_RIGHT r;
- NTSTATUS result;
-
- ZERO_STRUCT(q);
-
- /* Initialise parse structures */
- prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
- prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
-
- /* Marshall data and send request */
- init_q_enum_acct_with_right(&q, pol, right);
-
- if (!lsa_io_q_enum_acct_with_right("", &q, &qbuf, 0) ||
- !rpc_api_pipe_req(cli, LSA_ENUMACCTWITHRIGHT, &qbuf, &rbuf)) {
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- /* Unmarshall response */
-
- if (!lsa_io_r_enum_acct_with_right("", &r, &rbuf, 0)) {
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- *count = r.count;
-
- if (!NT_STATUS_IS_OK(result = r.status)) {
- goto done;
- }
-
- if (*count) {
- int i;
- (*sids) = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (*count));
- for (i=0; i<*count; i++) {
- sid_copy(&(*sids)[i], &r.sids.sids[i].sid.sid);
- }
- }
-done:
-
- return result;
-}
-
-
#if 0
/** An example of how to use the routines in this file. Fetch a DOMAIN
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ce0dd95e94..72240ca7d2 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -280,7 +280,7 @@ NTSTATUS cli_nt_setup_creds(struct cli_state *cli,
}
if (!NT_STATUS_IS_OK(result))
- DEBUG(1,("cli_nt_setup_creds: auth%d challenge failed %s\n", level, nt_errstr(result)));
+ DEBUG(3,("cli_nt_setup_creds: auth%d challenge failed %s\n", level, nt_errstr(result)));
return result;
}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 1c089e589b..f8472f3cfc 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -174,7 +174,8 @@ static void NTLMSSPcalc_ap( struct cli_state *cli, unsigned char *data, uint32 l
Never on bind requests/responses.
****************************************************************************/
-static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int auth_len)
+static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
+ uint32 fragment_start, int len, int auth_len, int *pauth_padding_len)
{
/*
* The following is that length of the data we must sign or seal.
@@ -187,12 +188,14 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int
/*
* The start of the data to sign/seal is just after the RPC headers.
*/
- char *reply_data = prs_data_p(rdata) + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
+ char *reply_data = prs_data_p(rdata) + fragment_start + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
BOOL auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
BOOL auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
BOOL auth_schannel = (cli->saved_netlogon_pipe_fnum != 0);
+ *pauth_padding_len = 0;
+
DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s schannel %s\n",
len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal), BOOLSTR(auth_schannel)));
@@ -297,8 +300,10 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int
if (auth_schannel) {
RPC_AUTH_NETSEC_CHK chk;
- char data[RPC_AUTH_NETSEC_CHK_LEN];
- char *dp = prs_data_p(rdata) + len - auth_len;
+ RPC_HDR_AUTH rhdr_auth;
+ char data[RPC_HDR_AUTH_LEN+RPC_AUTH_NETSEC_CHK_LEN];
+ char *dp = prs_data_p(rdata) + fragment_start + len -
+ RPC_HDR_AUTH_LEN - RPC_AUTH_NETSEC_CHK_LEN;
prs_struct auth_verf;
if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
@@ -322,7 +327,19 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int
/* The endinness must be preserved. JRA. */
prs_set_endian_data( &auth_verf, rdata->bigendian_data);
- prs_give_memory(&auth_verf, data, RPC_AUTH_NETSEC_CHK_LEN, False);
+ prs_give_memory(&auth_verf, data, sizeof(data), False);
+
+ if (!smb_io_rpc_hdr_auth("auth_hdr", &rhdr_auth, &auth_verf, 0)) {
+ DEBUG(0, ("rpc_auth_pipe: Could not parse schannel auth header\n"));
+ return False;
+ }
+
+ if ((rhdr_auth.auth_type != NETSEC_AUTH_TYPE) ||
+ (rhdr_auth.auth_level != NETSEC_AUTH_LEVEL)) {
+ DEBUG(0, ("rpc_auth_pipe: Got wrong schannel auth type/level: %d/%d\n",
+ rhdr_auth.auth_type, rhdr_auth.auth_level));
+ return False;
+ }
if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", &chk, &auth_verf, 0)) {
DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling "
@@ -336,6 +353,7 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int
DEBUG(0, ("rpc_auth_pipe: Could not decode schannel\n"));
return False;
}
+ *pauth_padding_len = rhdr_auth.padding;
}
return True;
}
@@ -379,6 +397,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd
char *prdata = NULL;
uint32 rdata_len = 0;
uint32 current_offset = 0;
+ uint32 fragment_start = 0;
uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
/* Create setup parameters - must be in native byte order. */
@@ -469,7 +488,10 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd
*/
if (rhdr.auth_len != 0) {
- if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+ int auth_padding_len = 0;
+
+ if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
+ rhdr.auth_len, &auth_padding_len))
return False;
/*
* Drop the auth footers from the current offset.
@@ -477,7 +499,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd
* The auth footers consist of the auth_data and the
* preceeding 8 byte auth_header.
*/
- current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
+ current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
}
/*
@@ -557,12 +579,17 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd
if (!rpc_read(cli, rdata, len, &current_offset))
return False;
+ fragment_start = current_offset - len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
+
/*
* Verify any authentication footer.
*/
if (rhdr.auth_len != 0 ) {
- if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+ int auth_padding_len = 0;
+
+ if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
+ rhdr.auth_len, &auth_padding_len))
return False;
/*
* Drop the auth footers from the current offset.
@@ -570,7 +597,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rd
* preceeding 8 byte auth_header.
* We need this if there are more fragments.
*/
- current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
+ current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
}
}
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index fc9999dc4d..0b45c0baf3 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -2219,21 +2219,18 @@ BOOL lsa_io_r_query_info2(const char *desc, LSA_R_QUERY_INFO2 *r_c,
if(!prs_uint32("ptr", ps, depth, &r_c->ptr))
return False;
-
- if (r_c->ptr != 0) {
- if(!prs_uint16("info_class", ps, depth, &r_c->info_class))
+ if(!prs_uint16("info_class", ps, depth, &r_c->info_class))
+ return False;
+ switch(r_c->info_class) {
+ case 0x000c:
+ if (!lsa_io_dns_dom_info("info12", &r_c->info.dns_dom_info,
+ ps, depth))
return False;
- switch(r_c->info_class) {
- case 0x000c:
- if (!lsa_io_dns_dom_info("info12", &r_c->info.dns_dom_info,
- ps, depth))
- return False;
break;
- default:
- DEBUG(0,("lsa_io_r_query_info2: unknown info class %d\n",
- r_c->info_class));
- return False;
- }
+ default:
+ DEBUG(0,("lsa_io_r_query_info2: unknown info class %d\n",
+ r_c->info_class));
+ return False;
}
if(!prs_align(ps))
@@ -2304,19 +2301,6 @@ BOOL lsa_io_r_enum_acct_rights(const char *desc, LSA_R_ENUM_ACCT_RIGHTS *r_c, pr
return True;
}
-/*******************************************************************
- Inits an LSA_R_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-void init_r_enum_acct_rights(LSA_R_ENUM_ACCT_RIGHTS *q_r,
- uint32 count,
- const char **rights)
-{
- DEBUG(5, ("init_r_enum_acct_rights\n"));
-
- q_r->count = count;
- init_unistr2_array(&q_r->rights, count, rights);
-}
-
/*******************************************************************
Inits an LSA_Q_ADD_ACCT_RIGHTS structure.
@@ -2332,6 +2316,7 @@ void init_q_add_acct_rights(LSA_Q_ADD_ACCT_RIGHTS *q_q,
q_q->pol = *hnd;
init_dom_sid2(&q_q->sid, sid);
init_unistr2_array(&q_q->rights, count, rights);
+ q_q->count = 5;
}
@@ -2372,15 +2357,6 @@ BOOL lsa_io_r_add_acct_rights(const char *desc, LSA_R_ADD_ACCT_RIGHTS *r_c, prs_
return True;
}
-/*******************************************************************
- Inits an LSA_R_ADD_ACCT_RIGHTS structure.
-********************************************************************/
-void init_r_add_acct_rights(LSA_R_ADD_ACCT_RIGHTS *q_r)
-{
- DEBUG(5, ("init_r_add_acct_rights\n"));
- /* oh what a silly function! */
-}
-
/*******************************************************************
Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure.
@@ -2398,6 +2374,7 @@ void init_q_remove_acct_rights(LSA_Q_REMOVE_ACCT_RIGHTS *q_q,
init_dom_sid2(&q_q->sid, sid);
q_q->removeall = removeall;
init_unistr2_array(&q_q->rights, count, rights);
+ q_q->count = 5;
}
@@ -2428,7 +2405,7 @@ BOOL lsa_io_q_remove_acct_rights(const char *desc, LSA_Q_REMOVE_ACCT_RIGHTS *q_q
}
/*******************************************************************
-reads or writes a LSA_R_REMOVE_ACCT_RIGHTS structure.
+reads or writes a LSA_R_ENUM_ACCT_RIGHTS structure.
********************************************************************/
BOOL lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *r_c, prs_struct *ps, int depth)
{
@@ -2440,89 +2417,3 @@ BOOL lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *r_c
return True;
}
-
-/*******************************************************************
- Inits an LSA_R_REMOVE_ACCT_RIGHTS structure.
-********************************************************************/
-void init_r_remove_acct_rights(LSA_R_REMOVE_ACCT_RIGHTS *q_r)
-{
- DEBUG(5, ("init_r_remove_acct_rights\n"));
-}
-
-/*******************************************************************
- Inits an LSA_Q_ENUM_ACCT_WITH_RIGHT structure.
-********************************************************************/
-void init_q_enum_acct_with_right(LSA_Q_ENUM_ACCT_WITH_RIGHT *q_q,
- POLICY_HND *hnd,
- const char *right)
-{
- DEBUG(5, ("init_q_enum_acct_with_right\n"));
-
- q_q->pol = *hnd;
- init_unistr2(&q_q->right, right, strlen(right));
- init_str_hdr(&q_q->right_hdr,
- q_q->right.uni_max_len*2,
- q_q->right.uni_max_len*2, right?1:0);
-}
-
-
-/*******************************************************************
-reads or writes a LSA_Q_ENUM_ACCT_WITH_RIGHT structure.
-********************************************************************/
-BOOL lsa_io_q_enum_acct_with_right(const char *desc, LSA_Q_ENUM_ACCT_WITH_RIGHT *q_q, prs_struct *ps, int depth)
-{
- prs_debug(ps, depth, desc, "lsa_io_q_enum_acct_with_right");
- depth++;
-
- if (!smb_io_pol_hnd("", &q_q->pol, ps, depth))
- return False;
-
- if (!prs_uint32("ref_id ", ps, depth, &q_q->right_hdr.buffer))
- return False;
-
- if (UNMARSHALLING(ps) && q_q->right_hdr.buffer == 0) {
- return True;
- }
-
- if (!smb_io_strhdr("", &q_q->right_hdr, ps, depth))
- return False;
-
- if (!smb_io_unistr2("", &q_q->right, q_q->right_hdr.buffer, ps, depth))
- return False;
-
- return True;
-}
-
-
-/*******************************************************************
-reads or writes a LSA_R_ENUM_ACCT_WITH_RIGHT structure.
-********************************************************************/
-BOOL lsa_io_r_enum_acct_with_right(const char *desc, LSA_R_ENUM_ACCT_WITH_RIGHT *r_c, prs_struct *ps, int depth)
-{
- prs_debug(ps, depth, desc, "lsa_io_r_enum_acct_with_right");
- depth++;
-
- if (!prs_uint32("count ", ps, depth, &r_c->count))
- return False;
-
- if (!smb_io_sid_array("sids ", &r_c->sids, ps, depth))
- return False;
-
- if(!prs_ntstatus("status", ps, depth, &r_c->status))
- return False;
-
- return True;
-}
-
-/*******************************************************************
- Inits an LSA_R_ENUM_ACCT_WITH_RIGHT structure.
-********************************************************************/
-void init_r_enum_acct_with_right(LSA_R_ENUM_ACCT_WITH_RIGHT *r_c,
- uint32 count,
- DOM_SID *sids)
-{
- DEBUG(5, ("init_r_enum_acct_with_right\n"));
-
- r_c->count = count;
- init_sid_array(&r_c->sids, count, sids);
-}
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index a39e3391bb..f0d4c67d9f 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -1122,78 +1122,6 @@ BOOL smb_io_unistr2_array(const char *desc, UNISTR2_ARRAY *array, prs_struct *ps
}
-/*
- initialise a SID_ARRAY from a list of sids
-*/
-BOOL init_sid_array(SID_ARRAY *array,
- uint32 count, DOM_SID *sids)
-{
- unsigned int i;
-
- array->count = count;
- array->ref_id = count?1:0;
- if (array->count == 0) {
- return True;
- }
-
- array->sids = (SID_ARRAY_EL *)talloc_zero(get_talloc_ctx(), count * sizeof(SID_ARRAY_EL));
- if (!array->sids) {
- return False;
- }
-
- for (i=0;i<count;i++) {
- array->sids[i].ref_id = 1;
- init_dom_sid2(&array->sids[i].sid, &sids[i]);
- }
-
- return True;
-}
-
-
-/*******************************************************************
- Reads or writes a SID_ARRAY structure.
-********************************************************************/
-BOOL smb_io_sid_array(const char *desc, SID_ARRAY *array, prs_struct *ps, int depth)
-{
- unsigned int i;
-
- prs_debug(ps, depth, desc, "smb_io_sid_array");
- depth++;
-
- if(!prs_uint32("ref_id", ps, depth, &array->ref_id))
- return False;
-
- if (! array->ref_id) {
- return True;
- }
-
- if(!prs_uint32("count", ps, depth, &array->count))
- return False;
-
- if (array->count == 0) {
- return True;
- }
-
- if (UNMARSHALLING(ps)) {
- array->sids = talloc_zero(get_talloc_ctx(), array->count * sizeof(array->sids[0]));
- }
- if (! array->sids) {
- return False;
- }
-
- for (i=0;i<array->count;i++) {
- if(!prs_uint32("ref_id", ps, depth, &array->sids[i].ref_id))
- return False;
- }
-
- for (i=0;i<array->count;i++) {
- if (!smb_io_dom_sid2("sid", &array->sids[i].sid, ps, depth))
- return False;
- }
-
- return True;
-}
-
/*******************************************************************
Inits a DOM_RID2 structure.
********************************************************************/
@@ -1289,22 +1217,22 @@ void init_dom_rid4(DOM_RID4 *rid4, uint16 unknown, uint16 attr, uint32 rid)
Inits a DOM_CLNT_SRV structure.
********************************************************************/
-static void init_clnt_srv(DOM_CLNT_SRV *dlog, const char *logon_srv, const char *comp_name)
+static void init_clnt_srv(DOM_CLNT_SRV *log, const char *logon_srv, const char *comp_name)
{
DEBUG(5,("init_clnt_srv: %d\n", __LINE__));
if (logon_srv != NULL) {
- dlog->undoc_buffer = 1;
- init_unistr2(&dlog->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
+ log->undoc_buffer = 1;
+ init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
} else {
- dlog->undoc_buffer = 0;
+ log->undoc_buffer = 0;
}
if (comp_name != NULL) {
- dlog->undoc_buffer2 = 1;
- init_unistr2(&dlog->uni_comp_name, comp_name, strlen(comp_name)+1);
+ log->undoc_buffer2 = 1;
+ init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1);
} else {
- dlog->undoc_buffer2 = 0;
+ log->undoc_buffer2 = 0;
}
}
@@ -1312,9 +1240,9 @@ static void init_clnt_srv(DOM_CLNT_SRV *dlog, const char *logon_srv, const char
Inits or writes a DOM_CLNT_SRV structure.
********************************************************************/
-static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *dlog, prs_struct *ps, int depth)
+static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *log, prs_struct *ps, int depth)
{
- if (dlog == NULL)
+ if (log == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_clnt_srv");
@@ -1323,22 +1251,22 @@ static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *dlog, prs_struct *ps
if(!prs_align(ps))
return False;
- if(!prs_uint32("undoc_buffer ", ps, depth, &dlog->undoc_buffer))
+ if(!prs_uint32("undoc_buffer ", ps, depth, &log->undoc_buffer))
return False;
- if (dlog->undoc_buffer != 0) {
- if(!smb_io_unistr2("unistr2", &dlog->uni_logon_srv, dlog->undoc_buffer, ps, depth))
+ if (log->undoc_buffer != 0) {
+ if(!smb_io_unistr2("unistr2", &log->uni_logon_srv, log->undoc_buffer, ps, depth))
return False;
}
if(!prs_align(ps))
return False;
- if(!prs_uint32("undoc_buffer2", ps, depth, &dlog->undoc_buffer2))
+ if(!prs_uint32("undoc_buffer2", ps, depth, &log->undoc_buffer2))
return False;
- if (dlog->undoc_buffer2 != 0) {
- if(!smb_io_unistr2("unistr2", &dlog->uni_comp_name, dlog->undoc_buffer2, ps, depth))
+ if (log->undoc_buffer2 != 0) {
+ if(!smb_io_unistr2("unistr2", &log->uni_comp_name, log->undoc_buffer2, ps, depth))
return False;
}
@@ -1349,28 +1277,28 @@ static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *dlog, prs_struct *ps
Inits a DOM_LOG_INFO structure.
********************************************************************/
-void init_log_info(DOM_LOG_INFO *dlog, const char *logon_srv, const char *acct_name,
+void init_log_info(DOM_LOG_INFO *log, const char *logon_srv, const char *acct_name,
uint16 sec_chan, const char *comp_name)
{
DEBUG(5,("make_log_info %d\n", __LINE__));
- dlog->undoc_buffer = 1;
+ log->undoc_buffer = 1;
- init_unistr2(&dlog->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
- init_unistr2(&dlog->uni_acct_name, acct_name, strlen(acct_name)+1);
+ init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
+ init_unistr2(&log->uni_acct_name, acct_name, strlen(acct_name)+1);
- dlog->sec_chan = sec_chan;
+ log->sec_chan = sec_chan;
- init_unistr2(&dlog->uni_comp_name, comp_name, strlen(comp_name)+1);
+ init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1);
}
/*******************************************************************
Reads or writes a DOM_LOG_INFO structure.
********************************************************************/
-BOOL smb_io_log_info(const char *desc, DOM_LOG_INFO *dlog, prs_struct *ps, int depth)
+BOOL smb_io_log_info(const char *desc, DOM_LOG_INFO *log, prs_struct *ps, int depth)
{
- if (dlog == NULL)
+ if (log == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_log_info");
@@ -1379,18 +1307,18 @@ BOOL smb_io_log_info(const char *desc, DOM_LOG_INFO *dlog, prs_struct *ps, int d
if(!prs_align(ps))
return False;
- if(!prs_uint32("undoc_buffer", ps, depth, &dlog->undoc_buffer))
+ if(!prs_uint32("undoc_buffer", ps, depth, &log->undoc_buffer))
return False;
- if(!smb_io_unistr2("unistr2", &dlog->uni_logon_srv, True, ps, depth))
+ if(!smb_io_unistr2("unistr2", &log->uni_logon_srv, True, ps, depth))
return False;
- if(!smb_io_unistr2("unistr2", &dlog->uni_acct_name, True, ps, depth))
+ if(!smb_io_unistr2("unistr2", &log->uni_acct_name, True, ps, depth))
return False;
- if(!prs_uint16("sec_chan", ps, depth, &dlog->sec_chan))
+ if(!prs_uint16("sec_chan", ps, depth, &log->sec_chan))
return False;
- if(!smb_io_unistr2("unistr2", &dlog->uni_comp_name, True, ps, depth))
+ if(!smb_io_unistr2("unistr2", &log->uni_comp_name, True, ps, depth))
return False;
return True;
@@ -1529,21 +1457,21 @@ BOOL smb_io_clnt_info(const char *desc, DOM_CLNT_INFO *clnt, prs_struct *ps, in
Inits a DOM_LOGON_ID structure.
********************************************************************/
-void init_logon_id(DOM_LOGON_ID *dlog, uint32 log_id_low, uint32 log_id_high)
+void init_logon_id(DOM_LOGON_ID *log, uint32 log_id_low, uint32 log_id_high)
{
DEBUG(5,("make_logon_id: %d\n", __LINE__));
- dlog->low = log_id_low;
- dlog->high = log_id_high;
+ log->low = log_id_low;
+ log->high = log_id_high;
}
/*******************************************************************
Reads or writes a DOM_LOGON_ID structure.
********************************************************************/
-BOOL smb_io_logon_id(const char *desc, DOM_LOGON_ID *dlog, prs_struct *ps, int depth)
+BOOL smb_io_logon_id(const char *desc, DOM_LOGON_ID *log, prs_struct *ps, int depth)
{
- if (dlog == NULL)
+ if (log == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_logon_id");
@@ -1552,9 +1480,9 @@ BOOL smb_io_logon_id(const char *desc, DOM_LOGON_ID *dlog, prs_struct *ps, int d
if(!prs_align(ps))
return False;
- if(!prs_uint32("low ", ps, depth, &dlog->low ))
+ if(!prs_uint32("low ", ps, depth, &log->low ))
return False;
- if(!prs_uint32("high", ps, depth, &dlog->high))
+ if(!prs_uint32("high", ps, depth, &log->high))
return False;
return True;
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 259ca7fdc1..2c99d54b1b 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -1808,9 +1808,9 @@ static BOOL net_io_sam_domain_info(const char *desc, SAM_DOMAIN_INFO * info,
if (!smb_io_unihdr("hdr_unknown", &info->hdr_unknown, ps, depth))
return False;
- if (prs_offset(ps) + 40 > prs_data_size(ps))
+ if (ps->data_offset + 40 > ps->buffer_size)
return False;
- prs_set_offset(ps, prs_offset(ps) + 40);
+ ps->data_offset += 40;
if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name,
info->hdr_dom_name.buffer, ps, depth))
@@ -1847,9 +1847,9 @@ static BOOL net_io_sam_group_info(const char *desc, SAM_GROUP_INFO * info,
if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
return False;
- if (prs_offset(ps) + 48 > prs_data_size(ps))
+ if (ps->data_offset + 48 > ps->buffer_size)
return False;
- prs_set_offset(ps, prs_offset(ps) + 48);
+ ps->data_offset += 48;
if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name,
info->hdr_grp_name.buffer, ps, depth))
@@ -2128,13 +2128,13 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
uint32 len = 0x44;
if (!prs_uint32("pwd_len", ps, depth, &len))
return False;
- old_offset = prs_offset(ps);
+ old_offset = ps->data_offset;
if (len == 0x44)
{
if (ps->io)
{
/* reading */
- if (!prs_hash1(ps, prs_offset(ps), sess_key))
+ if (!prs_hash1(ps, ps->data_offset, sess_key))
return False;
}
if (!net_io_sam_passwd_info("pass", &info->pass,
@@ -2148,9 +2148,9 @@ static BOOL net_io_sam_account_info(const char *desc, uint8 sess_key[16],
return False;
}
}
- if (old_offset + len > prs_data_size(ps))
+ if (old_offset + len > ps->buffer_size)
return False;
- prs_set_offset(ps, old_offset + len);
+ ps->data_offset = old_offset + len;
}
if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc,
info->hdr_sec_desc.buffer, ps, depth))
@@ -2185,9 +2185,9 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf
if (!prs_uint32("num_members", ps, depth, &info->num_members))
return False;
- if (prs_offset(ps) + 16 > prs_data_size(ps))
+ if (ps->data_offset + 16 > ps->buffer_size)
return False;
- prs_set_offset(ps, prs_offset(ps) + 16);
+ ps->data_offset += 16;
if (info->ptr_rids != 0)
{
@@ -2267,9 +2267,9 @@ static BOOL net_io_sam_alias_info(const char *desc, SAM_ALIAS_INFO * info,
if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth))
return False;
- if (prs_offset(ps) + 40 > prs_data_size(ps))
+ if (ps->data_offset + 40 > ps->buffer_size)
return False;
- prs_set_offset(ps, prs_offset(ps) + 40);
+ ps->data_offset += 40;
if (!smb_io_unistr2("uni_als_name", &info->uni_als_name,
info->hdr_als_name.buffer, ps, depth))
@@ -2307,9 +2307,9 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf
if (info->ptr_members != 0)
{
- if (prs_offset(ps) + 16 > prs_data_size(ps))
+ if (ps->data_offset + 16 > ps->buffer_size)
return False;
- prs_set_offset(ps, prs_offset(ps) + 16);
+ ps->data_offset += 16;
if (!prs_uint32("num_sids", ps, depth, &info->num_sids))
return False;
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 7bd300dc7c..384e8e9094 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -642,164 +642,34 @@ static BOOL api_lsa_query_info2(pipes_struct *p)
}
-
-/***************************************************************************
- api_lsa_enum_acctrights
- ***************************************************************************/
-static BOOL api_lsa_enum_acct_rights(pipes_struct *p)
-{
- LSA_Q_ENUM_ACCT_RIGHTS q_u;
- LSA_R_ENUM_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/***************************************************************************
- api_lsa_enum_acct_with_right
- ***************************************************************************/
-static BOOL api_lsa_enum_acct_with_right(pipes_struct *p)
-{
- LSA_Q_ENUM_ACCT_WITH_RIGHT q_u;
- LSA_R_ENUM_ACCT_WITH_RIGHT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_acct_with_right("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_acct_with_right: failed to unmarshall LSA_Q_ENUM_ACCT_WITH_RIGHT.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_acct_with_right(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_acct_with_right("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_acct_with_right: Failed to marshall LSA_R_ENUM_ACCT_WITH_RIGHT.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/***************************************************************************
- api_lsa_add_acctrights
- ***************************************************************************/
-static BOOL api_lsa_add_acct_rights(pipes_struct *p)
-{
- LSA_Q_ADD_ACCT_RIGHTS q_u;
- LSA_R_ADD_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/***************************************************************************
- api_lsa_remove_acctrights
- ***************************************************************************/
-static BOOL api_lsa_remove_acct_rights(pipes_struct *p)
-{
- LSA_Q_REMOVE_ACCT_RIGHTS q_u;
- LSA_R_REMOVE_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-
/***************************************************************************
\PIPE\ntlsa commands
***************************************************************************/
-
NTSTATUS rpc_lsa_init(void)
{
- static const struct api_struct api_lsa_cmds[] =
- {
- { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
- { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
- { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
- { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
- { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
- { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
- { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
- { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
- { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs },
- { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
- { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts },
- { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
- { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account },
- { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
- { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
- { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
- { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
- { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
- { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
- { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 },
- { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
- { "LSA_ENUMACCTWITHRIGHT", LSA_ENUMACCTWITHRIGHT, api_lsa_enum_acct_with_right },
- { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights },
- { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights},
- };
+static const struct api_struct api_lsa_cmds[] =
+{
+ { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
+ { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
+ { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
+ { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
+ { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
+ { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
+ { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
+ { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
+ { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs },
+ { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
+ { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts },
+ { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
+ { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account },
+ { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
+ { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
+ { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
+ { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
+ { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
+ { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
+ { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }
+};
return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds,
sizeof(api_lsa_cmds) / sizeof(struct api_struct));
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 3581be0181..e7e13d7a84 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -645,7 +645,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_
num_entries = MAX_LOOKUP_SIDS;
DEBUG(5,("_lsa_lookup_sids: truncating SID lookup list to %d\n", num_entries));
}
-
+
ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM));
@@ -1273,140 +1273,3 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
return r_u->status;
}
-
-
-/***************************************************************************
- For a given SID, enumerate all the privilege this account has.
- ***************************************************************************/
-NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
-{
- struct lsa_info *info=NULL;
- char **rights = NULL;
- int num_rights = 0;
- int i;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
- r_u->status = privilege_enum_account_rights(&q_u->sid.sid, &num_rights, &rights);
-
- init_r_enum_acct_rights(r_u, num_rights, (const char **)rights);
-
- for (i=0;i<num_rights;i++) {
- free(rights[i]);
- }
- safe_free(rights);
-
- return r_u->status;
-}
-
-/***************************************************************************
-return a list of SIDs for a particular privilege
- ***************************************************************************/
-NTSTATUS _lsa_enum_acct_with_right(pipes_struct *p,
- LSA_Q_ENUM_ACCT_WITH_RIGHT *q_u,
- LSA_R_ENUM_ACCT_WITH_RIGHT *r_u)
-{
- struct lsa_info *info=NULL;
- char *right;
- DOM_SID *sids = NULL;
- uint32 count = 0;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
- right = unistr2_tdup(p->mem_ctx, &q_u->right);
-
- DEBUG(5,("lsa_enum_acct_with_right on right %s\n", right));
-
- r_u->status = privilege_enum_account_with_right(right, &count, &sids);
-
- init_r_enum_acct_with_right(r_u, count, sids);
-
- safe_free(sids);
-
- return r_u->status;
-}
-
-/***************************************************************************
- add privileges to a acct by SID
- ***************************************************************************/
-NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u)
-{
- struct lsa_info *info=NULL;
- int i;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
- DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n",
- sid_string_static(&q_u->sid.sid), q_u->rights.count));
-
- for (i=0;i<q_u->rights.count;i++) {
- DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
- }
-
-
- for (i=0;i<q_u->rights.count;i++) {
- r_u->status = privilege_add_account_right(unistr2_static(&q_u->rights.strings[i].string),
- &q_u->sid.sid);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- DEBUG(2,("Failed to add right '%s'\n",
- unistr2_static(&q_u->rights.strings[i].string)));
- break;
- }
- }
-
- init_r_add_acct_rights(r_u);
-
- return r_u->status;
-}
-
-
-/***************************************************************************
- remove privileges from a acct by SID
- ***************************************************************************/
-NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u)
-{
- struct lsa_info *info=NULL;
- int i;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
-
- DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n",
- sid_string_static(&q_u->sid.sid),
- q_u->removeall,
- q_u->rights.count));
-
- for (i=0;i<q_u->rights.count;i++) {
- DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
- }
-
- for (i=0;i<q_u->rights.count;i++) {
- r_u->status = privilege_remove_account_right(unistr2_static(&q_u->rights.strings[i].string),
- &q_u->sid.sid);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- DEBUG(2,("Failed to remove right '%s'\n",
- unistr2_static(&q_u->rights.strings[i].string)));
- break;
- }
- }
-
- init_r_remove_acct_rights(r_u);
-
- return r_u->status;
-}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 6a9e591f64..5b9d39ddc7 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -472,10 +472,16 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
+ if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
+ DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n"));
+ free_server_info(&server_info);
+ return False;
+ }
+
memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
- p->pipe_user.uid = server_info->uid;
- p->pipe_user.gid = server_info->gid;
+ p->pipe_user.uid = pdb_get_uid(server_info->sam_account);
+ p->pipe_user.gid = pdb_get_gid(server_info->sam_account);
p->pipe_user.ngroups = server_info->n_groups;
if (p->pipe_user.ngroups) {
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 69ac60a7db..62d5f8ab0c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -6,7 +6,7 @@
* Copyright (C) Paul Ashton 1997,
* Copyright (C) Marc Jacobsen 1999,
* Copyright (C) Jeremy Allison 2001-2002,
- * Copyright (C) Jean François Micouleau 1998-2001,
+ * Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Anthony Liguori 2002,
* Copyright (C) Jim McDonough 2002.
*
@@ -920,7 +920,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
struct sys_grent *grp;
struct passwd *pw;
gid_t winbind_gid_low, winbind_gid_high;
- BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
+ BOOL winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
/* local aliases */
/* we return the UNIX groups here. This seems to be the right */
@@ -2818,7 +2818,8 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid)
copy_id23_to_sam_passwd(pwd, id23);
/* if it's a trust account, don't update /etc/passwd */
- if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+ if ( (!IS_SAM_UNIX_USER(pwd)) ||
+ ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
@@ -2879,7 +2880,8 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid)
}
/* if it's a trust account, don't update /etc/passwd */
- if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+ if ( (!IS_SAM_UNIX_USER(pwd)) ||
+ ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) {
DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
@@ -3394,9 +3396,9 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
-
- /* check a real user exist before we run the script to add a user to a group */
- if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) {
+
+ uid = pdb_get_uid(sam_user);
+ if (uid == -1) {
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
@@ -3406,7 +3408,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
}
-
+
if ((grp=getgrgid(map.gid)) == NULL) {
passwd_free(&pwd);
return NT_STATUS_NO_SUCH_ALIAS;
@@ -3555,6 +3557,18 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
return NT_STATUS_NO_SUCH_USER;
}
+ uid = pdb_get_uid(sam_user);
+ if (uid == -1) {
+ pdb_free_sam(&sam_user);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ pdb_free_sam(&sam_user);
+
+ if ((pwd=getpwuid_alloc(uid)) == NULL) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
if ((grp=getgrgid(map.gid)) == NULL) {
passwd_free(&pwd);
return NT_STATUS_NO_SUCH_GROUP;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 026484d96d..e6129f4ace 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1018,9 +1018,9 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
}
if ( sending_msg_count ) {
- cli_spoolss_rrpcn( &notify_cli, mem_ctx, &p->notify.client_hnd,
- data_len, data, p->notify.change, 0 );
- }
+ cli_spoolss_rrpcn( &notify_cli, mem_ctx, &p->notify.client_hnd,
+ data_len, data, p->notify.change, 0 );
+ }
}
done:
@@ -7601,12 +7601,12 @@ static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environmen
{
pstring path;
pstring long_archi;
- pstring short_archi;
+ const char *short_archi;
DRIVER_DIRECTORY_1 *info=NULL;
unistr2_to_ascii(long_archi, uni_environment, sizeof(long_archi)-1);
- if (get_short_archi(short_archi, long_archi)==False)
+ if (!(short_archi = get_short_archi(long_archi)))
return WERR_INVALID_ENVIRONMENT;
if((info=(DRIVER_DIRECTORY_1 *)malloc(sizeof(DRIVER_DIRECTORY_1))) == NULL)
@@ -8432,7 +8432,7 @@ WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_
/****************************************************************************
****************************************************************************/
-static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getjob_level_1(print_queue_struct **queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
{
int i=0;
BOOL found=False;
@@ -8445,7 +8445,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin
}
for (i=0; i<count && found==False; i++) {
- if (queue[i].job==(int)jobid)
+ if ((*queue)[i].job==(int)jobid)
found=True;
}
@@ -8455,7 +8455,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin
return WERR_INVALID_PARAM;
}
- fill_job_info_1(info_1, &(queue[i-1]), i, snum);
+ fill_job_info_1(info_1, &((*queue)[i-1]), i, snum);
*needed += spoolss_size_job_info_1(info_1);
@@ -8477,7 +8477,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin
/****************************************************************************
****************************************************************************/
-static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
{
int i = 0;
BOOL found = False;
@@ -8498,7 +8498,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin
for ( i=0; i<count && found==False; i++ )
{
- if (queue[i].job == (int)jobid)
+ if ((*queue)[i].job == (int)jobid)
found = True;
}
@@ -8529,7 +8529,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin
}
}
- fill_job_info_2(info_2, &(queue[i-1]), i, snum, ntprinter, devmode);
+ fill_job_info_2(info_2, &((*queue)[i-1]), i, snum, ntprinter, devmode);
*needed += spoolss_size_job_info_2(info_2);
@@ -8593,11 +8593,11 @@ WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_
switch ( level ) {
case 1:
- wstatus = getjob_level_1(queue, count, snum, jobid,
+ wstatus = getjob_level_1(&queue, count, snum, jobid,
buffer, offered, needed);
break;
case 2:
- wstatus = getjob_level_2(queue, count, snum, jobid,
+ wstatus = getjob_level_2(&queue, count, snum, jobid,
buffer, offered, needed);
break;
default:
@@ -9135,12 +9135,12 @@ static WERROR getprintprocessordirectory_level_1(UNISTR2 *name,
{
pstring path;
pstring long_archi;
- pstring short_archi;
+ const char *short_archi;
PRINTPROCESSOR_DIRECTORY_1 *info=NULL;
unistr2_to_ascii(long_archi, environment, sizeof(long_archi)-1);
- if (get_short_archi(short_archi, long_archi)==False)
+ if (!(short_archi = get_short_archi(long_archi)))
return WERR_INVALID_ENVIRONMENT;
if((info=(PRINTPROCESSOR_DIRECTORY_1 *)malloc(sizeof(PRINTPROCESSOR_DIRECTORY_1))) == NULL)
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 4d9130fb97..1a7b64858b 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1840,8 +1840,6 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
struct current_user user;
connection_struct *conn = NULL;
BOOL became_user = False;
- fstring dev;
- fstrcpy(dev, "A:");
ZERO_STRUCT(st);
@@ -1855,7 +1853,7 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
get_current_user(&user, p);
become_root();
- conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status);
+ conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
unbecome_root();
if (conn == NULL) {
@@ -1945,12 +1943,9 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
struct current_user user;
connection_struct *conn = NULL;
BOOL became_user = False;
- fstring dev;
- fstrcpy(dev, "A:");
ZERO_STRUCT(st);
-
r_u->status = WERR_OK;
unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname));
@@ -1961,7 +1956,7 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
get_current_user(&user, p);
become_root();
- conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status);
+ conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
unbecome_root();
if (conn == NULL) {
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f96ccaef67..4eba9c7d1f 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -112,7 +112,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
*prids=NULL;
*numgroups=0;
- winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
+ winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
@@ -129,12 +129,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
- /* this should never happen */
- DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
- pdb_free_sam(&sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
- }
+ gid=pdb_get_gid(sam_pass);
become_root();
/* on some systems this must run as root */
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 808ef50a45..db74370bc0 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -543,50 +543,6 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct cli_state *cli,
}
-/* Enumerate the accounts with a specific right */
-
-static NTSTATUS cmd_lsa_enum_acct_with_right(struct cli_state *cli,
- TALLOC_CTX *mem_ctx, int argc,
- const char **argv)
-{
- POLICY_HND dom_pol;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- DOM_SID *sids;
- uint32 count;
- const char *right;
-
- int i;
-
- if (argc != 2 ) {
- printf("Usage: %s <RIGHT>\n", argv[0]);
- return NT_STATUS_OK;
- }
-
- right = argv[1];
-
- result = cli_lsa_open_policy2(cli, mem_ctx, True,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &dom_pol);
-
- if (!NT_STATUS_IS_OK(result))
- goto done;
-
- result = cli_lsa_enum_account_with_right(cli, mem_ctx, &dom_pol, right, &count, &sids);
-
- if (!NT_STATUS_IS_OK(result))
- goto done;
-
- printf("found %d SIDs for '%s'\n", count, right);
-
- for (i = 0; i < count; i++) {
- printf("\t%s\n", sid_string_static(&sids[i]));
- }
-
- done:
- return result;
-}
-
-
/* add some privileges to a SID via LsaAddAccountRights */
static NTSTATUS cmd_lsa_add_acct_rights(struct cli_state *cli,
@@ -750,7 +706,6 @@ struct cmd_set lsarpc_commands[] = {
{ "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" },
{ "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" },
{ "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" },
- { "lsaenumacctwithright",RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_with_right,NULL, PI_LSARPC,"Enumerate accounts with a right", "" },
{ "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" },
{ "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, "Remove rights from an account", "" },
{ "lsalookupprivvalue", RPC_RTYPE_NTSTATUS, cmd_lsa_lookupprivvalue, NULL, PI_LSARPC, "Get a privilege value given its name", "" },
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 3ce7f9e6ac..e4ff06a35e 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -54,7 +54,7 @@ static const struct table_node archi_table[]= {
function to do the mapping between the long architecture name and
the short one.
****************************************************************************/
-BOOL get_short_archi(char *short_archi, const char *long_archi)
+static const char *cmd_spoolss_get_short_archi(const char *long_archi)
{
int i=-1;
@@ -66,18 +66,17 @@ BOOL get_short_archi(char *short_archi, const char *long_archi)
if (archi_table[i].long_archi==NULL) {
DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi));
- return False;
+ return NULL;
}
/* this might be client code - but shouldn't this be an fstrcpy etc? */
- StrnCpy (short_archi, archi_table[i].short_archi, strlen(archi_table[i].short_archi));
DEBUGADD(108,("index: [%d]\n", i));
- DEBUGADD(108,("long architecture: [%s]\n", long_archi));
- DEBUGADD(108,("short architecture: [%s]\n", short_archi));
+ DEBUGADD(108,("long architecture: [%s]\n", archi_table[i].long_archi));
+ DEBUGADD(108,("short architecture: [%s]\n", archi_table[i].short_archi));
- return True;
+ return archi_table[i].short_archi;
}
#if 0
@@ -1153,7 +1152,7 @@ static char* get_driver_3_param (const char* str, const char* delim, UNISTR* des
parameter because two consecutive delimiters
will not return an empty string. See man strtok(3)
for details */
- if (StrCaseCmp(ptr, "NULL") == 0)
+ if (ptr && (StrCaseCmp(ptr, "NULL") == 0))
ptr = NULL;
if (dest != NULL)
@@ -1227,7 +1226,7 @@ static WERROR cmd_spoolss_addprinterdriver(struct cli_state *cli,
uint32 level = 3;
PRINTER_DRIVER_CTR ctr;
DRIVER_INFO_3 info3;
- fstring arch;
+ const char *arch;
fstring driver_name;
/* parse the command arguements */
@@ -1243,7 +1242,7 @@ static WERROR cmd_spoolss_addprinterdriver(struct cli_state *cli,
/* Fill in the DRIVER_INFO_3 struct */
ZERO_STRUCT(info3);
- if (!get_short_archi(arch, argv[1]))
+ if (!(arch = cmd_spoolss_get_short_archi(argv[1])))
{
printf ("Error Unknown architechture [%s]\n", argv[1]);
return WERR_INVALID_PARAM;
diff --git a/source3/sam/SAM-interface_handles.txt b/source3/sam/SAM-interface_handles.txt
deleted file mode 100644
index 1c164bd198..0000000000
--- a/source3/sam/SAM-interface_handles.txt
+++ /dev/null
@@ -1,123 +0,0 @@
-SAM API
-
-NTSTATUS sam_get_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC **sd)
-NTSTATUS sam_set_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC *sd)
-
-NTSTATUS sam_lookup_name(NT_USER_TOKEN *access, DOM_SID *domain, char *name, DOM_SID **sid, uint32 *type)
-NTSTATUS sam_lookup_sid(NT_USER_TOKEN *access, DOM_SID *sid, char **name, uint32 *type)
-
-
-Domain API
-
-NTSTATUS sam_update_domain(SAM_DOMAIN_HANDLE *domain)
-
-NTSTATUS sam_enum_domains(NT_USER_TOKEN *access, int32 *domain_count, DOM_SID **domains, char **domain_names)
-NTSTATUS sam_lookup_domain(NT_USER_TOKEN *access, char *domain, DOM_SID **domainsid)
-
-NTSTATUS sam_get_domain_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-
-
-User API
-
-NTSTATUS sam_create_user(NT_USER_TOKEN *access, uint32 access_desired, SAM_USER_HANDLE **user)
-NTSTATUS sam_add_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_update_user(SAM_USER_HANDLE *user)
-NTSTATUS sam_delete_user(SAM_USER_HANDLE * user)
-
-NTSTATUS sam_enum_users(NT_USER_TOKEN *access, DOM_SID *domain, int32 *user_count, SAM_USER_ENUM **users)
-
-NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE **user)
-NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE **user)
-
-
-Group API
-
-NTSTATUS sam_create_group(NT_USER_TOKEN *access, uint32 access_desired, uint32 typ, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_add_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_update_group(SAM_GROUP_HANDLE *samgroup)
-NTSTATUS sam_delete_group(SAM_GROUP_HANDLE *groupsid)
-
-NTSTATUS sam_enum_groups(NT_USER_TOKEN *access, DOM_SID *domainsid, uint32 typ, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-
-NTSTATUS sam_get_group_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-NTSTATUS sam_get_group_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_GROUP_HANDLE **group)
-
-NTSTATUS sam_add_member_to_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_delete_member_from_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
-NTSTATUS sam_enum_groupmembers(SAM_GROUP_HANLDE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-
-NTSTATUS sam_get_groups_of_user(SAM_USER_HANDLE *user, uint32 typ, uint32 *group_count, SAM_GROUP_ENUM **groups)
-
-
-
-structures
-
-typedef _SAM_GROUP_MEMBER {
- DOM_SID sid;
- BOOL group; /* specifies if it is a group or a user */
-
-} SAM_GROUP_MEMBER
-
-typedef struct sam_user_enum {
- DOM_SID sid;
- char *username;
- char *full_name;
- char *user_desc;
- uint16 acc_ctrl;
-} SAM_USER_ENUM;
-
-typedef struct sam_group_enum {
- DOM_SID sid;
- char *groupname;
- char *comment;
-} SAM_GROUP_ENUM
-
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
-NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
-NTSTATUS sam_{get,set}_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
-NTSTATUS sam_{get,set}_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
-NTSTATUS sam_{get,set}_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
-NTSTATUS sam_{get,set}_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
-NTSTATUS sam_{get,set}_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
-NTSTATUS sam_{get,set}_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
-NTSTATUS sam_{get,set}_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
-NTSTATUS sam_{get,set}_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uin16 *password_history)
-NTSTATUS sam_{get,set}_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
-NTSTATUS sam_{get,set}_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
-NTSTATUS sam_{get,set}_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
-
-NTSTATUS sam_get_user_sid(SAM_USER_HANDLE *user, DOM_SID **sid)
-NTSTATUS sam_{get,set}_user_pgroup(SAM_USER_HANDLE *user, DOM_SID **pgroup)
-NTSTATUS sam_{get,set}_user_name(SAM_USER_HANDLE *user, char **username)
-NTSTATUS sam_{get,set}_user_fullname(SAM_USER_HANDLE *user, char** fullname)
-NTSTATUS sam_{get,set}_user_description(SAM_USER_HANDLE *user, char **description)
-NTSTATUS sam_{get,set}_user_home_dir(SAM_USER_HANDLE *user, char **home_dir)
-NTSTATUS sam_{get,set}_user_dir_drive(SAM_USER_HANDLE *user, char **dir_drive)
-NTSTATUS sam_{get,set}_user_logon_script(SAM_USER_HANDLE *user, char **logon_script)
-NTSTATUS sam_{get,set}_user_profile_path(SAM_USER_HANDLE *user, char **profile_path)
-NTSTATUS sam_{get,set}_user_workstations(SAM_USER_HANDLE *user, char **workstations)
-NTSTATUS sam_{get,set}_user_munged_dial(SAM_USER_HANDLE *user, char **munged_dial)
-NTSTATUS sam_{get,set}_user_lm_pwd(SAM_USER_HANDLE *user, DATA_BLOB *lm_pwd)
-NTSTATUS sam_{get,set}_user_nt_pwd(SAM_USER_HANDLE *user, DATA_BLOB *nt_pwd)
-NTSTATUS sam_{get,set}_user_plain_pwd(SAM_USER_HANDLE *user, DATA_BLOB *plaintext_pwd)
-NTSTATUS sam_{get,set}_user_acct_ctrl(SAM_USER_HANDLE *user, uint16 *acct_ctrl)
-NTSTATUS sam_{get,set}_user_logon_divs(SAM_USER_HANDLE *user, uint16 *logon_divs)
-NTSTATUS sam_{get,set}_user_hours(SAM_USER_HANDLE *user, uint32 *hours_len, uint8 **hours)
-NTSTATUS sam_{get,set}_user_logon_time(SAM_USER_HANDLE *user, NTTIME *logon_time)
-NTSTATUS sam_{get,set}_user_logoff_time(SAM_USER_HANDLE *user, NTTIME *logoff_time)
-NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME kickoff_time)
-NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME pwd_last_set)
-NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME pwd_can_change)
-NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME pwd_must_change)
-NTSTATUS sam_{get,set}_user_unknown_1(SAM_USER_HANDLE *user, char **unknown_1)
-NTSTATUS sam_{get,set}_user_unknown_2(SAM_USER_HANDLE *user, uint32 *unknown_2)
-NTSTATUS sam_{get,set}_user_unknown_3(SAM_USER_HANDLE *user, uint32 *unknown_3)
-NTSTATUS sam_{get,set}_user_unknown_4(SAM_USER_HANDLE *user, uint32 *unknown_4)
-
-NTSTATUS sam_get_group_sid(SAM_GROUP_HANDLE *group, DOM_SID **sid)
-NTSTATUS sam_get_group_typ(SAM_GROUP_HANDLE *group, uint32 *typ)
-NTSTATUS sam_{get,set}_group_name(SAM_GROUP_HANDLE *group, char **group_name)
-NTSTATUS sam_{get,set}_group_comment(SAM_GROUP_HANDLE *group, char **comment)
-NTSTATUS sam_{get,set}_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set) \ No newline at end of file
diff --git a/source3/sam/account.c b/source3/sam/account.c
deleted file mode 100644
index b8336146cd..0000000000
--- a/source3/sam/account.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Jeremy Allison 1996-2001
- Copyright (C) Luke Kenneth Casson Leighton 1996-1998
- Copyright (C) Gerald (Jerry) Carter 2000-2001
- Copyright (C) Andrew Bartlett 2001-2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_ACCOUNT_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account)
-{
- ZERO_STRUCT(account->private); /* Don't touch the talloc context */
-
- /* Don't change these timestamp settings without a good reason.
- They are important for NT member server compatibility. */
-
- /* FIXME: We should actually call get_nt_time_max() or sthng
- * here */
- unix_to_nt_time(&(account->private.logoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max());
- account->private.unknown_1 = 0x00ffffff; /* don't know */
- account->private.logon_divs = 168; /* hours per week */
- account->private.hours_len = 21; /* 21 times 8 bits = 168 */
- memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */
- account->private.unknown_2 = 0x00000000; /* don't know */
- account->private.unknown_3 = 0x000004ec; /* don't know */
-}
-
-static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account)
-{
- if (*account) {
- data_blob_clear_free(&((*account)->private.lm_pw));
- data_blob_clear_free(&((*account)->private.nt_pw));
- if((*account)->private.plaintext_pw!=NULL)
- memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw));
-
- talloc_destroy((*account)->mem_ctx);
- *account = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE));
-
- if (*account==NULL) {
- DEBUG(0,("sam_init_account_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*account)->mem_ctx = mem_ctx;
-
- (*account)->free_fn = NULL;
-
- sam_fill_default_account(*account);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct sam_passwd.
- ************************************************************/
-
-NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*account)->free_fn = destroy_sam_talloc;
-
- return NT_STATUS_OK;
-}
-
-/**
- * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure.
- *
- * Also wipes the LM and NT hashes and plaintext password from
- * memory.
- *
- * @param account SAM_ACCOUNT_HANDLE to free members of.
- **/
-
-static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account)
-{
-
- /* Kill off sensitive data. Free()ed by the
- talloc mechinism */
-
- data_blob_clear_free(&(account->private.lm_pw));
- data_blob_clear_free(&(account->private.nt_pw));
- if (account->private.plaintext_pw)
- memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw));
-}
-
-
-/************************************************************
- Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes.
- ***********************************************************/
-
-NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account)
-{
- SMB_ASSERT(account != NULL);
-
- sam_free_account_contents(account);
-
- sam_fill_default_account(account);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_ACCOUNT_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- sam_free_account_contents(*account);
-
- if ((*account)->free_fn) {
- (*account)->free_fn(account);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
- static fstring acct_str;
- size_t i = 0;
-
- acct_str[i++] = '[';
-
- if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
- if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
- for ( ; i < length - 2 ; i++ )
- acct_str[i] = ' ';
-
- i = length - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
-
- return acct_str;
-}
-
-/**********************************************************
- Decode the account control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_acct_ctrl(const char *p)
-{
- uint16 acct_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
- case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
- case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
- case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
- case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
- case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
- case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
- case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
- case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
- case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
- case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return acct_ctrl;
-}
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-
-void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
-{
- if (pwd != NULL) {
- int i;
- for (i = 0; i < 16; i++)
- slprintf(&p[i*2], 3, "%02X", pwd[i]);
- } else {
- if (acct_ctrl & ACB_PWNOTREQ)
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- else
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
-}
-
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-
-BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
-{
- int i;
- unsigned char lonybble, hinybble;
- char *hexchars = "0123456789ABCDEF";
- char *p1, *p2;
-
- if (!p)
- return (False);
-
- for (i = 0; i < 32; i += 2) {
- hinybble = toupper(p[i]);
- lonybble = toupper(p[i + 1]);
-
- p1 = strchr(hexchars, hinybble);
- p2 = strchr(hexchars, lonybble);
-
- if (!p1 || !p2)
- return (False);
-
- hinybble = PTR_DIFF(p1, hexchars);
- lonybble = PTR_DIFF(p2, hexchars);
-
- pwd[i / 2] = (hinybble << 4) | lonybble;
- }
- return (True);
-}
diff --git a/source3/sam/get_set_account.c b/source3/sam/get_set_account.c
deleted file mode 100644
index acac281d21..0000000000
--- a/source3/sam/get_set_account.c
+++ /dev/null
@@ -1,845 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_ACCOUNT_HANDLE access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- NTSTATUS status;
- SAM_DOMAIN_HANDLE *domain;
- SAM_ASSERT(!sampass || !sid);
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
- DEBUG(0, ("sam_get_account_domain_sid: Can't get domain for account\n"));
- return status;
- }
-
- return sam_get_domain_sid(domain, sid);
-}
-
-NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, const char **domain_name)
-{
- NTSTATUS status;
- SAM_DOMAIN_HANDLE *domain;
- SAM_ASSERT(sampass && domain_name);
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
- DEBUG(0, ("sam_get_account_domain_name: Can't get domain for account\n"));
- return status;
- }
-
- return sam_get_domain_name(domain, domain_name);
-}
-
-NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *acct_ctrl)
-{
- SAM_ASSERT(sampass && acct_ctrl);
-
- *acct_ctrl = sampass->private.acct_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logon_time)
-{
- SAM_ASSERT(sampass && logon_time) ;
-
- *logon_time = sampass->private.logon_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logoff_time)
-{
- SAM_ASSERT(sampass && logoff_time) ;
-
- *logoff_time = sampass->private.logoff_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *kickoff_time)
-{
- SAM_ASSERT(sampass && kickoff_time);
-
- *kickoff_time = sampass->private.kickoff_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_last_set_time)
-{
- SAM_ASSERT(sampass && pass_last_set_time);
-
- *pass_last_set_time = sampass->private.pass_last_set_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_can_change_time)
-{
- SAM_ASSERT(sampass && pass_can_change_time);
-
- *pass_can_change_time = sampass->private.pass_can_change_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_must_change_time)
-{
- SAM_ASSERT(sampass && pass_must_change_time);
-
- *pass_must_change_time = sampass->private.pass_must_change_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *logon_divs)
-{
- SAM_ASSERT(sampass && logon_divs);
-
- *logon_divs = sampass->private.logon_divs;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_hours_len(const SAM_ACCOUNT_HANDLE *sampass, uint32 *hours_len)
-{
- SAM_ASSERT(sampass && hours_len);
-
- *hours_len = sampass->private.hours_len;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, const uint8 **hours)
-{
- SAM_ASSERT(sampass && hours);
-
- *hours = sampass->private.hours;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt_pwd)
-{
- SAM_ASSERT(sampass);
-
- SMB_ASSERT((!sampass->private.nt_pw.data)
- || sampass->private.nt_pw.length == NT_HASH_LEN);
-
- *nt_pwd = sampass->private.nt_pw;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm_pwd)
-{
- SAM_ASSERT(sampass);
-
- SMB_ASSERT((!sampass->private.lm_pw.data)
- || sampass->private.lm_pw.length == LM_HASH_LEN);
-
- *lm_pwd = sampass->private.lm_pw;
-
- return NT_STATUS_OK;
-}
-
-/* Return the plaintext password if known. Most of the time
- it isn't, so don't assume anything magic about this function.
-
- Used to pass the plaintext to sam backends that might
- want to store more than just the NTLM hashes.
-*/
-
-NTSTATUS sam_get_account_plaintext_pwd(const SAM_ACCOUNT_HANDLE *sampass, char **plain_pwd)
-{
- SAM_ASSERT(sampass && plain_pwd);
-
- *plain_pwd = sampass->private.plaintext_pw;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- SAM_ASSERT(sampass);
-
- *sid = &(sampass->private.account_sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- SAM_ASSERT(sampass);
-
- *sid = &(sampass->private.group_sid);
-
- return NT_STATUS_OK;
-}
-
-/**
- * Get flags showing what is initalised in the SAM_ACCOUNT_HANDLE
- * @param sampass the SAM_ACCOUNT_HANDLE in question
- * @return the flags indicating the members initialised in the struct.
- **/
-
-NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *initflag)
-{
- SAM_ASSERT(sampass);
-
- *initflag = sampass->private.init_flag;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_name)
-{
- SAM_ASSERT(sampass);
-
- *account_name = sampass->private.account_name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_ASSERT(sampass);
-
- *domain = sampass->private.domain;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **fullname)
-{
- SAM_ASSERT(sampass);
-
- *fullname = sampass->private.full_name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homedir)
-{
- SAM_ASSERT(sampass);
-
- *homedir = sampass->private.home_dir;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char **uhomedir)
-{
- SAM_ASSERT(sampass);
-
- *uhomedir = sampass->private.unix_home_dir;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dirdrive)
-{
- SAM_ASSERT(sampass);
-
- *dirdrive = sampass->private.dir_drive;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **logon_script)
-{
- SAM_ASSERT(sampass);
-
- *logon_script = sampass->private.logon_script;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **profile_path)
-{
- SAM_ASSERT(sampass);
-
- *profile_path = sampass->private.profile_path;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **description)
-{
- SAM_ASSERT(sampass);
-
- *description = sampass->private.acct_desc;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **workstations)
-{
- SAM_ASSERT(sampass);
-
- *workstations = sampass->private.workstations;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **unknown_str)
-{
- SAM_ASSERT(sampass);
-
- *unknown_str = sampass->private.unknown_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **munged_dial)
-{
- SAM_ASSERT(sampass);
-
- *munged_dial = sampass->private.munged_dial;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown1)
-{
- SAM_ASSERT(sampass && unknown1);
-
- *unknown1 = sampass->private.unknown_1;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown2)
-{
- SAM_ASSERT(sampass && unknown2);
-
- *unknown2 = sampass->private.unknown_2;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown3)
-{
- SAM_ASSERT(sampass && unknown3);
-
- *unknown3 = sampass->private.unknown_3;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Collection of set...() functions for SAM_ACCOUNT_HANDLE_INFO.
- ********************************************************************/
-
-NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 acct_ctrl)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.acct_ctrl = acct_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logon_time = mytime;
-
-
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logoff_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.kickoff_time = mytime;
-
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_can_change_time = mytime;
-
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_must_change_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_last_set_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.hours_len = len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logon_divs = hours;
- return NT_STATUS_OK;
-}
-
-/**
- * Set flags showing what is initalised in the SAM_ACCOUNT_HANDLE
- * @param sampass the SAM_ACCOUNT_HANDLE in question
- * @param flag The *new* flag to be set. Old flags preserved
- * this flag is only added.
- **/
-
-NTSTATUS sam_set_account_init_flag(SAM_ACCOUNT_HANDLE *sampass, uint32 flag)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.init_flag |= flag;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *u_sid)
-{
- SAM_ASSERT(sampass && u_sid);
-
- sid_copy(&sampass->private.account_sid, u_sid);
-
- DEBUG(10, ("sam_set_account_sid: setting account sid %s\n",
- sid_string_static(&sampass->private.account_sid)));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, const char *u_sid)
-{
- DOM_SID new_sid;
- SAM_ASSERT(sampass && u_sid);
-
- DEBUG(10, ("sam_set_account_sid_from_string: setting account sid %s\n",
- u_sid));
-
- if (!string_to_sid(&new_sid, u_sid)) {
- DEBUG(1, ("sam_set_account_sid_from_string: %s isn't a valid SID!\n", u_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(sam_set_account_sid(sampass, &new_sid))) {
- DEBUG(1, ("sam_set_account_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", u_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *g_sid)
-{
- SAM_ASSERT(sampass && g_sid);
-
- sid_copy(&sampass->private.group_sid, g_sid);
-
- DEBUG(10, ("sam_set_group_sid: setting group sid %s\n",
- sid_string_static(&sampass->private.group_sid)));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, const char *g_sid)
-{
- DOM_SID new_sid;
- SAM_ASSERT(sampass && g_sid);
-
- DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n",
- g_sid));
-
- if (!string_to_sid(&new_sid, g_sid)) {
- DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(sam_set_account_pgroup_sid(sampass, &new_sid))) {
- DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", g_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the domain name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.domain = domain;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's NT name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_name)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_account_name: setting nt account_name %s, was %s\n", account_name, sampass->private.account_name));
-
- sampass->private.account_name = talloc_strdup(sampass->mem_ctx, account_name);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's full name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_name)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_account_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name));
-
- sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's logon script.
- ********************************************************************/
-
-NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *logon_script, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script));
-
- sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
-
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's profile path.
- ********************************************************************/
-
-NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *profile_path, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path));
-
- sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's directory drive.
- ********************************************************************/
-
-NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_drive, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
- sampass->private.dir_drive));
-
- sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's home directory.
- ********************************************************************/
-
-NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_dir, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir,
- sampass->private.home_dir));
-
- sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's unix home directory.
- ********************************************************************/
-
-NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *unix_home_dir)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
- sampass->private.unix_home_dir));
-
- sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's account description.
- ********************************************************************/
-
-NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct_desc)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's workstation allowed list.
- ********************************************************************/
-
-NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *workstations)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations,
- sampass->private.workstations));
-
- sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's 'unknown_str', whatever the heck this actually is...
- ********************************************************************/
-
-NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *unknown_str)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's dial string.
- ********************************************************************/
-
-NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *munged_dial)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's NT hash.
- ********************************************************************/
-
-NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.nt_pw = data;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's LM hash.
- ********************************************************************/
-
-NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.lm_pw = data;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's plaintext password only (base procedure, see helper
- below)
- ********************************************************************/
-
-NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *plain_pwd)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, plain_pwd);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_1 = unkn;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_2 = unkn;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_3 = unkn;
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_hours(SAM_ACCOUNT_HANDLE *sampass, const uint8 *hours)
-{
- SAM_ASSERT(sampass);
-
- if (!hours) {
- memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
- return NT_STATUS_OK;
- }
-
- memcpy(sampass->private.hours, hours, MAX_HOURS_LEN);
-
- return NT_STATUS_OK;
-}
-
-/* Helpful interfaces to the above */
-
-/*********************************************************************
- Sets the last changed times and must change times for a normal
- password change.
- ********************************************************************/
-
-NTSTATUS sam_set_account_pass_changed_now(SAM_ACCOUNT_HANDLE *sampass)
-{
- uint32 expire;
- NTTIME temptime;
-
- SAM_ASSERT(sampass);
-
- unix_to_nt_time(&temptime, time(NULL));
- if (!NT_STATUS_IS_OK(sam_set_account_pass_last_set_time(sampass, temptime)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
- || (expire==(uint32)-1)) {
-
- get_nttime_max(&temptime);
- if (!NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime, False)))
- return NT_STATUS_UNSUCCESSFUL;
-
- } else {
- /* FIXME: Add expire to temptime */
-
- if (!NT_STATUS_IS_OK(sam_get_account_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime,True)))
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's PLAINTEXT password. Used as an interface to the above.
- Also sets the last change time to NOW.
- ********************************************************************/
-
-NTSTATUS sam_set_account_passwd(SAM_ACCOUNT_HANDLE *sampass, const char *plaintext)
-{
- DATA_BLOB data;
- uchar new_lanman_p16[16];
- uchar new_nt_p16[16];
-
- SAM_ASSERT(sampass && plaintext);
-
- nt_lm_owf_gen(plaintext, new_nt_p16, new_lanman_p16);
-
- data = data_blob(new_nt_p16, 16);
- if (!NT_STATUS_IS_OK(sam_set_account_nt_pwd(sampass, data)))
- return NT_STATUS_UNSUCCESSFUL;
-
- data = data_blob(new_lanman_p16, 16);
-
- if (!NT_STATUS_IS_OK(sam_set_account_lm_pwd(sampass, data)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!NT_STATUS_IS_OK(sam_set_account_plaintext_pwd(sampass, plaintext)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!NT_STATUS_IS_OK(sam_set_account_pass_changed_now(sampass)))
- return NT_STATUS_UNSUCCESSFUL;
-
- return NT_STATUS_OK;
-}
-
diff --git a/source3/sam/get_set_domain.c b/source3/sam/get_set_domain.c
deleted file mode 100644
index c70a4a3f09..0000000000
--- a/source3/sam/get_set_domain.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_DOMAIN access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, const DOM_SID **sid)
-{
- SAM_ASSERT(domain &&sid);
-
- *sid = &(domain->private.sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_accounts)
-{
- SAM_ASSERT(domain &&num_accounts);
-
- *num_accounts = domain->private.num_accounts;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
-{
- SAM_ASSERT(domain &&num_groups);
-
- *num_groups = domain->private.num_groups;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
-{
- SAM_ASSERT(domain &&num_aliases);
-
- *num_aliases = domain->private.num_aliases;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, const char **domain_name)
-{
- SAM_ASSERT(domain &&domain_name);
-
- *domain_name = domain->private.name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, const char **server_name)
-{
- SAM_ASSERT(domain &&server_name);
-
- *server_name = domain->private.servername;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
-{
- SAM_ASSERT(domain &&max_passwordage);
-
- *max_passwordage = domain->private.max_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
-{
- SAM_ASSERT(domain &&min_passwordage);
-
- *min_passwordage = domain->private.min_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
-{
- SAM_ASSERT(domain &&lockout_duration);
-
- *lockout_duration = domain->private.lockout_duration;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
-{
- SAM_ASSERT(domain &&reset_lockout_count);
-
- *reset_lockout_count = domain->private.reset_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
-{
- SAM_ASSERT(domain &&min_passwordlength);
-
- *min_passwordlength = domain->private.min_passwordlength;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history)
-{
- SAM_ASSERT(domain &&password_history);
-
- *password_history = domain->private.password_history;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
-{
- SAM_ASSERT(domain &&lockout_count);
-
- *lockout_count = domain->private.lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
-{
- SAM_ASSERT(domain &&force_logoff);
-
- *force_logoff = domain->private.force_logoff;
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
-{
- SAM_ASSERT(domain && login_pwdchange);
-
- *login_pwdchange = domain->private.login_pwdchange;
-
- return NT_STATUS_OK;
-}
-
-/* Set */
-
-NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, const char *domain_name)
-{
- SAM_ASSERT(domain);
-
- domain->private.name = talloc_strdup(domain->mem_ctx, domain_name);
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage)
-{
- SAM_ASSERT(domain);
-
- domain->private.max_passwordage = max_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage)
-{
- SAM_ASSERT(domain);
-
- domain->private.min_passwordage = min_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration)
-{
- SAM_ASSERT(domain);
-
- domain->private.lockout_duration = lockout_duration;
-
- return NT_STATUS_OK;
-}
-NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count)
-{
- SAM_ASSERT(domain);
-
- domain->private.reset_count = reset_lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength)
-{
- SAM_ASSERT(domain);
-
- domain->private.min_passwordlength = min_passwordlength;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history)
-{
- SAM_ASSERT(domain);
-
- domain->private.password_history = password_history;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count)
-{
- SAM_ASSERT(domain);
-
- domain->private.lockout_count = lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff)
-{
- SAM_ASSERT(domain);
-
- domain->private.force_logoff = force_logoff;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange)
-{
- SAM_ASSERT(domain);
-
- domain->private.login_pwdchange = login_pwdchange;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, const char *server_name)
-{
- SAM_ASSERT(domain);
-
- domain->private.servername = talloc_strdup(domain->mem_ctx, server_name);
-
- return NT_STATUS_OK;
-}
diff --git a/source3/sam/get_set_group.c b/source3/sam/get_set_group.c
deleted file mode 100644
index 11ea9258a7..0000000000
--- a/source3/sam/get_set_group.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_USER_HANDLE access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/* sam group get functions */
-
-NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, const DOM_SID **sid)
-{
- SAM_ASSERT(group && sid);
-
- *sid = &(group->private.sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_ctrl(const SAM_GROUP_HANDLE *group, uint32 *group_ctrl)
-{
- SAM_ASSERT(group && group_ctrl);
-
- *group_ctrl = group->private.group_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, const char **group_name)
-{
- SAM_ASSERT(group);
-
- *group_name = group->private.group_name;
-
- return NT_STATUS_OK;
-
-}
-NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, const char **group_desc)
-{
- SAM_ASSERT(group);
-
- *group_desc = group->private.group_desc;
-
- return NT_STATUS_OK;
-}
-
-/* sam group set functions */
-
-NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, const DOM_SID *sid)
-{
- SAM_ASSERT(group);
-
- if (!sid)
- ZERO_STRUCT(group->private.sid);
- else
- sid_copy(&(group->private.sid), sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_group_ctrl(SAM_GROUP_HANDLE *group, uint32 group_ctrl)
-{
- SAM_ASSERT(group);
-
- group->private.group_ctrl = group_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, const char *group_name)
-{
- SAM_ASSERT(group);
-
- group->private.group_name = talloc_strdup(group->mem_ctx, group_name);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_description(SAM_GROUP_HANDLE *group, const char *group_desc)
-{
- SAM_ASSERT(group);
-
- group->private.group_desc = talloc_strdup(group->mem_ctx, group_desc);
-
- return NT_STATUS_OK;
-
-}
diff --git a/source3/sam/group.c b/source3/sam/group.c
deleted file mode 100644
index 101e3dd7ce..0000000000
--- a/source3/sam/group.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers
-
- Copyright (C) Stefan (metze) Metzmacher 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_GROUP_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_group(SAM_GROUP_HANDLE *group)
-{
- ZERO_STRUCT(group->private); /* Don't touch the talloc context */
-
-}
-
-static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group)
-{
- if (*group) {
-
- talloc_destroy((*group)->mem_ctx);
- *group = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE));
-
- if (*group==NULL) {
- DEBUG(0,("sam_init_group_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*group)->mem_ctx = mem_ctx;
-
- (*group)->free_fn = NULL;
-
- sam_fill_default_group(*group);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct SAM_GROUP_HANDLE.
- ************************************************************/
-
-NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*group)->free_fn = destroy_sam_group_handle_talloc;
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Reset the SAM_GROUP_HANDLE.
- ***********************************************************/
-
-NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group)
-{
- SMB_ASSERT(group != NULL);
-
- sam_fill_default_group(group);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_GROUP_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if ((*group)->free_fn) {
- (*group)->free_fn(group);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the group control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length)
-{
- static fstring group_str;
- size_t i = 0;
-
- group_str[i++] = '[';
-
- if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L';
- if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G';
-
- for ( ; i < length - 2 ; i++ )
- group_str[i] = ' ';
-
- i = length - 2;
- group_str[i++] = ']';
- group_str[i++] = '\0';
-
- return group_str;
-}
-
-/**********************************************************
- Decode the group control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_group_ctrl(const char *p)
-{
- uint16 group_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ }
- case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ }
-
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return group_ctrl;
-}
-
diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c
deleted file mode 100644
index 5da2407faa..0000000000
--- a/source3/sam/gumm_tdb.c
+++ /dev/null
@@ -1,1196 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998
- * Copyright (C) Simo Sorce 2000-2002
- * Copyright (C) Gerald Carter 2000
- * Copyright (C) Jeremy Allison 2001
- * Copyright (C) Andrew Bartlett 2002
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "tdbsam2.h"
-#include "tdbsam2_parse_info.h"
-
-static int tdbgumm_debug_level = DBGC_ALL;
-#undef DBGC_CLASS
-#define DBGC_CLASS tdbgumm_debug_level
-
-#define TDBSAM_VERSION 20021215
-#define TDB_FILE_NAME "tdbsam2.tdb"
-#define NAMEPREFIX "NAME_"
-#define SIDPREFIX "SID_"
-#define PRIVILEGEPREFIX "PRIV_"
-
-#define TDB_FORMAT_STRING "ddB"
-
-#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0)
-
-struct tdbsam2_enum_objs {
- uint32 type;
- fstring dom_sid;
- TDB_CONTEXT *db;
- TDB_DATA key;
- struct tdbsam2_enum_objs *next;
-};
-
-union tdbsam2_data {
- struct tdbsam2_domain_data *domain;
- struct tdbsam2_user_data *user;
- struct tdbsam2_group_data *group;
-};
-
-struct tdbsam2_object {
- uint32 type;
- uint32 version;
- union tdbsam2_data data;
-};
-
-static TDB_CONTEXT *tdbsam2_db;
-
-struct tdbsam2_enum_objs **teo_handlers;
-
-static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size)
-{
-
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- int iret;
- char *obj_data;
- int data_size = 0;
- int len;
-
- len = tdb_unpack (buffer, size, TDB_FORMAT_STRING,
- &(object->version),
- &(object->type),
- &data_size, &obj_data);
-
- if (len == -1)
- goto done;
-
- /* version is checked inside this function so that backward compatibility code can be
- called eventually.
- this way we can easily handle database format upgrades */
- if (object->version != TDBSAM_VERSION) {
- DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n"));
- goto done;
- }
-
- /* be sure the string is terminated before trying to parse it */
- if (obj_data[data_size - 1] != '\0')
- obj_data[data_size - 1] = '\0';
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data));
- TALLOC_CHECK(object->data.domain, ret, done);
- memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data));
- TALLOC_CHECK(object->data.group, ret, done);
- memset(object->data.group, 0, sizeof(struct tdbsam2_group_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data);
- break;
- case GUMS_OBJ_NORMAL_USER:
- object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data));
- TALLOC_CHECK(object->data.user, ret, done);
- memset(object->data.user, 0, sizeof(struct tdbsam2_user_data));
-
- iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data);
- break;
- default:
- DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n"));
- goto done;
- }
-
- if (iret != 0) {
- DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n"));
- DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?"));
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- SAFE_FREE(obj_data);
- return ret;
-}
-
-static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object)
-{
-
- NTSTATUS ret;
- char *buf1 = NULL;
- size_t buflen;
-
- if (!buffer)
- return NT_STATUS_INVALID_PARAMETER;
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0);
- break;
- case GUMS_OBJ_NORMAL_USER:
- buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0);
- break;
- default:
- DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (buf1 == NULL) {
- DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- strlen(buf1) + 1, buf1);
-
- *buffer = talloc(mem_ctx, buflen);
- TALLOC_CHECK(*buffer, ret, done);
-
- *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- strlen(buf1) + 1, buf1);
-
- if (*len != buflen) {
- DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n",
- buflen, *len));
- *buffer = NULL;
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- return ret;
-}
-
-static NTSTATUS opentdb(void)
-{
- if (!tdbsam2_db) {
- pstring tdbfile;
- get_private_directory(tdbfile);
- pstrcat(tdbfile, "/");
- pstrcat(tdbfile, TDB_FILE_NAME);
-
- tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
- if (!tdbsam2_db)
- {
- DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile));
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid)
-{
- NTSTATUS ret;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!obj || !mem_ctx || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- SAFE_FREE(data.dptr);
-
- return NT_STATUS_OK;
-
-}
-
-static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name)
-{
-
- NTSTATUS ret;
- TDB_DATA data, key;
- fstring keystr;
- fstring objname;
- DOM_SID sid;
- char *obj_sidstr;
- int obj_version, obj_type, obj_sidstr_len, len;
-
- if (!obj || !mem_ctx || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- fstrcpy(objname, name);
- strlower(objname);
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
- &obj_version,
- &obj_type,
- &obj_sidstr_len, &obj_sidstr);
-
- SAFE_FREE(data.dptr);
-
- if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) {
- DEBUG(5, ("get_object_by_name: Error unpacking database object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!string_to_sid(&sid, obj_sidstr)) {
- DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n"));
- SAFE_FREE(obj_sidstr);
- return NT_STATUS_UNSUCCESSFUL;
- }
- SAFE_FREE(obj_sidstr);
-
- return get_object_by_sid(mem_ctx, obj, &sid);
-}
-
-static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj)
-{
-
- NTSTATUS ret;
- TDB_DATA data, key, key2;
- fstring keystr;
- fstring namestr;
- int flag, r;
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- return ret;
- }
-
- if (new_obj) {
- flag = TDB_INSERT;
- } else {
- flag = TDB_MODIFY;
- }
-
- ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object);
- if (NT_STATUS_IS_ERR(ret))
- return ret;
-
- switch (object->type) {
- case GUMS_OBJ_DOMAIN:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name);
- break;
- case GUMS_OBJ_NORMAL_USER:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid));
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name);
- break;
- default:
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify SAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-
- key2.dptr = namestr;
- key2.dsize = strlen(namestr) + 1;
-
- if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify SAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_INTERNAL_DB_ERROR;
- }
-/* TODO: update the general database counter */
-/* TODO: update this entry counter too */
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- DOM_SID *dom_sid = get_global_sam_sid();
- uint32 new_rid;
-
-/* TODO: LOCK DOMAIN OBJECT */
- ret = get_object_by_sid(mem_ctx, &obj, dom_sid);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("get_next_sid: unable to get root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto error;
- }
-
- new_rid = obj.data.domain->next_rid;
-
- /* Increment the RID Counter */
- obj.data.domain->next_rid++;
-
- /* Store back Domain object */
- ret = store_object(mem_ctx, &obj, False);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("get_next_sid: unable to update root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto error;
- }
-/* TODO: UNLOCK DOMAIN OBJECT */
-
- *sid = sid_dup_talloc(mem_ctx, dom_sid);
- TALLOC_CHECK(*sid, ret, error);
-
- if (!sid_append_rid(*sid, new_rid)) {
- DEBUG(0, ("get_next_sid: unable to build new SID !?!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto error;
- }
-
- return NT_STATUS_OK;
-
-error:
- return ret;
-}
-
-static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata)
-{
- NTSTATUS ret;
-
- if (!object || !userdata) {
- DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* userdata->xcounter */
- /* userdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, userdata->user_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, userdata->name), error);
-
- SET_OR_FAIL(gums_set_user_pri_group(*object, userdata->group_sid), error);
-
- if (userdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, userdata->description), error);
-
- if (userdata->full_name)
- SET_OR_FAIL(gums_set_user_fullname(*object, userdata->full_name), error);
-
- if (userdata->home_dir)
- SET_OR_FAIL(gums_set_user_homedir(*object, userdata->home_dir), error);
-
- if (userdata->dir_drive)
- SET_OR_FAIL(gums_set_user_dir_drive(*object, userdata->dir_drive), error);
-
- if (userdata->logon_script)
- SET_OR_FAIL(gums_set_user_logon_script(*object, userdata->logon_script), error);
-
- if (userdata->profile_path)
- SET_OR_FAIL(gums_set_user_profile_path(*object, userdata->profile_path), error);
-
- if (userdata->workstations)
- SET_OR_FAIL(gums_set_user_workstations(*object, userdata->workstations), error);
-
- if (userdata->unknown_str)
- SET_OR_FAIL(gums_set_user_unknown_str(*object, userdata->unknown_str), error);
-
- if (userdata->munged_dial)
- SET_OR_FAIL(gums_set_user_munged_dial(*object, userdata->munged_dial), error);
-
- SET_OR_FAIL(gums_set_user_logon_divs(*object, userdata->logon_divs), error);
- SET_OR_FAIL(gums_set_user_hours_len(*object, userdata->hours_len), error);
-
- if (userdata->hours)
- SET_OR_FAIL(gums_set_user_hours(*object, userdata->hours), error);
-
- SET_OR_FAIL(gums_set_user_unknown_3(*object, userdata->unknown_3), error);
- SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error);
- SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error);
-
- SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error);
- SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error);
- SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error);
- SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error);
- SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error);
- SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata)
-{
- NTSTATUS ret;
-
- if (!object || !groupdata) {
- DEBUG(0, ("tdbsam2_group_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* groupdata->xcounter */
- /* groupdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, groupdata->group_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, groupdata->name), error);
-
- if (groupdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, groupdata->description), error);
-
- if (groupdata->count)
- SET_OR_FAIL(gums_set_group_members(*object, groupdata->count, groupdata->members), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata)
-{
-
- NTSTATUS ret;
-
- if (!object || !*object || !domdata) {
- DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* domdata->xcounter */
- /* domdata->sec_desc */
-
- SET_OR_FAIL(gums_set_object_sid(*object, domdata->dom_sid), error);
- SET_OR_FAIL(gums_set_object_name(*object, domdata->name), error);
-
- if (domdata->description)
- SET_OR_FAIL(gums_set_object_description(*object, domdata->description), error);
-
- ret = NT_STATUS_OK;
- return ret;
-
-error:
- talloc_destroy((*object)->mem_ctx);
- *object = NULL;
- return ret;
-}
-
-static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data)
-{
-
- NTSTATUS ret;
-
- if (!object || !data) {
- DEBUG(0, ("tdbsam2_user_data_to_gums_object: no NULL structure pointers are accepted here!\n"));
- ret = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
-
- ret = gums_create_object(object, data->type);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(5, ("tdbsam2_user_data_to_gums_object: error creating gums object!\n"));
- goto done;
- }
-
- switch (data->type) {
- case GUMS_OBJ_DOMAIN:
- ret = domain_data_to_gums_object(object, data->data.domain);
- break;
-
- case GUMS_OBJ_NORMAL_USER:
- ret = user_data_to_gums_object(object, data->data.user);
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- ret = group_data_to_gums_object(object, data->data.group);
- break;
-
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- }
-
-done:
- return ret;
-}
-
-
-/* GUMM object functions */
-
-static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- fstring domname;
-
- if (!sid || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- mem_ctx = talloc_init("tdbsam2_get_domain_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
-
- fstrcpy(domname, name);
- strlower(domname);
-
- ret = get_object_by_name(mem_ctx, &obj, domname);
-
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
- goto done;
- }
-
- if (obj.type != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- sid_copy(sid, obj.data.domain->dom_sid);
-
- ret = NT_STATUS_OK;
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- fstring domname;
-
- if (!sid || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- mem_ctx = talloc_init("tdbsam2_set_domain_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
- }
-
- fstrcpy(domname, name);
- strlower(domname);
-
-/* TODO: we need to lock this entry until updated! */
-
- ret = get_object_by_name(mem_ctx, &obj, domname);
-
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
- goto done;
- }
-
- if (obj.type != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- sid_copy(obj.data.domain->dom_sid, sid);
-
- ret = store_object(mem_ctx, &obj, False);
-
-done:
-/* TODO: unlock here */
- if (mem_ctx) talloc_destroy(mem_ctx);
- return ret;
-}
-
-/* TODO */
- NTSTATUS (*get_sequence_number) (void);
-
-
-extern DOM_SID global_sid_NULL;
-
-static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type)
-{
-
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- NTTIME zero_time = {0,0};
- const char *defpw = "NOPASSWORDXXXXXX";
- uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255};
-
- if (!sid || !name) {
- DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_new_object");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- obj.type = obj_type;
- obj.version = TDBSAM_VERSION;
-
- switch (obj_type) {
- case GUMS_OBJ_NORMAL_USER:
- obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data));
- TALLOC_CHECK(obj.data.user, ret, done);
-
- get_next_sid(mem_ctx, &(obj.data.user->user_sid));
- TALLOC_CHECK(obj.data.user->user_sid, ret, done);
- sid_copy(sid, obj.data.user->user_sid);
-
- obj.data.user->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.user, ret, done);
-
- obj.data.user->xcounter = 1;
- /*obj.data.user->sec_desc*/
- obj.data.user->description = "";
- obj.data.user->group_sid = &global_sid_NULL;
- obj.data.user->logon_time = &zero_time;
- obj.data.user->logoff_time = &zero_time;
- obj.data.user->kickoff_time = &zero_time;
- obj.data.user->pass_last_set_time = &zero_time;
- obj.data.user->pass_can_change_time = &zero_time;
- obj.data.user->pass_must_change_time = &zero_time;
-
- obj.data.user->full_name = "";
- obj.data.user->home_dir = "";
- obj.data.user->dir_drive = "";
- obj.data.user->logon_script = "";
- obj.data.user->profile_path = "";
- obj.data.user->workstations = "";
- obj.data.user->unknown_str = "";
- obj.data.user->munged_dial = "";
-
- obj.data.user->lm_pw_ptr = defpw;
- obj.data.user->nt_pw_ptr = defpw;
-
- obj.data.user->logon_divs = 168;
- obj.data.user->hours_len = 21;
- obj.data.user->hours = &defhours;
-
- obj.data.user->unknown_3 = 0x00ffffff;
- obj.data.user->unknown_5 = 0x00020000;
- obj.data.user->unknown_6 = 0x000004ec;
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data));
- TALLOC_CHECK(obj.data.group, ret, done);
-
- get_next_sid(mem_ctx, &(obj.data.group->group_sid));
- TALLOC_CHECK(obj.data.group->group_sid, ret, done);
- sid_copy(sid, obj.data.group->group_sid);
-
- obj.data.group->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.group, ret, done);
-
- obj.data.group->xcounter = 1;
- /*obj.data.group->sec_desc*/
- obj.data.group->description = "";
-
- break;
-
- case GUMS_OBJ_DOMAIN:
-
- /* FIXME: should we check against global_sam_sid to make it impossible
- to store more than one domain ? */
-
- obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data));
- TALLOC_CHECK(obj.data.domain, ret, done);
-
- obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid());
- TALLOC_CHECK(obj.data.domain->dom_sid, ret, done);
- sid_copy(sid, obj.data.domain->dom_sid);
-
- obj.data.domain->name = talloc_strdup(mem_ctx, name);
- TALLOC_CHECK(obj.data.domain, ret, done);
-
- obj.data.domain->xcounter = 1;
- /*obj.data.domain->sec_desc*/
- obj.data.domain->next_rid = 0x3e9;
- obj.data.domain->description = "";
-
- ret = NT_STATUS_OK;
- break;
-
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = store_object(mem_ctx, &obj, True);
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!sid) {
- DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_delete_object");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = opentdb())) {
- goto done;
- }
- }
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- switch (obj.type) {
- case GUMS_OBJ_DOMAIN:
- /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name);
- break;
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name);
- break;
- case GUMS_OBJ_NORMAL_USER:
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name);
- break;
- default:
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
-/* TODO: update the general database counter */
-
-done:
- SAFE_FREE(data.dptr);
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
-
- if (!object || !sid) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = get_object_by_sid(mem_ctx, &obj, sid);
- if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
- goto done;
- }
-
- ret = data_to_gums_object(object, &obj);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
- goto done;
- }
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type)
-{
- NTSTATUS ret;
- struct tdbsam2_object obj;
- TALLOC_CTX *mem_ctx;
-
- if (!object || !name) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ret = get_object_by_name(mem_ctx, &obj, name);
- if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
- goto done;
- }
-
- ret = data_to_gums_object(object, &obj);
- if (NT_STATUS_IS_ERR(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
- goto done;
- }
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
- /* This function is used to get the list of all objects changed since base_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
-static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type)
-{
- struct tdbsam2_enum_objs *teo, *t;
- pstring tdbfile;
-
- teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs));
- if (!teo) {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- teo->type = obj_type;
- if (sid) {
- sid_to_string(teo->dom_sid, sid);
- }
-
- get_private_directory(tdbfile);
- pstrcat(tdbfile, "/");
- pstrcat(tdbfile, TDB_FILE_NAME);
-
- teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600);
- if (!teo->db)
- {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile));
- SAFE_FREE(teo);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!teo_handlers) {
- *teo_handlers = teo;
- } else {
- t = *teo_handlers;
- while (t->next) {
- t = t->next;
- }
- t->next = teo;
- }
-
- handle = teo;
-
- teo->key = tdb_firstkey(teo->db);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle)
-{
- NTSTATUS ret;
- TALLOC_CTX *mem_ctx;
- TDB_DATA data;
- struct tdbsam2_enum_objs *teo;
- struct tdbsam2_object obj;
- const char *prefix = SIDPREFIX;
- const int preflen = strlen(prefix);
-
- if (!object || !handle) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next");
- if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- while ((teo->key.dsize != 0)) {
- int len, version, type, size;
- char *ptr;
-
- if (strncmp(teo->key.dptr, prefix, preflen)) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- if (teo->dom_sid) {
- if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
- }
-
- data = tdb_fetch(teo->db, teo->key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db)));
- DEBUGADD(5, (" Key: %s\n", teo->key.dptr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING,
- &version,
- &type,
- &size, &ptr);
-
- if (len == -1) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(ptr);
-
- if (teo->type && type != teo->type) {
- SAFE_FREE(data.dptr);
- data.dsize = 0;
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- break;
- }
-
- if (data.dsize != 0) {
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(data.dptr);
- }
-
- ret = data_to_gums_object(object, &obj);
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle)
-{
- struct tdbsam2_enum_objs *teo, *t, *p;
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- if (*teo_handlers == teo) {
- *teo_handlers = teo->next;
- } else {
- t = *teo_handlers;
- while (t != teo) {
- p = t;
- t = t->next;
- if (t == NULL) {
- DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
- p = t->next;
- }
-
- tdb_close(teo->db);
- SAFE_FREE(teo);
-
- return NT_STATUS_OK;
-}
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (const GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
-
- /* Group related functions */
- NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
- NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-
-int gumm_init(GUMS_FUNCTIONS **storage)
-{
- tdbsam2_db = NULL;
- teo_handlers = 0;
-
- return 0;
-}
-
-#if 0
-int main(int argc, char *argv[])
-{
- NTSTATUS ret;
- DOM_SID dsid;
-
- if (argc < 2) {
- printf ("not enough arguments!\n");
- exit(0);
- }
-
- if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
- fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
- exit(1);
- }
-
- ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN);
- if (NT_STATUS_IS_OK(ret)) {
- printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid));
- } else {
- printf ("_domain_ creation error n. 0x%08x\n", ret.v);
- }
- ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER);
- if (NT_STATUS_IS_OK(ret)) {
- printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid));
- } else {
- printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v);
- }
-
- exit(0);
-}
-#endif
diff --git a/source3/sam/gums.c b/source3/sam/gums.c
deleted file mode 100644
index a118740637..0000000000
--- a/source3/sam/gums.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Grops and Users Management System initializations.
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_GUMS*/
-
-#define GMV_MAJOR 0
-#define GMV_MINOR 1
-
-#define PRIV_NONE 0
-#define PRIV_CREATE_TOKEN 1
-#define PRIV_ASSIGNPRIMARYTOKEN 2
-#define PRIV_LOCK_MEMORY 3
-#define PRIV_INCREASE_QUOTA 4
-#define PRIV_MACHINE_ACCOUNT 5
-#define PRIV_TCB 6
-#define PRIV_SECURITY 7
-#define PRIV_TAKE_OWNERSHIP 8
-#define PRIV_LOAD_DRIVER 9
-#define PRIV_SYSTEM_PROFILE 10
-#define PRIV_SYSTEMTIME 11
-#define PRIV_PROF_SINGLE_PROCESS 12
-#define PRIV_INC_BASE_PRIORITY 13
-#define PRIV_CREATE_PAGEFILE 14
-#define PRIV_CREATE_PERMANENT 15
-#define PRIV_BACKUP 16
-#define PRIV_RESTORE 17
-#define PRIV_SHUTDOWN 18
-#define PRIV_DEBUG 19
-#define PRIV_AUDIT 20
-#define PRIV_SYSTEM_ENVIRONMENT 21
-#define PRIV_CHANGE_NOTIFY 22
-#define PRIV_REMOTE_SHUTDOWN 23
-#define PRIV_UNDOCK 24
-#define PRIV_SYNC_AGENT 25
-#define PRIV_ENABLE_DELEGATION 26
-#define PRIV_ALL 255
-
-
-GUMS_FUNCTIONS *gums_storage;
-static void *dl_handle;
-
-static PRIVS gums_privs[] = {
- {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
- {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"},
- {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"},
- {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"},
- {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"},
- {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"},
- {PRIV_TCB, "SeTCB", "TCB"},
- {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
- {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
- {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
- {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
- {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"},
- {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
- {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
- {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
- {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"},
- {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
- {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
- {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
- {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
- {PRIV_AUDIT, "SeAudit", "Audit"},
- {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
- {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"},
- {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
- {PRIV_UNDOCK, "SeUndock", "Undock"},
- {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"},
- {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"},
- {PRIV_ALL, "SaAllPrivs", "All Privileges"}
-};
-
-NTSTATUS gums_init(const char *module_name)
-{
- int (*module_version)(int);
- NTSTATUS (*module_init)();
-/* gums_module_init module_init;*/
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5, ("Opening gums module %s\n", module_name));
- dl_handle = sys_dlopen(module_name, RTLD_NOW);
- if (!dl_handle) {
- DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- module_version = sys_dlsym(dl_handle, "gumm_version");
- if (!module_version) {
- DEBUG(0, ("ERROR: Failed to find gums module version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) {
- DEBUG(0, ("ERROR: Module's major version does not match gums version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) {
- DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n"));
- }
-
- module_init = sys_dlsym(dl_handle, "gumm_init");
- if (!module_init) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- goto error;
- }
-
- DEBUG(5, ("Initializing module %s\n", module_name));
-
- ret = module_init(&gums_storage);
- goto done;
-
-error:
- ret = NT_STATUS_UNSUCCESSFUL;
- sys_dlclose(dl_handle);
-
-done:
- return ret;
-}
-
-NTSTATUS gums_unload(void)
-{
- NTSTATUS ret;
- NTSTATUS (*module_finalize)();
-
- if (!dl_handle)
- return NT_STATUS_UNSUCCESSFUL;
-
- module_finalize = sys_dlsym(dl_handle, "gumm_finalize");
- if (!module_finalize) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(5, ("Finalizing module"));
-
- ret = module_finalize();
- sys_dlclose(dl_handle);
-
- return ret;
-}
diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c
deleted file mode 100644
index 2e5dcd143a..0000000000
--- a/source3/sam/gums_api.c
+++ /dev/null
@@ -1,1470 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-/*******************************************************************
- Create a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
-{
- SEC_ACL *dst;
- int i;
-
- if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->num_aces = num_aces;
- dst->size = SEC_ACL_HEADER_SIZE;
-
- /* Now we need to return a non-NULL address for the ace list even
- if the number of aces required is zero. This is because there
- is a distinct difference between a NULL ace and an ace with zero
- entries in it. This is achieved by checking that num_aces is a
- positive number. */
-
- if ((num_aces) &&
- ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces))
- == NULL)) {
- return NULL;
- }
-
- for (i = 0; i < num_aces; i++) {
- dst->ace[i] = ace_list[i]; /* Structure copy. */
- dst->size += ace_list[i].size;
- }
-
- return dst;
-}
-
-
-
-/*******************************************************************
- Duplicate a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
-{
- if(src == NULL)
- return NULL;
-
- return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
-}
-
-
-
-/*******************************************************************
- Creates a SEC_DESC structure
-********************************************************************/
-
-static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
- DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
-{
- SEC_DESC *dst;
- uint32 offset = 0;
- uint32 offset_sid = SEC_DESC_HEADER_SIZE;
- uint32 offset_acl = 0;
-
- *sd_size = 0;
-
- if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->type = SEC_DESC_SELF_RELATIVE;
-
- if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
- if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
-
- dst->off_owner_sid = 0;
- dst->off_grp_sid = 0;
- dst->off_sacl = 0;
- dst->off_dacl = 0;
-
- if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
- goto error_exit;
-
- if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
- goto error_exit;
-
- if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
- goto error_exit;
-
- if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
- goto error_exit;
-
- offset = 0;
-
- /*
- * Work out the linearization sizes.
- */
- if (dst->owner_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->owner_sid);
- }
-
- if (dst->grp_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->grp_sid);
- }
-
- if (dst->sacl != NULL) {
-
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_sacl = offset_acl;
- offset_acl += dst->sacl->size;
- offset += dst->sacl->size;
- offset_sid += dst->sacl->size;
- }
-
- if (dst->dacl != NULL) {
-
- if (offset_acl == 0)
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_dacl = offset_acl;
- offset_acl += dst->dacl->size;
- offset += dst->dacl->size;
- offset_sid += dst->dacl->size;
- }
-
- *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
-
- if (dst->owner_sid != NULL)
- dst->off_owner_sid = offset_sid;
-
- /* sid_size() returns 0 if the sid is NULL so this is ok */
-
- if (dst->grp_sid != NULL)
- dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
-
- return dst;
-
-error_exit:
-
- *sd_size = 0;
- return NULL;
-}
-
-/*******************************************************************
- Duplicate a SEC_DESC structure.
-********************************************************************/
-
-static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
-{
- size_t dummy;
-
- if(src == NULL)
- return NULL;
-
- return make_sec_desc( ctx, src->revision,
- src->owner_sid, src->grp_sid, src->sacl,
- src->dacl, &dummy);
-}
-
-
-
-
-
-
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-/* Functions to get/set info from a GUMS object */
-
-NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *type = obj->type;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
-{
- TALLOC_CTX *mem_ctx = talloc_init("gums_create_object");
- GUMS_OBJECT *go;
- NTSTATUS ret;
-
- go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT));
- go->mem_ctx = mem_ctx;
- go->type = type;
- go->version = GUMS_OBJECT_VERSION;
-
- switch(type) {
- case GUMS_OBJ_DOMAIN:
- break;
-
-/*
- case GUMS_OBJ_WORKSTATION_TRUST:
- case GUMS_OBJ_SERVER_TRUST:
- case GUMS_OBJ_DOMAIN_TRUST:
-*/
- case GUMS_OBJ_NORMAL_USER:
- go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
- break;
-
- default:
- /* TODO: throw error */
- ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
- goto error;
- }
-
- if (!(go->data.user)) {
- ret = NT_STATUS_NO_MEMORY;
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- goto error;
- }
-
- *obj = go;
- return NT_STATUS_OK;
-
-error:
- talloc_destroy(go->mem_ctx);
- *obj = NULL;
- return ret;
-}
-
-NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj)
-{
- if (!version || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *version = obj->version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->version = version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj)
-{
- if (!sec_desc || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sec_desc = obj->sec_desc;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
-{
- if (!obj || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
- if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sid = obj->sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj)
-{
- if (!name || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *name = obj->name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
-{
- if (!obj || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
- if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj)
-{
- if (!description || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *description = obj->description;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description)
-{
- if (!obj || !description)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->description = (char *)talloc_strdup(obj->mem_ctx, description);
- if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-/* User specific functions */
-
-/*
-NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
-{
- if (!priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- *priv_set = obj->priv_set;
- return NT_STATUS_OK;
-}
-*/
-
-NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *rid = obj->data.domain->next_rid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.domain->next_rid = rid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *sid = obj->data.user->group_sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
-{
- if (!nt_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *nt_pwd = &(obj->data.user->nt_pw);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
-{
- if (!obj || nt_pwd.length != NT_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
-{
- if (!lm_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *lm_pwd = &(obj->data.user->lm_pw);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
-{
- if (!obj || lm_pwd.length != LM_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj)
-{
- if (!fullname || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *fullname = obj->data.user->full_name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
-{
- if (!obj || !fullname)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
- if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj)
-{
- if (!homedir || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *homedir = obj->data.user->home_dir;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
-{
- if (!obj || !homedir)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
- if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj)
-{
- if (!dirdrive || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *dirdrive = obj->data.user->dir_drive;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
-{
- if (!obj || !dir_drive)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
- if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj)
-{
- if (!logon_script || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_script = obj->data.user->logon_script;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
-{
- if (!obj || !logon_script)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
- if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj)
-{
- if (!profile_path || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *profile_path = obj->data.user->profile_path;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
-{
- if (!obj || !profile_path)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
- if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj)
-{
- if (!workstations || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *workstations = obj->data.user->workstations;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
-{
- if (!obj || !workstations)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
- if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj)
-{
- if (!unknown_str || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_str = obj->data.user->unknown_str;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
-{
- if (!obj || !unknown_str)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
- if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj)
-{
- if (!munged_dial || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *munged_dial = obj->data.user->munged_dial;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
-{
- if (!obj || !munged_dial)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
- if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj)
-{
- if (!logon_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_time = obj->data.user->logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_time = logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj)
-{
- if (!logoff_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logoff_time = obj->data.user->logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logoff_time = logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj)
-{
- if (!kickoff_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *kickoff_time = obj->data.user->kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->kickoff_time = kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj)
-{
- if (!pass_last_set_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_last_set_time = obj->data.user->pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_last_set_time = pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj)
-{
- if (!pass_can_change_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_can_change_time = obj->data.user->pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_can_change_time = pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj)
-{
- if (!pass_must_change_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_must_change_time = obj->data.user->pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->pass_must_change_time = pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj)
-{
- if (!logon_divs || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *logon_divs = obj->data.user->logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs)
-{
- if (!obj || !logon_divs)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->logon_divs = logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj)
-{
- if (!hours_len || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *hours_len = obj->data.user->hours_len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->hours_len = hours_len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj)
-{
- if (!hours || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *hours = obj->data.user->hours;
- return NT_STATUS_OK;
-}
-
-/* WARNING: always set hours_len before hours */
-NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours)
-{
- if (!obj || !hours)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- if (obj->data.user->hours_len == 0)
- DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
-
- obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len);
- if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj)
-{
- if (!unknown_3 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_3 = obj->data.user->unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_3 = unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj)
-{
- if (!unknown_5 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_5 = obj->data.user->unknown_5;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_5 = unknown_5;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj)
-{
- if (!unknown_6 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *unknown_6 = obj->data.user->unknown_6;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->unknown_6 = unknown_6;
- return NT_STATUS_OK;
-}
-
-/* Group specific functions */
-
-NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj)
-{
- if (!count || !members || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *count = obj->data.group->count;
- *members = *(obj->data.group->members);
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members)
-{
- uint32 n;
-
- if (!obj || !members || !members)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.group->count = count;
- n = 0;
- do {
- obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]);
- if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY;
- n++;
- } while (n < count);
- return NT_STATUS_OK;
-}
-
-/* data_store set functions */
-
-NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type)
-{
- TALLOC_CTX *mem_ctx;
- GUMS_COMMIT_SET *set;
-
- mem_ctx = talloc_init("commit_set");
- if (mem_ctx == NULL)
- return NT_STATUS_NO_MEMORY;
- set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET));
- if (set == NULL) {
- talloc_destroy(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- set->mem_ctx = mem_ctx;
- set->type = type;
- sid_copy(&(set->sid), sid);
- set->count = 0;
- set->data = NULL;
- *com_set = set;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
-{
- GUMS_DATA_SET *data_set;
- SEC_DESC *new_sec_desc;
-
- if (!mem_ctx || !com_set || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SEC_DESC;
- new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
- if (new_sec_desc == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_sec_desc;
-
- return NT_STATUS_OK;
-}
-
-/*
-NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
-{
- GUMS_DATA_SET *data_set;
- PRIVILEGE_SET *new_priv_set;
-
- if (!mem_ctx || !com_set || !priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv_set;
-
- return NT_STATUS_OK;
-}
-*/
-
-NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
-{
- GUMS_DATA_SET *data_set;
- char *new_str;
-
- if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_str = talloc_strdup(mem_ctx, str);
- if (new_str == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (char *)(data_set->data) = new_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
-{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
-}
-
-NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
-{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
-}
-
-NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
-}
-
-NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
-}
-
-NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
-}
-
-NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
-}
-
-NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
-}
-
-NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
-}
-
-NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
-}
-
-NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
-}
-
-NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
-{
- GUMS_DATA_SET *data_set;
- NTTIME *new_time;
-
- if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_time = talloc(mem_ctx, sizeof(NTTIME));
- if (new_time == NULL)
- return NT_STATUS_NO_MEMORY;
-
- new_time->low = nttime->low;
- new_time->high = nttime->high;
- (char *)(data_set->data) = new_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
-}
-
-NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
-}
-
-NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
-}
-
-NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
-}
-
-NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
-}
-
-NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
-}
-
-NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
-{
- return gums_storage->set_object_values(&(set->sid), set->count, set->data);
-}
-
-NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
-{
- talloc_destroy((*com_set)->mem_ctx);
- *com_set = NULL;
-
- return NT_STATUS_OK;
-}
-
diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c
deleted file mode 100644
index c22e6cf7ff..0000000000
--- a/source3/sam/gums_helper.c
+++ /dev/null
@@ -1,610 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- GUMS backends helper functions
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin_Administrators;
-extern DOM_SID global_sid_Builtin_Power_Users;
-extern DOM_SID global_sid_Builtin_Account_Operators;
-extern DOM_SID global_sid_Builtin_Server_Operators;
-extern DOM_SID global_sid_Builtin_Print_Operators;
-extern DOM_SID global_sid_Builtin_Backup_Operators;
-extern DOM_SID global_sid_Builtin_Replicator;
-extern DOM_SID global_sid_Builtin_Users;
-extern DOM_SID global_sid_Builtin_Guests;
-
-
-/* defines */
-
-#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
-
-/****************************************************************************
- Check if a user is a mapped group.
-
- This function will check if the group SID is mapped onto a
- system managed gid or onto a winbind manged sid.
- In the first case it will be threated like a mapped group
- and the backend should take the member list with a getgrgid
- and ignore any user that have been possibly set into the group
- object.
-
- In the second case, the group is a fully SAM managed group
- served back to the system through winbind. In this case the
- members of a Local group are "unrolled" to cope with the fact
- that unix cannot contain groups inside groups.
- The backend MUST never call any getgr* / getpw* function or
- loops with winbind may happen.
- ****************************************************************************/
-
-#if 0
-NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
-{
- NTSTATUS result;
- gid_t id;
-
- /* look if mapping exist, do not make idmap alloc an uid if SID is not found */
- result = idmap_get_gid_from_sid(&id, sid, False);
- if (NT_STATUS_IS_OK(result)) {
- *mapped = gid_is_in_winbind_range(id);
- } else {
- *mapped = False;
- }
-
- return result;
-}
-#endif
-
-/****************************************************************************
- duplicate alloc luid_attr
- ****************************************************************************/
-NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
-{
- *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
- if (*new_la == NULL) {
- DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*new_la)->luid.high = old_la.luid.high;
- (*new_la)->luid.low = old_la.luid.low;
- (*new_la)->attr = old_la.attr;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- initialise a privilege list
- ****************************************************************************/
-void gums_init_privilege(PRIVILEGE_SET *priv_set)
-{
- priv_set->count=0;
- priv_set->control=0;
- priv_set->set=NULL;
-}
-
-/****************************************************************************
- add a privilege to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
-
- /* check if the privilege is not already in the list */
- if (gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* we can allocate memory to add the new privilege */
-
- new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- new_set[priv_set->count].luid.high=set.luid.high;
- new_set[priv_set->count].luid.low=set.luid.low;
- new_set[priv_set->count].attr=set.attr;
-
- priv_set->count++;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- add all the privileges to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
-{
- NTSTATUS result = NT_STATUS_OK;
- LUID_ATTR set;
-
- set.attr=0;
- set.luid.high=0;
-
- set.luid.low=SE_PRIV_ADD_USERS;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_ADD_MACHINES;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_PRINT_OPERATOR;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
-done:
- return result;
-}
-
-/****************************************************************************
- check if the privilege list is empty
- ****************************************************************************/
-BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set)
-{
- return (priv_set->count == 0);
-}
-
-/****************************************************************************
- check if the privilege is in the privilege list
- ****************************************************************************/
-BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
-{
- int i;
-
- /* if the list is empty, obviously we can't have it */
- if (gums_check_empty_privilege(priv_set))
- return False;
-
- for (i=0; i<priv_set->count; i++) {
- LUID_ATTR *cur_set;
-
- cur_set=&priv_set->set[i];
- /* check only the low and high part. Checking the attr field has no meaning */
- if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
- return True;
- }
-
- return False;
-}
-
-/****************************************************************************
- remove a privilege from a privilege array
- ****************************************************************************/
-NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i,j;
-
- /* check if the privilege is in the list */
- if (!gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* special case if it's the only privilege in the list */
- if (priv_set->count==1) {
- gums_init_privilege(priv_set);
- return NT_STATUS_OK;
- }
-
- /*
- * the privilege is there, create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0, j=0; i<priv_set->count; i++) {
- if ((old_set[i].luid.low == set.luid.low) &&
- (old_set[i].luid.high == set.luid.high)) {
- continue;
- }
-
- new_set[j].luid.low = old_set[i].luid.low;
- new_set[j].luid.high = old_set[i].luid.high;
- new_set[j].attr = old_set[i].attr;
-
- j++;
- }
-
- if (j != priv_set->count - 1) {
- DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
- DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* ok everything is fine */
-
- priv_set->count--;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- duplicates a privilege array
- ****************************************************************************/
-NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i;
-
- *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
- gums_init_privilege(*new_priv_set);
-
- /* special case if there are no privileges in the list */
- if (priv_set->count == 0) {
- return NT_STATUS_OK;
- }
-
- /*
- * create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i < priv_set->count; i++) {
-
- new_set[i].luid.low = old_set[i].luid.low;
- new_set[i].luid.high = old_set[i].luid.high;
- new_set[i].attr = old_set[i].attr;
- }
-
- (*new_priv_set)->count = priv_set->count;
- (*new_priv_set)->control = priv_set->control;
- (*new_priv_set)->set = new_set;
-
- return NT_STATUS_OK;
-}
-
-#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
-#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
- (READ_CONTROL_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO | \
- SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */
-
-#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
-
-
-#if 0
-NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
-{
- DOM_SID *world = &global_sid_World;
- DOM_SID *admins = &global_sid_Builtin_Administrators;
- SEC_ACCESS sa;
- SEC_ACE sacl_ace;
- SEC_ACE dacl_aces[2];
- SEC_ACL *sacl = NULL;
- SEC_ACL *dacl = NULL;
- size_t psize;
-
- init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS);
- init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG);
-
- sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
- init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS);
- init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
-
- dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
- if (!(*sec_desc)) {
- DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask)
-{
- NTSTATUS result;
- SEC_ACE *new_aces;
- unsigned num_aces;
- int i;
-
- num_aces = sec_desc->dacl->num_aces + 1;
- result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask);
- if (NT_STATUS_IS_OK(result)) {
- sec_desc->dacl->ace = new_aces;
- sec_desc->dacl->num_aces = num_aces;
- sec_desc->dacl->size = SEC_ACL_HEADER_SIZE;
- for (i = 0; i < num_aces; i++) {
- sec_desc->dacl->size += sec_desc->dacl->ace[i].size;
- }
- }
- return result;
-}
-
-NTSTATUS gums_init_builtin_groups(void)
-{
- NTSTATUS result;
- GUMS_OBJECT g_obj;
- GUMS_GROUP *g_grp;
- GUMS_PRIVILEGE g_priv;
-
- /* Build the well known Builtin Local Groups */
- g_obj.type = GUMS_OBJ_GROUP;
- g_obj.version = 1;
- g_obj.seq_num = 0;
- g_obj.mem_ctx = talloc_init("gums_init_backend_acct");
- if (g_obj.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Administrators * /
-
- /* alloc group structure */
- g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP));
- ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done);
-
- /* make admins sid */
- g_grp = (GUMS_GROUP *)g_obj.data.group;
- sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
-
- /* make security descriptor */
- result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
- NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
-
- /* make privilege set */
- /* From BDC join trace:
- SeSecurityPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- SeTakeOwnershipPrivilege
- SeDebugPrivilege
- SeSystemEnvironmentPrivilege
- SeSystemProfilePrivilege
- SeProfileSingleProcessPrivilege
- SeIncreaseBasePriorityPrivilege
- SeLocalDriverPrivilege
- SeCreatePagefilePrivilege
- SeIncreaseQuotaPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* numebr of group members */
- g_grp->count = 0;
- g_grp->members = NULL;
-
- /* store Administrators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Power Users */
- /* Domain Controllers Does NOT have power Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
-
- /* make privilege set */
- /* SE_PRIV_??? */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
-/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Power Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Account Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Account Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Server Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Server Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Print Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Print Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Backup Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Backup Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Replicator */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Replicator group */
- result = gums_storage->set_object(&g_obj);
-
- /* Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Users);
-
- /* add ACE to sec dsec dacl */
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Guests */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Guests group */
- result = gums_storage->set_object(&g_obj);
-
- /* set default privileges */
- g_priv.type = GUMS_OBJ_GROUP;
- g_priv.version = 1;
- g_priv.seq_num = 0;
- g_priv.mem_ctx = talloc_init("gums_init_backend_priv");
- if (g_priv.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
-
-
-done:
- talloc_destroy(g_obj.mem_ctx);
- talloc_destroy(g_priv.mem_ctx);
- return result;
-}
-#endif
-
diff --git a/source3/sam/interface.c b/source3/sam/interface.c
deleted file mode 100644
index 51ae561999..0000000000
--- a/source3/sam/interface.c
+++ /dev/null
@@ -1,1338 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Kai Krüger 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-extern DOM_SID global_sid_Builtin;
-
-/** List of various built-in sam modules */
-
-const struct sam_init_function_entry builtin_sam_init_functions[] = {
- { "plugin", sam_init_plugin },
-#ifdef HAVE_LDAP
- { "ads", sam_init_ads },
-#endif
- { "skel", sam_init_skel },
- { NULL, NULL}
-};
-
-
-static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (strequal(domainname, tmp_methods->domain_name))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
-{
- *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
-
- if (!*methods) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*methods);
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Free and cleanup a sam context, any associated data and anything
- that the attached modules might have associated.
- *******************************************************************/
-
-void free_sam_context(SAM_CONTEXT **context)
-{
- SAM_METHODS *sam_selected = (*context)->methods;
-
- while (sam_selected) {
- if (sam_selected->free_private_data) {
- sam_selected->free_private_data(&(sam_selected->private_data));
- }
- sam_selected = sam_selected->next;
- }
-
- talloc_destroy((*context)->mem_ctx);
- *context = NULL;
-}
-
-/******************************************************************
- Make a backend_entry from scratch
- *******************************************************************/
-
-static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
-{
- char *tmp = NULL;
- char *tmp_string = sam_backend_string;
-
- DEBUG(5,("make_backend_entry: %d\n", __LINE__));
-
- SAM_ASSERT(sam_backend_string && backend_entry);
-
- backend_entry->module_name = sam_backend_string;
-
- DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
-
- if ((tmp = strrchr(tmp_string, '|')) != NULL) {
- DEBUGADD(20,("a domain name has been specified\n"));
- *tmp = 0;
- backend_entry->domain_name = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if ((tmp = strchr(tmp_string, ':')) != NULL) {
- DEBUG(20,("options for the backend have been specified\n"));
- *tmp = 0;
- backend_entry->module_params = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if (backend_entry->domain_name == NULL) {
- DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
- backend_entry->module_name, lp_workgroup()));
- backend_entry->domain_name = smb_xstrdup(lp_workgroup());
- }
-
- if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
- DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
-
- if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
- DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
- backend_entry->domain_name));
- DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
- ZERO_STRUCTP(backend_entry->domain_sid);
- }
-
- DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
- backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- create sam_methods struct based on sam_backend_entry
- *****************************************************************/
-
-static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SAM_METHODS *methods;
- int i;
-
- DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
- return nt_status;
- }
-
- methods = *methods_ptr;
- methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
- methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
- sid_copy(&methods->domain_sid, backend_entry->domain_sid);
- methods->parent = context;
-
- DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
- for (i = 0; builtin_sam_init_functions[i].module_name; i++)
- {
- if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
- {
- DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
- DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
- nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
- if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
- } else {
- DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
- backend_entry->module_name, nt_errstr(nt_status)));
- }
- return nt_status;
- }
- }
-
- DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
-
- return NT_STATUS_INVALID_PARAMETER;
-}
-
-static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
-{
- SAM_BACKEND_ENTRY entry;
- DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
- SAM_METHODS *methods, *tmpmethods;
- NTSTATUS ntstatus;
-
- DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
-
- /* Make sure domain lp_workgroup() is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
- lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
-
- SAM_ASSERT(global_sam_sid);
-
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = lp_workgroup();
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, global_sam_sid);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
-
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
- return ntstatus;
- }
-
- /* Make sure the BUILTIN domain is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
- SAM_DEFAULT_BACKEND));
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = "BUILTIN";
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, &global_sid_Builtin);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
- return ntstatus;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
-{
- int i, j;
-
- DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
-
- for (i = 0; i < *nBackends; i++) {
- for (j = i + 1; j < *nBackends; j++) {
- if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
- DEBUG(0,("two backend modules claim the same domain %s\n",
- sid_string_static((*backend_entries)[j].domain_sid)));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
-{
- int i = 0, j = 0;
- SAM_METHODS *curmethods, *tmpmethods;
- int nBackends = 0;
- SAM_BACKEND_ENTRY *backends = NULL;
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
-
- if (!sam_backends_param) {
- DEBUG(1, ("no SAM backeds specified!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
- DEBUG(4,("make_sam_context failed\n"));
- return nt_status;
- }
-
- while (sam_backends_param[nBackends])
- nBackends++;
-
- DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
-
- if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
- DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- memset(backends, '\0', sizeof(*backends)*nBackends);
-
- for (i = 0; i < nBackends; i++) {
- DEBUG(8,("processing %s\n",sam_backends_param[i]));
- if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
- DEBUG(4,("make_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- }
-
- if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
- DEBUG(4,("check_duplicate_backend_entries failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
-
- for (i = 0; i < nBackends; i++) {
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
- }
-
- for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
-
- SAFE_FREE(backends);
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Make a sam_context from scratch.
- *******************************************************************/
-
-NTSTATUS make_sam_context(SAM_CONTEXT **context)
-{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("sam_context internal allocation context");
-
- if (!mem_ctx) {
- DEBUG(0, ("make_sam_context: talloc init failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *context = talloc(mem_ctx, sizeof(**context));
- if (!*context) {
- DEBUG(0, ("make_sam_context: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*context);
-
- (*context)->mem_ctx = mem_ctx;
-
- (*context)->free_fn = free_sam_context;
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Return an already initialised sam_context, to facilitate backward
- compatibility (see functions below).
- *******************************************************************/
-
-static struct sam_context *sam_get_static_context(BOOL reload)
-{
- static SAM_CONTEXT *sam_context = NULL;
-
- if ((sam_context) && (reload)) {
- sam_context->free_fn(&sam_context);
- sam_context = NULL;
- }
-
- if (!sam_context) {
- if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
- DEBUG(4,("make_sam_context_list failed\n"));
- return NULL;
- }
-
- /* Make sure the required domains (default domain, builtin) are available */
- if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
- DEBUG(4,("sam_context_check_default_backends failed\n"));
- return NULL;
- }
- }
-
- return sam_context;
-}
-
-/***************************************************************
- Initialize the static context (at smbd startup etc).
-
- If uninitialised, context will auto-init on first use.
- ***************************************************************/
-
-BOOL initialize_sam(BOOL reload)
-{
- return (sam_get_static_context(reload) != NULL);
-}
-
-
-/**************************************************************
- External API. This is what the rest of the world calls...
-***************************************************************/
-
-/******************************************************************
- sam_* functions are used to link the external SAM interface
- with the internal backends. These functions lookup the appropriate
- backends for the domain and pass on to the function in sam_methods
- in the selected backend
-
- When the context parmater is NULL, the default is used.
- *******************************************************************/
-
-#define SAM_SETUP_CONTEXT if (!context) \
- context = sam_get_static_context(False);\
- if (!context) {\
- return NT_STATUS_UNSUCCESSFUL; \
- }\
-
-
-
-NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_sec_desc) {
- DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_set_sec_desc) {
- DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_name) {
- DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
- DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
- tmp_methods->domain_name, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- sid_copy(&domainsid, sid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_sid) {
- DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
- DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
- sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid domain specified */
- SAM_ASSERT(domain && domain->current_sam_methods);
-
- tmp_methods = domain->current_sam_methods;
-
- if (!tmp_methods->sam_update_domain) {
- DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
- DEBUG(4,("sam_update_domain in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
- int i = 0;
-
- DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters specified */
- SAM_ASSERT(domain_count && domains && domain_names);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
- *domain_count = 0;
-
- while (tmp_methods) {
- (*domain_count)++;
- tmp_methods= tmp_methods->next;
- }
-
- DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
-
- tmp_methods = context->methods;
-
- if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
- SAFE_FREE((*domains));
- return NT_STATUS_NO_MEMORY;
- }
-
- while (tmp_methods) {
- DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
- sid_copy(domains[i],&tmp_methods->domain_sid);
- *domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
- i++;
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
-
- DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid paramters */
- SAM_ASSERT(access_token && domain && domainsid);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- if (strcmp(domain, tmp_methods->domain_name) == 0) {
- (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy((*domainsid), &tmp_methods->domain_sid);
- return NT_STATUS_OK;
- }
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-
-NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && domain);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_domain_handle) {
- DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
- DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
- sid_string_static(domainsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(access_token && domainsid && account_name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_account) {
- DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
- DEBUG(4,("sam_create_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- DOM_SID domainsid;
- const DOM_SID *accountsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
- DEBUG(0,("Can't get account SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_account) {
- DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
- DEBUG(4,("sam_add_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_update_account) {
- DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
- DEBUG(4,("sam_update_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_delete_account) {
- DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
- DEBUG(4,("sam_delete_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && account_count && accounts);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
- DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- DOM_SID domainsid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && accountsid && account);
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_sid) {
- DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
- DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
- sid_string_static(accountsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_name) {
- DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
- DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && group_name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_group) {
- DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
- DEBUG(4,("sam_create_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- DOM_SID domainsid;
- const DOM_SID *groupsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
- DEBUG(0,("Can't get group SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_group) {
- DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
- DEBUG(4,("sam_add_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_update_group) {
- DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
- DEBUG(4,("sam_update_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_group) {
- DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
- DEBUG(4,("sam_delete_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && groups_count && groups);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
- DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && groupsid && group);
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_sid) {
- DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
- DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
- sid_string_static(groupsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_name) {
- DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
- DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_add_member_to_group) {
- DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-
-}
-
-NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_member_from_group) {
- DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods && members_count && members);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_enum_groupmembers) {
- DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
- DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- uint32 tmp_group_count;
- SAM_GROUP_ENUM *tmp_groups;
-
- DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid sam_context specified */
- SAM_ASSERT(access_token && sids && context && context->methods);
-
- *group_count = 0;
-
- *groups = NULL;
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- DEBUG(5,("getting groups from domain \n"));
- if (!tmp_methods->sam_get_groups_of_sid) {
- DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
- SAFE_FREE(*groups);
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
- DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
- SAFE_FREE(*groups);
- return nt_status;
- }
-
- *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM));
-
- memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);
-
- SAFE_FREE(tmp_groups);
-
- *group_count += tmp_group_count;
-
- tmp_methods = tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-
diff --git a/source3/sam/sam_ads.c b/source3/sam/sam_ads.c
deleted file mode 100755
index 79b107e417..0000000000
--- a/source3/sam/sam_ads.c
+++ /dev/null
@@ -1,1378 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Active Directory SAM backend, for simulate a W2K DC in mixed mode.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-#ifdef HAVE_LDAP
-
-static int sam_ads_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_ads_debug_level
-
-#ifndef FIXME
-#define FIXME( body ) { DEBUG(0,("FIXME: "));\
- DEBUGADD(0,(body));}
-#endif
-
-#define ADS_STATUS_OK ADS_ERROR(0)
-#define ADS_STATUS_UNSUCCESSFUL ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL)
-#define ADS_STATUS_NOT_IMPLEMENTED ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED)
-
-
-#define ADS_SUBTREE_BUILTIN "CN=Builtin,"
-#define ADS_SUBTREE_COMPUTERS "CN=Computers,"
-#define ADS_SUBTREE_DC "CN=Domain Controllers,"
-#define ADS_SUBTREE_USERS "CN=Users,"
-#define ADS_ROOT_TREE ""
-/* Here are private module structs and functions */
-
-typedef struct sam_ads_privates {
- ADS_STRUCT *ads_struct;
- TALLOC_CTX *mem_ctx;
- BOOL bind_plaintext;
- char *ads_bind_dn;
- char *ads_bind_pw;
- char *ldap_uri;
- /* did we need something more? */
-}SAM_ADS_PRIVATES;
-
-
-/* get only these LDAP attributes, witch we really need for an account */
-const char *account_attrs[] = { "objectSid",
- "objectGUID",
- "sAMAccountType",
- "sAMAcountName",
- "userPrincipalName",
- "accountExpires",
- "badPasswordTime",
- "badPwdCount",
- "lastLogoff",
- "lastLogon",
- "userWorkstations",
- "dBCSPwd",
- "unicodePwd",
- "pwdLastSet",
- "userAccountControl",
- "profilePath",
- "homeDrive",
- "scriptPath",
- "homeDirectory",
- "cn",
- "primaryGroupID",/* 513 */
- "nsNPAllowDialIn",/* TRUE */
- "userParameters",/* Dial Back number ...*/
- "codePage",/* 0 */
- "countryCode",/* 0 */
- "adminCount",/* 1 or 0 */
- "logonCount",/* 0 */
- "managedObjects",
- "memberOf",/* dn */
- "instanceType",/* 4 */
- "name", /* sync with cn */
- "description",
- /* "nTSecurityDescriptor", */
- NULL};
-
-/* get only these LDAP attributes, witch we really need for a group */
-const char *group_attrs[] = {"objectSid",
- /* "objectGUID", */
- "sAMAccountType",
- "sAMAcountName",
- "groupType",
- /* "member", */
- "description",
- "name", /* sync with cn */
- /* "nTSecurityDescriptor", */
- NULL};
-
-
-/***************************************************
- return our ads connection. We keep the connection
- open to make things faster
-****************************************************/
-static ADS_STATUS sam_ads_cached_connection(SAM_ADS_PRIVATES *privates)
-{
- ADS_STRUCT *ads_struct;
- ADS_STATUS ads_status;
-
- if (!privates->ads_struct) {
- privates->ads_struct = ads_init_simple();
- ads_struct = privates->ads_struct;
- ads_struct->server.ldap_uri = smb_xstrdup(privates->ldap_uri);
- if ((!privates->ads_bind_dn) || (!*privates->ads_bind_dn)) {
- ads_struct->auth.flags |= ADS_AUTH_ANON_BIND;
- } else {
- ads_struct->auth.user_name
- = smb_xstrdup(privates->ads_bind_dn);
- if (privates->ads_bind_pw) {
- ads_struct->auth.password
- = smb_xstrdup(privates->ads_bind_pw);
- }
- }
- if (privates->bind_plaintext) {
- ads_struct->auth.flags |= ADS_AUTH_SIMPLE_BIND;
- }
- } else {
- ads_struct = privates->ads_struct;
- }
-
- if (ads_struct->ld != NULL) {
- /* connection has been opened. ping server. */
- struct sockaddr_un addr;
- socklen_t len;
- int sd;
- if (ldap_get_option(ads_struct->ld, LDAP_OPT_DESC, &sd) == 0 &&
- getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
- /* the other end has died. reopen. */
- ldap_unbind_ext(ads_struct->ld, NULL, NULL);
- ads_struct->ld = NULL;
- }
- }
-
- if (ads_struct->ld != NULL) {
- DEBUG(5,("sam_ads_cached_connection: allready connected to the LDAP server\n"));
- return ADS_SUCCESS;
- }
-
- ads_status = ads_connect(ads_struct);
-
- ads_status = ads_server_info(ads_struct);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(0,("Can't set server info: %s\n",ads_errstr(ads_status)));
- /* return ads_status; */ FIXME("for now we only warn!\n");
- }
-
- DEBUG(2, ("sam_ads_cached_connection: succesful connection to the LDAP server\n"));
- return ADS_SUCCESS;
-}
-
-static ADS_STATUS sam_ads_do_search(SAM_ADS_PRIVATES *privates, const char *bind_path, int scope, const char *exp, const char **attrs, void **res)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- ads_status = sam_ads_cached_connection(privates);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- return ads_do_search_retry(privates->ads_struct, bind_path, scope, exp, attrs, res);
-}
-
-
-/*********************************************
-here we have to check the update serial number
- - this is the core of the ldap cache
-*********************************************/
-static ADS_STATUS sam_ads_usn_is_valid(SAM_ADS_PRIVATES *privates, uint32 usn_in, uint32 *usn_out)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- SAM_ASSERT(privates && privates->ads_struct && usn_out);
-
- ads_status = ads_USN(privates->ads_struct, usn_out);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (*usn_out == usn_in)
- return ADS_SUCCESS;
-
- return ads_status;
-}
-
-/***********************************************
-Initialize SAM_ACCOUNT_HANDLE from an ADS query
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_account_handle(SAM_ADS_PRIVATES *privates, SAM_ACCOUNT_HANDLE *account ,void *msg)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER);
- NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = account->mem_ctx;
- char *tmp_str = NULL;
-
- SAM_ASSERT(privates && ads_struct && account && mem_ctx && msg);
-
- FIXME("should we really use ads_pull_username()(or ads_pull_string())?\n");
- if ((account->private.account_name = ads_pull_username(ads_struct, mem_ctx, msg))==NULL) {
- DEBUG(0,("ads_pull_username failed\n"));
- return ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER);
- }
-
- if ((account->private.full_name = ads_pull_string(ads_struct, mem_ctx, msg,"name"))==NULL) {
- DEBUG(3,("ads_pull_string for 'name' failed - skip\n"));
- }
-
- if ((account->private.acct_desc = ads_pull_string(ads_struct, mem_ctx, msg,"description"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'acct_desc' failed - skip\n"));
- }
-
- if ((account->private.home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"homeDirectory"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'homeDirectory' failed - skip\n"));
- }
-
- if ((account->private.dir_drive = ads_pull_string(ads_struct, mem_ctx, msg,"homeDrive"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'homeDrive' failed - skip\n"));
- }
-
- if ((account->private.profile_path = ads_pull_string(ads_struct, mem_ctx, msg,"profilePath"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'profilePath' failed - skip\n"));
- }
-
- if ((account->private.logon_script = ads_pull_string(ads_struct, mem_ctx, msg,"scriptPath"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'scriptPath' failed - skip\n"));
- }
-
- FIXME("check 'nsNPAllowDialIn' for munged_dial!\n");
- if ((account->private.munged_dial = ads_pull_string(ads_struct, mem_ctx, msg,"userParameters"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'userParameters' failed - skip\n"));
- }
-
- if ((account->private.unix_home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"msSFUHomeDrirectory"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'msSFUHomeDrirectory' failed - skip\n"));
- }
-
-#if 0
- FIXME("use function intern mem_ctx for pwdLastSet\n");
- if ((tmp_str = ads_pull_string(ads_struct, mem_ctx, msg,"pwdLastSet"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'pwdLastSet' failed - skip\n"));
- } else {
- account->private.pass_last_set_time = ads_parse_nttime(tmp_str);
- tmp_str = NULL;
-
- }
-#endif
-
-#if 0
-typedef struct sam_account_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_account_handle **);
- struct sam_account_data {
- uint32 init_flag;
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
- char * account_name; /* account_name string */
- SAM_DOMAIN_HANDLE * domain; /* domain of account */
- char *full_name; /* account's full name string */
- char *unix_home_dir; /* UNIX home directory string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *acct_desc; /* account description string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
- DOM_SID account_sid; /* Primary Account SID */
- DOM_SID group_sid; /* Primary Group SID */
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
- char *plaintext_pw; /* if Null not available */
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_1; /* 0x00ff ffff */
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
- uint32 unknown_2; /* 0x0002 0000 */
- uint32 unknown_3; /* 0x0000 04ec */
- } private;
-} SAM_ACCOUNT_HANDLE;
-#endif
-
- return ads_status;
-}
-
-
-/***********************************************
-Initialize SAM_GROUP_ENUM from an ads entry
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_group_enum(SAM_ADS_PRIVATES *privates, TALLOC_CTX *mem_ctx, SAM_GROUP_ENUM **group_enum,const void *entry)
-{
- ADS_STATUS ads_status = ADS_STATUS_UNSUCCESSFUL;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SAM_GROUP_ENUM __group_enum;
- SAM_GROUP_ENUM *_group_enum = &__group_enum;
-
- SAM_ASSERT(privates && ads_struct && mem_ctx && group_enum && entry);
-
- *group_enum = _group_enum;
-
- DEBUG(3,("sam_ads: ads_entry2sam_account_handle\n"));
-
- if (!ads_pull_sid(ads_struct, &entry, "objectSid", &(_group_enum->sid))) {
- DEBUG(0,("No sid for!?\n"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_name = ads_pull_string(ads_struct, mem_ctx, &entry, "sAMAccountName"))) {
- DEBUG(0,("No groupname found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_desc = ads_pull_string(ads_struct, mem_ctx, &entry, "desciption"))) {
- DEBUG(0,("No description found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(0,("sAMAccountName: %s\ndescription: %s\nobjectSid: %s\n",
- _group_enum->group_name,
- _group_enum->group_desc,
- sid_string_static(&(_group_enum->sid))
- ));
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_access_check(SAM_ADS_PRIVATES *privates, const SEC_DESC *sd, const NT_USER_TOKEN *access_token, uint32 access_desired, uint32 *acc_granted)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
- NTSTATUS nt_status;
- uint32 my_acc_granted;
-
- SAM_ASSERT(privates && sd && access_token);
- /* acc_granted can be set to NULL */
-
- /* the steps you need are:
- 1. get_sec_desc for sid
- 2. se_map_generic(accessdesired, generic_mapping)
- 3. se_access_check() */
-
- if (!se_access_check(sd, access_token, access_desired, (acc_granted)?acc_granted:&my_acc_granted, &nt_status)) {
- DEBUG(3,("sam_ads_access_check: ACCESS DENIED\n"));
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
- }
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_get_tree_sec_desc(SAM_ADS_PRIVATES *privates, const char *subtree, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- char *search_path;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
-
- SAM_ASSERT(privates && ads_struct && mem_ctx && sd);
- *sd = NULL;
-
- if (subtree) {
- asprintf(&search_path, "%s%s",subtree,ads_struct->config.bind_path);
- } else {
- asprintf(&search_path, "%s","");
- }
- ads_status = sam_ads_do_search(privates, search_path, LDAP_SCOPE_BASE, "(objectClass=*)", sec_desc_attrs, &sec_desc_res);
- SAFE_FREE(search_path);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if ((sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))==NULL) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- *sd = NULL;
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_account_policy_get(SAM_ADS_PRIVATES *privates, int field, uint32 *value)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- ADS_STRUCT *ads_struct = privates->ads_struct;
- void *ap_res;
- void *ap_msg;
- const char *ap_attrs[] = {"minPwdLength",/* AP_MIN_PASSWORD_LEN */
- "pwdHistoryLength",/* AP_PASSWORD_HISTORY */
- "AP_USER_MUST_LOGON_TO_CHG_PASS",/* AP_USER_MUST_LOGON_TO_CHG_PASS */
- "maxPwdAge",/* AP_MAX_PASSWORD_AGE */
- "minPwdAge",/* AP_MIN_PASSWORD_AGE */
- "lockoutDuration",/* AP_LOCK_ACCOUNT_DURATION */
- "AP_RESET_COUNT_TIME",/* AP_RESET_COUNT_TIME */
- "AP_BAD_ATTEMPT_LOCKOUT",/* AP_BAD_ATTEMPT_LOCKOUT */
- "AP_TIME_TO_LOGOUT",/* AP_TIME_TO_LOGOUT */
- NULL};
- /*lockOutObservationWindow
- lockoutThreshold $ pwdProperties*/
- static uint32 ap[9];
- static uint32 ap_usn = 0;
- uint32 tmp_usn = 0;
-
- SAM_ASSERT(privates && ads_struct && value);
-
- FIXME("We need to decode all account_policy attributes!\n");
-
- ads_status = sam_ads_usn_is_valid(privates,ap_usn,&tmp_usn);
- if (!ADS_ERR_OK(ads_status)) {
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_BASE, "(objectClass=*)", ap_attrs, &ap_res);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (ads_count_replies(ads_struct, ap_res) != 1) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!(ap_msg = ads_first_entry(ads_struct, ap_res))) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[0], &ap[0])) {
- /* AP_MIN_PASSWORD_LEN */
- ap[0] = MINPASSWDLENGTH;/* 5 chars minimum */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[1], &ap[1])) {
- /* AP_PASSWORD_HISTORY */
- ap[1] = 0;/* don't keep any old password */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[2], &ap[2])) {
- /* AP_USER_MUST_LOGON_TO_CHG_PASS */
- ap[2] = 0;/* don't force user to logon */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[3], &ap[3])) {
- /* AP_MAX_PASSWORD_AGE */
- ap[3] = MAX_PASSWORD_AGE;/* 21 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[4], &ap[4])) {
- /* AP_MIN_PASSWORD_AGE */
- ap[4] = 0;/* 0 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[5], &ap[5])) {
- /* AP_LOCK_ACCOUNT_DURATION */
- ap[5] = 0;/* lockout for 0 minutes */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[6], &ap[6])) {
- /* AP_RESET_COUNT_TIME */
- ap[6] = 0;/* reset immediatly */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[7], &ap[7])) {
- /* AP_BAD_ATTEMPT_LOCKOUT */
- ap[7] = 0;/* don't lockout */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[8], &ap[8])) {
- /* AP_TIME_TO_LOGOUT */
- ap[8] = -1;/* don't force logout */
- }
-
- ads_msgfree(ads_struct, ap_res);
- ap_usn = tmp_usn;
- }
-
- switch(field) {
- case AP_MIN_PASSWORD_LEN:
- *value = ap[0];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_PASSWORD_HISTORY:
- *value = ap[1];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_USER_MUST_LOGON_TO_CHG_PASS:
- *value = ap[2];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MAX_PASSWORD_AGE:
- *value = ap[3];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MIN_PASSWORD_AGE:
- *value = ap[4];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_LOCK_ACCOUNT_DURATION:
- *value = ap[5];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_RESET_COUNT_TIME:
- *value = ap[6];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_BAD_ATTEMPT_LOCKOUT:
- *value = ap[7];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_TIME_TO_LOGOUT:
- *value = ap[8];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- default: *value = 0; break;
- }
-
- return ads_status;
-}
-
-
-/**********************************
-Now the functions off the SAM API
-***********************************/
-
-/* General API */
-static NTSTATUS sam_ads_get_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx;
- char *sidstr,*filter;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
- fstring sid_str;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && sid && sd);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
-
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- sidstr = sid_binstring(sid);
- if (asprintf(&filter, "(objectSid=%s)", sidstr) == -1) {
- SAFE_FREE(sidstr);
- return NT_STATUS_NO_MEMORY;
- }
-
- SAFE_FREE(sidstr);
-
- ads_status = sam_ads_do_search(privates,ads_struct->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter, sec_desc_attrs,
- &sec_desc_res);
- SAFE_FREE(filter);
-
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- if (!(mem_ctx = talloc_init("sec_desc parse in sam_ads"))) {
- DEBUG(1, ("talloc_init() failed for sec_desc parse context in sam_ads"));
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (ads_count_replies(ads_struct, sec_desc_res) != 1) {
- DEBUG(1,("sam_ads_get_sec_desc: duplicate or 0 results for sid %s\n",
- sid_to_string(sid_str, sid)));
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!(sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))) {
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return ads_ntstatus(ads_status);
- }
-
- /* now, were we allowed to see the SD we just got? */
-
- ads_msgfree(ads_struct, sec_desc_res);
- talloc_destroy(mem_ctx);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_set_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, const SEC_DESC *sd)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-
-static NTSTATUS sam_ads_lookup_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name,
- enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && mem_ctx && sid && name && type);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_sid_to_name(ads_struct, mem_ctx, sid, name, type);
-}
-
-static NTSTATUS sam_ads_lookup_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const char *name, DOM_SID *sid, enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && name && sid && type);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_name_to_sid(ads_struct, name, sid, type);
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_ads_update_domain(const SAM_METHODS *sam_method, const SAM_DOMAIN_HANDLE *domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_domain_handle(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- TALLOC_CTX *mem_ctx = privates->mem_ctx; /*Fix me is this right??? */
- SAM_DOMAIN_HANDLE *dom_handle = NULL;
- SEC_DESC *sd;
- uint32 acc_granted;
- uint32 tmp_value;
-
- DEBUG(5,("sam_ads_get_domain_handle: %d\n",__LINE__));
-
- SAM_ASSERT(sam_method && access_token && domain);
-
- (*domain) = NULL;
-
- if ((dom_handle = talloc(mem_ctx, sizeof(SAM_DOMAIN_HANDLE))) == NULL) {
- DEBUG(0,("failed to talloc dom_handle\n"));
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- return ads_ntstatus(ads_status);
- }
-
- ZERO_STRUCTP(dom_handle);
-
- dom_handle->mem_ctx = mem_ctx; /*Fix me is this right??? */
- dom_handle->free_fn = NULL;
- dom_handle->current_sam_methods = sam_method;
-
- /* check if access can be granted as requested */
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- dom_handle->access_granted = acc_granted;
-
- /* fill all the values of dom_handle */
- sid_copy(&dom_handle->private.sid, &sam_method->domain_sid);
- dom_handle->private.name = smb_xstrdup(sam_method->domain_name);
- dom_handle->private.servername = "WHOKNOWS"; /* what is the servername */
-
- /*Fix me: sam_ads_account_policy_get() return ADS_STATUS! */
- ads_status = sam_ads_account_policy_get(privates, AP_MAX_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for max password age. Useing default\n"));
- tmp_value = MAX_PASSWORD_AGE;
- }
- unix_to_nt_time_abs(&dom_handle->private.max_passwordage,tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password age. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.min_passwordage, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_LOCK_ACCOUNT_DURATION, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for lockout duration. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.lockout_duration, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_RESET_COUNT_TIME, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for time till locout count is reset. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.reset_count, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_LEN, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password length. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.min_passwordlength = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_PASSWORD_HISTORY, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed password history. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.password_history = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_BAD_ATTEMPT_LOCKOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for bad attempts till lockout. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.lockout_count = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_TIME_TO_LOGOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for force logout. Useing default\n"));
- tmp_value = -1;
- }
-
- ads_status = sam_ads_account_policy_get(privates, AP_USER_MUST_LOGON_TO_CHG_PASS, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for user must login to change password. Useing default\n"));
- tmp_value = 0;
- }
-
- /* should the real values of num_accounts, num_groups and num_aliases be retreved?
- * I think it is to expensive to bother
- */
- dom_handle->private.num_accounts = 3;
- dom_handle->private.num_groups = 4;
- dom_handle->private.num_aliases = 5;
-
- *domain = dom_handle;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- return ads_ntstatus(ads_status);
-}
-
-/* Account API */
-static NTSTATUS sam_ads_create_account(const SAM_METHODS *sam_method,
- const NT_USER_TOKEN *access_token, uint32 access_desired,
- const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && access_token && account_name && account);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_SUBTREE_USERS, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_ERROR(LDAP_NO_MEMORY);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- ADS_MODLIST mods;
- uint16 acct_ctrl;
- char *new_dn;
- SEC_DESC *sd;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && account);
-
- ads_status = ADS_ERROR_NT(sam_get_account_acct_ctrl(account,&acct_ctrl));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if ((acct_ctrl & ACB_WSTRUST)||(acct_ctrl & ACB_SVRTRUST)) {
- /* Computer account */
- char *name,*controlstr;
- char *hostname,*host_upn,*host_spn;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", "computer", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(host_upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Computers,%s", hostname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", host_upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ads_mod_str(mem_ctx, &mods, "servicePrincipalName", host_spn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "dNSHostName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- /* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystem", "Samba");
- if (!ADS_ERR_OK(ads_status))
- goto done;
- *//* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", VERSION);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- */
- /* End Computer account */
- } else {
- /* User account*/
- char *upn, *controlstr;
- char *name, *fullname;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ADS_ERROR_NT(sam_get_account_fullname(account,&fullname));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", fullname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- }/* End User account */
-
- /* Finally at the account */
- ads_status = ads_gen_add(ads_struct, new_dn, mods);
-
-done:
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
-
-
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_accounts(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-#if 0
-static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_sid && account);
-
- ads_status = ADS_ERROR_NT(sam_ads_get_sec_desc(sam_method, access_token, account_sid, &my_sd));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-#else
-static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-#endif
-
-#if 0
-static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_name && account);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-#else
-static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-#endif
-
-/* Group API */
-static NTSTATUS sam_ads_create_group(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groups(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- void *res = NULL;
- void *msg = NULL;
- char *filter = NULL;
- int i = 0;
-
- /* get only these LDAP attributes, witch we really need for a group */
- const char *group_enum_attrs[] = {"objectSid",
- "description",
- "sAMAcountName",
- NULL};
-
- SAM_ASSERT(sam_method && access_token && groups_count && groups);
-
- *groups_count = 0;
-
- DEBUG(3,("ads: enum_dom_groups\n"));
-
- FIXME("get only group from the wanted Type!\n");
- asprintf(&filter, "(&(objectClass=group)(groupType=%s))", "*");
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_SUBTREE, filter, group_enum_attrs, &res);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(1,("enum_groups ads_search: %s\n", ads_errstr(ads_status)));
- }
-
- *groups_count = ads_count_replies(ads_struct, res);
- if (*groups_count == 0) {
- DEBUG(1,("enum_groups: No groups found\n"));
- }
-
- (*groups) = talloc_zero(mem_ctx, (*groups_count) * sizeof(**groups));
- if (!*groups) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- for (msg = ads_first_entry(ads_struct, res); msg; msg = ads_next_entry(ads_struct, msg)) {
- uint32 grouptype;
-
- if (!ads_pull_uint32(ads_struct, msg, "groupType", &grouptype)) {
- ;
- } else {
- (*groups)->group_ctrl = ads_gtype2gcb(grouptype);
- }
-
- if (!((*groups)->group_name = ads_pull_string(ads_struct, mem_ctx, msg, "sAMAccountName"))) {
- ;
- }
-
- if (!((*groups)->group_desc = ads_pull_string(ads_struct, mem_ctx, msg, "description"))) {
- ;
- }
-
- if (!ads_pull_sid(ads_struct, msg, "objectSid", &((*groups)->sid))) {
- DEBUG(1,("No sid for group %s !?\n", (*groups)->group_name));
- continue;
- }
-
- i++;
- }
-
- (*groups_count) = i;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
-
- DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*groups_count)));
-
- if (res) ads_msgfree(ads_struct, res);
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_member_to_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_member_from_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groupmembers(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_groups_of_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const DOM_SID **sids, const uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",FUNCTION_MACRO));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-/**********************************
-Free our private data
-***********************************/
-static void sam_ads_free_private_data(void **vp)
-{
- SAM_ADS_PRIVATES **sam_ads_state = (SAM_ADS_PRIVATES **)vp;
-
- if ((*sam_ads_state)->ads_struct->ld) {
- ldap_unbind((*sam_ads_state)->ads_struct->ld);
- }
-
- ads_destroy(&((*sam_ads_state)->ads_struct));
-
- talloc_destroy((*sam_ads_state)->mem_ctx);
- FIXME("maybe we must free some other stuff here\n");
-
- *sam_ads_state = NULL;
-}
-
-
-
-/*****************************************************
-Init the ADS SAM backend
-******************************************************/
-NTSTATUS sam_init_ads(SAM_METHODS *sam_method, const char *module_params)
-{
- ADS_STATUS ads_status;
- SAM_ADS_PRIVATES *sam_ads_state;
- TALLOC_CTX *mem_ctx;
-
- SAM_ASSERT(sam_method && sam_method->parent);
-
- mem_ctx = sam_method->parent->mem_ctx;
-
- /* Here the SAM API functions of the sam_ads module */
-
- /* General API */
-
- sam_method->sam_get_sec_desc = sam_ads_get_sec_desc;
- sam_method->sam_set_sec_desc = sam_ads_set_sec_desc;
-
- sam_method->sam_lookup_sid = sam_ads_lookup_sid;
- sam_method->sam_lookup_name = sam_ads_lookup_name;
-
- /* Domain API */
-
- sam_method->sam_update_domain = sam_ads_update_domain;
- sam_method->sam_get_domain_handle = sam_ads_get_domain_handle;
-
- /* Account API */
-
- sam_method->sam_create_account = sam_ads_create_account;
- sam_method->sam_add_account = sam_ads_add_account;
- sam_method->sam_update_account = sam_ads_update_account;
- sam_method->sam_delete_account = sam_ads_delete_account;
- sam_method->sam_enum_accounts = sam_ads_enum_accounts;
-
- sam_method->sam_get_account_by_sid = sam_ads_get_account_by_sid;
- sam_method->sam_get_account_by_name = sam_ads_get_account_by_name;
-
- /* Group API */
-
- sam_method->sam_create_group = sam_ads_create_group;
- sam_method->sam_add_group = sam_ads_add_group;
- sam_method->sam_update_group = sam_ads_update_group;
- sam_method->sam_delete_group = sam_ads_delete_group;
- sam_method->sam_enum_groups = sam_ads_enum_groups;
- sam_method->sam_get_group_by_sid = sam_ads_get_group_by_sid;
- sam_method->sam_get_group_by_name = sam_ads_get_group_by_name;
-
- sam_method->sam_add_member_to_group = sam_ads_add_member_to_group;
- sam_method->sam_delete_member_from_group = sam_ads_delete_member_from_group;
- sam_method->sam_enum_groupmembers = sam_ads_enum_groupmembers;
-
- sam_method->sam_get_groups_of_sid = sam_ads_get_groups_of_sid;
-
- sam_ads_state = talloc_zero(mem_ctx, sizeof(SAM_ADS_PRIVATES));
- if (!sam_ads_state) {
- DEBUG(0, ("talloc() failed for sam_ads private_data!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!(sam_ads_state->mem_ctx = talloc_init("sam_ads_method"))) {
- DEBUG(0, ("talloc_init() failed for sam_ads_state->mem_ctx\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- sam_ads_state->ads_bind_dn = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_const_string(GLOBAL_SECTION_SNUM,"sam_ads","bind as", ""));
- sam_ads_state->ads_bind_pw = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_const_string(GLOBAL_SECTION_SNUM,"sam_ads","bind pw", ""));
-
- sam_ads_state->bind_plaintext = lp_parm_bool(GLOBAL_SECTION_SNUM, "sam_ads", "plaintext bind" , True);
-
- if (!sam_ads_state->ads_bind_dn || !sam_ads_state->ads_bind_pw) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Maybe we should not check the result here? Server down on startup? */
-
- if (module_params && *module_params) {
- sam_ads_state->ldap_uri = talloc_strdup(sam_ads_state->mem_ctx, module_params);
- if (!sam_ads_state->ldap_uri) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- sam_ads_state->ldap_uri = "ldapi://";
- }
-
- ads_status = sam_ads_cached_connection(sam_ads_state);
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- sam_method->private_data = sam_ads_state;
- sam_method->free_private_data = sam_ads_free_private_data;
-
- sam_ads_debug_level = debug_add_class("sam_ads");
- if (sam_ads_debug_level == -1) {
- sam_ads_debug_level = DBGC_ALL;
- DEBUG(0, ("sam_ads: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_ads: Debug class number of 'sam_ads': %d\n", sam_ads_debug_level));
-
- DEBUG(5, ("Initializing sam_ads\n"));
- if (module_params)
- DEBUG(10, ("Module Parameters for Domain %s[%s]: %s\n", sam_method->domain_name, sam_method->domain_name, module_params));
- return NT_STATUS_OK;
-}
-
-#else /* HAVE_LDAP */
-void sam_ads_dummy(void)
-{
- DEBUG(0,("sam_ads: not supported!\n"));
-}
-#endif /* HAVE_LDAP */
diff --git a/source3/sam/sam_skel.c b/source3/sam/sam_skel.c
deleted file mode 100644
index b4d64bb6da..0000000000
--- a/source3/sam/sam_skel.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- this is a skeleton for SAM backend modules.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-static int sam_skel_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_skel_debug_level
-
-/* define the version of the SAM interface */
-SAM_MODULE_VERSIONING_MAGIC
-
-/* General API */
-
-static NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Account API */
-
-static NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Group API */
-
-static NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",FUNCTION_MACRO));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_init_skel(SAM_METHODS *sam_methods, const char *module_params)
-{
- /* Functions your SAM module doesn't provide should be set
- * to NULL */
-
- sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc;
- sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc;
-
- sam_methods->sam_lookup_sid = sam_skel_lookup_sid;
- sam_methods->sam_lookup_name = sam_skel_lookup_name;
-
- /* Domain API */
-
- sam_methods->sam_update_domain = sam_skel_update_domain;
- sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle;
-
- /* Account API */
-
- sam_methods->sam_create_account = sam_skel_create_account;
- sam_methods->sam_add_account = sam_skel_add_account;
- sam_methods->sam_update_account = sam_skel_update_account;
- sam_methods->sam_delete_account = sam_skel_delete_account;
- sam_methods->sam_enum_accounts = sam_skel_enum_accounts;
-
- sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid;
- sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name;
-
- /* Group API */
-
- sam_methods->sam_create_group = sam_skel_create_group;
- sam_methods->sam_add_group = sam_skel_add_group;
- sam_methods->sam_update_group = sam_skel_update_group;
- sam_methods->sam_delete_group = sam_skel_delete_group;
- sam_methods->sam_enum_groups = sam_skel_enum_groups;
- sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid;
- sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name;
-
- sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group;
- sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group;
- sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers;
-
- sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid;
-
- sam_methods->free_private_data = NULL;
-
-
- sam_skel_debug_level = debug_add_class("sam_skel");
- if (sam_skel_debug_level == -1) {
- sam_skel_debug_level = DBGC_SAM;
- DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level));
-
- if(module_params)
- DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name));
- else
- DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name));
-
- return NT_STATUS_OK;
-}
diff --git a/source3/script/addtosmbpass b/source3/script/addtosmbpass
new file mode 100644
index 0000000000..bc82851c52
--- /dev/null
+++ b/source3/script/addtosmbpass
@@ -0,0 +1,74 @@
+#!/usr/bin/awk -f
+# edit the line above to point to your real location of awk interpreter
+
+# awk program for adding new entries in smbpasswd files
+# arguments are account names to add; feed it an existent Samba password
+# file on stdin, results will be written on stdout
+#
+# Michal Jaegermann, michal@ellpspace.math.ualberta.ca, 1995-11-09
+
+BEGIN {
+ me = "addtosmbpass";
+ count = ARGC;
+ FS = ":";
+
+ if (count == 1) {
+ print "Usage:", me,
+ "name1 [name2 ....] < smbpasswd.in > smbpasswd.out";
+ ARGV[1] = "/dev/null";
+ ARGC = 2;
+ exit;
+ }
+
+ for(i = 1; i < count; i++) {
+ names[ARGV[i]] = " ";
+ delete ARGV[i];
+ }
+# sane awk should work simply with 'ARGC = 1', but not every awk
+# implementation is sane - big sigh!!
+ ARGV[1] = "-";
+ ARGC = 2;
+#
+# If you have ypmatch but is not RPC registered (some Linux systems
+# for example) comment out the next line.
+# "which ypmatch" | getline ypmatch;
+ if (1 != match(ypmatch, /^\//)) {
+ ypmatch = "";
+ }
+ pwdf = "/etc/passwd";
+}
+#check for names already present in input
+{
+ print $0;
+ for(name in names) {
+ if($1 == name) {
+ delete names[name];
+ }
+ }
+}
+END {
+ fmt = "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:";
+ fmt = fmt "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:%s:\n";
+ for(name in names) {
+ while ((getline < pwdf) > 0) {
+ if ($1 == name) {
+ printf(fmt, $1, $3, $5);
+ close(pwdf);
+ notfound = "";
+ break;
+ }
+ notfound = "n";
+ }
+ $0 = "";
+ if (notfound && ypmatch) {
+# try to find in NIS databases
+ command = ypmatch " " name " passwd";
+ command | getline;
+ if (NF > 0) {
+ printf(fmt, $1, $3, $5);
+ }
+ close(command);
+ }
+ }
+}
+
diff --git a/source3/script/build_env.sh b/source3/script/build_env.sh
index 0000759f16..eb54f37aed 100755
--- a/source3/script/build_env.sh
+++ b/source3/script/build_env.sh
@@ -1,25 +1,31 @@
#!/bin/sh
+if [ $# -lt 3 ]
+then
+ echo "Usage: $0 srcdir builddir compiler"
+ exit 1
+fi
+
uname=`uname -a`
date=`date`
srcdir=$1
builddir=$2
compiler=$3
- if [ ! "x$USER" = "x" ]; then
- whoami=$USER
- else
- if [ ! "x$LOGNAME" = "x" ]; then
- whoami=$LOGNAME
- else
- whoami=`whoami || id -un`
- fi
- fi
+if [ ! "x$USER" = "x" ]; then
+ whoami=$USER
+else
+ if [ ! "x$LOGNAME" = "x" ]; then
+ whoami=$LOGNAME
+ else
+ whoami=`whoami || id -un`
+ fi
+fi
host=`hostname`
cat <<EOF
-/* This file is automatically generated with "make build_env". DO NOT EDIT */
+/* This file is automatically generated with "make include/build_env.h". DO NOT EDIT */
#ifndef _BUILD_ENV_H
#define _BUILD_ENV_H
diff --git a/source3/script/convert_smbpasswd b/source3/script/convert_smbpasswd
new file mode 100755
index 0000000000..edb775d3a6
--- /dev/null
+++ b/source3/script/convert_smbpasswd
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Convert a Samba 1.9.18 smbpasswd file format into
+# a Samba 2.0 smbpasswd file format.
+# Read from stdin and write to stdout for simplicity.
+# Set the last change time to 0x363F96AD to avoid problems
+# with trying to work out how to get the seconds since 1970
+# in awk or the shell. JRA.
+#
+nawk 'BEGIN {FS=":"}
+{
+ if( $0 ~ "^#" ) {
+ print $0
+ } else {
+ printf( "%s:%s:%s:%s:[U ]:LCT-363F96AD:\n", $1, $2, $3, $4);
+ }
+}'
diff --git a/source3/script/genstruct.pl b/source3/script/genstruct.pl
deleted file mode 100755
index a6abd718c9..0000000000
--- a/source3/script/genstruct.pl
+++ /dev/null
@@ -1,299 +0,0 @@
-#!/usr/bin/perl -w
-# a simple system for generating C parse info
-# this can be used to write generic C structer load/save routines
-# Copyright 2002 Andrew Tridgell <genstruct@tridgell.net>
-# released under the GNU General Public License v2 or later
-
-use strict;
-
-my(%enum_done) = ();
-my(%struct_done) = ();
-
-###################################################
-# general handler
-sub handle_general($$$$$$$$)
-{
- my($name) = shift;
- my($ptr_count) = shift;
- my($size) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($dump_fn) = shift;
- my($parse_fn) = shift;
- my($tflags) = shift;
- my($array_len) = 0;
- my($dynamic_len) = "NULL";
-
- # handle arrays, currently treat multidimensional arrays as 1 dimensional
- while ($element =~ /(.*)\[(.*?)\]$/) {
- $element = $1;
- if ($array_len == 0) {
- $array_len = $2;
- } else {
- $array_len = "$2 * $array_len";
- }
- }
-
- if ($flags =~ /_LEN\((\w*?)\)/) {
- $dynamic_len = "\"$1\"";
- }
-
- if ($flags =~ /_NULLTERM/) {
- $tflags = "FLAG_NULLTERM";
- }
-
- print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n";
-}
-
-
-####################################################
-# parse one element
-sub parse_one($$$$)
-{
- my($name) = shift;
- my($type) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($ptr_count) = 0;
- my($size) = "sizeof($type)";
- my($tflags) = "0";
-
- # enums get the FLAG_ALWAYS flag
- if ($type =~ /^enum /) {
- $tflags = "FLAG_ALWAYS";
- }
-
-
- # make the pointer part of the base type
- while ($element =~ /^\*(.*)/) {
- $ptr_count++;
- $element = $1;
- }
-
- # convert spaces to _
- $type =~ s/ /_/g;
-
- my($dump_fn) = "gen_dump_$type";
- my($parse_fn) = "gen_parse_$type";
-
- handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags);
-}
-
-####################################################
-# parse one element
-sub parse_element($$$)
-{
- my($name) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($type);
- my($data);
-
- # pull the base type
- if ($element =~ /^struct (\S*) (.*)/) {
- $type = "struct $1";
- $data = $2;
- } elsif ($element =~ /^enum (\S*) (.*)/) {
- $type = "enum $1";
- $data = $2;
- } elsif ($element =~ /^unsigned (\S*) (.*)/) {
- $type = "unsigned $1";
- $data = $2;
- } elsif ($element =~ /^(\S*) (.*)/) {
- $type = $1;
- $data = $2;
- } else {
- die "Can't parse element '$element'";
- }
-
- # handle comma separated lists
- while ($data =~ /(\S*),[\s]?(.*)/) {
- parse_one($name, $type, $1, $flags);
- $data = $2;
- }
- parse_one($name, $type, $data, $flags);
-}
-
-
-my($first_struct) = 1;
-
-####################################################
-# parse the elements of one structure
-sub parse_elements($$)
-{
- my($name) = shift;
- my($elements) = shift;
-
- if ($first_struct) {
- $first_struct = 0;
- print "Parsing structs: $name";
- } else {
- print ", $name";
- }
-
- print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n";
- print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n";
-
- print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n";
-
-
- while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) {
- my($element) = $1;
- my($flags) = $2;
- $elements = $3;
- parse_element($name, $element, $flags);
- }
-
- print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n";
-
- print OFILE "
-int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) {
- return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent);
-}
-int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) {
- return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str);
-}
-
-";
-}
-
-my($first_enum) = 1;
-
-####################################################
-# parse out the enum declarations
-sub parse_enum_elements($$)
-{
- my($name) = shift;
- my($elements) = shift;
-
- if ($first_enum) {
- $first_enum = 0;
- print "Parsing enums: $name";
- } else {
- print ", $name";
- }
-
- print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n";
-
- my(@enums) = split(/,/s, $elements);
- for (my($i)=0; $i <= $#{@enums}; $i++) {
- my($enum) = $enums[$i];
- if ($enum =~ /\s*(\w*)/) {
- my($e) = $1;
- print OFILE "{\"$e\", $e},\n";
- }
- }
-
- print OFILE "{NULL, 0}};\n";
-
- print OFILE "
-int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) {
- return gen_dump_enum(einfo_$name, p, ptr, indent);
-}
-
-int gen_parse_enum_$name(char *ptr, const char *str) {
- return gen_parse_enum(einfo_$name, ptr, str);
-}
-
-";
-}
-
-####################################################
-# parse out the enum declarations
-sub parse_enums($)
-{
- my($data) = shift;
-
- while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) {
- my($name) = $1;
- my($elements) = $2;
- $data = $3;
-
- if (!defined($enum_done{$name})) {
- $enum_done{$name} = 1;
- parse_enum_elements($name, $elements);
- }
- }
-
- if (! $first_enum) {
- print "\n";
- }
-}
-
-####################################################
-# parse all the structures
-sub parse_structs($)
-{
- my($data) = shift;
-
- # parse into structures
- while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) {
- my($name) = $1;
- my($elements) = $2;
- $data = $3;
- if (!defined($struct_done{$name})) {
- $struct_done{$name} = 1;
- parse_elements($name, $elements);
- }
- }
-
- if (! $first_struct) {
- print "\n";
- } else {
- print "No GENSTRUCT structures found?\n";
- }
-}
-
-
-####################################################
-# parse a header file, generating a dumper structure
-sub parse_data($)
-{
- my($data) = shift;
-
- # collapse spaces
- $data =~ s/[\t ]+/ /sg;
- $data =~ s/\s*\n\s+/\n/sg;
- # strip debug lines
- $data =~ s/^\#.*?\n//smg;
-
- parse_enums($data);
- parse_structs($data);
-}
-
-
-#########################################
-# display help text
-sub ShowHelp()
-{
- print "
-generator for C structure dumpers
-Copyright Andrew Tridgell <genstruct\@tridgell.net>
-
-Sample usage:
- genstruct -o output.h gcc -E -O2 -g test.h
-
-Options:
- --help this help page
- -o OUTPUT place output in OUTPUT
-";
- exit(0);
-}
-
-########################################
-# main program
-if ($ARGV[0] ne "-o" || $#ARGV < 2) {
- ShowHelp();
-}
-
-shift;
-my($opt_ofile)=shift;
-
-print "creating $opt_ofile\n";
-
-open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile";
-
-print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n";
-
-parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`);
-exit(0);
diff --git a/source3/script/installswat.sh b/source3/script/installswat.sh
index c66604cdb8..d1f8ea191d 100755
--- a/source3/script/installswat.sh
+++ b/source3/script/installswat.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-#fist version March 1998, Andrew Tridgell
+#first version March 1998, Andrew Tridgell
SWATDIR=$1
SRCDIR=$2/
diff --git a/source3/script/mkbuildoptions.awk b/source3/script/mkbuildoptions.awk
new file mode 100644
index 0000000000..cdc5bd9881
--- /dev/null
+++ b/source3/script/mkbuildoptions.awk
@@ -0,0 +1,262 @@
+BEGIN {
+ print "/* ";
+ print " Unix SMB/CIFS implementation.";
+ print " Build Options for Samba Suite";
+ print " Copyright (C) Vance Lankhaar <vlankhaar@linux.ca> 2003";
+ print " Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001";
+ print " ";
+ print " This program is free software; you can redistribute it and/or modify";
+ print " it under the terms of the GNU General Public License as published by";
+ print " the Free Software Foundation; either version 2 of the License, or";
+ print " (at your option) any later version.";
+ print " ";
+ print " This program is distributed in the hope that it will be useful,";
+ print " but WITHOUT ANY WARRANTY; without even the implied warranty of";
+ print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the";
+ print " GNU General Public License for more details.";
+ print " ";
+ print " You should have received a copy of the GNU General Public License";
+ print " along with this program; if not, write to the Free Software";
+ print " Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.";
+ print "*/";
+ print "";
+ print "#include \"includes.h\"";
+ print "#include \"build_env.h\"";
+ print "#include \"dynconfig.h\"";
+ print "";
+ print "static void output(BOOL screen, const char *format, ...) PRINTF_ATTRIBUTE(2,3);";
+ print "";
+ print "";
+ print "/****************************************************************************";
+ print "helper function for build_options";
+ print "****************************************************************************/";
+ print "static void output(BOOL screen, const char *format, ...)";
+ print "{";
+ print " char *ptr;";
+ print " va_list ap;";
+ print " ";
+ print " va_start(ap, format);";
+ print " vasprintf(&ptr,format,ap);";
+ print " va_end(ap);";
+ print "";
+ print " if (screen) {";
+ print " d_printf(\"%s\", ptr);";
+ print " } else {";
+ print " DEBUG(4,(\"%s\", ptr));";
+ print " }";
+ print " ";
+ print " SAFE_FREE(ptr);";
+ print "}";
+ print "";
+ print "/****************************************************************************";
+ print "options set at build time for the samba suite";
+ print "****************************************************************************/";
+ print "void build_options(BOOL screen)";
+ print "{";
+ print " if ((DEBUGLEVEL < 4) && (!screen)) {";
+ print " return;";
+ print " }";
+ print "";
+ print "#ifdef _BUILD_ENV_H";
+ print " /* Output information about the build environment */";
+ print " output(screen,\"Build environment:\\n\");";
+ print " output(screen,\" Built by: %s@%s\\n\",BUILD_ENV_USER,BUILD_ENV_HOST);";
+ print " output(screen,\" Built on: %s\\n\",BUILD_ENV_DATE);";
+ print "";
+ print " output(screen,\" Built using: %s\\n\",BUILD_ENV_COMPILER);";
+ print " output(screen,\" Build host: %s\\n\",BUILD_ENV_UNAME);";
+ print " output(screen,\" SRCDIR: %s\\n\",BUILD_ENV_SRCDIR);";
+ print " output(screen,\" BUILDDIR: %s\\n\",BUILD_ENV_BUILDDIR);";
+ print "";
+ print " ";
+ print "#endif";
+ print "";
+
+ print " /* Output various paths to files and directories */";
+ print " output(screen,\"\\nPaths:\\n\");";
+
+ print " output(screen,\" SBINDIR: %s\\n\", dyn_SBINDIR);";
+ print " output(screen,\" BINDIR: %s\\n\", dyn_BINDIR);";
+ print " output(screen,\" SWATDIR: %s\\n\", dyn_SWATDIR);";
+
+ print " output(screen,\" CONFIGFILE: %s\\n\", dyn_CONFIGFILE);";
+ print " output(screen,\" LOGFILEBASE: %s\\n\", dyn_LOGFILEBASE);";
+ print " output(screen,\" LMHOSTSFILE: %s\\n\",dyn_LMHOSTSFILE);";
+
+ print " output(screen,\" LIBDIR: %s\\n\",dyn_LIBDIR);";
+ print " output(screen,\" SHLIBEXT: %s\\n\",dyn_SHLIBEXT);";
+
+ print " output(screen,\" LOCKDIR: %s\\n\",dyn_LOCKDIR);";
+ print " output(screen,\" PIDDIR: %s\\n\", dyn_PIDDIR);";
+
+ print " output(screen,\" SMB_PASSWD_FILE: %s\\n\",dyn_SMB_PASSWD_FILE);";
+ print " output(screen,\" PRIVATE_DIR: %s\\n\",dyn_PRIVATE_DIR);";
+ print "";
+
+
+##################################################
+# predefine first element of *_ary
+# predefine *_i (num of elements in *_ary)
+ with_ary[0]="";
+ with_i=0;
+ have_ary[0]="";
+ have_i=0;
+ utmp_ary[0]="";
+ utmp_i=0;
+ misc_ary[0]="";
+ misc_i=0;
+ sys_ary[0]="";
+ sys_i=0;
+ headers_ary[0]="";
+ headers_i=0;
+ in_comment = 0;
+}
+
+# capture single line comments
+/^\/\* (.*?)\*\// {
+ last_comment = $0;
+ next;
+}
+
+# end capture multi-line comments
+/(.*?)\*\// {
+ last_comment = last_comment $0;
+ in_comment = 0;
+ next;
+}
+
+# capture middle lines of multi-line comments
+in_comment {
+ last_comment = last_comment $0;
+ next;
+}
+
+# begin capture multi-line comments
+/^\/\* (.*?)/ {
+ last_comment = $0;
+ in_comment = 1;
+ next
+}
+
+##################################################
+# if we have an #undef and a last_comment, store it
+/^\#undef/ {
+ split($0,a);
+ comments_ary[a[2]] = last_comment;
+ last_comment = "";
+}
+
+##################################################
+# for each line, sort into appropriate section
+# then move on
+
+/^\#undef WITH/ {
+ with_ary[with_i++] = a[2];
+ # we want (I think) to allow --with to show up in more than one place, so no next
+}
+
+
+/^\#undef HAVE_UT_UT_/ || /^\#undef .*UTMP/ {
+ utmp_ary[utmp_i++] = a[2];
+ next;
+}
+
+/^\#undef HAVE_SYS_.*?_H$/ {
+ sys_ary[sys_i++] = a[2];
+ next;
+}
+
+/^\#undef HAVE_.*?_H$/ {
+ headers_ary[headers_i++] = a[2];
+ next;
+}
+
+/^\#undef HAVE_/ {
+ have_ary[have_i++] = a[2];
+ next;
+}
+
+/^\#undef/ {
+ misc_ary[misc_i++] = a[2];
+ next;
+}
+
+
+##################################################
+# simple sort function
+function sort(ARRAY, ELEMENTS) {
+ for (i = 1; i <= ELEMENTS; ++i) {
+ for (j = i; (j-1) in ARRAY && (j) in ARRAY && ARRAY[j-1] > ARRAY[j]; --j) {
+ temp = ARRAY[j];
+ ARRAY[j] = ARRAY[j-1];
+ ARRAY[j-1] = temp;
+ }
+ }
+ return;
+}
+
+
+##################################################
+# output code from list of defined
+# expects: ARRAY an array of things defined
+# ELEMENTS number of elements in ARRAY
+# TITLE title for section
+# returns: nothing
+function output(ARRAY, ELEMENTS, TITLE) {
+
+ # add section header
+ print "\n\t/* Show " TITLE " */";
+ print "\toutput(screen, \"\\n " TITLE ":\\n\");\n";
+
+
+ # sort element using bubble sort (slow, but easy)
+ sort(ARRAY, ELEMENTS);
+
+ # loop through array of defines, outputting code
+ for (i = 0; i < ELEMENTS; i++) {
+ print "#ifdef " ARRAY[i];
+
+ # I don't know which one to use....
+
+ print "\toutput(screen, \" " ARRAY[i] "\\n\");";
+ #printf "\toutput(screen, \" %s\\n %s\\n\\n\");\n", comments_ary[ARRAY[i]], ARRAY[i];
+ #printf "\toutput(screen, \" %-35s %s\\n\");\n", ARRAY[i], comments_ary[ARRAY[i]];
+
+ print "#endif";
+ }
+ return;
+}
+
+END {
+ ##################################################
+ # add code to show various options
+ print "/* Output various other options (as gleaned from include/config.h.in) */";
+ output(sys_ary, sys_i, "System Headers");
+ output(headers_ary, headers_i, "Headers");
+ output(utmp_ary, utmp_i, "UTMP Options");
+ output(have_ary, have_i, "HAVE_* Defines");
+ output(with_ary, with_i, "--with Options");
+ output(misc_ary, misc_i, "Build Options");
+
+ ##################################################
+ # add code to display the various type sizes
+ print " /* Output the sizes of the various types */";
+ print " output(screen, \"\\nType sizes:\\n\");";
+ print " output(screen, \" sizeof(char): %u\\n\",sizeof(char));";
+ print " output(screen, \" sizeof(int): %u\\n\",sizeof(int));";
+ print " output(screen, \" sizeof(long): %u\\n\",sizeof(long));";
+ print " output(screen, \" sizeof(uint8): %u\\n\",sizeof(uint8));";
+ print " output(screen, \" sizeof(uint16): %u\\n\",sizeof(uint16));";
+ print " output(screen, \" sizeof(uint32): %u\\n\",sizeof(uint32));";
+ print " output(screen, \" sizeof(short): %u\\n\",sizeof(short));";
+ print " output(screen, \" sizeof(void*): %u\\n\",sizeof(void*));";
+
+ ##################################################
+ # add code to give information about modules
+ print " output(screen, \"\\nBuiltin modules:\\n\");";
+ print " output(screen, \" %s\\n\", STRING_STATIC_MODULES);";
+
+ print "}";
+
+}
+
diff --git a/source3/smbd/.cvsignore b/source3/smbd/.cvsignore
index 5f2a5c4cf7..d2b1fd5b2e 100644
--- a/source3/smbd/.cvsignore
+++ b/source3/smbd/.cvsignore
@@ -1,2 +1,3 @@
*.po
*.po32
+build_options.c
diff --git a/source3/smbd/build_options.c b/source3/smbd/build_options.c
deleted file mode 100644
index 43335666a6..0000000000
--- a/source3/smbd/build_options.c
+++ /dev/null
@@ -1,532 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Build Options for Samba Suite
- Copyright (C) Vance Lankhaar <vlankhaar@hotmail.com> 2001
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "build_env.h"
-#include "dynconfig.h"
-
-static void output(BOOL screen, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
-
-/*
-#define OUTPUT(x) snprintf(outstring,sizeof(outstring),x); output(screen,outstring);
-*/
-/****************************************************************************
-helper function for build_options
-****************************************************************************/
-static void output(BOOL screen, const char *format, ...)
-{
- char *ptr;
- va_list ap;
-
- va_start(ap, format);
- vasprintf(&ptr,format,ap);
- va_end(ap);
-
- if (screen) {
- d_printf("%s", ptr);
- } else {
- DEBUG(4,("%s", ptr));
- }
-
- SAFE_FREE(ptr);
-}
-
-/****************************************************************************
-options set at build time for the samba suite
-****************************************************************************/
-void build_options(BOOL screen)
-{
- if ((DEBUGLEVEL < 4) && (!screen)) {
- return;
- }
-
-#ifdef _BUILD_ENV_H
- /* Output information about the build environment */
- output(screen,"Build environment:\n");
- output(screen," Built by: %s@%s\n",BUILD_ENV_USER,BUILD_ENV_HOST);
- output(screen," Built on: %s\n",BUILD_ENV_DATE);
-
- output(screen," Built using: %s\n",BUILD_ENV_COMPILER);
- output(screen," Build host: %s\n",BUILD_ENV_UNAME);
- output(screen," SRCDIR: %s\n",BUILD_ENV_SRCDIR);
- output(screen," BUILDDIR: %s\n",BUILD_ENV_BUILDDIR);
-
-
-#endif
-
- /* Output various options (most correspond to --with options) */
- output(screen,"\nBuild options:\n");
-#ifdef WITH_SMBWRAPPER
- output(screen," WITH_SMBWRAPPER\n");
-#endif
-#ifdef WITH_AFS
- output(screen," WITH_AFS\n");
-#endif
-#ifdef WITH_DFS
- output(screen," WITH_DFS\n");
-#endif
-#ifdef KRB4_AUTH
- output(screen," KRB4_AUTH");
-#endif
-#ifdef HAVE_KRB5
- output(screen," HAVE_KRB5");
-#endif
-#ifdef HAVE_GSSAPI
- output(screen," HAVE_GSSAPI");
-#endif
-#ifdef HAVE_LDAP
- output(screen," HAVE_LDAP");
-#endif
-#ifdef WITH_AUTOMOUNT
- output(screen," WITH_AUTOMOUNT\n");
-#endif
-#ifdef WITH_SMBMOUNT
- output(screen," WITH_SMBMOUNT\n");
-#endif
-#ifdef WITH_PAM
- output(screen," WITH_PAM\n");
-#endif
-#ifdef WITH_NISPLUS_HOME
- output(screen," WITH_NISPLUS_HOME\n");
-#endif
-#ifdef WITH_SYSLOG
- output(screen," WITH_SYSLOG\n");
-#endif
-#ifdef WITH_PROFILE
- output(screen," WITH_PROFILE\n");
-#endif
-#ifdef WITH_QUOTAS
- output(screen," WITH_QUOTAS\n");
-#endif
-#ifdef WITH_VFS
- output(screen," WITH_VFS\n");
-#endif
-#ifdef USE_SPINLOCKS
- output(screen," USE_SPINLOCKS\n");
-#endif
-#ifdef SPARC_SPINLOCKS
- output(screen," SPARC_SPINLOCKS\n");
-#endif
-#ifdef INTEL_SPINLOCKS
- output(screen," INTEL_SPINLOCKS\n");
-#endif
-#ifdef MIPS_SPINLOCKS
- output(screen," MIPS_SPINLOCKS\n");
-#endif
-#ifdef POWERPC_SPINLOCKS
- output(screen," POWERPC_SPINLOCKS\n");
-#endif
-#ifdef HAVE_UNIXWARE_ACLS
- output(screen," HAVE_UNIXWARE_ACLS\n");
-#endif
-#ifdef HAVE_SOLARIS_ACLS
- output(screen," HAVE_SOLARIS_ACLS\n");
-#endif
-#ifdef HAVE_IRIX_ACLS
- output(screen," HAVE_IRIX_ACLS\n");
-#endif
-#ifdef HAVE_AIX_ACLS
- output(screen," HAVE_AIX_ACLS\n");
-#endif
-#ifdef HAVE_POSIX_ACLS
- output(screen," HAVE_POSIX_ACLS\n");
-#endif
-#ifdef HAVE_TRU64_ACLS
- output(screen," HAVE_TRU64_ACLS\n");
-#endif
-
-#ifdef HAVE_ACL_GET_PERM_NP
- output(screen," HAVE_ACL_GET_PERM_NP\n");
-#endif
-#ifdef HAVE_NO_ACLS
- output(screen," HAVE_NO_ACLS\n");
-#endif
-#ifdef HAVE_LIBREADLINE
- output(screen," HAVE_LIBREADLINE\n");
-#endif
-#ifdef WITH_LIBICONV
- output(screen," WITH_LIBICONV: %s\n",WITH_LIBICONV);
-#endif
-
-
- /* Output various paths to files and directories */
- output(screen,"\nPaths:\n");
- output(screen," CONFIGFILE: %s\n", dyn_CONFIGFILE);
-#ifdef PRIVATE_DIR
- output(screen," PRIVATE_DIR: %s\n",PRIVATE_DIR);
-#endif
-#ifdef LMHOSTSFILE
- output(screen," LMHOSTSFILE: %s\n",LMHOSTSFILE);
-#endif
- output(screen," SBINDIR: %s\n", dyn_SBINDIR);
- output(screen," BINDIR: %s\n", dyn_BINDIR);
- output(screen," LOCKDIR: %s\n",dyn_LOCKDIR);
- output(screen," LOGFILEBASE: %s\n", dyn_LOGFILEBASE);
-
- /*Output various other options (most map to defines in the configure script*/
- output(screen,"\nOther Build Options:\n");
-#ifdef HAVE_VOLATILE
- output(screen," HAVE_VOLATILE\n");
-#endif
-#ifdef HAVE_SHADOW_H
- output(screen," HAVE_SHADOW_H\n");
-#endif
-#ifdef HAVE_CRYPT
- output(screen," HAVE_CRYPT\n");
-#endif
-#ifdef USE_BOTH_CRYPT_CALLS
- output(screen," USE_BOTH_CRYPT_CALLS\n");
-#endif
-#ifdef HAVE_TRUNCATED_SALT
- output(screen," HAVE_TRUNCATED_SALT\n");
-#endif
-#ifdef HAVE_CUPS
- output(screen," HAVE_CUPS\n");
-#endif
-#ifdef HAVE_CUPS_CUPS_H
- output(screen," HAVE_CUPS_CUPS_H\n");
-#endif
-#ifdef HAVE_CUPS_LANGUAGE_H
- output(screen," HAVE_CUPS_LANGUAGE_H\n");
-#endif
-#ifdef HAVE_DLOPEN
- output(screen," HAVE_DLOPEN\n");
-#endif
-#ifdef HAVE_DLCLOSE
- output(screen," HAVE_DLCLOSE\n");
-#endif
-#ifdef HAVE_DLSYM
- output(screen," HAVE_DLSYM\n");
-#endif
-#ifdef HAVE_DLERROR
- output(screen," HAVE_DLERROR\n");
-#endif
-#ifdef HAVE_UNIXSOCKET
- output(screen," HAVE_UNIXSOCKET\n");
-#endif
-#ifdef HAVE_SOCKLEN_T_TYPE
- output(screen," HAVE_SOCKLEN_T_TYPE\n");
-#endif
-#ifdef HAVE_SIG_ATOMIC_T_TYPE
- output(screen," HAVE_SIG_ATOMIC_T_TYPE\n");
-#endif
-#ifdef HAVE_SETRESUID
- output(screen," HAVE_SETRESUID\n");
-#endif
-#ifdef HAVE_SETRESGID
- output(screen," HAVE_SETRESGID\n");
-#endif
-#ifdef HAVE_CONNECT
- output(screen," HAVE_CONNECT\n");
-#endif
-#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
- output(screen," HAVE_YP_GET_DEFAULT_DOMAIN\n");
-#endif
-#ifdef HAVE_STAT64
- output(screen," HAVE_STAT64\n");
-#endif
-#ifdef HAVE_LSTAT64
- output(screen," HAVE_LSTAT64\n");
-#endif
-#ifdef HAVE_FSTAT64
- output(screen," HAVE_FSTAT64\n");
-#endif
-#ifdef HAVE_STRCASECMP
- output(screen," HAVE_STRCASECMP\n");
-#endif
-#ifdef HAVE_MEMSET
- output(screen," HAVE_MEMSET\n");
-#endif
-#ifdef HAVE_LONGLONG
- output(screen," HAVE_LONGLONG\n");
-#endif
-#ifdef COMPILER_SUPPORTS_LL
- output(screen," COMPILER_SUPPORTS_LL\n");
-#endif
-#ifdef SIZEOF_OFF_T
- output(screen," SIZEOF_OFF_T: %d\n",SIZEOF_OFF_T);
-#endif
-#ifdef HAVE_OFF64_T
- output(screen," HAVE_OFF64_T\n");
-#endif
-#ifdef SIZEOF_INO_T
- output(screen," SIZEOF_INO_T: %d\n",SIZEOF_INO_T);
-#endif
-#ifdef HAVE_INO64_T
- output(screen," HAVE_INO64_T\n");
-#endif
-#ifdef HAVE_STRUCT_DIRENT64
- output(screen," HAVE_STRUCT_DIRENT64\n");
-#endif
-#ifdef HAVE_UNSIGNED_CHAR
- output(screen," HAVE_UNSIGNED_CHAR\n");
-#endif
-#ifdef HAVE_SOCK_SIN_LEN
- output(screen," HAVE_SOCK_SIN_LEN\n");
-#endif
-#ifdef SEEKDIR_RETURNS_VOID
- output(screen," SEEKDIR_RETURNS_VOID\n");
-#endif
-#ifdef HAVE_FUNCTION_MACRO
- output(screen," HAVE_FUNCTION_MACRO\n");
-#endif
-#ifdef HAVE_GETTIMEOFDAY
- output(screen," HAVE_GETTIMEOFDAY\n");
-#endif
-#ifdef HAVE_C99_VSNPRINTF
- output(screen," HAVE_C99_VSNPRINTF\n");
-#endif
-#ifdef HAVE_BROKEN_READDIR
- output(screen," HAVE_BROKEN_READDIR\n");
-#endif
-#ifdef HAVE_NATIVE_ICONV
- output(screen," HAVE_NATIVE_ICONV\n");
-#endif
-#ifdef HAVE_KERNEL_OPLOCKS_LINUX
- output(screen," HAVE_KERNEL_OPLOCKS_LINUX\n");
-#endif
-#ifdef HAVE_KERNEL_CHANGE_NOTIFY
- output(screen," HAVE_KERNEL_CHANGE_NOTIFY\n");
-#endif
-#ifdef HAVE_KERNEL_SHARE_MODES
- output(screen," HAVE_KERNEL_SHARE_MODES\n");
-#endif
-#ifdef HAVE_KERNEL_OPLOCKS_IRIX
- output(screen," HAVE_KERNEL_OPLOCKS_IRIX\n");
-#endif
-#ifdef HAVE_IRIX_SPECIFIC_CAPABILITIES
- output(screen," HAVE_IRIX_SPECIFIC_CAPABILITIES\n");
-#endif
-#ifdef HAVE_INT16_FROM_RPC_RPC_H
- output(screen," HAVE_INT16_FROM_RPC_RPC_H\n");
-#endif
-#ifdef HAVE_UINT16_FROM_RPC_RPC_H
- output(screen," HAVE_UINT16_FROM_RPC_RPC_H\n");
-#endif
-#ifdef HAVE_INT32_FROM_RPC_RPC_H
- output(screen," HAVE_INT16_FROM_RPC_RPC_H\n");
-#endif
-#ifdef HAVE_UINT32_FROM_RPC_RPC_H
- output(screen," HAVE_UINT32_FROM_RPC_RPC_H\n");
-#endif
-#ifdef HAVE_RPC_AUTH_ERROR_CONFLICT
- output(screen," HAVE_RPC_AUTH_ERROR_CONFLICT\n");
-#endif
-#ifdef HAVE_FTRUNCATE_EXTEND
- output(screen," HAVE_FTRUNCATE_EXTEND\n");
-#endif
-#ifdef HAVE_WORKING_AF_LOCAL
- output(screen," HAVE_WORKING_AF_LOCAL\n");
-#endif
-#ifdef HAVE_BROKEN_GETGROUPS
- output(screen," HAVE_BROKEN_GETGROUPS\n");
-#endif
-#ifdef REPLACE_GETPASS
- output(screen," REPLACE_GETPASS\n");
-#endif
-#ifdef REPLACE_INET_NTOA
- output(screen," REPLACE_INET_NTOA\n");
-#endif
-#ifdef HAVE_SECURE_MKSTEMP
- output(screen," HAVE_SECURE_MKSTEMP\n");
-#endif
-#ifdef SYSCONF_SC_NGROUPS_MAX
- output(screen," SYSCONF_SC_NGROUPS_MAX\n");
-#endif
-#ifdef HAVE_IFACE_AIX
- output(screen," HAVE_IFACE_AIX\n");
-#endif
-#ifdef HAVE_IFACE_IFCONF
- output(screen," HAVE_IFACE_IFCONF\n");
-#endif
-#ifdef HAVE_IFACE_IFREQ
- output(screen," HAVE_IFACE_IFREQ\n");
-#endif
-#ifdef USE_SETRESUID
- output(screen," USE_SETRESUID\n");
-#endif
-#ifdef USE_SETRESGID
- output(screen," USE_SETREUID\n");
-#endif
-#ifdef USE_SETEUID
- output(screen," USE_SETEUID\n");
-#endif
-#ifdef USE_SETUIDX
- output(screen," USE_SETUIDX\n");
-#endif
-#ifdef HAVE_MMAP
- output(screen," HAVE_MMAP\n");
-#endif
-#ifdef MMAP_BLACKLIST
- output(screen," MMAP_BLACKLIST\n");
-#endif
-#ifdef FTRUNCATE_NEEDS_ROOT
- output(screen," FTRUNCATE_NEEDS_ROOT\n");
-#endif
-#ifdef HAVE_FCNTL_LOCK
- output(screen," HAVE_FCNTL_LOCK\n");
-#endif
-#ifdef HAVE_BROKEN_FCNTL64_LOCKS
- output(screen," HAVE_BROKEN_FCNTL64_LOCKS\n");
-#endif
-#ifdef HAVE_STRUCT_FLOCK64
- output(screen," HAVE_STRUCT_FLOCK64\n");
-#endif
-#ifdef BROKEN_NISPLUS_INCLUDE_FILES
- output(screen," BROKEN_NISPLUS_INCLUDE_FILES\n");
-#endif
-#ifdef HAVE_LIBPAM
- output(screen," HAVE_LIBPAM\n");
-#endif
-#ifdef STAT_STATVFS64
- output(screen," STAT_STATVFS64\n");
-#endif
-#ifdef STAT_STATVFS
- output(screen," STAT_STATVFS\n");
-#endif
-#ifdef STAT_STATFS3_OSF1
- output(screen," STAT_STATFS3_OSF1\n");
-#endif
-#ifdef STAT_STATFS2_BSIZE
- output(screen," STAT_STATFS2_BSIZE\n");
-#endif
-#ifdef STAT_STATFS4
- output(screen," STAT_STATFS4\n");
-#endif
-#ifdef STAT_STATFS2_FSIZE
- output(screen," STAT_STATFS2_FSIZE\n");
-#endif
-#ifdef STAT_STATFS2_FS_DATA
- output(screen," STAT_STATFS2_FS_DATA\n");
-#endif
-#ifdef HAVE_EXPLICIT_LARGEFILE_SUPPORT
- output(screen," HAVE_EXPLICIT_LARGEFILE_SUPPORT\n");
-#endif
-
-#ifdef WITH_UTMP
- /* Output UTMP Stuff */
- output(screen,"\nUTMP Related:\n");
- output(screen," WITH_UTMP\n");
-
-#ifdef HAVE_UTIMBUF
- output(screen," HAVE_UTIMBUF\n");
-#endif
-#ifdef HAVE_UT_UT_NAME
- output(screen," HAVE_UT_UT_NAME\n");
-#endif
-#ifdef HAVE_UT_UT_USER
- output(screen," HAVE_UT_UT_USER\n");
-#endif
-#ifdef HAVE_UT_UT_ID
- output(screen," HAVE_UT_UT_ID\n");
-#endif
-#ifdef HAVE_UT_UT_HOST
- output(screen," HAVE_UT_UT_HOST\n");
-#endif
-#ifdef HAVE_UT_UT_TIME
- output(screen," HAVE_UT_UT_TIME\n");
-#endif
-#ifdef HAVE_UT_UT_TV
- output(screen," HAVE_UT_UT_TV\n");
-#endif
-#ifdef HAVE_UT_UT_TYPE
- output(screen," HAVE_UT_UT_TYPE\n");
-#endif
-#ifdef HAVE_UT_UT_PID
- output(screen," HAVE_UT_UT_PID\n");
-#endif
-#ifdef HAVE_UT_UT_EXIT
- output(screen," HAVE_UT_UT_EXIT\n");
-#endif
-#ifdef HAVE_UT_UT_ADDR
- output(screen," HAVE_UT_UT_ADDR\n");
-#endif
-#ifdef PUTUTLINE_RETURNS_UTMP
- output(screen," PUTUTLINE_RETURNS_UTMP\n");
-#endif
-#ifdef HAVE_UX_UT_SYSLEN
- output(screen," HAVE_UX_UT_SYSLEN\n");
-#endif
-#endif /* WITH_UTMP */
-
- /* Output Build OS */
- output(screen,"\nBuilt for host os:\n");
-#ifdef LINUX
- output(screen," LINUX\n");
-#endif
-#ifdef SUNOS5
- output(screen," SUNOS5\n");
-#endif
-#ifdef SUNOS4
- output(screen," SUNOS4\n");
-#endif
- /* BSD Isn't Defined in the configure script, but there is something about it in include/config.h.in (and I guess acconfig.h) */
-#ifdef BSD
- output(screen," BSD\n");
-#endif
-#ifdef IRIX
- output(screen," IRIX\n");
-#endif
-#ifdef IRIX6
- output(screen," IRIX6\n");
-#endif
-#ifdef AIX
- output(screen," AIX\n");
-#endif
-#ifdef HPUX
- output(screen," HPUX\n");
-#endif
-#ifdef QNX
- output(screen," QNX\n");
-#endif
-#ifdef OSF1
- output(screen," OSF1\n");
-#endif
-#ifdef SCO
- output(screen," SCO\n");
-#endif
-#ifdef UNIXWARE
- output(screen," UNIXWARE\n");
-#endif
-#ifdef NEXT2
- output(screen," NEXT2\n");
-#endif
-#ifdef RELIANTUNIX
- output(screen," RELIANTUNIX\n");
-#endif
-
- /* Output the sizes of the various types */
- output(screen,"\nType sizes:\n");
- output(screen," sizeof(char): %d\n",sizeof(char));
- output(screen," sizeof(int): %d\n",sizeof(int));
- output(screen," sizeof(long): %d\n",sizeof(long));
- output(screen," sizeof(uint8): %d\n",sizeof(uint8));
- output(screen," sizeof(uint16): %d\n",sizeof(uint16));
- output(screen," sizeof(uint32): %d\n",sizeof(uint32));
- output(screen," sizeof(short): %d\n",sizeof(short));
- output(screen," sizeof(void*): %d\n",sizeof(void*));
-
- output(screen,"\nBuiltin modules:\n");
- output(screen,"%s\n", STRING_STATIC_MODULES);
-}
-
-
-
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 3d25f33f45..31c4fa7cc9 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -478,12 +478,6 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL
if (!name) {
DEBUG(1, ("NULL username specfied to chgpasswd()!\n"));
}
-
- pass = Get_Pwnam(name);
- if (!pass) {
- DEBUG(1, ("Username does not exist in system passwd!\n"));
- return False;
- }
if (!oldpass) {
oldpass = "";
@@ -534,6 +528,8 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL
}
}
+ pass = Get_Pwnam(name);
+
#ifdef WITH_PAM
if (lp_pam_password_change()) {
BOOL ret;
@@ -987,8 +983,9 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
* to touch the unix db unless we have admin permission.
*/
- if(lp_unix_password_sync() &&
- !chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, False)) {
+ if(lp_unix_password_sync() && IS_SAM_UNIX_USER(hnd)
+ && !chgpasswd(pdb_get_username(hnd),
+ old_passwd, new_passwd, False)) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c
index e220d2f6d2..d2eb996899 100644
--- a/source3/smbd/mangle_hash.c
+++ b/source3/smbd/mangle_hash.c
@@ -556,8 +556,8 @@ static void cache_mangled_name( char *mangled_name, char *raw_name )
/* Fill the new cache entry, and add it to the cache. */
s1 = (char *)(new_entry + 1);
s2 = (char *)&(s1[mangled_len + 1]);
- (void)StrnCpy( s1, mangled_name, mangled_len );
- (void)StrnCpy( s2, raw_name, raw_len );
+ safe_strcpy( s1, mangled_name, mangled_len );
+ safe_strcpy( s2, raw_name, raw_len );
ubi_cachePut( mangled_cache, i, new_entry, s1 );
}
diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
index 632dfe9e29..8525687793 100644
--- a/source3/smbd/oplock.c
+++ b/source3/smbd/oplock.c
@@ -391,7 +391,7 @@ pid %d, port %d, dev = %x, inode = %.0f, file_id = %lu\n",
/*
* Keep this as a debug case - eventually we can remove it.
*/
- case (CMD_REPLY | KERNEL_OPLOCK_BREAK_CMD):
+ case 0x8001:
DEBUG(0,("process_local_message: Received unsolicited break \
reply - dumping info.\n"));
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index c4f813b00c..8dff42471f 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -68,6 +68,7 @@ void invalidate_vuid(uint16 vuid)
SAFE_FREE(vuser->logon_script);
session_yield(vuser);
+ SAFE_FREE(vuser->session_keystr);
free_server_info(&vuser->server_info);
@@ -141,9 +142,15 @@ int register_vuid(auth_serversupplied_info *server_info, const char *smb_name)
/* the next functions should be done by a SID mapping system (SMS) as
* the new real sam db won't have reference to unix uids or gids
*/
+ if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
+ DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n"));
+ free(vuser);
+ free_server_info(&server_info);
+ return UID_FIELD_INVALID;
+ }
- vuser->uid = server_info->uid;
- vuser->gid = server_info->gid;
+ vuser->uid = pdb_get_uid(server_info->sam_account);
+ vuser->gid = pdb_get_gid(server_info->sam_account);
vuser->n_groups = server_info->n_groups;
if (vuser->n_groups) {
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6925b35246..a38acc437d 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -443,6 +443,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp,
{
DOM_SID owner_sid;
DOM_SID grp_sid;
+ enum SID_NAME_USE sid_type;
*puser = (uid_t)-1;
*pgrp = (gid_t)-1;
@@ -468,7 +469,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp,
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
sid_copy(&owner_sid, psd->owner_sid);
- if (NT_STATUS_IS_ERR(sid_to_uid(&owner_sid, puser))) {
+ if (!sid_to_uid( &owner_sid, puser, &sid_type)) {
#if ACL_FORCE_UNMAPPABLE
/* this allows take ownership to work reasonably */
extern struct current_user current_user;
@@ -488,7 +489,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp,
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
sid_copy(&grp_sid, psd->grp_sid);
- if (NT_STATUS_IS_ERR(sid_to_gid( &grp_sid, pgrp))) {
+ if (!sid_to_gid( &grp_sid, pgrp, &sid_type)) {
#if ACL_FORCE_UNMAPPABLE
/* this allows take group ownership to work reasonably */
extern struct current_user current_user;
@@ -937,6 +938,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
}
for(i = 0; i < dacl->num_aces; i++) {
+ enum SID_NAME_USE sid_type;
SEC_ACE *psa = &dacl->ace[i];
/*
@@ -1001,10 +1003,10 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
if (nt4_compatible_acls())
psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
- } else if (NT_STATUS_IS_OK(sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid))) {
+ } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid, &sid_type)) {
current_ace->owner_type = GID_ACE;
current_ace->type = SMB_ACL_GROUP;
- } else if (NT_STATUS_IS_OK(sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid))) {
+ } else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid, &sid_type)) {
current_ace->owner_type = UID_ACE;
current_ace->type = SMB_ACL_USER;
} else {
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 54fd4a90d9..18acb35f7a 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1114,6 +1114,9 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t
/* become root again if waiting */
change_to_root_user();
+ /* run all registered idle events */
+ smb_run_idle_events(t);
+
/* check if we need to reload services */
check_reload(t);
@@ -1277,6 +1280,10 @@ void smbd_process(void)
lp_talloc_free();
main_loop_talloc_free();
+ /* run all registered idle events */
+ smb_run_idle_events(time(NULL));
+
+
/* Did someone ask for immediate checks on things like blocking locks ? */
if (select_timeout == 0) {
if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b2dab2fea2..9577196bfe 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -148,7 +148,7 @@ int reply_tcon(connection_struct *conn,
const char *service;
pstring service_buf;
pstring password;
- fstring dev;
+ pstring dev;
int outsize = 0;
uint16 vuid = SVAL(inbuf,smb_uid);
int pwlen=0;
@@ -204,7 +204,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
{
fstring service;
DATA_BLOB password;
-
+
/* what the cleint thinks the device is */
fstring client_devicetype;
/* what the server tells the client the share represents */
@@ -283,15 +283,16 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
set_message_end(outbuf,p);
} else {
/* NT sets the fstype of IPC$ to the null string */
- const char *fsname = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
+ const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
set_message(outbuf,3,0,True);
-
- p = smb_buf(outbuf);
+
+ p = smb_buf(outbuf);
p += srvstr_push(outbuf, p, server_devicetype, -1,
- STR_TERMINATE|STR_ASCII);
- p += srvstr_push(outbuf, p, fsname, -1,
- STR_TERMINATE);
+ STR_TERMINATE|STR_ASCII);
+ p += srvstr_push(outbuf, p, fstype, -1,
+ STR_TERMINATE);
+
set_message_end(outbuf,p);
/* what does setting this bit do? It is set by NT4 and
@@ -1463,6 +1464,7 @@ void send_file_readbraw(connection_struct *conn, files_struct *fsp, SMB_OFF_T st
int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int dum_buffsize)
{
+ extern struct current_user current_user;
ssize_t maxcount,mincount;
size_t nread = 0;
SMB_OFF_T startpos;
@@ -2360,6 +2362,7 @@ int reply_exit(connection_struct *conn,
int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size,
int dum_buffsize)
{
+ extern struct current_user current_user;
int outsize = 0;
time_t mtime;
int32 eclass = 0, err = 0;
@@ -2380,7 +2383,7 @@ int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size,
* We can only use CHECK_FSP if we know it's not a directory.
*/
- if(!fsp || (fsp->conn != conn)) {
+ if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
END_PROFILE(SMBclose);
return ERROR_DOS(ERRDOS,ERRbadfid);
}
@@ -3104,7 +3107,7 @@ static BOOL resolve_wildcards(const char *name1, char *name2)
if (ext2[0]) {
snprintf(pname2, available_space - 1, "%s.%s", root2, ext2);
} else {
- StrnCpy(pname2, root2, available_space - 1);
+ pstrcpy_base(pname2, root2, name2);
}
return(True);
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index ef27f0b7a4..d46be42eba 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -567,6 +567,9 @@ void exit_server(const char *reason)
print_notify_send_messages(3); /* 3 second timeout. */
+ /* run all registered exit events */
+ smb_run_exit_events();
+
/* delete our entry in the connections database. */
yield_connection(NULL,"");
@@ -836,12 +839,6 @@ static BOOL init_structs(void )
if(!initialize_password_db(False))
exit(1);
- if (!idmap_init())
- exit(1);
-
- if (!idmap_init_wellknown_sids())
- exit(1);
-
static_init_rpc;
init_modules();
@@ -874,10 +871,6 @@ static BOOL init_structs(void )
if (!init_change_notify())
exit(1);
- /* Setup privileges database */
- if (!privilege_init())
- exit(1);
-
/* re-initialise the timezone */
TimeInit();
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 54b7a24b07..ac06b9872d 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -33,6 +33,8 @@ BOOL session_claim(user_struct *vuser)
{
int i = 0;
TDB_DATA data;
+ struct sockaddr sa;
+ struct in_addr *client_ip;
struct sessionid sessionid;
uint32 pid = (uint32)sys_getpid();
TDB_DATA key;
@@ -117,6 +119,8 @@ BOOL session_claim(user_struct *vuser)
fstrcpy(sessionid.remote_machine, get_remote_machine_name());
fstrcpy(sessionid.ip_addr, client_addr());
+ client_ip = client_inaddr(&sa);
+
if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, sessionid.hostname)) {
DEBUG(1,("pam_session rejected the session for %s [%s]\n",
sessionid.username, sessionid.id_str));
@@ -136,6 +140,7 @@ BOOL session_claim(user_struct *vuser)
#if WITH_UTMP
if (lp_utmp()) {
sys_utmp_claim(sessionid.username, sessionid.hostname,
+ client_ip,
sessionid.id_str, sessionid.id_num);
}
#endif
@@ -153,7 +158,8 @@ void session_yield(user_struct *vuser)
{
TDB_DATA dbuf;
struct sessionid sessionid;
- TDB_DATA key;
+ struct in_addr *client_ip;
+ TDB_DATA key;
if (!tdb) return;
@@ -171,11 +177,14 @@ void session_yield(user_struct *vuser)
memcpy(&sessionid, dbuf.dptr, sizeof(sessionid));
+ client_ip = interpret_addr2(sessionid.ip_addr);
+
SAFE_FREE(dbuf.dptr);
#if WITH_UTMP
if (lp_utmp()) {
sys_utmp_yield(sessionid.username, sessionid.hostname,
+ client_ip,
sessionid.id_str, sessionid.id_num);
}
#endif
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index c68d00025c..b9cf0de3bd 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -405,9 +405,10 @@ void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER
memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
for (i = 0; i < ptok->num_sids; i++) {
+ enum SID_NAME_USE sid_type;
gid_t new_grp;
- if (NT_STATUS_IS_OK(sid_to_gid(&ptok->user_sids[i], &new_grp))) {
+ if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
/*
* Don't add the gid_t if it is already in the current group
* list. Some UNIXen don't like the same group more than once.
@@ -529,3 +530,419 @@ BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE
}
return True;
}
+
+/*****************************************************************
+ Id mapping cache. This is to avoid Winbind mappings already
+ seen by smbd to be queried too frequently, keeping winbindd
+ busy, and blocking smbd while winbindd is busy with other
+ stuff. Written by Michael Steffens <michael.steffens@hp.com>,
+ modified to use linked lists by jra.
+*****************************************************************/
+
+#define MAX_UID_SID_CACHE_SIZE 100
+#define TURNOVER_UID_SID_CACHE_SIZE 10
+#define MAX_GID_SID_CACHE_SIZE 100
+#define TURNOVER_GID_SID_CACHE_SIZE 10
+
+static size_t n_uid_sid_cache = 0;
+static size_t n_gid_sid_cache = 0;
+
+static struct uid_sid_cache {
+ struct uid_sid_cache *next, *prev;
+ uid_t uid;
+ DOM_SID sid;
+ enum SID_NAME_USE sidtype;
+} *uid_sid_cache_head;
+
+static struct gid_sid_cache {
+ struct gid_sid_cache *next, *prev;
+ gid_t gid;
+ DOM_SID sid;
+ enum SID_NAME_USE sidtype;
+} *gid_sid_cache_head;
+
+/*****************************************************************
+ Find a SID given a uid.
+*****************************************************************/
+
+static BOOL fetch_sid_from_uid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, uid_t uid)
+{
+ struct uid_sid_cache *pc;
+
+ for (pc = uid_sid_cache_head; pc; pc = pc->next) {
+ if (pc->uid == uid) {
+ fstring sid;
+ *psid = pc->sid;
+ *psidtype = pc->sidtype;
+ DEBUG(3,("fetch sid from uid cache %u -> %s\n",
+ (unsigned int)uid, sid_to_string(sid, psid)));
+ DLIST_PROMOTE(uid_sid_cache_head, pc);
+ return True;
+ }
+ }
+ return False;
+}
+
+/*****************************************************************
+ Find a uid given a SID.
+*****************************************************************/
+
+static BOOL fetch_uid_from_cache(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE sidtype)
+{
+ struct uid_sid_cache *pc;
+
+ for (pc = uid_sid_cache_head; pc; pc = pc->next) {
+ if (sid_compare(&pc->sid, psid) == 0) {
+ fstring sid;
+ *puid = pc->uid;
+ DEBUG(3,("fetch uid from cache %u -> %s\n",
+ (unsigned int)*puid, sid_to_string(sid, psid)));
+ DLIST_PROMOTE(uid_sid_cache_head, pc);
+ return True;
+ }
+ }
+ return False;
+}
+
+/*****************************************************************
+ Store uid to SID mapping in cache.
+*****************************************************************/
+
+static void store_uid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, uid_t uid)
+{
+ struct uid_sid_cache *pc;
+
+ if (n_uid_sid_cache >= MAX_UID_SID_CACHE_SIZE && n_uid_sid_cache > TURNOVER_UID_SID_CACHE_SIZE) {
+ /* Delete the last TURNOVER_UID_SID_CACHE_SIZE entries. */
+ struct uid_sid_cache *pc_next;
+ size_t i;
+
+ for (i = 0, pc = uid_sid_cache_head; i < (n_uid_sid_cache - TURNOVER_UID_SID_CACHE_SIZE); i++, pc = pc->next)
+ ;
+ for(; pc; pc = pc_next) {
+ pc_next = pc->next;
+ DLIST_REMOVE(uid_sid_cache_head,pc);
+ SAFE_FREE(pc);
+ n_uid_sid_cache--;
+ }
+ }
+
+ pc = (struct uid_sid_cache *)malloc(sizeof(struct uid_sid_cache));
+ if (!pc)
+ return;
+ pc->uid = uid;
+ sid_copy(&pc->sid, psid);
+ pc->sidtype = sidtype;
+ DLIST_ADD(uid_sid_cache_head, pc);
+ n_uid_sid_cache++;
+}
+
+/*****************************************************************
+ Find a SID given a gid.
+*****************************************************************/
+
+static BOOL fetch_sid_from_gid_cache(DOM_SID *psid, enum SID_NAME_USE *psidtype, gid_t gid)
+{
+ struct gid_sid_cache *pc;
+
+ for (pc = gid_sid_cache_head; pc; pc = pc->next) {
+ if (pc->gid == gid) {
+ fstring sid;
+ *psid = pc->sid;
+ *psidtype = pc->sidtype;
+ DEBUG(3,("fetch sid from gid cache %u -> %s\n",
+ (unsigned int)gid, sid_to_string(sid, psid)));
+ DLIST_PROMOTE(gid_sid_cache_head, pc);
+ return True;
+ }
+ }
+ return False;
+}
+
+/*****************************************************************
+ Find a gid given a SID.
+*****************************************************************/
+
+static BOOL fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE sidtype)
+{
+ struct gid_sid_cache *pc;
+
+ for (pc = gid_sid_cache_head; pc; pc = pc->next) {
+ if (sid_compare(&pc->sid, psid) == 0) {
+ fstring sid;
+ *pgid = pc->gid;
+ DEBUG(3,("fetch uid from cache %u -> %s\n",
+ (unsigned int)*pgid, sid_to_string(sid, psid)));
+ DLIST_PROMOTE(gid_sid_cache_head, pc);
+ return True;
+ }
+ }
+ return False;
+}
+
+/*****************************************************************
+ Store gid to SID mapping in cache.
+*****************************************************************/
+
+static void store_gid_sid_cache(const DOM_SID *psid, const enum SID_NAME_USE sidtype, gid_t gid)
+{
+ struct gid_sid_cache *pc;
+
+ if (n_gid_sid_cache >= MAX_GID_SID_CACHE_SIZE && n_gid_sid_cache > TURNOVER_GID_SID_CACHE_SIZE) {
+ /* Delete the last TURNOVER_GID_SID_CACHE_SIZE entries. */
+ struct gid_sid_cache *pc_next;
+ size_t i;
+
+ for (i = 0, pc = gid_sid_cache_head; i < (n_gid_sid_cache - TURNOVER_GID_SID_CACHE_SIZE); i++, pc = pc->next)
+ ;
+ for(; pc; pc = pc_next) {
+ pc_next = pc->next;
+ DLIST_REMOVE(gid_sid_cache_head,pc);
+ SAFE_FREE(pc);
+ n_gid_sid_cache--;
+ }
+ }
+
+ pc = (struct gid_sid_cache *)malloc(sizeof(struct gid_sid_cache));
+ if (!pc)
+ return;
+ pc->gid = gid;
+ sid_copy(&pc->sid, psid);
+ pc->sidtype = sidtype;
+ DLIST_ADD(gid_sid_cache_head, pc);
+ n_gid_sid_cache++;
+}
+
+
+/*****************************************************************
+ *THE CANONICAL* convert uid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/
+
+DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
+{
+ uid_t low, high;
+ enum SID_NAME_USE sidtype;
+ fstring sid;
+
+ if (fetch_sid_from_uid_cache(psid, &sidtype, uid))
+ return psid;
+
+ if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
+ if (winbind_uid_to_sid(psid, uid)) {
+
+ DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
+ (unsigned int)uid, sid_to_string(sid, psid)));
+
+ if (psid)
+ store_uid_sid_cache(psid, SID_NAME_USER, uid);
+ return psid;
+ }
+ }
+
+ /* Make sure we report failure, (when psid == NULL) */
+ become_root();
+ psid = local_uid_to_sid(psid, uid);
+ unbecome_root();
+
+ DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
+ if (psid)
+ store_uid_sid_cache(psid, SID_NAME_USER, uid);
+
+ return psid;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert gid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/
+
+DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+ gid_t low, high;
+ enum SID_NAME_USE sidtype;
+ fstring sid;
+
+ if (fetch_sid_from_gid_cache(psid, &sidtype, gid))
+ return psid;
+
+ if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
+ if (winbind_gid_to_sid(psid, gid)) {
+
+ DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
+ (unsigned int)gid, sid_to_string(sid, psid)));
+
+ if (psid)
+ store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
+ return psid;
+ }
+ }
+
+ /* Make sure we report failure, (when psid == NULL) */
+ become_root();
+ psid = local_gid_to_sid(psid, gid);
+ unbecome_root();
+ DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
+ if (psid)
+ store_gid_sid_cache(psid, SID_NAME_DOM_GRP, gid);
+
+ return psid;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to uid function.
+ Tries winbind first - then uses local lookup.
+ Returns True if this name is a user sid and the conversion
+ was done correctly, False if not. sidtype is set by this function.
+*****************************************************************/
+
+BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
+{
+ fstring sid_str;
+
+ if (fetch_uid_from_cache(puid, psid, *sidtype))
+ return True;
+
+ /* if we know its local then don't try winbindd */
+ if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
+ BOOL result;
+ become_root();
+ result = local_sid_to_uid(puid, psid, sidtype);
+ unbecome_root();
+ if (result)
+ store_uid_sid_cache(psid, *sidtype, *puid);
+ return result;
+ }
+
+/* (tridge) I commented out the slab of code below in order to support foreign SIDs
+ Do we really need to validate the type of SID we have in this case?
+*/
+#if 0
+ fstring dom_name, name;
+ enum SID_NAME_USE name_type;
+
+ *sidtype = SID_NAME_UNKNOWN;
+ /*
+ * First we must look up the name and decide if this is a user sid.
+ */
+
+ if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
+ BOOL result;
+ DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
+ sid_to_string(sid_str, psid) ));
+
+ become_root();
+ result = local_sid_to_uid(puid, psid, sidtype);
+ unbecome_root();
+ return result;
+ }
+
+ /*
+ * Ensure this is a user sid.
+ */
+
+ if (name_type != SID_NAME_USER) {
+ DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
+ (unsigned int)name_type ));
+ return False;
+ }
+#endif
+ *sidtype = SID_NAME_USER;
+
+ /*
+ * Get the uid for this SID.
+ */
+
+ if (!winbind_sid_to_uid(puid, psid)) {
+ BOOL result;
+ DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
+ sid_to_string(sid_str, psid) ));
+ become_root();
+ result = local_sid_to_uid(puid, psid, sidtype);
+ unbecome_root();
+ if (result)
+ store_uid_sid_cache(psid, *sidtype, *puid);
+ return result;
+ }
+
+ DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
+ sid_to_string(sid_str, psid),
+ (unsigned int)*puid ));
+
+ store_uid_sid_cache(psid, *sidtype, *puid);
+ return True;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to gid function.
+ Tries winbind first - then uses local lookup.
+ Returns True if this name is a user sid and the conversion
+ was done correctly, False if not.
+*****************************************************************/
+
+BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
+{
+ fstring dom_name, name, sid_str;
+ enum SID_NAME_USE name_type;
+
+ *sidtype = SID_NAME_UNKNOWN;
+
+ if (fetch_gid_from_cache(pgid, psid, *sidtype))
+ return True;
+
+ /*
+ * First we must look up the name and decide if this is a group sid.
+ */
+
+ /* if we know its local then don't try winbindd */
+ if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
+ BOOL result;
+ become_root();
+ result = local_sid_to_gid(pgid, psid, sidtype);
+ unbecome_root();
+ if (result)
+ store_gid_sid_cache(psid, *sidtype, *pgid);
+ return result;
+ }
+
+ if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
+ DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
+ sid_to_string(sid_str, psid) ));
+ /* this was probably a foreign sid - assume its a group rid
+ and continue */
+ name_type = SID_NAME_DOM_GRP;
+ }
+
+ /*
+ * Ensure this is a group sid.
+ */
+
+ if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
+ DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
+ (unsigned int)name_type ));
+
+ return False;
+ }
+
+ *sidtype = name_type;
+
+ /*
+ * Get the gid for this SID.
+ */
+
+ if (!winbind_sid_to_gid(pgid, psid)) {
+ DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
+ sid_to_string(sid_str, psid) ));
+ return False;
+ }
+
+ DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
+ sid_to_string(sid_str, psid),
+ (unsigned int)*pgid ));
+
+ store_gid_sid_cache(psid, *sidtype, *pgid);
+ return True;
+}
+
diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c
index 6c12cfac62..84ec364654 100644
--- a/source3/smbd/utmp.c
+++ b/source3/smbd/utmp.c
@@ -484,6 +484,7 @@ static int ut_id_encode(int i, char *fourbyte)
*/
static BOOL sys_utmp_fill(struct utmp *u,
const char *username, const char *hostname,
+ struct in_addr *ipaddr,
const char *id_str, int id_num)
{
struct timeval timeval;
@@ -538,8 +539,9 @@ static BOOL sys_utmp_fill(struct utmp *u,
#if defined(HAVE_UT_UT_HOST)
utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
#endif
-
#if defined(HAVE_UT_UT_ADDR)
+ if (ipaddr)
+ u->ut_addr = ipaddr->s_addr;
/*
* "(unsigned long) ut_addr" apparently exists on at least HP-UX 10.20.
* Volunteer to implement, please ...
@@ -561,6 +563,7 @@ static BOOL sys_utmp_fill(struct utmp *u,
****************************************************************************/
void sys_utmp_yield(const char *username, const char *hostname,
+ struct in_addr *ipaddr,
const char *id_str, int id_num)
{
struct utmp u;
@@ -576,7 +579,7 @@ void sys_utmp_yield(const char *username, const char *hostname,
u.ut_type = DEAD_PROCESS;
#endif
- if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return;
+ if (!sys_utmp_fill(&u, username, hostname, ipaddr, id_str, id_num)) return;
sys_utmp_update(&u, NULL, False);
}
@@ -586,6 +589,7 @@ void sys_utmp_yield(const char *username, const char *hostname,
****************************************************************************/
void sys_utmp_claim(const char *username, const char *hostname,
+ struct in_addr *ipaddr,
const char *id_str, int id_num)
{
struct utmp u;
@@ -596,7 +600,7 @@ void sys_utmp_claim(const char *username, const char *hostname,
u.ut_type = USER_PROCESS;
#endif
- if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return;
+ if (!sys_utmp_fill(&u, username, hostname, ipaddr, id_str, id_num)) return;
sys_utmp_update(&u, hostname, True);
}
diff --git a/source3/smbwrapper/shared.c b/source3/smbwrapper/shared.c
index b4cfcf7148..ca8df5841d 100644
--- a/source3/smbwrapper/shared.c
+++ b/source3/smbwrapper/shared.c
@@ -179,8 +179,8 @@ void smbw_setshared(const char *name, const char *val)
SSVAL(&variables[shared_size], 0, l1);
SSVAL(&variables[shared_size], 2, l2);
- pstrcpy(&variables[shared_size] + 4, name);
- pstrcpy(&variables[shared_size] + 4 + l1, val);
+ safe_strcpy(&variables[shared_size] + 4, name, l1-1);
+ safe_strcpy(&variables[shared_size] + 4 + l1, val, l2-1);
shared_size += l1+l2+4;
diff --git a/source3/smbwrapper/smbw_dir.c b/source3/smbwrapper/smbw_dir.c
index 31d81a1e7e..6d55c1d9da 100644
--- a/source3/smbwrapper/smbw_dir.c
+++ b/source3/smbwrapper/smbw_dir.c
@@ -216,7 +216,7 @@ int smbw_dir_open(const char *fname)
smbw_NetServerEnum(&srv->cli, srv->server_name, SV_TYPE_ALL,
smbw_server_add, NULL);
*p = '#';
- } else if (strcmp(srv->cli.dev,"IPC") == 0) {
+ } else if ((strcmp(srv->cli.dev,"IPC") == 0) || (strcasecmp(share,"IPC$") == 0)) {
DEBUG(4,("doing NetShareEnum\n"));
smbw_share_add(".",0,"", NULL);
smbw_share_add("..",0,"", NULL);
@@ -412,7 +412,8 @@ int smbw_chdir(const char *name)
goto failed;
}
- if (strncmp(srv->cli.dev,"IPC",3) &&
+ if (strncmp(srv->cli.dev,"IPC",3) &&
+ strcasecmp(share, "IPC$") &&
strncmp(srv->cli.dev,"LPT",3) &&
!smbw_getatr(srv, path,
&mode, NULL, NULL, NULL, NULL, NULL)) {
diff --git a/source3/stf/pythoncheck.py b/source3/stf/pythoncheck.py
new file mode 100755
index 0000000000..398bb2c3d6
--- /dev/null
+++ b/source3/stf/pythoncheck.py
@@ -0,0 +1,48 @@
+#! /usr/bin/python
+
+# Comfychair test cases for Samba python extensions
+
+# Copyright (C) 2003 by Tim Potter <tpot@samba.org>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+
+"""These tests are run by Samba's "make check"."""
+
+import sys, comfychair
+
+class ImportTest(comfychair.TestCase):
+ """Check that all modules can be imported without error."""
+ def runtest(self):
+ python_modules = ['spoolss', 'lsa', 'samr', 'winbind', 'winreg',
+ 'srvsvc', 'tdb', 'smb', 'tdbpack']
+ for m in python_modules:
+ try:
+ __import__('samba.%s' % m)
+ except ImportError, msg:
+ self.log(str(msg))
+ self.fail('error importing %s module' % m)
+
+tests = [ImportTest]
+
+if __name__ == '__main__':
+ # Some magic to repend build directory to python path so we see the
+ # objects we have built and not previously installed stuff.
+ from distutils.util import get_platform
+ from os import getcwd
+ sys.path.insert(0, '%s/build/lib.%s-%s' %
+ (getcwd(), get_platform(), sys.version[0:3]))
+
+ comfychair.main(tests)
diff --git a/source3/torture/cmd_sam.c b/source3/torture/cmd_sam.c
deleted file mode 100644
index 3f7f7dfe27..0000000000
--- a/source3/torture/cmd_sam.c
+++ /dev/null
@@ -1,514 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM module functions
-
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "samtest.h"
-
-static void print_account(SAM_ACCOUNT_HANDLE *a)
-{
- /* FIXME */
-}
-
-static NTSTATUS cmd_context(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- char **plugins;
- int i;
-
- plugins = malloc(argc * sizeof(char *));
-
- for(i = 1; i < argc; i++)
- plugins[i-1] = argv[i];
-
- plugins[argc-1] = NULL;
-
- if(!NT_STATUS_IS_OK(status = make_sam_context_list(&st->context, plugins))) {
- printf("make_sam_context_list failed: %s\n", nt_errstr(status));
- SAFE_FREE(plugins);
- return status;
- }
-
- SAFE_FREE(plugins);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_load_module(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- char *plugin_arg[2];
- NTSTATUS status;
- if (argc != 2 && argc != 3) {
- printf("Usage: load <module path> [domain-name]\n");
- return NT_STATUS_OK;
- }
-
- if (argc == 3)
- asprintf(&plugin_arg[0], "plugin:%s|%s", argv[1], argv[2]);
- else
- asprintf(&plugin_arg[0], "plugin:%s", argv[1]);
-
- plugin_arg[1] = NULL;
-
- if(!NT_STATUS_IS_OK(status = make_sam_context_list(&st->context, plugin_arg))) {
- free(plugin_arg[0]);
- return status;
- }
-
- free(plugin_arg[0]);
-
- printf("load: ok\n");
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_get_sec_desc(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_set_sec_desc(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- char *name;
- uint32 type;
- NTSTATUS status;
- DOM_SID sid;
- if (argc != 2) {
- printf("Usage: lookup_sid <sid>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_lookup_sid(st->context, st->token, mem_ctx, &sid, &name, &type))) {
- printf("sam_lookup_sid failed!\n");
- return status;
- }
-
- printf("Name: %s\n", name);
- printf("Type: %d\n", type); /* FIXME: What kind of an integer is type ? */
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- DOM_SID sid;
- uint32 type;
- NTSTATUS status;
- if (argc != 3) {
- printf("Usage: lookup_name <domain> <name>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_lookup_name(st->context, st->token, argv[1], argv[2], &sid, &type))) {
- printf("sam_lookup_name failed!\n");
- return status;
- }
-
- printf("SID: %s\n", sid_string_static(&sid));
- printf("Type: %d\n", type);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- DOM_SID *sid;
- NTSTATUS status;
- if (argc != 2) {
- printf("Usage: lookup_domain <domain>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_lookup_domain(st->context, st->token, argv[1], &sid))) {
- printf("sam_lookup_name failed!\n");
- return status;
- }
-
- printf("SID: %s\n", sid_string_static(sid));
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_enum_domains(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- int32 domain_count, i;
- DOM_SID *domain_sids;
- char **domain_names;
- NTSTATUS status;
-
- if (!NT_STATUS_IS_OK(status = sam_enum_domains(st->context, st->token, &domain_count, &domain_sids, &domain_names))) {
- printf("sam_enum_domains failed!\n");
- return status;
- }
-
- if (domain_count == 0) {
- printf("No domains found!\n");
- return NT_STATUS_OK;
- }
-
- for (i = 0; i < domain_count; i++) {
- printf("%s %s\n", domain_names[i], sid_string_static(&domain_sids[i]));
- }
-
- SAFE_FREE(domain_sids);
- SAFE_FREE(domain_names);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_update_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_show_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- DOM_SID sid;
- SAM_DOMAIN_HANDLE *domain;
- uint32 tmp_uint32;
- uint16 tmp_uint16;
- NTTIME tmp_nttime;
- BOOL tmp_bool;
- const char *tmp_string;
-
- if (argc != 2) {
- printf("Usage: show_domain <sid>\n");
- return status;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_by_sid(st->context, st->token, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS, &sid, &domain))) {
- printf("sam_get_domain_by_sid failed\n");
- return status;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_num_accounts(domain, &tmp_uint32))) {
- printf("sam_get_domain_num_accounts failed: %s\n", nt_errstr(status));
- } else {
- printf("Number of accounts: %d\n", tmp_uint32);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_num_groups(domain, &tmp_uint32))) {
- printf("sam_get_domain_num_groups failed: %s\n", nt_errstr(status));
- } else {
- printf("Number of groups: %u\n", tmp_uint32);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_num_aliases(domain, &tmp_uint32))) {
- printf("sam_get_domain_num_aliases failed: %s\n", nt_errstr(status));
- } else {
- printf("Number of aliases: %u\n", tmp_uint32);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_name(domain, &tmp_string))) {
- printf("sam_get_domain_name failed: %s\n", nt_errstr(status));
- } else {
- printf("Domain Name: %s\n", tmp_string);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_lockout_count(domain, &tmp_uint16))) {
- printf("sam_get_domain_lockout_count failed: %s\n", nt_errstr(status));
- } else {
- printf("Lockout Count: %u\n", tmp_uint16);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_force_logoff(domain, &tmp_bool))) {
- printf("sam_get_domain_force_logoff failed: %s\n", nt_errstr(status));
- } else {
- printf("Force Logoff: %s\n", (tmp_bool?"Yes":"No"));
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_lockout_duration(domain, &tmp_nttime))) {
- printf("sam_get_domain_lockout_duration failed: %s\n", nt_errstr(status));
- } else {
- printf("Lockout duration: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_login_pwdchange(domain, &tmp_bool))) {
- printf("sam_get_domain_login_pwdchange failed: %s\n", nt_errstr(status));
- } else {
- printf("Password changing allowed: %s\n", (tmp_bool?"Yes":"No"));
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_max_pwdage(domain, &tmp_nttime))) {
- printf("sam_get_domain_max_pwdage failed: %s\n", nt_errstr(status));
- } else {
- printf("Maximum password age: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_min_pwdage(domain, &tmp_nttime))) {
- printf("sam_get_domain_min_pwdage failed: %s\n", nt_errstr(status));
- } else {
- printf("Minimal password age: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_min_pwdlength(domain, &tmp_uint16))) {
- printf("sam_get_domain_min_pwdlength: %s\n", nt_errstr(status));
- } else {
- printf("Minimal Password Length: %u\n", tmp_uint16);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_pwd_history(domain, &tmp_uint16))) {
- printf("sam_get_domain_pwd_history failed: %s\n", nt_errstr(status));
- } else {
- printf("Password history: %u\n", tmp_uint16);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_reset_count(domain, &tmp_nttime))) {
- printf("sam_get_domain_reset_count failed: %s\n", nt_errstr(status));
- } else {
- printf("Reset count: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_server(domain, &tmp_string))) {
- printf("sam_get_domain_server failed: %s\n", nt_errstr(status));
- } else {
- printf("Server: %s\n", tmp_string);
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_create_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_update_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_delete_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_enum_accounts(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- DOM_SID sid;
- int32 account_count, i;
- SAM_ACCOUNT_ENUM *accounts;
-
- if (argc != 2) {
- printf("Usage: enum_accounts <domain-sid>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_enum_accounts(st->context, st->token, &sid, 0, &account_count, &accounts))) {
- printf("sam_enum_accounts failed: %s\n", nt_errstr(status));
- return status;
- }
-
- if (account_count == 0) {
- printf("No accounts found!\n");
- return NT_STATUS_OK;
- }
-
- for (i = 0; i < account_count; i++)
- printf("SID: %s\nName: %s\nFullname: %s\nDescription: %s\nACB_BITS: %08X\n\n",
- sid_string_static(&accounts[i].sid), accounts[i].account_name,
- accounts[i].full_name, accounts[i].account_desc,
- accounts[i].acct_ctrl);
-
- SAFE_FREE(accounts);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_account_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- DOM_SID sid;
- SAM_ACCOUNT_HANDLE *account;
-
- if (argc != 2) {
- printf("Usage: lookup_account_sid <account-sid>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_by_sid(st->context, st->token, GENERIC_RIGHTS_USER_ALL_ACCESS, &sid, &account))) {
- printf("context_sam_get_account_by_sid failed: %s\n", nt_errstr(status));
- return status;
- }
-
- print_account(account);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_account_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- SAM_ACCOUNT_HANDLE *account;
-
- if (argc != 3) {
- printf("Usage: lookup_account_name <domain-name> <account-name>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_by_name(st->context, st->token, GENERIC_RIGHTS_USER_ALL_ACCESS, argv[1], argv[2], &account))) {
- printf("context_sam_get_account_by_sid failed: %s\n", nt_errstr(status));
- return status;
- }
-
- print_account(account);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_create_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_update_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_delete_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_enum_groups(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_group_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_group_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_group_add_member(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_group_del_member(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS cmd_group_enum(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS cmd_get_sid_groups(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-struct cmd_set sam_general_commands[] = {
-
- { "General SAM Commands" },
-
- { "load", cmd_load_module, "Load a module", "load <module.so> [domain-sid]" },
- { "context", cmd_context, "Load specified context", "context [DOMAIN|]backend1[:options] [DOMAIN|]backend2[:options]" },
- { "get_sec_desc", cmd_get_sec_desc, "Get security descriptor info", "get_sec_desc <access-token> <sid>" },
- { "set_sec_desc", cmd_set_sec_desc, "Set security descriptor info", "set_sec_desc <access-token> <sid>" },
- { "lookup_sid", cmd_lookup_sid, "Lookup type of specified SID", "lookup_sid <sid>" },
- { "lookup_name", cmd_lookup_name, "Lookup type of specified name", "lookup_name <sid>" },
- { NULL }
-};
-
-struct cmd_set sam_domain_commands[] = {
- { "Domain Commands" },
- { "update_domain", cmd_update_domain, "Update domain information", "update_domain [domain-options] domain-name | domain-sid" },
- { "show_domain", cmd_show_domain, "Show domain information", "show_domain domain-sid | domain-name" },
- { "enum_domains", cmd_enum_domains, "Enumerate all domains", "enum_domains <token> <acct-ctrl>" },
- { "lookup_domain", cmd_lookup_domain, "Lookup a domain by name", "lookup_domain domain-name" },
- { NULL }
-};
-
-struct cmd_set sam_account_commands[] = {
- { "Account Commands" },
- { "create_account", cmd_create_account, "Create a new account with specified properties", "create_account [account-options]" },
- { "update_account", cmd_update_account, "Update an existing account", "update_account [account-options] account-sid | account-name" },
- { "delete_account", cmd_delete_account, "Delete an account", "delete_account account-sid | account-name" },
- { "enum_accounts", cmd_enum_accounts, "Enumerate all accounts", "enum_accounts <token> <acct-ctrl>" },
- { "lookup_account", cmd_lookup_account, "Lookup an account by either sid or name", "lookup_account account-sid | account-name" },
- { "lookup_account_sid", cmd_lookup_account_sid, "Lookup an account by sid", "lookup_account_sid account-sid" },
- { "lookup_account_name", cmd_lookup_account_name, "Lookup an account by name", "lookup_account_name account-name" },
- { NULL }
-};
-
-struct cmd_set sam_group_commands[] = {
- { "Group Commands" },
- { "create_group", cmd_create_group, "Create a new group", "create_group [group-opts]" },
- { "update_group", cmd_update_group, "Update an existing group", "update_group [group-opts] group-name | group-sid" },
- { "delete_group", cmd_delete_group, "Delete an existing group", "delete_group group-name | group-sid" },
- { "enum_groups", cmd_enum_groups, "Enumerate all groups", "enum_groups <token> <group-ctrl>" },
- { "lookup_group", cmd_lookup_group, "Lookup a group by SID or name", "lookup_group group-sid | group-name" },
- { "lookup_group_sid", cmd_lookup_group_sid, "Lookup a group by SID", "lookup_group_sid <sid>" },
- { "lookup_group_name", cmd_lookup_group_name, "Lookup a group by name", "lookup_group_name <name>" },
- { "group_add_member", cmd_group_add_member, "Add group member to group", "group_add_member <group-name | group-sid> <member-name | member-sid>" },
- { "group_del_member", cmd_group_del_member, "Delete group member from group", "group_del_member <group-name | group-sid> <member-name | member-sid>" },
- { "group_enum", cmd_group_enum, "Enumerate all members of specified group", "group_enum group-sid | group-name" },
-
- { "get_sid_groups", cmd_get_sid_groups, "Get a list of groups specified sid is a member of", "group_enum <group-sid | group-name>" },
- { NULL }
-};
diff --git a/source3/torture/samtest.c b/source3/torture/samtest.c
deleted file mode 100644
index fd5f75a664..0000000000
--- a/source3/torture/samtest.c
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- SAM module tester
-
- Copyright (C) 2002 Jelmer Vernooij
-
- Parts of the code stolen from vfstest by Simo Sorce and Eric Lorimer
- Parts of the code stolen from rpcclient by Tim Potter
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "samtest.h"
-
-struct func_entry {
- char *name;
- int (*fn)(struct connection_struct *conn, const char *path);
-};
-
-/* List to hold groups of commands */
-static struct cmd_list {
- struct cmd_list *prev, *next;
- struct cmd_set *cmd_set;
-} *cmd_list;
-
-static char* next_command (char** cmdstr)
-{
- static pstring command;
- char *p;
-
- if (!cmdstr || !(*cmdstr))
- return NULL;
-
- p = strchr_m(*cmdstr, ';');
- if (p)
- *p = '\0';
- pstrcpy(command, *cmdstr);
- *cmdstr = p;
-
- return command;
-}
-
-/* Load specified configuration file */
-static NTSTATUS cmd_conf(struct samtest_state *sam, TALLOC_CTX *mem_ctx,
- int argc, char **argv)
-{
- if (argc != 2) {
- printf("Usage: %s <smb.conf>\n", argv[0]);
- return NT_STATUS_OK;
- }
-
- if (!lp_load(argv[1], False, True, False)) {
- printf("Error loading \"%s\"\n", argv[1]);
- return NT_STATUS_OK;
- }
-
- printf("\"%s\" successfully loaded\n", argv[1]);
- return NT_STATUS_OK;
-}
-
-/* Display help on commands */
-static NTSTATUS cmd_help(struct samtest_state *st, TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
-{
- struct cmd_list *tmp;
- struct cmd_set *tmp_set;
-
- /* Usage */
- if (argc > 2) {
- printf("Usage: %s [command]\n", argv[0]);
- return NT_STATUS_OK;
- }
-
- /* Help on one command */
-
- if (argc == 2) {
- for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
- tmp_set = tmp->cmd_set;
-
- while(tmp_set->name) {
- if (strequal(argv[1], tmp_set->name)) {
- if (tmp_set->usage &&
- tmp_set->usage[0])
- printf("%s\n", tmp_set->usage);
- else
- printf("No help for %s\n", tmp_set->name);
-
- return NT_STATUS_OK;
- }
-
- tmp_set++;
- }
- }
-
- printf("No such command: %s\n", argv[1]);
- return NT_STATUS_OK;
- }
-
- /* List all commands */
-
- for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
- tmp_set = tmp->cmd_set;
-
- while(tmp_set->name) {
-
- printf("%20s\t%s\n", tmp_set->name,
- tmp_set->description ? tmp_set->description:
- "");
-
- tmp_set++;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-/* Change the debug level */
-static NTSTATUS cmd_debuglevel(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- if (argc > 2) {
- printf("Usage: %s [debuglevel]\n", argv[0]);
- return NT_STATUS_OK;
- }
-
- if (argc == 2) {
- DEBUGLEVEL = atoi(argv[1]);
- }
-
- printf("debuglevel is %d\n", DEBUGLEVEL);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_quit(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- /* Cleanup */
- talloc_destroy(mem_ctx);
-
- exit(0);
- return NT_STATUS_OK; /* NOTREACHED */
-}
-
-static struct cmd_set samtest_commands[] = {
-
- { "GENERAL OPTIONS" },
-
- { "help", cmd_help, "Get help on commands", "" },
- { "?", cmd_help, "Get help on commands", "" },
- { "conf", cmd_conf, "Load smb configuration file", "conf <smb.conf>" },
- { "debuglevel", cmd_debuglevel, "Set debug level", "" },
- { "exit", cmd_quit, "Exit program", "" },
- { "quit", cmd_quit, "Exit program", "" },
-
- { NULL }
-};
-
-static struct cmd_set separator_command[] = {
- { "---------------", NULL, "----------------------" },
- { NULL }
-};
-
-
-/*extern struct cmd_set sam_commands[];*/
-extern struct cmd_set sam_general_commands[];
-extern struct cmd_set sam_domain_commands[];
-extern struct cmd_set sam_account_commands[];
-extern struct cmd_set sam_group_commands[];
-static struct cmd_set *samtest_command_list[] = {
- samtest_commands,
- sam_general_commands,
- sam_domain_commands,
- sam_account_commands,
- sam_group_commands,
- NULL
-};
-
-static void add_command_set(struct cmd_set *cmd_set)
-{
- struct cmd_list *entry;
-
- if (!(entry = (struct cmd_list *)malloc(sizeof(struct cmd_list)))) {
- DEBUG(0, ("out of memory\n"));
- return;
- }
-
- ZERO_STRUCTP(entry);
-
- entry->cmd_set = cmd_set;
- DLIST_ADD(cmd_list, entry);
-}
-
-static NTSTATUS do_cmd(struct samtest_state *st, struct cmd_set *cmd_entry, char *cmd)
-{
- char *p = cmd, **argv = NULL;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- TALLOC_CTX *mem_ctx = NULL;
- pstring buf;
- int argc = 0, i;
-
- /* Count number of arguments first time through the loop then
- allocate memory and strdup them. */
-
- again:
- while(next_token(&p, buf, " ", sizeof(buf))) {
- if (argv) {
- argv[argc] = strdup(buf);
- }
-
- argc++;
- }
-
- if (!argv) {
-
- /* Create argument list */
-
- argv = (char **)malloc(sizeof(char *) * argc);
- memset(argv, 0, sizeof(char *) * argc);
-
- if (!argv) {
- fprintf(stderr, "out of memory\n");
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- p = cmd;
- argc = 0;
-
- goto again;
- }
-
- /* Call the function */
-
- if (cmd_entry->fn) {
-
- if (mem_ctx == NULL) {
- /* Create mem_ctx */
- if (!(mem_ctx = talloc_init("do_cmd"))) {
- DEBUG(0, ("talloc_init() failed\n"));
- goto done;
- }
- }
-
- /* Run command */
- result = cmd_entry->fn(st, mem_ctx, argc, argv);
-
- } else {
- fprintf (stderr, "Invalid command\n");
- goto done;
- }
-
- done:
-
- /* Cleanup */
-
- if (argv) {
- for (i = 0; i < argc; i++)
- SAFE_FREE(argv[i]);
-
- SAFE_FREE(argv);
- }
-
- return result;
-}
-
-/* Process a command entered at the prompt or as part of -c */
-static NTSTATUS process_cmd(struct samtest_state *st, char *cmd)
-{
- struct cmd_list *temp_list;
- BOOL found = False;
- pstring buf;
- char *p = cmd;
- NTSTATUS result = NT_STATUS_OK;
- int len = 0;
-
- if (cmd[strlen(cmd) - 1] == '\n')
- cmd[strlen(cmd) - 1] = '\0';
-
- if (!next_token(&p, buf, " ", sizeof(buf))) {
- return NT_STATUS_OK;
- }
-
- /* strip the trainly \n if it exsists */
- len = strlen(buf);
- if (buf[len-1] == '\n')
- buf[len-1] = '\0';
-
- /* Search for matching commands */
-
- for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
- struct cmd_set *temp_set = temp_list->cmd_set;
-
- while(temp_set->name) {
- if (strequal(buf, temp_set->name)) {
- found = True;
- result = do_cmd(st, temp_set, cmd);
-
- goto done;
- }
- temp_set++;
- }
- }
-
- done:
- if (!found && buf[0]) {
- printf("command not found: %s\n", buf);
- return NT_STATUS_OK;
- }
-
- if (!NT_STATUS_IS_OK(result)) {
- printf("result was %s\n", nt_errstr(result));
- }
-
- return result;
-}
-
-void exit_server(char *reason)
-{
- DEBUG(3,("Server exit (%s)\n", (reason ? reason : "")));
- exit(0);
-}
-
-static int server_fd = -1;
-int last_message = -1;
-
-int smbd_server_fd(void)
-{
- return server_fd;
-}
-
-BOOL reload_services(BOOL test)
-{
- return True;
-}
-
-/* Main function */
-
-int main(int argc, char *argv[])
-{
- BOOL interactive = True;
- int opt;
- static char *cmdstr = NULL;
- struct cmd_set **cmd_set;
- struct samtest_state st;
-
- /* make sure the vars that get altered (4th field) are in
- a fixed location or certain compilers complain */
- poptContext pc;
- struct poptOption long_options[] = {
- POPT_AUTOHELP
- {"command", 'e', POPT_ARG_STRING, &cmdstr, 'e', "Execute semicolon seperated cmds"},
- POPT_COMMON_SAMBA
- POPT_TABLEEND
- };
-
- ZERO_STRUCT(st);
-
- st.token = get_system_token();
-
- setlinebuf(stdout);
-
- DEBUGLEVEL = 1;
-
- pc = poptGetContext("samtest", argc, (const char **) argv,
- long_options, 0);
-
- while((opt = poptGetNextOpt(pc)) != -1) {
- switch (opt) {
- case 'l':
- slprintf(logfile, sizeof(logfile) - 1, "%s.client",
- opt_logfile);
- lp_set_logfile(logfile);
- interactive = False;
- break;
- }
- }
-
- if (!lp_load(config_file,True,False,False)) {
- fprintf(stderr, "Can't load %s - run testparm to debug it\n", config_file);
- exit(1);
- }
-
- poptFreeContext(pc);
-
- /* the following functions are part of the Samba debugging
- facilities. See lib/debug.c */
- setup_logging("samtest", interactive);
- if (!interactive)
- reopen_logs();
-
- /* Load command lists */
-
- cmd_set = samtest_command_list;
-
- while(*cmd_set) {
- add_command_set(*cmd_set);
- add_command_set(separator_command);
- cmd_set++;
- }
-
- /* Do anything specified with -c */
- if (cmdstr && cmdstr[0]) {
- char *cmd;
- char *p = cmdstr;
-
- while((cmd=next_command(&p)) != NULL) {
- process_cmd(&st, cmd);
- }
-
- return 0;
- }
-
- /* Loop around accepting commands */
-
- while(1) {
- pstring prompt;
- char *line;
-
- slprintf(prompt, sizeof(prompt) - 1, "samtest $> ");
-
- line = smb_readline(prompt, NULL, NULL);
-
- if (line == NULL)
- break;
-
- if (line[0] != '\n')
- process_cmd(&st, line);
- }
-
- return 0;
-}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 840b6ad294..07d7f1547e 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -1121,7 +1121,7 @@ static BOOL run_tcon_devtype_test(int dummy)
BOOL retry;
int flags = 0;
NTSTATUS status;
- BOOL ret;
+ BOOL ret = True;
status = cli_full_connection(&cli1, myname,
host, NULL, port_to_use,
diff --git a/source3/utils/editreg.c b/source3/utils/editreg.c
index c45959799b..bda817310b 100644
--- a/source3/utils/editreg.c
+++ b/source3/utils/editreg.c
@@ -1041,7 +1041,6 @@ void *str_to_val(int type, char *val, int *len)
default:
return NULL;
- break;
}
return NULL;
@@ -1212,7 +1211,7 @@ int string_to_sid(DOM_SID **sid, char *sid_str)
lstr = strchr(lstr + 1, '-');
}
- return 1;
+ /*return 1; */ /* Not Reached ... */
}
/*
@@ -1380,7 +1379,7 @@ REG_KEY *nt_add_reg_key_list(REGF *regf, REG_KEY *key, char * name, int create)
else { /* Create more space in the list ... */
if (!(list = (KEY_LIST *)realloc(list, sizeof(KEY_LIST) +
(list->max_keys + REG_KEY_LIST_SIZE - 1)
- * sizeof(REG_KEY *))));
+ * sizeof(REG_KEY *))))
goto error;
list->max_keys += REG_KEY_LIST_SIZE;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 203d849786..1a50f9d270 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -109,6 +109,9 @@ static int net_ads_info(int argc, const char **argv)
d_printf("LDAP port: %d\n", ads->ldap_port);
d_printf("Server time: %s\n", http_timestring(ads->config.current_time));
+ d_printf("KDC server: %s\n", ads->auth.kdc_server );
+ d_printf("Server time offset: %d\n", ads->auth.time_offset );
+
return 0;
}
@@ -124,7 +127,7 @@ static ADS_STRUCT *ads_startup(void)
ADS_STATUS status;
BOOL need_password = False;
BOOL second_time = False;
- char *realm;
+ char *cp;
ads = ads_init(NULL, NULL, opt_host);
@@ -146,22 +149,24 @@ retry:
if (opt_password) {
use_in_memory_ccache();
- ads->auth.password = strdup(opt_password);
+ ads->auth.password = smb_xstrdup(opt_password);
}
- ads->auth.user_name = strdup(opt_user_name);
+ ads->auth.user_name = smb_xstrdup(opt_user_name);
- /*
- * If the username is of the form "name@realm",
- * extract the realm and convert to upper case.
- */
- if ((realm = strchr(ads->auth.user_name, '@'))) {
- *realm++ = '\0';
- ads->auth.realm = strdup(realm);
- strupper(ads->auth.realm);
- }
+ /*
+ * If the username is of the form "name@realm",
+ * extract the realm and convert to upper case.
+ * This is only used to establish the connection.
+ */
+ if (cp = strchr(ads->auth.user_name, '@')) {
+ *cp++ = '\0';
+ ads->auth.realm = smb_xstrdup(cp);
+ strupper(ads->auth.realm);
+ }
status = ads_connect(ads);
+
if (!ADS_ERR_OK(status)) {
if (!need_password && !second_time) {
need_password = True;
@@ -230,7 +235,7 @@ static BOOL usergrp_display(char *field, void **values, void *data_area)
if (!field) { /* must be end of record */
if (!strchr_m(disp_fields[0], '$')) {
if (disp_fields[1])
- d_printf("%-21.21s %-50.50s\n",
+ d_printf("%-21.21s %s\n",
disp_fields[0], disp_fields[1]);
else
d_printf("%s\n", disp_fields[0]);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 3f5a339948..cd3cc9cfec 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -74,7 +74,7 @@ static DOM_SID *net_get_remote_domain_sid(struct cli_state *cli)
goto error;
}
- result = cli_lsa_open_policy(cli, mem_ctx, True,
+ result = cli_lsa_open_policy(cli, mem_ctx, False,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
@@ -235,14 +235,25 @@ int net_rpc_changetrustpw(int argc, const char **argv)
* @return Normal NTSTATUS return.
**/
-static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cli_state *cli,
+static NTSTATUS rpc_oldjoin_internals(const DOM_SID *domain_sid, struct cli_state *cli,
TALLOC_CTX *mem_ctx,
int argc, const char **argv) {
fstring trust_passwd;
unsigned char orig_trust_passwd_hash[16];
NTSTATUS result;
+ uint32 sec_channel_type;
+ /*
+ check what type of join - if the user want's to join as
+ a BDC, the server must agree that we are a BDC.
+ */
+ if (argc >= 0) {
+ sec_channel_type = get_sec_channel_type(argv[0]);
+ } else {
+ sec_channel_type = get_sec_channel_type(NULL);
+ }
+
fstrcpy(trust_passwd, global_myname());
strlower(trust_passwd);
@@ -257,11 +268,7 @@ static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cl
result = trust_pw_change_and_store_it(cli, mem_ctx, opt_target_workgroup,
orig_trust_passwd_hash,
- SEC_CHAN_WKSTA);
-
- /* SEC_CHAN_WKSTA specified specifically, as you cannot use this
- to join a BDC to the domain (MS won't allow it, and is *really*
- insecure) */
+ sec_channel_type);
if (NT_STATUS_IS_OK(result))
printf("Joined domain %s.\n",opt_target_workgroup);
@@ -285,40 +292,11 @@ static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cl
* @return A shell status integer (0 for success)
**/
-static int net_rpc_join_oldstyle(int argc, const char **argv)
-{
- uint32 sec_channel_type;
- /* check what type of join */
- if (argc >= 0) {
- sec_channel_type = get_sec_channel_type(argv[0]);
- } else {
- sec_channel_type = get_sec_channel_type(NULL);
- }
-
- if (sec_channel_type != SEC_CHAN_WKSTA)
- return 1;
-
- return run_rpc_command(NULL, PI_NETLOGON,
- NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
- rpc_join_oldstyle_internals,
- argc, argv);
-}
-
-/**
- * Join a domain, the old way.
- *
- * @param argc Standard main() style argc
- * @param argc Standard main() style argv. Initial components are already
- * stripped
- *
- * @return A shell status integer (0 for success)
- **/
-
static int net_rpc_oldjoin(int argc, const char **argv)
{
return run_rpc_command(NULL, PI_NETLOGON,
NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
- rpc_join_oldstyle_internals,
+ rpc_oldjoin_internals,
argc, argv);
}
@@ -351,13 +329,13 @@ static int rpc_join_usage(int argc, const char **argv)
*
* Main 'net_rpc_join()' (where the admain username/password is used) is
* in net_rpc_join.c
- * Assume if a -U is specified, it's the new style, otherwise it's the
- * old style. If 'oldstyle' is specfied explicity, do it and don't prompt.
+ * Try to just change the password, but if that doesn't work, use/prompt
+ * for a username/password.
**/
int net_rpc_join(int argc, const char **argv)
{
- if ((net_rpc_join_oldstyle(argc, argv) == 0))
+ if ((net_rpc_oldjoin(argc, argv) == 0))
return 0;
return net_rpc_join_newstyle(argc, argv);
@@ -862,7 +840,7 @@ rpc_user_list_internals(const DOM_SID *domain_sid, struct cli_state *cli,
unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc)-1);
if (opt_long_list_entries)
- printf("%-21.21s %-50.50s\n", user, desc);
+ printf("%-21.21s %s\n", user, desc);
else
printf("%s\n", user);
}
@@ -1785,7 +1763,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
return -1;
}
- nt_status = cli_lsa_open_policy2(cli, mem_ctx, False, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -1804,6 +1782,9 @@ static int rpc_trustdom_establish(int argc, const char **argv)
return -1;
}
+
+
+
/* There should be actually query info level 3 (following nt serv behaviour),
but I still don't know if it's _really_ necessary */
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 42490190f3..c4beb4ef1a 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -38,7 +38,6 @@ enum squid_mode {
extern int winbindd_fd;
-static const char *helper_protocol;
static const char *opt_username;
static const char *opt_domain;
static const char *opt_workstation;
@@ -48,7 +47,6 @@ static DATA_BLOB opt_lm_response;
static DATA_BLOB opt_nt_response;
static int request_lm_key;
static int request_nt_key;
-static int diagnostics;
static char winbind_separator(void)
@@ -184,7 +182,7 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
const DATA_BLOB *lm_response,
const DATA_BLOB *nt_response,
uint32 flags,
- uint8 lm_key[16],
+ uint8 lm_key[8],
uint8 nt_key[16],
char **error_string)
{
@@ -476,6 +474,10 @@ static DATA_BLOB get_challenge(void)
return chal;
}
+/*
+ * Test LM authentication, no NT response supplied
+ */
+
static BOOL test_lm(void)
{
NTSTATUS nt_status;
@@ -483,13 +485,18 @@ static BOOL test_lm(void)
DATA_BLOB lm_response = data_blob(NULL, 24);
uchar lm_key[8];
+ uchar nt_key[16];
uchar lm_hash[16];
DATA_BLOB chall = get_challenge();
char *error_string;
+ ZERO_STRUCT(lm_key);
+ ZERO_STRUCT(nt_key);
+
flags |= WINBIND_PAM_LMKEY;
+ flags |= WINBIND_PAM_NTKEY;
- SMBencrypt(opt_password,chall.data,lm_response.data);
+ SMBencrypt(opt_password, chall.data, lm_response.data);
E_deshash(opt_password, lm_hash);
nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation,
@@ -498,7 +505,7 @@ static BOOL test_lm(void)
NULL,
flags,
lm_key,
- NULL,
+ nt_key,
&error_string);
data_blob_free(&lm_response);
@@ -518,9 +525,20 @@ static BOOL test_lm(void)
DEBUG(1, ("expected:\n"));
dump_data(1, lm_hash, 8);
}
+ if (memcmp(lm_hash, nt_key, 8) != 0) {
+ DEBUG(1, ("Session Key (first 8, lm hash) does not match expectations!\n"));
+ DEBUG(1, ("nt_key:\n"));
+ dump_data(1, nt_key, 8);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_hash, 8);
+ }
return True;
}
+/*
+ * Test the normal 'LM and NTLM' combination
+ */
+
static BOOL test_lm_ntlm(void)
{
BOOL pass = True;
@@ -537,6 +555,9 @@ static BOOL test_lm_ntlm(void)
DATA_BLOB chall = get_challenge();
char *error_string;
+ ZERO_STRUCT(lm_key);
+ ZERO_STRUCT(nt_key);
+
flags |= WINBIND_PAM_LMKEY;
flags |= WINBIND_PAM_NTKEY;
@@ -589,6 +610,10 @@ static BOOL test_lm_ntlm(void)
return pass;
}
+/*
+ * Test the NTLM response only, no LM.
+ */
+
static BOOL test_ntlm(void)
{
BOOL pass = True;
@@ -597,24 +622,170 @@ static BOOL test_ntlm(void)
DATA_BLOB nt_response = data_blob(NULL, 24);
DATA_BLOB session_key = data_blob(NULL, 16);
+ char lm_key[8];
char nt_key[16];
+ char lm_hash[16];
char nt_hash[16];
DATA_BLOB chall = get_challenge();
char *error_string;
+ ZERO_STRUCT(lm_key);
+ ZERO_STRUCT(nt_key);
+
+ flags |= WINBIND_PAM_LMKEY;
flags |= WINBIND_PAM_NTKEY;
SMBNTencrypt(opt_password,chall.data,nt_response.data);
E_md4hash(opt_password, nt_hash);
SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+ E_deshash(opt_password, lm_hash);
+
nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
opt_workstation,
&chall,
NULL,
&nt_response,
flags,
+ lm_key,
+ nt_key,
+ &error_string);
+
+ data_blob_free(&nt_response);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ d_printf("%s (0x%x)\n",
+ error_string,
+ NT_STATUS_V(nt_status));
+ SAFE_FREE(error_string);
+ return False;
+ }
+
+ if (memcmp(lm_hash, lm_key,
+ sizeof(lm_key)) != 0) {
+ DEBUG(1, ("LM Key does not match expectations!\n"));
+ DEBUG(1, ("lm_key:\n"));
+ dump_data(1, lm_key, 8);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_hash, 8);
+ pass = False;
+ }
+ if (memcmp(session_key.data, nt_key,
+ sizeof(nt_key)) != 0) {
+ DEBUG(1, ("NT Session Key does not match expectations!\n"));
+ DEBUG(1, ("nt_key:\n"));
+ dump_data(1, nt_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, session_key.data, session_key.length);
+ pass = False;
+ }
+ return pass;
+}
+
+/*
+ * Test the NTLM response only, but in the LM feild.
+ */
+
+static BOOL test_ntlm_in_lm(void)
+{
+ BOOL pass = True;
+ NTSTATUS nt_status;
+ uint32 flags = 0;
+ DATA_BLOB nt_response = data_blob(NULL, 24);
+
+ uchar lm_key[8];
+ uchar lm_hash[16];
+ uchar nt_key[16];
+ DATA_BLOB chall = get_challenge();
+ char *error_string;
+
+ ZERO_STRUCT(nt_key);
+
+ flags |= WINBIND_PAM_LMKEY;
+ flags |= WINBIND_PAM_NTKEY;
+
+ SMBNTencrypt(opt_password,chall.data,nt_response.data);
+
+ E_deshash(opt_password, lm_hash);
+
+ nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
+ opt_workstation,
+ &chall,
+ &nt_response,
NULL,
+ flags,
+ lm_key,
+ nt_key,
+ &error_string);
+
+ data_blob_free(&nt_response);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ d_printf("%s (0x%x)\n",
+ error_string,
+ NT_STATUS_V(nt_status));
+ SAFE_FREE(error_string);
+ return False;
+ }
+
+ if (memcmp(lm_hash, lm_key,
+ sizeof(lm_key)) != 0) {
+ DEBUG(1, ("LM Key does not match expectations!\n"));
+ DEBUG(1, ("lm_key:\n"));
+ dump_data(1, lm_key, 8);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_hash, 8);
+ pass = False;
+ }
+ if (memcmp(lm_hash, nt_key, 8) != 0) {
+ DEBUG(1, ("Session Key (first 8 lm hash) does not match expectations!\n"));
+ DEBUG(1, ("nt_key:\n"));
+ dump_data(1, nt_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_hash, 8);
+ pass = False;
+ }
+ return pass;
+}
+
+/*
+ * Test the NTLM response only, but in the both the NT and LM feilds.
+ */
+
+static BOOL test_ntlm_in_both(void)
+{
+ BOOL pass = True;
+ NTSTATUS nt_status;
+ uint32 flags = 0;
+ DATA_BLOB nt_response = data_blob(NULL, 24);
+ DATA_BLOB session_key = data_blob(NULL, 16);
+
+ char lm_key[8];
+ char lm_hash[16];
+ char nt_key[16];
+ char nt_hash[16];
+ DATA_BLOB chall = get_challenge();
+ char *error_string;
+
+ ZERO_STRUCT(lm_key);
+ ZERO_STRUCT(nt_key);
+
+ flags |= WINBIND_PAM_LMKEY;
+ flags |= WINBIND_PAM_NTKEY;
+
+ SMBNTencrypt(opt_password,chall.data,nt_response.data);
+ E_md4hash(opt_password, nt_hash);
+ SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+
+ E_deshash(opt_password, lm_hash);
+
+ nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
+ opt_workstation,
+ &chall,
+ &nt_response,
+ &nt_response,
+ flags,
+ lm_key,
nt_key,
&error_string);
@@ -628,6 +799,15 @@ static BOOL test_ntlm(void)
return False;
}
+ if (memcmp(lm_hash, lm_key,
+ sizeof(lm_key)) != 0) {
+ DEBUG(1, ("LM Key does not match expectations!\n"));
+ DEBUG(1, ("lm_key:\n"));
+ dump_data(1, lm_key, 8);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_hash, 8);
+ pass = False;
+ }
if (memcmp(session_key.data, nt_key,
sizeof(nt_key)) != 0) {
DEBUG(1, ("NT Session Key does not match expectations!\n"));
@@ -637,6 +817,233 @@ static BOOL test_ntlm(void)
dump_data(1, session_key.data, session_key.length);
pass = False;
}
+
+
+ return pass;
+}
+
+/*
+ * Test the NTLMv2 response only
+ */
+
+static BOOL test_ntlmv2(void)
+{
+ BOOL pass = True;
+ NTSTATUS nt_status;
+ uint32 flags = 0;
+ DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+ DATA_BLOB lmv2_response = data_blob(NULL, 0);
+ DATA_BLOB nt_session_key = data_blob(NULL, 0);
+ DATA_BLOB lm_session_key = data_blob(NULL, 0);
+
+ uchar lm_key[16];
+ uchar nt_key[16];
+ DATA_BLOB chall = get_challenge();
+ char *error_string;
+
+ ZERO_STRUCT(lm_key);
+ ZERO_STRUCT(nt_key);
+
+ flags |= WINBIND_PAM_LMKEY;
+ flags |= WINBIND_PAM_NTKEY;
+
+ if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, chall,
+ &lmv2_response, &ntlmv2_response,
+ &lm_session_key, &nt_session_key)) {
+ return False;
+ }
+
+ nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
+ opt_workstation,
+ &chall,
+ NULL,
+ &ntlmv2_response,
+ flags,
+ lm_key,
+ nt_key,
+ &error_string);
+
+ data_blob_free(&lmv2_response);
+ data_blob_free(&ntlmv2_response);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ d_printf("%s (0x%x)\n",
+ error_string,
+ NT_STATUS_V(nt_status));
+ SAFE_FREE(error_string);
+ return False;
+ }
+
+#if 0
+ if (memcmp(lm_session_key.data, lm_key,
+ sizeof(lm_key)) != 0) {
+ DEBUG(1, ("LM Session Key does not match expectations!\n"));
+ DEBUG(1, ("lm_key:\n"));
+ dump_data(1, lm_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_session_key.data, lm_session_key.length);
+ pass = False;
+ }
+ if (memcmp(nt_session_key.data, nt_key,
+ sizeof(nt_key)) != 0) {
+ DEBUG(1, ("NT Session Key does not match expectations!\n"));
+ DEBUG(1, ("nt_key:\n"));
+ dump_data(1, nt_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, nt_session_key.data, nt_session_key.length);
+ pass = False;
+ }
+#endif
+ return pass;
+}
+
+/*
+ * Test the NTLMv2 and LMv2 responses
+ */
+
+static BOOL test_lmv2_ntlmv2(void)
+{
+ BOOL pass = True;
+ NTSTATUS nt_status;
+ uint32 flags = 0;
+ DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+ DATA_BLOB lmv2_response = data_blob(NULL, 0);
+ DATA_BLOB nt_session_key = data_blob(NULL, 0);
+ DATA_BLOB lm_session_key = data_blob(NULL, 0);
+
+ uchar lm_key[16];
+ uchar nt_key[16];
+ DATA_BLOB chall = get_challenge();
+ char *error_string;
+
+ ZERO_STRUCT(nt_key);
+ ZERO_STRUCT(lm_key);
+
+ flags |= WINBIND_PAM_LMKEY;
+ flags |= WINBIND_PAM_NTKEY;
+
+ if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, chall,
+ &lmv2_response, &ntlmv2_response,
+ &lm_session_key, &nt_session_key)) {
+ return False;
+ }
+
+ nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
+ opt_workstation,
+ &chall,
+ &lmv2_response,
+ &ntlmv2_response,
+ flags,
+ lm_key,
+ nt_key,
+ &error_string);
+
+ data_blob_free(&lmv2_response);
+ data_blob_free(&ntlmv2_response);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ d_printf("%s (0x%x)\n",
+ error_string,
+ NT_STATUS_V(nt_status));
+ SAFE_FREE(error_string);
+ return False;
+ }
+
+#if 0
+ if (memcmp(lm_session_key.data, lm_key,
+ sizeof(lm_key)) != 0) {
+ DEBUG(1, ("LM Session Key does not match expectations!\n"));
+ DEBUG(1, ("lm_key:\n"));
+ dump_data(1, lm_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_session_key.data, lm_session_key.length);
+ pass = False;
+ }
+ if (memcmp(nt_session_key.data, nt_key,
+ sizeof(nt_key)) != 0) {
+ DEBUG(1, ("NT Session Key does not match expectations!\n"));
+ DEBUG(1, ("nt_key:\n"));
+ dump_data(1, nt_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, nt_session_key.data, nt_session_key.length);
+ pass = False;
+ }
+#endif
+ return pass;
+}
+
+/*
+ * Test the LMv2 response only
+ */
+
+static BOOL test_lmv2(void)
+{
+ BOOL pass = True;
+ NTSTATUS nt_status;
+ uint32 flags = 0;
+ DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
+ DATA_BLOB lmv2_response = data_blob(NULL, 0);
+ DATA_BLOB nt_session_key = data_blob(NULL, 0);
+ DATA_BLOB lm_session_key = data_blob(NULL, 0);
+
+ uchar lm_key[16];
+ uchar nt_key[16];
+ DATA_BLOB chall = get_challenge();
+ char *error_string;
+
+ ZERO_STRUCT(nt_key);
+ ZERO_STRUCT(lm_key);
+
+ flags |= WINBIND_PAM_LMKEY;
+ flags |= WINBIND_PAM_NTKEY;
+
+ if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, chall,
+ &lmv2_response, &ntlmv2_response,
+ &lm_session_key, &nt_session_key)) {
+ return False;
+ }
+
+ nt_status = contact_winbind_auth_crap(opt_username, opt_domain,
+ opt_workstation,
+ &chall,
+ &lmv2_response,
+ NULL,
+ flags,
+ lm_key,
+ nt_key,
+ &error_string);
+
+ data_blob_free(&lmv2_response);
+ data_blob_free(&ntlmv2_response);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ d_printf("%s (0x%x)\n",
+ error_string,
+ NT_STATUS_V(nt_status));
+ SAFE_FREE(error_string);
+ return False;
+ }
+
+#if 0
+ if (memcmp(lm_session_key.data, lm_key,
+ sizeof(lm_key)) != 0) {
+ DEBUG(1, ("LM Session Key does not match expectations!\n"));
+ DEBUG(1, ("lm_key:\n"));
+ dump_data(1, lm_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, lm_session_key.data, lm_session_key.length);
+ pass = False;
+ }
+ if (memcmp(nt_session_key.data, nt_key,
+ sizeof(nt_key)) != 0) {
+ DEBUG(1, ("NT Session Key does not match expectations!\n"));
+ DEBUG(1, ("nt_key:\n"));
+ dump_data(1, nt_key, 16);
+ DEBUG(1, ("expected:\n"));
+ dump_data(1, nt_session_key.data, nt_session_key.length);
+ pass = False;
+ }
+#endif
return pass;
}
@@ -646,6 +1053,8 @@ static BOOL test_ntlm(void)
- LM only
- NT and LM
- NT
+ - NT in LM feild
+ - NT in both feilds
- NTLMv2
- NTLMv2 and LMv2
- LMv2
@@ -661,10 +1070,12 @@ struct ntlm_tests {
} test_table[] = {
{test_lm, "test LM"},
{test_lm_ntlm, "test LM and NTLM"},
- {test_ntlm, "test NTLM"}
-/* {test_lm_ntlmv2, "test NTLMv2"}, */
-/* {test_lm_ntlmv2, "test NTLMv2 and LMv2"}, */
-/* {test_lm_ntlmv2, "test LMv2"} */
+ {test_ntlm, "test NTLM"},
+ {test_ntlm_in_lm, "test NTLM in LM"},
+ {test_ntlm_in_both, "test NTLM in both"},
+ {test_ntlmv2, "test NTLMv2"},
+ {test_lmv2_ntlmv2, "test NTLMv2 and LMv2"},
+ {test_lmv2, "test LMv2"}
};
static BOOL diagnose_ntlm_auth(void)
@@ -701,6 +1112,8 @@ enum {
int main(int argc, const char **argv)
{
int opt;
+ static const char *helper_protocol;
+ static int diagnostics;
static const char *hex_challenge;
static const char *hex_lm_response;
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 13f35e8880..3a3d06a645 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -122,6 +122,12 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst
printf ("Unix username: %s\n", pdb_get_username(sam_pwent));
printf ("NT username: %s\n", pdb_get_nt_username(sam_pwent));
printf ("Account Flags: %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN));
+
+ if (IS_SAM_UNIX_USER(sam_pwent)) {
+ uid = pdb_get_uid(sam_pwent);
+ gid = pdb_get_gid(sam_pwent);
+ printf ("User ID/Group ID: %d/%d\n", uid, gid);
+ }
printf ("User SID: %s\n",
sid_string_static(pdb_get_user_sid(sam_pwent)));
printf ("Primary Group SID: %s\n",
@@ -155,25 +161,35 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst
printf ("Password must change: %s\n", tmp ? http_timestring(tmp) : "0");
} else if (smbpwdstyle) {
- char lm_passwd[33];
- char nt_passwd[33];
-
- uid = -1;
- sid_to_uid(pdb_get_user_sid(sam_pwent), &uid);
- pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
- pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent));
+ if (IS_SAM_UNIX_USER(sam_pwent)) {
+ char lm_passwd[33];
+ char nt_passwd[33];
+
+ uid = pdb_get_uid(sam_pwent);
+ pdb_sethexpwd(lm_passwd,
+ pdb_get_lanman_passwd(sam_pwent),
+ pdb_get_acct_ctrl(sam_pwent));
+ pdb_sethexpwd(nt_passwd,
+ pdb_get_nt_passwd(sam_pwent),
+ pdb_get_acct_ctrl(sam_pwent));
- printf("%s:%d:%s:%s:%s:LCT-%08X:\n",
- pdb_get_username(sam_pwent),
- uid,
- lm_passwd,
- nt_passwd,
- pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
- (uint32)pdb_get_pass_last_set_time(sam_pwent));
+ printf("%s:%d:%s:%s:%s:LCT-%08X:\n",
+ pdb_get_username(sam_pwent),
+ uid,
+ lm_passwd,
+ nt_passwd,
+ pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
+ (uint32)pdb_get_pass_last_set_time(sam_pwent));
+ } else {
+ fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n");
+ }
} else {
- uid = -1;
- sid_to_uid(pdb_get_user_sid(sam_pwent), &uid);
- printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), uid, pdb_get_fullname(sam_pwent));
+ if (IS_SAM_UNIX_USER(sam_pwent)) {
+ printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), pdb_get_uid(sam_pwent),
+ pdb_get_fullname(sam_pwent));
+ } else {
+ printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent));
+ }
}
return 0;
@@ -610,12 +626,6 @@ int main (int argc, char **argv)
if (!init_names())
exit(1);
- if (!idmap_init())
- exit(1);
-
- if (!idmap_init_wellknown_sids())
- exit(1);
-
setparms = (backend ? BIT_BACKEND : 0) +
(verbose ? BIT_VERBOSE : 0) +
(spstyle ? BIT_SPSTYLE : 0) +
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c
deleted file mode 100644
index 0faa0513ed..0000000000
--- a/source3/utils/smbgroupedit.c
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-2000,
- * Copyright (C) Jean François Micouleau 1998-2001.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-/*
- * Next two lines needed for SunOS and don't
- * hurt anything else...
- */
-extern char *optarg;
-extern int optind;
-
-/*********************************************************
- Print command usage on stderr and die.
-**********************************************************/
-static void usage(void)
-{
- if (getuid() == 0) {
- printf("smbgroupedit options\n");
- } else {
- printf("You need to be root to use this tool!\n");
- }
- printf("options:\n");
- printf(" -a group create new group\n");
- printf(" -n group NT group name\n");
- printf(" -p privilege only local\n");
- printf(" -d description group description\n");
- printf(" -v list groups\n");
- printf(" -l long list (include details)\n");
- printf(" -s short list (default)\n");
- printf(" -c SID change group\n");
- printf(" -u unix group\n");
- printf(" -d description group description\n");
- printf(" -r rid RID of new group\n");
- printf(" -x group delete this group\n");
- printf("\n");
- printf(" -t[b|d|l] type: builtin, domain, local \n");
- exit(1);
-}
-
-/*********************************************************
- Figure out if the input was an NT group or a SID string.
- Return the SID.
-**********************************************************/
-static BOOL get_sid_from_input(DOM_SID *sid, char *input)
-{
- GROUP_MAP map;
-
- if (StrnCaseCmp( input, "S-", 2)) {
- /* Perhaps its the NT group name? */
- if (!pdb_getgrnam(&map, input, MAPPING_WITHOUT_PRIV)) {
- printf("NT Group %s doesn't exist in mapping DB\n", input);
- return False;
- } else {
- *sid = map.sid;
- }
- } else {
- if (!string_to_sid(sid, input)) {
- printf("converting sid %s from a string failed!\n", input);
- return False;
- }
- }
- return True;
-}
-
-/*********************************************************
- add a group.
-**********************************************************/
-static int addgroup(gid_t gid, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege, uint32 rid)
-{
- PRIVILEGE_SET se_priv;
- DOM_SID sid;
- fstring string_sid;
- fstring comment;
-
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
-
- sid_to_string(string_sid, &sid);
-
- if (ntcomment==NULL)
- fstrcpy(comment, "Local Unix group");
- else
- fstrcpy(comment, ntcomment);
-
- init_privilege(&se_priv);
- if (privilege!=NULL)
- convert_priv_from_text(&se_priv, privilege);
-
- if(!add_initial_entry(gid, string_sid, sid_type, ntgroup,
- comment, se_priv, PR_ACCESS_FROM_NETWORK)) {
- printf("adding entry for group %s failed!\n", ntgroup);
- free_privilege(&se_priv);
- return -1;
- }
-
- free_privilege(&se_priv);
- return 0;
-}
-
-/*********************************************************
- Change a group.
-**********************************************************/
-static int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *groupdesc, char *privilege)
-{
- DOM_SID sid;
- GROUP_MAP map;
- gid_t gid;
-
- if (!get_sid_from_input(&sid, sid_string)) {
- return -1;
- }
-
- /* Get the current mapping from the database */
- if(!pdb_getgrsid(&map, sid, MAPPING_WITH_PRIV)) {
- printf("This SID does not exist in the database\n");
- return -1;
- }
-
- /* If a new Unix group is specified, check and change */
- if (group!=NULL) {
- gid=nametogid(group);
- if (gid==-1) {
- printf("The UNIX group does not exist\n");
- return -1;
- } else
- map.gid=gid;
- }
-
- /*
- * Allow changing of group type only between domain and local
- * We disallow changing Builtin groups !!! (SID problem)
- */
- if (sid_type==SID_NAME_ALIAS
- || sid_type==SID_NAME_DOM_GRP
- || sid_type==SID_NAME_UNKNOWN) {
- if (map.sid_name_use==SID_NAME_ALIAS
- || map.sid_name_use==SID_NAME_DOM_GRP
- || map.sid_name_use==SID_NAME_UNKNOWN) {
- map.sid_name_use=sid_type;
- } else {
- printf("cannot change group type to builtin\n");
- };
- } else {
- printf("cannot change group type from builtin\n");
- }
-
- if (ntgroup!=NULL)
- fstrcpy(map.nt_name, ntgroup);
-
- /* Change comment if new one */
- if (groupdesc!=NULL)
- fstrcpy(map.comment, groupdesc);
-
- /* Change the privilege if new one */
- if (privilege!=NULL)
- convert_priv_from_text(&map.priv_set, privilege);
-
- if (!pdb_update_group_mapping_entry(&map)) {
- printf("Could not update group database\n");
- free_privilege(&map.priv_set);
- return -1;
- }
-
- free_privilege(&map.priv_set);
- return 0;
-}
-
-/*********************************************************
- Delete the group.
-**********************************************************/
-static int deletegroup(char *group)
-{
- DOM_SID sid;
-
- if (!get_sid_from_input(&sid, group)) {
- return -1;
- }
-
- if(!pdb_delete_group_mapping_entry(sid)) {
- printf("removing group %s from the mapping db failed!\n", group);
- return -1;
- }
-
- return 0;
-}
-
-/*********************************************************
- List the groups.
-**********************************************************/
-static int listgroup(enum SID_NAME_USE sid_type, BOOL long_list)
-{
- int entries,i;
- GROUP_MAP *map=NULL;
- fstring string_sid;
- fstring group_type;
- fstring priv_text;
-
- if (!long_list)
- printf("NT group (SID) -> Unix group\n");
-
- if (!pdb_enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
- return -1;
-
- for (i=0; i<entries; i++) {
- decode_sid_name_use(group_type, (map[i]).sid_name_use);
- sid_to_string(string_sid, &map[i].sid);
- convert_priv_to_text(&(map[i].priv_set), priv_text);
- free_privilege(&(map[i].priv_set));
-
- if (!long_list)
- printf("%s (%s) -> %s\n", map[i].nt_name, string_sid, gidtoname(map[i].gid));
- else {
- printf("%s\n", map[i].nt_name);
- printf("\tSID : %s\n", string_sid);
- printf("\tUnix group: %s\n", gidtoname(map[i].gid));
- printf("\tGroup type: %s\n", group_type);
- printf("\tComment : %s\n", map[i].comment);
- printf("\tPrivilege : %s\n\n", priv_text);
- }
- }
-
- return 0;
-}
-
-/*********************************************************
- Start here.
-**********************************************************/
-int main (int argc, char **argv)
-{
- int ch;
- BOOL add_group = False;
- BOOL view_group = False;
- BOOL change_group = False;
- BOOL delete_group = False;
- BOOL nt_group = False;
- BOOL priv = False;
- BOOL group_type = False;
- BOOL long_list = False;
-
- char *group = NULL;
- char *sid = NULL;
- char *ntgroup = NULL;
- char *privilege = NULL;
- char *groupt = NULL;
- char *group_desc = NULL;
-
- enum SID_NAME_USE sid_type;
- uint32 rid = -1;
-
- setup_logging("groupedit", True);
-
- if (argc < 2) {
- usage();
- return 0;
- }
-
- if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
- fprintf(stderr, "Can't load %s - run testparm to debug it\n",
- dyn_CONFIGFILE);
- exit(1);
- }
-
- if (!init_names())
- exit(1);
-
- if(!initialize_password_db(True)) {
- fprintf(stderr, "Can't setup password database vectors.\n");
- exit(1);
- }
-
- if(get_global_sam_sid()==False) {
- fprintf(stderr, "Can not read machine SID\n");
- return 0;
- }
-
- while ((ch = getopt(argc, argv, "a:c:d:ln:p:r:st:u:vx:")) != EOF) {
- switch(ch) {
- case 'a':
- add_group = True;
- group=optarg;
- break;
- case 'c':
- change_group = True;
- sid=optarg;
- break;
- case 'd':
- group_desc=optarg;
- break;
- case 'l':
- long_list = True;
- break;
- case 'n':
- nt_group = True;
- ntgroup=optarg;
- break;
- case 'p':
- priv = True;
- privilege=optarg;
- break;
- case 'r':
- rid = atoi(optarg);
- break;
- case 's':
- long_list = False;
- break;
- case 't':
- group_type = True;
- groupt=optarg;
- break;
- case 'u':
- group=optarg;
- break;
- case 'v':
- view_group = True;
- break;
- case 'x':
- delete_group = True;
- group=optarg;
- break;
- /*default:
- usage();*/
- }
- }
-
-
- if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) {
- fprintf (stderr, "Incompatible options on command line!\n");
- usage();
- exit(1);
- }
-
- /* no option on command line -> list groups */
- if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0)
- view_group = True;
-
-
- if (group_type==False)
- sid_type=SID_NAME_UNKNOWN;
- else {
- switch (groupt[0]) {
- case 'l':
- case 'L':
- sid_type=SID_NAME_ALIAS;
- break;
- case 'd':
- case 'D':
- sid_type=SID_NAME_DOM_GRP;
- break;
- case 'b':
- case 'B':
- sid_type=SID_NAME_WKN_GRP;
- break;
- default:
- sid_type=SID_NAME_UNKNOWN;
- break;
- }
- }
-
- if (add_group) {
- gid_t gid=nametogid(group);
- if (gid==-1) {
- printf("unix group %s doesn't exist!\n", group);
- return -1;
- }
-
- if (rid == -1) {
- rid = pdb_gid_to_group_rid(gid);
- }
- return addgroup(gid, sid_type, ntgroup?ntgroup:group,
- group_desc, privilege, rid);
- }
-
- if (view_group)
- return listgroup(sid_type, long_list);
-
- if (delete_group)
- return deletegroup(group);
-
- if (change_group) {
- return changegroup(sid, group, sid_type, ntgroup, group_desc, privilege);
- }
-
- usage();
-
- return 0;
-}