diff options
Diffstat (limited to 'source3')
133 files changed, 6969 insertions, 3149 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 83e94a4382..f53406c39e 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -650,7 +650,8 @@ VFS_SYNCOPS_OBJ = modules/vfs_syncops.o VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o -VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o +VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o modules/onefs_system.o \ + modules/onefs_open.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -1036,6 +1037,7 @@ IDMAP_ADEX_OBJ = \ WINBINDD_OBJ1 = \ winbindd/winbindd.o \ + winbindd/winbindd_reqtrans.o \ winbindd/winbindd_user.o \ winbindd/winbindd_group.o \ winbindd/winbindd_util.o \ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 9220df01c0..d2a8591ae6 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1294,7 +1294,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, - auth_serversupplied_info *src) + const auth_serversupplied_info *src) { auth_serversupplied_info *dst; diff --git a/source3/client/client.c b/source3/client/client.c index 39f8f90bba..c88b918dc8 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -218,13 +218,12 @@ static int readfile(char *b, int n, XFILE *f) Send a message. ****************************************************************************/ -static void send_message(void) +static void send_message(const char *username) { int total_len = 0; int grp_id; - if (!cli_message_start(cli, desthost, - get_cmdline_auth_info_username(), &grp_id)) { + if (!cli_message_start(cli, desthost, username, &grp_id)) { d_printf("message start: %s\n", cli_errstr(cli)); return; } @@ -4607,7 +4606,7 @@ static int do_tar_op(const char *base_directory) Handle a message operation. ****************************************************************************/ -static int do_message_op(void) +static int do_message_op(struct user_auth_info *auth_info) { struct sockaddr_storage ss; struct nmb_name called, calling; @@ -4623,7 +4622,7 @@ static int do_message_op(void) snprintf(name_type_hex, sizeof(name_type_hex), "#%X", name_type); fstrcat(server_name, name_type_hex); - zero_addr(&ss); + zero_sockaddr(&ss); if (have_ip) ss = dest_ss; @@ -4648,7 +4647,7 @@ static int do_message_op(void) return 1; } - send_message(); + send_message(get_cmdline_auth_info_username(auth_info)); cli_cm_shutdown(); return 0; @@ -4695,6 +4694,7 @@ static int do_message_op(void) POPT_TABLEEND }; TALLOC_CTX *frame = talloc_stackframe(); + struct user_auth_info *auth_info; if (!client_set_cur_dir("\\")) { exit(ENOMEM); @@ -4724,6 +4724,12 @@ static int do_message_op(void) load_case_tables(); + auth_info = user_auth_info_init(frame); + if (auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(auth_info); + /* skip argv(0) */ pc = poptGetContext("smbclient", argc, (const char **) argv, long_options, 0); poptSetOtherOptionHelp(pc, "service <password>"); @@ -4751,8 +4757,11 @@ static int do_message_op(void) } /* if the service has already been retrieved then check if we have also a password */ - if (service_opt && (!get_cmdline_auth_info_got_pass()) && poptPeekArg(pc)) { - set_cmdline_auth_info_password(poptGetArg(pc)); + if (service_opt + && (!get_cmdline_auth_info_got_pass(auth_info)) + && poptPeekArg(pc)) { + set_cmdline_auth_info_password(auth_info, + poptGetArg(pc)); } switch (opt) { @@ -4858,8 +4867,11 @@ static int do_message_op(void) } /* if the service has already been retrieved then check if we have also a password */ - if (service_opt && !get_cmdline_auth_info_got_pass() && poptPeekArg(pc)) { - set_cmdline_auth_info_password(poptGetArg(pc)); + if (service_opt + && !get_cmdline_auth_info_got_pass(auth_info) + && poptPeekArg(pc)) { + set_cmdline_auth_info_password(auth_info, + poptGetArg(pc)); } /* check for the -P option */ @@ -4893,8 +4905,8 @@ static int do_message_op(void) argv[0], get_dyn_CONFIGFILE()); } - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(auth_info) && + !set_cmdline_auth_info_machine_account_creds(auth_info)) { exit(-1); } @@ -4929,7 +4941,7 @@ static int do_message_op(void) calling_name = talloc_strdup(frame, global_myname() ); } - smb_encrypt = get_cmdline_auth_info_smb_encrypt(); + smb_encrypt = get_cmdline_auth_info_smb_encrypt(auth_info); if (!init_names()) { fprintf(stderr, "init_names() failed\n"); exit(1); @@ -4947,7 +4959,7 @@ static int do_message_op(void) /* Store the username and password for dfs support */ - cli_cm_set_credentials(); + cli_cm_set_credentials(auth_info); DEBUG(3,("Client started (version %s).\n", SAMBA_VERSION_STRING)); @@ -4980,7 +4992,7 @@ static int do_message_op(void) } if (message) { - return do_message_op(); + return do_message_op(auth_info); } if (process(base_directory)) { diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index da2f98bff8..9f4d1d3fd0 100644 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -80,6 +80,9 @@ #define MOUNT_PASSWD_SIZE 64 #define DOMAIN_SIZE 64 +/* currently maximum length of IPv6 address string */ +#define MAX_ADDRESS_LEN INET6_ADDRSTRLEN + const char *thisprogram; int verboseflag = 0; static int got_password = 0; @@ -189,12 +192,6 @@ static char * getusername(void) { return username; } -static char * parse_cifs_url(char * unc_name) -{ - printf("\nMounting cifs URL not implemented yet. Attempt to mount %s\n",unc_name); - return NULL; -} - static int open_cred_file(char * file_name) { char * line_buf; @@ -494,7 +491,7 @@ static int parse_options(char ** optionsp, int * filesys_flags) } else if (strncmp(data, "ip", 2) == 0) { if (!value || !*value) { printf("target ip address argument missing"); - } else if (strnlen(value, 35) < 35) { + } else if (strnlen(value, MAX_ADDRESS_LEN) <= MAX_ADDRESS_LEN) { if(verboseflag) printf("ip address %s override specified\n",value); got_ip = 1; @@ -882,23 +879,23 @@ static void replace_char(char *string, char from, char to, int maxlen) } /* Note that caller frees the returned buffer if necessary */ -static char * parse_server(char ** punc_name) +static struct addrinfo * +parse_server(char ** punc_name) { char * unc_name = *punc_name; int length = strnlen(unc_name, MAX_UNC_LEN); char * share; - char * ipaddress_string = NULL; - struct hostent * host_entry = NULL; - struct in_addr server_ipaddr; + struct addrinfo *addrlist; + int rc; if(length > (MAX_UNC_LEN - 1)) { printf("mount error: UNC name too long"); return NULL; } - if (strncasecmp("cifs://",unc_name,7) == 0) - return parse_cifs_url(unc_name+7); - if (strncasecmp("smb://",unc_name,6) == 0) { - return parse_cifs_url(unc_name+6); + if ((strncasecmp("cifs://", unc_name, 7) == 0) || + (strncasecmp("smb://", unc_name, 6) == 0)) { + printf("\nMounting cifs URL not implemented yet. Attempt to mount %s\n", unc_name); + return NULL; } if(length < 3) { @@ -939,7 +936,12 @@ continue_unc_parsing: *share = 0; /* temporarily terminate the string */ share += 1; if(got_ip == 0) { - host_entry = gethostbyname(unc_name); + rc = getaddrinfo(unc_name, NULL, NULL, &addrlist); + if (rc != 0) { + printf("mount error: could not resolve address for %s: %s\n", + unc_name, gai_strerror(rc)); + addrlist = NULL; + } } *(share - 1) = '/'; /* put delimiter back */ @@ -954,23 +956,9 @@ continue_unc_parsing: printf("ip address specified explicitly\n"); return NULL; } - if(host_entry == NULL) { - printf("mount error: could not find target server. TCP name %s not found\n", unc_name); - return NULL; - } else { - /* BB should we pass an alternate version of the share name as Unicode */ - /* BB what about ipv6? BB */ - /* BB add retries with alternate servers in list */ + /* BB should we pass an alternate version of the share name as Unicode */ - memcpy(&server_ipaddr.s_addr, host_entry->h_addr, 4); - - ipaddress_string = inet_ntoa(server_ipaddr); - if(ipaddress_string == NULL) { - printf("mount error: could not get valid ip address for target server\n"); - return NULL; - } - return ipaddress_string; - } + return addrlist; } else { /* BB add code to find DFS root (send null path on get DFS Referral to specified server here */ printf("Mounting the DFS root for a particular server not implemented yet\n"); @@ -1034,10 +1022,11 @@ int main(int argc, char ** argv) int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */ char * orgoptions = NULL; char * share_name = NULL; - char * ipaddr = NULL; + const char * ipaddr = NULL; char * uuid = NULL; char * mountpoint = NULL; char * options = NULL; + char * optionstail; char * resolved_path = NULL; char * temp; char * dev_name; @@ -1050,10 +1039,14 @@ int main(int argc, char ** argv) int optlen = 0; int orgoptlen = 0; size_t options_size = 0; + size_t current_len; int retry = 0; /* set when we have to retry mount with uppercase */ + struct addrinfo *addrhead = NULL, *addr; struct stat statbuf; struct utsname sysinfo; struct mntent mountent; + struct sockaddr_in *addr4; + struct sockaddr_in6 *addr6; FILE * pmntfile; /* setlocale(LC_ALL, ""); @@ -1245,8 +1238,8 @@ int main(int argc, char ** argv) rc = EX_USAGE; goto mount_exit; } - ipaddr = parse_server(&share_name); - if((ipaddr == NULL) && (got_ip == 0)) { + addrhead = addr = parse_server(&share_name); + if((addrhead == NULL) && (got_ip == 0)) { printf("No ip address specified and hostname not found\n"); rc = EX_USAGE; goto mount_exit; @@ -1293,7 +1286,13 @@ int main(int argc, char ** argv) } if(got_user == 0) { - user_name = getusername(); + /* Note that the password will not be retrieved from the + USER env variable (ie user%password form) as there is + already a PASSWD environment varaible */ + if (getenv("USER")) + user_name = strdup(getenv("USER")); + if (user_name == NULL) + user_name = getusername(); got_user = 1; } @@ -1310,7 +1309,6 @@ int main(int argc, char ** argv) } /* FIXME launch daemon (handles dfs name resolution and credential change) remember to clear parms and overwrite password field before launching */ -mount_retry: if(orgoptions) { optlen = strlen(orgoptions); orgoptlen = optlen; @@ -1325,10 +1323,10 @@ mount_retry: } if(user_name) optlen += strlen(user_name) + 6; - if(ipaddr) - optlen += strlen(ipaddr) + 4; + optlen += MAX_ADDRESS_LEN + 4; if(mountpassword) optlen += strlen(mountpassword) + 6; +mount_retry: SAFE_FREE(options); options_size = optlen + 10 + DOMAIN_SIZE; options = (char *)malloc(options_size /* space for commas in password */ + 8 /* space for domain= , domain name itself was counted as part of the length username string above */); @@ -1338,18 +1336,12 @@ mount_retry: exit(EX_SYSERR); } - options[0] = 0; - strlcpy(options,"unc=",options_size); + strlcpy(options, "unc=", options_size); strlcat(options,share_name,options_size); /* scan backwards and reverse direction of slash */ temp = strrchr(options, '/'); if(temp > options + 6) *temp = '\\'; - if(ipaddr) { - strlcat(options,",ip=",options_size); - strlcat(options,ipaddr,options_size); - } - if(user_name) { /* check for syntax like user=domain\user */ if(got_domain == 0) @@ -1391,11 +1383,42 @@ mount_retry: /* convert all '\\' to '/' in share portion so that /proc/mounts looks pretty */ replace_char(dev_name, '\\', '/', strlen(share_name)); - if(mount(dev_name, mountpoint, "cifs", flags, options)) { - /* remember to kill daemon on error */ + if (!got_ip && addr) { + strlcat(options, ",ip=", options_size); + current_len = strnlen(options, options_size); + optionstail = options + current_len; + switch (addr->ai_addr->sa_family) { + case AF_INET6: + addr6 = (struct sockaddr_in6 *) addr->ai_addr; + ipaddr = inet_ntop(AF_INET6, &addr6->sin6_addr, optionstail, + options_size - current_len); + break; + case AF_INET: + addr4 = (struct sockaddr_in *) addr->ai_addr; + ipaddr = inet_ntop(AF_INET, &addr4->sin_addr, optionstail, + options_size - current_len); + break; + } + + /* if the address looks bogus, try the next one */ + if (!ipaddr) { + addr = addr->ai_next; + if (addr) + goto mount_retry; + rc = EX_SYSERR; + goto mount_exit; + } + } + + if (mount(dev_name, mountpoint, "cifs", flags, options)) { switch (errno) { - case 0: - printf("mount failed but no error number set\n"); + case ECONNREFUSED: + case EHOSTUNREACH: + if (addr) { + addr = addr->ai_next; + if (addr) + goto mount_retry; + } break; case ENODEV: printf("mount error: cifs filesystem not supported by the system\n"); @@ -1410,64 +1433,64 @@ mount_retry: goto mount_retry; } } - default: - printf("mount error %d = %s\n",errno,strerror(errno)); } + printf("mount error(%d): %s\n", errno, strerror(errno)); printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n"); rc = EX_FAIL; - } else { - atexit(unlock_mtab); - rc = lock_mtab(); - if (rc) { - printf("cannot lock mtab"); - goto mount_exit; - } - pmntfile = setmntent(MOUNTED, "a+"); - if (!pmntfile) { - printf("could not update mount table\n"); - unlock_mtab(); - rc = EX_FILEIO; - goto mount_exit; - } - mountent.mnt_fsname = dev_name; - mountent.mnt_dir = mountpoint; - mountent.mnt_type = CONST_DISCARD(char *,"cifs"); - mountent.mnt_opts = (char *)malloc(220); - if(mountent.mnt_opts) { - char * mount_user = getusername(); - memset(mountent.mnt_opts,0,200); - if(flags & MS_RDONLY) - strlcat(mountent.mnt_opts,"ro",220); - else - strlcat(mountent.mnt_opts,"rw",220); - if(flags & MS_MANDLOCK) - strlcat(mountent.mnt_opts,",mand",220); - if(flags & MS_NOEXEC) - strlcat(mountent.mnt_opts,",noexec",220); - if(flags & MS_NOSUID) - strlcat(mountent.mnt_opts,",nosuid",220); - if(flags & MS_NODEV) - strlcat(mountent.mnt_opts,",nodev",220); - if(flags & MS_SYNCHRONOUS) - strlcat(mountent.mnt_opts,",sync",220); - if(mount_user) { - if(getuid() != 0) { - strlcat(mountent.mnt_opts, - ",user=", 220); - strlcat(mountent.mnt_opts, - mount_user, 220); - } + goto mount_exit; + } + + atexit(unlock_mtab); + rc = lock_mtab(); + if (rc) { + printf("cannot lock mtab"); + goto mount_exit; + } + pmntfile = setmntent(MOUNTED, "a+"); + if (!pmntfile) { + printf("could not update mount table\n"); + unlock_mtab(); + rc = EX_FILEIO; + goto mount_exit; + } + mountent.mnt_fsname = dev_name; + mountent.mnt_dir = mountpoint; + mountent.mnt_type = CONST_DISCARD(char *,"cifs"); + mountent.mnt_opts = (char *)malloc(220); + if(mountent.mnt_opts) { + char * mount_user = getusername(); + memset(mountent.mnt_opts,0,200); + if(flags & MS_RDONLY) + strlcat(mountent.mnt_opts,"ro",220); + else + strlcat(mountent.mnt_opts,"rw",220); + if(flags & MS_MANDLOCK) + strlcat(mountent.mnt_opts,",mand",220); + if(flags & MS_NOEXEC) + strlcat(mountent.mnt_opts,",noexec",220); + if(flags & MS_NOSUID) + strlcat(mountent.mnt_opts,",nosuid",220); + if(flags & MS_NODEV) + strlcat(mountent.mnt_opts,",nodev",220); + if(flags & MS_SYNCHRONOUS) + strlcat(mountent.mnt_opts,",sync",220); + if(mount_user) { + if(getuid() != 0) { + strlcat(mountent.mnt_opts, + ",user=", 220); + strlcat(mountent.mnt_opts, + mount_user, 220); } } - mountent.mnt_freq = 0; - mountent.mnt_passno = 0; - rc = addmntent(pmntfile,&mountent); - endmntent(pmntfile); - unlock_mtab(); - SAFE_FREE(mountent.mnt_opts); - if (rc) - rc = EX_FILEIO; } + mountent.mnt_freq = 0; + mountent.mnt_passno = 0; + rc = addmntent(pmntfile,&mountent); + endmntent(pmntfile); + unlock_mtab(); + SAFE_FREE(mountent.mnt_opts); + if (rc) + rc = EX_FILEIO; mount_exit: if(mountpassword) { int len = strlen(mountpassword); @@ -1475,6 +1498,8 @@ mount_exit: SAFE_FREE(mountpassword); } + if (addrhead) + freeaddrinfo(addrhead); SAFE_FREE(options); SAFE_FREE(orgoptions); SAFE_FREE(resolved_path); diff --git a/source3/configure.in b/source3/configure.in index 40e78e89d9..b90b1b3f60 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1052,6 +1052,20 @@ if test x"$samba_cv_HAVE_GPFS" = x"yes"; then fi LIBS="$save_LIBS" +printf "%s" "checking for GPFS libs (with 3.2.1 PTF8 available as GPL)... " +save_LIBS="$LIBS" +LIBS="$LIBS -lgpfs" +AC_TRY_LINK([#include <gpfs.h>], + [gpfs_set_share(0,GPFS_SHARE_READ,GPFS_DENY_NONE)], + samba_cv_HAVE_GPFS=yes, + samba_cv_HAVE_GPFS=no) +echo $samba_cv_HAVE_GPFS +if test x"$samba_cv_HAVE_GPFS" = x"yes"; then + AC_DEFINE(HAVE_GPFS,1,[Whether GPFS GPL libs are available]) + default_shared_modules="$default_shared_modules vfs_gpfs" +fi +LIBS="$save_LIBS" + ############################################# # check if building on Isilon OneFS printf "%s" "checking for Isilon OneFS... " diff --git a/source3/include/ads.h b/source3/include/ads.h index b72d250940..abff9eaa8c 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -80,7 +80,6 @@ typedef struct ads_struct { char *server_site_name; char *client_site_name; time_t current_time; - int tried_closest_dc; char *schema_path; char *config_path; } config; diff --git a/source3/include/async_req.h b/source3/include/async_req.h index 2d01b53814..14a30696c4 100644 --- a/source3/include/async_req.h +++ b/source3/include/async_req.h @@ -134,4 +134,8 @@ bool async_post_status(struct async_req *req, NTSTATUS status); bool async_req_nomem(const void *p, struct async_req *req); +bool async_req_is_error(struct async_req *req, NTSTATUS *status); + +NTSTATUS async_req_simple_recv(struct async_req *req); + #endif diff --git a/source3/include/async_smb.h b/source3/include/async_smb.h index 4e2061813f..25fd353632 100644 --- a/source3/include/async_smb.h +++ b/source3/include/async_smb.h @@ -125,6 +125,10 @@ bool cli_chain_cork(struct cli_state *cli, struct event_context *ev, size_t size_hint); void cli_chain_uncork(struct cli_state *cli); bool cli_in_chain(struct cli_state *cli); +bool smb_splice_chain(char **poutbuf, uint8_t smb_command, + uint8_t wct, const uint16_t *vwv, + size_t bytes_alignment, + uint16_t num_bytes, const uint8_t *bytes); NTSTATUS cli_pull_reply(struct async_req *req, uint8_t *pwct, uint16_t **pvwv, diff --git a/source3/include/async_sock.h b/source3/include/async_sock.h index 3c90453601..f0cd5fdaa4 100644 --- a/source3/include/async_sock.h +++ b/source3/include/async_sock.h @@ -22,24 +22,28 @@ #include "includes.h" -ssize_t async_syscall_result_ssize_t(struct async_req **req, int *perrno); -size_t async_syscall_result_size_t (struct async_req **req, int *perrno); -ssize_t async_syscall_result_int (struct async_req **req, int *perrno); +ssize_t async_syscall_result_ssize_t(struct async_req *req, int *perrno); +size_t async_syscall_result_size_t(struct async_req *req, int *perrno); +ssize_t async_syscall_result_int(struct async_req *req, int *perrno); struct async_req *async_send(TALLOC_CTX *mem_ctx, struct event_context *ev, int fd, const void *buffer, size_t length, int flags); -struct async_req *async_sendall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, const void *buffer, size_t length, - int flags); struct async_req *async_recv(TALLOC_CTX *mem_ctx, struct event_context *ev, int fd, void *buffer, size_t length, int flags); -struct async_req *async_recvall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, void *buffer, size_t length, - int flags); struct async_req *async_connect(TALLOC_CTX *mem_ctx, struct event_context *ev, int fd, const struct sockaddr *address, socklen_t address_len); +struct async_req *sendall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, const void *buffer, size_t length, + int flags); +NTSTATUS sendall_recv(struct async_req *req); + +struct async_req *recvall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, void *buffer, size_t length, + int flags); +NTSTATUS recvall_recv(struct async_req *req); + #endif diff --git a/source3/include/client.h b/source3/include/client.h index 8d57fe1eed..587f3f6c67 100644 --- a/source3/include/client.h +++ b/source3/include/client.h @@ -52,6 +52,7 @@ struct cli_pipe_auth_data { char *domain; char *user_name; + DATA_BLOB user_session_key; union { struct schannel_auth_struct *schannel_auth; diff --git a/source3/include/proto.h b/source3/include/proto.h index f2bbb07f92..24929f6d7f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -123,7 +123,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, bool is_guest, struct auth_serversupplied_info **presult); struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, - auth_serversupplied_info *src); + const auth_serversupplied_info *src); bool init_guest_info(void); bool server_info_set_session_key(struct auth_serversupplied_info *info, DATA_BLOB session_key); @@ -637,6 +637,7 @@ void pidfile_create(const char *program_name); /* The following definitions come from lib/popt_common.c */ +void popt_common_set_auth_info(struct user_auth_info *auth_info); /* The following definitions come from lib/privileges.c */ @@ -723,6 +724,7 @@ bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2); /* The following definitions come from lib/secdesc.c */ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2); +uint32_t get_sec_info(const SEC_DESC *sd); SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb); SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, enum security_descriptor_revision revision, @@ -1138,22 +1140,28 @@ void gfree_all( void ); const char *my_netbios_names(int i); bool set_netbios_aliases(const char **str_array); bool init_names(void); -const char *get_cmdline_auth_info_username(void); -void set_cmdline_auth_info_username(const char *username); -const char *get_cmdline_auth_info_password(void); -void set_cmdline_auth_info_password(const char *password); -bool set_cmdline_auth_info_signing_state(const char *arg); -int get_cmdline_auth_info_signing_state(void); -void set_cmdline_auth_info_use_kerberos(bool b); -bool get_cmdline_auth_info_use_kerberos(void); -void set_cmdline_auth_info_use_krb5_ticket(void); -void set_cmdline_auth_info_smb_encrypt(void); -void set_cmdline_auth_info_use_machine_account(void); -bool get_cmdline_auth_info_got_pass(void); -bool get_cmdline_auth_info_smb_encrypt(void); -bool get_cmdline_auth_info_use_machine_account(void); -bool get_cmdline_auth_info_copy(struct user_auth_info *info); -bool set_cmdline_auth_info_machine_account_creds(void); +struct user_auth_info *user_auth_info_init(TALLOC_CTX *mem_ctx); +const char *get_cmdline_auth_info_username(struct user_auth_info *auth_info); +void set_cmdline_auth_info_username(struct user_auth_info *auth_info, + const char *username); +void set_cmdline_auth_info_password(struct user_auth_info *auth_info, + const char *password); +const char *get_cmdline_auth_info_password(struct user_auth_info *auth_info); +bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info, + const char *arg); +int get_cmdline_auth_info_signing_state(struct user_auth_info *auth_info); +void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info, + bool b); +bool get_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info); +void set_cmdline_auth_info_use_krb5_ticket(struct user_auth_info *auth_info); +void set_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info); +void set_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info); +bool get_cmdline_auth_info_got_pass(struct user_auth_info *auth_info); +bool get_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info); +bool get_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info); +struct user_auth_info *get_cmdline_auth_info_copy(TALLOC_CTX *mem_ctx, + struct user_auth_info *info); +bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info); bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids); const char *get_numlist(const char *p, uint32 **num, int *count); @@ -1396,13 +1404,13 @@ bool is_loopback_ip_v4(struct in_addr ip); bool is_loopback_addr(const struct sockaddr *pss); bool is_zero_addr(const struct sockaddr *pss); void zero_ip_v4(struct in_addr *ip); -void zero_addr(struct sockaddr_storage *pss); +void zero_sockaddr(struct sockaddr_storage *pss); void in_addr_to_sockaddr_storage(struct sockaddr_storage *ss, struct in_addr ip); bool same_net(const struct sockaddr *ip1, const struct sockaddr *ip2, const struct sockaddr *mask); -bool addr_equal(const struct sockaddr *ip1, +bool sockaddr_equal(const struct sockaddr *ip1, const struct sockaddr *ip2); bool is_address_any(const struct sockaddr *psa); uint16_t get_sockaddr_port(const struct sockaddr_storage *pss); @@ -2314,15 +2322,7 @@ void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct do /* The following definitions come from librpc/ndr/sid.c */ -enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r); -enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r); char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); /* The following definitions come from librpc/rpc/binding.c */ @@ -2418,7 +2418,7 @@ struct cli_state *cli_cm_open(TALLOC_CTX *ctx, bool force_encrypt); void cli_cm_shutdown(void); void cli_cm_display(void); -void cli_cm_set_credentials(void); +void cli_cm_set_credentials(struct user_auth_info *auth_info); void cli_cm_set_port(int port_number); void cli_cm_set_dest_name_type(int type); void cli_cm_set_signing_state(int state); @@ -2983,6 +2983,7 @@ bool namecache_status_fetch(const char *keyname, /* The following definitions come from libsmb/namequery.c */ bool saf_store( const char *domain, const char *servername ); +bool saf_join_store( const char *domain, const char *servername ); bool saf_delete( const char *domain ); char *saf_fetch( const char *domain ); NODE_STATUS_STRUCT *node_status_query(int fd, @@ -3454,7 +3455,7 @@ bool is_valid_share_mode_entry(const struct share_mode_entry *e); bool is_deferred_open_entry(const struct share_mode_entry *e); bool is_unused_share_mode_entry(const struct share_mode_entry *e); void set_share_mode(struct share_mode_lock *lck, files_struct *fsp, - uid_t uid, uint16 mid, uint16 op_type, bool initial_delete_on_close_allowed); + uid_t uid, uint16 mid, uint16 op_type); void add_deferred_open(struct share_mode_lock *lck, uint16 mid, struct timeval request_time, struct file_id id); @@ -3464,11 +3465,9 @@ bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp); bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp); NTSTATUS can_set_delete_on_close(files_struct *fsp, bool delete_on_close, uint32 dosmode); -bool can_set_initial_delete_on_close(const struct share_mode_lock *lck); void set_delete_on_close_token(struct share_mode_lock *lck, UNIX_USER_TOKEN *tok); void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, UNIX_USER_TOKEN *tok); bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKEN *tok); -bool set_allow_initial_delete_on_close(struct share_mode_lock *lck, files_struct *fsp, bool delete_on_close); bool set_sticky_write_time(struct file_id fileid, struct timespec write_time); bool set_write_time(struct file_id fileid, struct timespec write_time); int share_mode_forall(void (*fn)(const struct share_mode_entry *, const char *, @@ -3922,7 +3921,7 @@ char *lp_remote_announce(void); char *lp_remote_browse_sync(void); const char **lp_wins_server_list(void); const char **lp_interfaces(void); -char *lp_socket_address(void); +const char *lp_socket_address(void); char *lp_nis_home_map_name(void); const char **lp_netbios_aliases(void); const char *lp_passdb_backend(void); @@ -4136,6 +4135,7 @@ bool lp_hide_special_files(int ); bool lp_hideunreadable(int ); bool lp_hideunwriteable_files(int ); bool lp_browseable(int ); +bool lp_access_based_share_enum(int ); bool lp_readonly(int ); bool lp_no_set_dir(int ); bool lp_guest_ok(int ); @@ -4252,7 +4252,7 @@ const char *lp_ldap_machine_suffix(void); const char *lp_ldap_user_suffix(void); const char *lp_ldap_group_suffix(void); const char *lp_ldap_idmap_suffix(void); -void *lp_local_ptr(int snum, void *ptr); +void *lp_local_ptr_by_snum(int snum, void *ptr); bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue); void init_locals(void); bool lp_is_default(int snum, struct parm_struct *parm); @@ -5672,7 +5672,8 @@ void init_samr_user_info16(struct samr_UserInfo16 *r, uint32_t acct_flags); void init_samr_user_info18(struct samr_UserInfo18 *r, const uint8 lm_pwd[16], - const uint8 nt_pwd[16]); + const uint8 nt_pwd[16], + uint8_t password_expired); void init_samr_user_info20(struct samr_UserInfo20 *r, struct lsa_BinaryString *parameters); void init_samr_user_info21(struct samr_UserInfo21 *r, @@ -6520,70 +6521,6 @@ bool svcctl_io_r_query_service_config2(const char *desc, SVCCTL_R_QUERY_SERVICE_ bool svcctl_io_q_query_service_status_ex(const char *desc, SVCCTL_Q_QUERY_SERVICE_STATUSEX *q_u, prs_struct *ps, int depth); bool svcctl_io_r_query_service_status_ex(const char *desc, SVCCTL_R_QUERY_SERVICE_STATUSEX *r_u, prs_struct *ps, int depth); -/* The following definitions come from rpc_server/srv_dfs_nt.c */ - -void _dfs_GetManagerVersion(pipes_struct *p, struct dfs_GetManagerVersion *r); -WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r); -WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r); -WERROR _dfs_Enum(pipes_struct *p, struct dfs_Enum *r); -WERROR _dfs_GetInfo(pipes_struct *p, struct dfs_GetInfo *r); -WERROR _dfs_SetInfo(pipes_struct *p, struct dfs_SetInfo *r); -WERROR _dfs_Rename(pipes_struct *p, struct dfs_Rename *r); -WERROR _dfs_Move(pipes_struct *p, struct dfs_Move *r); -WERROR _dfs_ManagerGetConfigInfo(pipes_struct *p, struct dfs_ManagerGetConfigInfo *r); -WERROR _dfs_ManagerSendSiteInfo(pipes_struct *p, struct dfs_ManagerSendSiteInfo *r); -WERROR _dfs_AddFtRoot(pipes_struct *p, struct dfs_AddFtRoot *r); -WERROR _dfs_RemoveFtRoot(pipes_struct *p, struct dfs_RemoveFtRoot *r); -WERROR _dfs_AddStdRoot(pipes_struct *p, struct dfs_AddStdRoot *r); -WERROR _dfs_RemoveStdRoot(pipes_struct *p, struct dfs_RemoveStdRoot *r); -WERROR _dfs_ManagerInitialize(pipes_struct *p, struct dfs_ManagerInitialize *r); -WERROR _dfs_AddStdRootForced(pipes_struct *p, struct dfs_AddStdRootForced *r); -WERROR _dfs_GetDcAddress(pipes_struct *p, struct dfs_GetDcAddress *r); -WERROR _dfs_SetDcAddress(pipes_struct *p, struct dfs_SetDcAddress *r); -WERROR _dfs_FlushFtTable(pipes_struct *p, struct dfs_FlushFtTable *r); -WERROR _dfs_Add2(pipes_struct *p, struct dfs_Add2 *r); -WERROR _dfs_Remove2(pipes_struct *p, struct dfs_Remove2 *r); -WERROR _dfs_EnumEx(pipes_struct *p, struct dfs_EnumEx *r); -WERROR _dfs_SetInfo2(pipes_struct *p, struct dfs_SetInfo2 *r); - -/* The following definitions come from rpc_server/srv_dssetup_nt.c */ - -WERROR _dssetup_DsRoleGetPrimaryDomainInformation(pipes_struct *p, - struct dssetup_DsRoleGetPrimaryDomainInformation *r); -WERROR _dssetup_DsRoleDnsNameToFlatName(pipes_struct *p, - struct dssetup_DsRoleDnsNameToFlatName *r); -WERROR _dssetup_DsRoleDcAsDc(pipes_struct *p, - struct dssetup_DsRoleDcAsDc *r); -WERROR _dssetup_DsRoleDcAsReplica(pipes_struct *p, - struct dssetup_DsRoleDcAsReplica *r); -WERROR _dssetup_DsRoleDemoteDc(pipes_struct *p, - struct dssetup_DsRoleDemoteDc *r); -WERROR _dssetup_DsRoleGetDcOperationProgress(pipes_struct *p, - struct dssetup_DsRoleGetDcOperationProgress *r); -WERROR _dssetup_DsRoleGetDcOperationResults(pipes_struct *p, - struct dssetup_DsRoleGetDcOperationResults *r); -WERROR _dssetup_DsRoleCancel(pipes_struct *p, - struct dssetup_DsRoleCancel *r); -WERROR _dssetup_DsRoleServerSaveStateForUpgrade(pipes_struct *p, - struct dssetup_DsRoleServerSaveStateForUpgrade *r); -WERROR _dssetup_DsRoleUpgradeDownlevelServer(pipes_struct *p, - struct dssetup_DsRoleUpgradeDownlevelServer *r); -WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(pipes_struct *p, - struct dssetup_DsRoleAbortDownlevelServerUpgrade *r); - -/* The following definitions come from rpc_server/srv_echo_nt.c */ - -void _echo_AddOne(pipes_struct *p, struct echo_AddOne *r ); -void _echo_EchoData(pipes_struct *p, struct echo_EchoData *r); -void _echo_SinkData(pipes_struct *p, struct echo_SinkData *r); -void _echo_SourceData(pipes_struct *p, struct echo_SourceData *r); -void _echo_TestCall(pipes_struct *p, struct echo_TestCall *r); -NTSTATUS _echo_TestCall2(pipes_struct *p, struct echo_TestCall2 *r); -uint32 _echo_TestSleep(pipes_struct *p, struct echo_TestSleep *r); -void _echo_TestEnum(pipes_struct *p, struct echo_TestEnum *r); -void _echo_TestSurrounding(pipes_struct *p, struct echo_TestSurrounding *r); -uint16 _echo_TestDoublePointer(pipes_struct *p, struct echo_TestDoublePointer *r); - /* The following definitions come from rpc_server/srv_eventlog.c */ NTSTATUS rpc_eventlog2_init(void); @@ -6604,43 +6541,9 @@ bool parse_logentry( char *line, Eventlog_entry * entry, bool * eor ); /* The following definitions come from rpc_server/srv_eventlog_nt.c */ -NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, - struct eventlog_OpenEventLogW *r); -NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, - struct eventlog_ClearEventLogW *r); -NTSTATUS _eventlog_CloseEventLog( pipes_struct * p, struct eventlog_CloseEventLog *r ); NTSTATUS _eventlog_read_eventlog( pipes_struct * p, EVENTLOG_Q_READ_EVENTLOG * q_u, EVENTLOG_R_READ_EVENTLOG * r_u ); -NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, - struct eventlog_GetOldestRecord *r); -NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, - struct eventlog_GetNumRecords *r); -NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r); -NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_DeregisterEventSource *r); -NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r); -NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r); -NTSTATUS _eventlog_OpenBackupEventLogW(pipes_struct *p, struct eventlog_OpenBackupEventLogW *r); -NTSTATUS _eventlog_ReadEventLogW(pipes_struct *p, struct eventlog_ReadEventLogW *r); -NTSTATUS _eventlog_ReportEventW(pipes_struct *p, struct eventlog_ReportEventW *r); -NTSTATUS _eventlog_ClearEventLogA(pipes_struct *p, struct eventlog_ClearEventLogA *r); -NTSTATUS _eventlog_BackupEventLogA(pipes_struct *p, struct eventlog_BackupEventLogA *r); -NTSTATUS _eventlog_OpenEventLogA(pipes_struct *p, struct eventlog_OpenEventLogA *r); -NTSTATUS _eventlog_RegisterEventSourceA(pipes_struct *p, struct eventlog_RegisterEventSourceA *r); -NTSTATUS _eventlog_OpenBackupEventLogA(pipes_struct *p, struct eventlog_OpenBackupEventLogA *r); -NTSTATUS _eventlog_ReadEventLogA(pipes_struct *p, struct eventlog_ReadEventLogA *r); -NTSTATUS _eventlog_ReportEventA(pipes_struct *p, struct eventlog_ReportEventA *r); -NTSTATUS _eventlog_RegisterClusterSvc(pipes_struct *p, struct eventlog_RegisterClusterSvc *r); -NTSTATUS _eventlog_DeregisterClusterSvc(pipes_struct *p, struct eventlog_DeregisterClusterSvc *r); -NTSTATUS _eventlog_WriteClusterEvents(pipes_struct *p, struct eventlog_WriteClusterEvents *r); -NTSTATUS _eventlog_GetLogIntormation(pipes_struct *p, struct eventlog_GetLogIntormation *r); -NTSTATUS _eventlog_FlushEventLog(pipes_struct *p, struct eventlog_FlushEventLog *r); - -/* The following definitions come from rpc_server/srv_initshutdown_nt.c */ - -WERROR _initshutdown_Init(pipes_struct *p, struct initshutdown_Init *r); -WERROR _initshutdown_InitEx(pipes_struct *p, struct initshutdown_InitEx *r); -WERROR _initshutdown_Abort(pipes_struct *p, struct initshutdown_Abort *r); /* The following definitions come from rpc_server/srv_lsa_hnd.c */ @@ -6651,216 +6554,6 @@ bool close_policy_hnd(pipes_struct *p, POLICY_HND *hnd); void close_policy_by_pipe(pipes_struct *p); bool pipe_access_check(pipes_struct *p); -/* The following definitions come from rpc_server/srv_lsa_nt.c */ - -NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, - struct lsa_OpenPolicy2 *r); -NTSTATUS _lsa_OpenPolicy(pipes_struct *p, - struct lsa_OpenPolicy *r); -NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, - struct lsa_EnumTrustDom *r); -NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p, - struct lsa_QueryInfoPolicy *r); -NTSTATUS _lsa_LookupSids(pipes_struct *p, - struct lsa_LookupSids *r); -NTSTATUS _lsa_LookupSids2(pipes_struct *p, - struct lsa_LookupSids2 *r); -NTSTATUS _lsa_LookupSids3(pipes_struct *p, - struct lsa_LookupSids3 *r); -NTSTATUS _lsa_LookupNames(pipes_struct *p, - struct lsa_LookupNames *r); -NTSTATUS _lsa_LookupNames2(pipes_struct *p, - struct lsa_LookupNames2 *r); -NTSTATUS _lsa_LookupNames3(pipes_struct *p, - struct lsa_LookupNames3 *r); -NTSTATUS _lsa_LookupNames4(pipes_struct *p, - struct lsa_LookupNames4 *r); -NTSTATUS _lsa_Close(pipes_struct *p, struct lsa_Close *r); -NTSTATUS _lsa_OpenSecret(pipes_struct *p, struct lsa_OpenSecret *r); -NTSTATUS _lsa_OpenTrustedDomain(pipes_struct *p, struct lsa_OpenTrustedDomain *r); -NTSTATUS _lsa_CreateTrustedDomain(pipes_struct *p, struct lsa_CreateTrustedDomain *r); -NTSTATUS _lsa_CreateSecret(pipes_struct *p, struct lsa_CreateSecret *r); -NTSTATUS _lsa_SetSecret(pipes_struct *p, struct lsa_SetSecret *r); -NTSTATUS _lsa_DeleteObject(pipes_struct *p, - struct lsa_DeleteObject *r); -NTSTATUS _lsa_EnumPrivs(pipes_struct *p, - struct lsa_EnumPrivs *r); -NTSTATUS _lsa_LookupPrivDisplayName(pipes_struct *p, - struct lsa_LookupPrivDisplayName *r); -NTSTATUS _lsa_EnumAccounts(pipes_struct *p, - struct lsa_EnumAccounts *r); -NTSTATUS _lsa_GetUserName(pipes_struct *p, - struct lsa_GetUserName *r); -NTSTATUS _lsa_CreateAccount(pipes_struct *p, - struct lsa_CreateAccount *r); -NTSTATUS _lsa_OpenAccount(pipes_struct *p, - struct lsa_OpenAccount *r); -NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, - struct lsa_EnumPrivsAccount *r); -NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p, - struct lsa_GetSystemAccessAccount *r); -NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, - struct lsa_SetSystemAccessAccount *r); -NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p, - struct lsa_AddPrivilegesToAccount *r); -NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, - struct lsa_RemovePrivilegesFromAccount *r); -NTSTATUS _lsa_QuerySecurity(pipes_struct *p, - struct lsa_QuerySecurity *r); -NTSTATUS _lsa_AddAccountRights(pipes_struct *p, - struct lsa_AddAccountRights *r); -NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, - struct lsa_RemoveAccountRights *r); -NTSTATUS _lsa_EnumAccountRights(pipes_struct *p, - struct lsa_EnumAccountRights *r); -NTSTATUS _lsa_LookupPrivValue(pipes_struct *p, - struct lsa_LookupPrivValue *r); -NTSTATUS _lsa_Delete(pipes_struct *p, struct lsa_Delete *r); -NTSTATUS _lsa_SetSecObj(pipes_struct *p, struct lsa_SetSecObj *r); -NTSTATUS _lsa_ChangePassword(pipes_struct *p, struct lsa_ChangePassword *r); -NTSTATUS _lsa_SetInfoPolicy(pipes_struct *p, struct lsa_SetInfoPolicy *r); -NTSTATUS _lsa_ClearAuditLog(pipes_struct *p, struct lsa_ClearAuditLog *r); -NTSTATUS _lsa_GetQuotasForAccount(pipes_struct *p, struct lsa_GetQuotasForAccount *r); -NTSTATUS _lsa_SetQuotasForAccount(pipes_struct *p, struct lsa_SetQuotasForAccount *r); -NTSTATUS _lsa_QueryTrustedDomainInfo(pipes_struct *p, struct lsa_QueryTrustedDomainInfo *r); -NTSTATUS _lsa_SetInformationTrustedDomain(pipes_struct *p, struct lsa_SetInformationTrustedDomain *r); -NTSTATUS _lsa_QuerySecret(pipes_struct *p, struct lsa_QuerySecret *r); -NTSTATUS _lsa_LookupPrivName(pipes_struct *p, struct lsa_LookupPrivName *r); -NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, struct lsa_EnumAccountsWithUserRight *r); -NTSTATUS _lsa_QueryTrustedDomainInfoBySid(pipes_struct *p, struct lsa_QueryTrustedDomainInfoBySid *r); -NTSTATUS _lsa_SetTrustedDomainInfo(pipes_struct *p, struct lsa_SetTrustedDomainInfo *r); -NTSTATUS _lsa_DeleteTrustedDomain(pipes_struct *p, struct lsa_DeleteTrustedDomain *r); -NTSTATUS _lsa_StorePrivateData(pipes_struct *p, struct lsa_StorePrivateData *r); -NTSTATUS _lsa_RetrievePrivateData(pipes_struct *p, struct lsa_RetrievePrivateData *r); -NTSTATUS _lsa_QueryInfoPolicy2(pipes_struct *p, struct lsa_QueryInfoPolicy2 *r); -NTSTATUS _lsa_SetInfoPolicy2(pipes_struct *p, struct lsa_SetInfoPolicy2 *r); -NTSTATUS _lsa_QueryTrustedDomainInfoByName(pipes_struct *p, struct lsa_QueryTrustedDomainInfoByName *r); -NTSTATUS _lsa_SetTrustedDomainInfoByName(pipes_struct *p, struct lsa_SetTrustedDomainInfoByName *r); -NTSTATUS _lsa_EnumTrustedDomainsEx(pipes_struct *p, struct lsa_EnumTrustedDomainsEx *r); -NTSTATUS _lsa_CreateTrustedDomainEx(pipes_struct *p, struct lsa_CreateTrustedDomainEx *r); -NTSTATUS _lsa_CloseTrustedDomainEx(pipes_struct *p, struct lsa_CloseTrustedDomainEx *r); -NTSTATUS _lsa_QueryDomainInformationPolicy(pipes_struct *p, struct lsa_QueryDomainInformationPolicy *r); -NTSTATUS _lsa_SetDomainInformationPolicy(pipes_struct *p, struct lsa_SetDomainInformationPolicy *r); -NTSTATUS _lsa_OpenTrustedDomainByName(pipes_struct *p, struct lsa_OpenTrustedDomainByName *r); -NTSTATUS _lsa_TestCall(pipes_struct *p, struct lsa_TestCall *r); -NTSTATUS _lsa_CreateTrustedDomainEx2(pipes_struct *p, struct lsa_CreateTrustedDomainEx2 *r); -NTSTATUS _lsa_CREDRWRITE(pipes_struct *p, struct lsa_CREDRWRITE *r); -NTSTATUS _lsa_CREDRREAD(pipes_struct *p, struct lsa_CREDRREAD *r); -NTSTATUS _lsa_CREDRENUMERATE(pipes_struct *p, struct lsa_CREDRENUMERATE *r); -NTSTATUS _lsa_CREDRWRITEDOMAINCREDENTIALS(pipes_struct *p, struct lsa_CREDRWRITEDOMAINCREDENTIALS *r); -NTSTATUS _lsa_CREDRREADDOMAINCREDENTIALS(pipes_struct *p, struct lsa_CREDRREADDOMAINCREDENTIALS *r); -NTSTATUS _lsa_CREDRDELETE(pipes_struct *p, struct lsa_CREDRDELETE *r); -NTSTATUS _lsa_CREDRGETTARGETINFO(pipes_struct *p, struct lsa_CREDRGETTARGETINFO *r); -NTSTATUS _lsa_CREDRPROFILELOADED(pipes_struct *p, struct lsa_CREDRPROFILELOADED *r); -NTSTATUS _lsa_CREDRGETSESSIONTYPES(pipes_struct *p, struct lsa_CREDRGETSESSIONTYPES *r); -NTSTATUS _lsa_LSARREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARREGISTERAUDITEVENT *r); -NTSTATUS _lsa_LSARGENAUDITEVENT(pipes_struct *p, struct lsa_LSARGENAUDITEVENT *r); -NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARUNREGISTERAUDITEVENT *r); -NTSTATUS _lsa_lsaRQueryForestTrustInformation(pipes_struct *p, struct lsa_lsaRQueryForestTrustInformation *r); -NTSTATUS _lsa_LSARSETFORESTTRUSTINFORMATION(pipes_struct *p, struct lsa_LSARSETFORESTTRUSTINFORMATION *r); -NTSTATUS _lsa_CREDRRENAME(pipes_struct *p, struct lsa_CREDRRENAME *r); -NTSTATUS _lsa_LSAROPENPOLICYSCE(pipes_struct *p, struct lsa_LSAROPENPOLICYSCE *r); -NTSTATUS _lsa_LSARADTREGISTERSECURITYEVENTSOURCE(pipes_struct *p, struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r); -NTSTATUS _lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(pipes_struct *p, struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r); -NTSTATUS _lsa_LSARADTREPORTSECURITYEVENT(pipes_struct *p, struct lsa_LSARADTREPORTSECURITYEVENT *r); - -/* The following definitions come from rpc_server/srv_netlog_nt.c */ - -WERROR _netr_LogonControl(pipes_struct *p, - struct netr_LogonControl *r); -WERROR _netr_LogonControl2(pipes_struct *p, - struct netr_LogonControl2 *r); -WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p, - struct netr_NetrEnumerateTrustedDomains *r); -NTSTATUS _netr_ServerReqChallenge(pipes_struct *p, - struct netr_ServerReqChallenge *r); -NTSTATUS _netr_ServerAuthenticate(pipes_struct *p, - struct netr_ServerAuthenticate *r); -NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, - struct netr_ServerAuthenticate2 *r); -NTSTATUS _netr_ServerPasswordSet(pipes_struct *p, - struct netr_ServerPasswordSet *r); -NTSTATUS _netr_LogonSamLogoff(pipes_struct *p, - struct netr_LogonSamLogoff *r); -NTSTATUS _netr_LogonSamLogon(pipes_struct *p, - struct netr_LogonSamLogon *r); -NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p, - struct netr_LogonSamLogonEx *r); -WERROR _netr_LogonUasLogon(pipes_struct *p, - struct netr_LogonUasLogon *r); -WERROR _netr_LogonUasLogoff(pipes_struct *p, - struct netr_LogonUasLogoff *r); -NTSTATUS _netr_DatabaseDeltas(pipes_struct *p, - struct netr_DatabaseDeltas *r); -NTSTATUS _netr_DatabaseSync(pipes_struct *p, - struct netr_DatabaseSync *r); -NTSTATUS _netr_AccountDeltas(pipes_struct *p, - struct netr_AccountDeltas *r); -NTSTATUS _netr_AccountSync(pipes_struct *p, - struct netr_AccountSync *r); -WERROR _netr_GetDcName(pipes_struct *p, - struct netr_GetDcName *r); -WERROR _netr_GetAnyDCName(pipes_struct *p, - struct netr_GetAnyDCName *r); -NTSTATUS _netr_DatabaseSync2(pipes_struct *p, - struct netr_DatabaseSync2 *r); -NTSTATUS _netr_DatabaseRedo(pipes_struct *p, - struct netr_DatabaseRedo *r); -WERROR _netr_LogonControl2Ex(pipes_struct *p, - struct netr_LogonControl2Ex *r); -WERROR _netr_DsRGetDCName(pipes_struct *p, - struct netr_DsRGetDCName *r); -WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p, - struct netr_NETRLOGONDUMMYROUTINE1 *r); -WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p, - struct netr_NETRLOGONSETSERVICEBITS *r); -WERROR _netr_LogonGetTrustRid(pipes_struct *p, - struct netr_LogonGetTrustRid *r); -WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p, - struct netr_NETRLOGONCOMPUTESERVERDIGEST *r); -WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p, - struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r); -NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, - struct netr_ServerAuthenticate3 *r); -WERROR _netr_DsRGetDCNameEx(pipes_struct *p, - struct netr_DsRGetDCNameEx *r); -WERROR _netr_DsRGetSiteName(pipes_struct *p, - struct netr_DsRGetSiteName *r); -NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p, - struct netr_LogonGetDomainInfo *r); -NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, - struct netr_ServerPasswordSet2 *r); -WERROR _netr_ServerPasswordGet(pipes_struct *p, - struct netr_ServerPasswordGet *r); -WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p, - struct netr_NETRLOGONSENDTOSAM *r); -WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p, - struct netr_DsRAddressToSitenamesW *r); -WERROR _netr_DsRGetDCNameEx2(pipes_struct *p, - struct netr_DsRGetDCNameEx2 *r); -WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p, - struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r); -WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p, - struct netr_NetrEnumerateTrustedDomainsEx *r); -WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p, - struct netr_DsRAddressToSitenamesExW *r); -WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p, - struct netr_DsrGetDcSiteCoverageW *r); -WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p, - struct netr_DsrEnumerateDomainTrusts *r); -WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p, - struct netr_DsrDeregisterDNSHostRecords *r); -NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, - struct netr_ServerTrustPasswordsGet *r); -WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, - struct netr_DsRGetForestTrustInformation *r); -WERROR _netr_GetForestTrustInformation(pipes_struct *p, - struct netr_GetForestTrustInformation *r); -NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, - struct netr_LogonSamLogonWithFlags *r); -WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p, - struct netr_NETRSERVERGETTRUSTINFO *r); - /* The following definitions come from rpc_server/srv_ntsvcs.c */ void ntsvcs2_get_pipe_fns( struct api_struct **fns, int *n_fns ); @@ -6868,137 +6561,7 @@ NTSTATUS rpc_ntsvcs2_init(void); /* The following definitions come from rpc_server/srv_ntsvcs_nt.c */ -WERROR _PNP_GetVersion(pipes_struct *p, - struct PNP_GetVersion *r); -WERROR _PNP_GetDeviceListSize(pipes_struct *p, - struct PNP_GetDeviceListSize *r); WERROR _ntsvcs_get_device_list( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST *q_u, NTSVCS_R_GET_DEVICE_LIST *r_u ); -WERROR _PNP_ValidateDeviceInstance(pipes_struct *p, - struct PNP_ValidateDeviceInstance *r); -WERROR _PNP_GetHwProfInfo(pipes_struct *p, - struct PNP_GetHwProfInfo *r); -WERROR _PNP_HwProfFlags(pipes_struct *p, - struct PNP_HwProfFlags *r); -WERROR _PNP_Disconnect(pipes_struct *p, - struct PNP_Disconnect *r); -WERROR _PNP_Connect(pipes_struct *p, - struct PNP_Connect *r); -WERROR _PNP_GetGlobalState(pipes_struct *p, - struct PNP_GetGlobalState *r); -WERROR _PNP_InitDetection(pipes_struct *p, - struct PNP_InitDetection *r); -WERROR _PNP_ReportLogOn(pipes_struct *p, - struct PNP_ReportLogOn *r); -WERROR _PNP_GetRootDeviceInstance(pipes_struct *p, - struct PNP_GetRootDeviceInstance *r); -WERROR _PNP_GetRelatedDeviceInstance(pipes_struct *p, - struct PNP_GetRelatedDeviceInstance *r); -WERROR _PNP_EnumerateSubKeys(pipes_struct *p, - struct PNP_EnumerateSubKeys *r); -WERROR _PNP_GetDeviceList(pipes_struct *p, - struct PNP_GetDeviceList *r); -WERROR _PNP_GetDepth(pipes_struct *p, - struct PNP_GetDepth *r); -WERROR _PNP_GetDeviceRegProp(pipes_struct *p, - struct PNP_GetDeviceRegProp *r); -WERROR _PNP_SetDeviceRegProp(pipes_struct *p, - struct PNP_SetDeviceRegProp *r); -WERROR _PNP_GetClassInstance(pipes_struct *p, - struct PNP_GetClassInstance *r); -WERROR _PNP_CreateKey(pipes_struct *p, - struct PNP_CreateKey *r); -WERROR _PNP_DeleteRegistryKey(pipes_struct *p, - struct PNP_DeleteRegistryKey *r); -WERROR _PNP_GetClassCount(pipes_struct *p, - struct PNP_GetClassCount *r); -WERROR _PNP_GetClassName(pipes_struct *p, - struct PNP_GetClassName *r); -WERROR _PNP_DeleteClassKey(pipes_struct *p, - struct PNP_DeleteClassKey *r); -WERROR _PNP_GetInterfaceDeviceAlias(pipes_struct *p, - struct PNP_GetInterfaceDeviceAlias *r); -WERROR _PNP_GetInterfaceDeviceList(pipes_struct *p, - struct PNP_GetInterfaceDeviceList *r); -WERROR _PNP_GetInterfaceDeviceListSize(pipes_struct *p, - struct PNP_GetInterfaceDeviceListSize *r); -WERROR _PNP_RegisterDeviceClassAssociation(pipes_struct *p, - struct PNP_RegisterDeviceClassAssociation *r); -WERROR _PNP_UnregisterDeviceClassAssociation(pipes_struct *p, - struct PNP_UnregisterDeviceClassAssociation *r); -WERROR _PNP_GetClassRegProp(pipes_struct *p, - struct PNP_GetClassRegProp *r); -WERROR _PNP_SetClassRegProp(pipes_struct *p, - struct PNP_SetClassRegProp *r); -WERROR _PNP_CreateDevInst(pipes_struct *p, - struct PNP_CreateDevInst *r); -WERROR _PNP_DeviceInstanceAction(pipes_struct *p, - struct PNP_DeviceInstanceAction *r); -WERROR _PNP_GetDeviceStatus(pipes_struct *p, - struct PNP_GetDeviceStatus *r); -WERROR _PNP_SetDeviceProblem(pipes_struct *p, - struct PNP_SetDeviceProblem *r); -WERROR _PNP_DisableDevInst(pipes_struct *p, - struct PNP_DisableDevInst *r); -WERROR _PNP_UninstallDevInst(pipes_struct *p, - struct PNP_UninstallDevInst *r); -WERROR _PNP_AddID(pipes_struct *p, - struct PNP_AddID *r); -WERROR _PNP_RegisterDriver(pipes_struct *p, - struct PNP_RegisterDriver *r); -WERROR _PNP_QueryRemove(pipes_struct *p, - struct PNP_QueryRemove *r); -WERROR _PNP_RequestDeviceEject(pipes_struct *p, - struct PNP_RequestDeviceEject *r); -WERROR _PNP_IsDockStationPresent(pipes_struct *p, - struct PNP_IsDockStationPresent *r); -WERROR _PNP_RequestEjectPC(pipes_struct *p, - struct PNP_RequestEjectPC *r); -WERROR _PNP_AddEmptyLogConf(pipes_struct *p, - struct PNP_AddEmptyLogConf *r); -WERROR _PNP_FreeLogConf(pipes_struct *p, - struct PNP_FreeLogConf *r); -WERROR _PNP_GetFirstLogConf(pipes_struct *p, - struct PNP_GetFirstLogConf *r); -WERROR _PNP_GetNextLogConf(pipes_struct *p, - struct PNP_GetNextLogConf *r); -WERROR _PNP_GetLogConfPriority(pipes_struct *p, - struct PNP_GetLogConfPriority *r); -WERROR _PNP_AddResDes(pipes_struct *p, - struct PNP_AddResDes *r); -WERROR _PNP_FreeResDes(pipes_struct *p, - struct PNP_FreeResDes *r); -WERROR _PNP_GetNextResDes(pipes_struct *p, - struct PNP_GetNextResDes *r); -WERROR _PNP_GetResDesData(pipes_struct *p, - struct PNP_GetResDesData *r); -WERROR _PNP_GetResDesDataSize(pipes_struct *p, - struct PNP_GetResDesDataSize *r); -WERROR _PNP_ModifyResDes(pipes_struct *p, - struct PNP_ModifyResDes *r); -WERROR _PNP_DetectResourceLimit(pipes_struct *p, - struct PNP_DetectResourceLimit *r); -WERROR _PNP_QueryResConfList(pipes_struct *p, - struct PNP_QueryResConfList *r); -WERROR _PNP_SetHwProf(pipes_struct *p, - struct PNP_SetHwProf *r); -WERROR _PNP_QueryArbitratorFreeData(pipes_struct *p, - struct PNP_QueryArbitratorFreeData *r); -WERROR _PNP_QueryArbitratorFreeSize(pipes_struct *p, - struct PNP_QueryArbitratorFreeSize *r); -WERROR _PNP_RunDetection(pipes_struct *p, - struct PNP_RunDetection *r); -WERROR _PNP_RegisterNotification(pipes_struct *p, - struct PNP_RegisterNotification *r); -WERROR _PNP_UnregisterNotification(pipes_struct *p, - struct PNP_UnregisterNotification *r); -WERROR _PNP_GetCustomDevProp(pipes_struct *p, - struct PNP_GetCustomDevProp *r); -WERROR _PNP_GetVersionInternal(pipes_struct *p, - struct PNP_GetVersionInternal *r); -WERROR _PNP_GetBlockedDriverInfo(pipes_struct *p, - struct PNP_GetBlockedDriverInfo *r); -WERROR _PNP_GetServerSideDeviceInstallFlags(pipes_struct *p, - struct PNP_GetServerSideDeviceInstallFlags *r); /* The following definitions come from rpc_server/srv_pipe.c */ @@ -7035,145 +6598,6 @@ NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len, NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len, ssize_t *nread, bool *is_data_outstanding); - -/* The following definitions come from rpc_server/srv_samr_nt.c */ - -NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r); -NTSTATUS _samr_OpenDomain(pipes_struct *p, - struct samr_OpenDomain *r); -NTSTATUS _samr_GetUserPwInfo(pipes_struct *p, - struct samr_GetUserPwInfo *r); -NTSTATUS _samr_SetSecurity(pipes_struct *p, - struct samr_SetSecurity *r); -NTSTATUS _samr_QuerySecurity(pipes_struct *p, - struct samr_QuerySecurity *r); -NTSTATUS _samr_EnumDomainUsers(pipes_struct *p, - struct samr_EnumDomainUsers *r); -NTSTATUS _samr_EnumDomainGroups(pipes_struct *p, - struct samr_EnumDomainGroups *r); -NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, - struct samr_EnumDomainAliases *r); -NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, - struct samr_QueryDisplayInfo *r); -NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p, - struct samr_QueryDisplayInfo2 *r); -NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p, - struct samr_QueryDisplayInfo3 *r); -NTSTATUS _samr_QueryAliasInfo(pipes_struct *p, - struct samr_QueryAliasInfo *r); -NTSTATUS _samr_LookupNames(pipes_struct *p, - struct samr_LookupNames *r); -NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p, - struct samr_ChangePasswordUser2 *r); -NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, - struct samr_ChangePasswordUser3 *r); -NTSTATUS _samr_LookupRids(pipes_struct *p, - struct samr_LookupRids *r); -NTSTATUS _samr_OpenUser(pipes_struct *p, - struct samr_OpenUser *r); -NTSTATUS _samr_QueryUserInfo(pipes_struct *p, - struct samr_QueryUserInfo *r); -NTSTATUS _samr_GetGroupsForUser(pipes_struct *p, - struct samr_GetGroupsForUser *r); -NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, - struct samr_QueryDomainInfo *r); -NTSTATUS _samr_CreateUser2(pipes_struct *p, - struct samr_CreateUser2 *r); -NTSTATUS _samr_Connect(pipes_struct *p, - struct samr_Connect *r); -NTSTATUS _samr_Connect2(pipes_struct *p, - struct samr_Connect2 *r); -NTSTATUS _samr_Connect4(pipes_struct *p, - struct samr_Connect4 *r); -NTSTATUS _samr_Connect5(pipes_struct *p, - struct samr_Connect5 *r); -NTSTATUS _samr_LookupDomain(pipes_struct *p, - struct samr_LookupDomain *r); -NTSTATUS _samr_EnumDomains(pipes_struct *p, - struct samr_EnumDomains *r); -NTSTATUS _samr_OpenAlias(pipes_struct *p, - struct samr_OpenAlias *r); -NTSTATUS _samr_SetUserInfo(pipes_struct *p, - struct samr_SetUserInfo *r); -NTSTATUS _samr_SetUserInfo2(pipes_struct *p, - struct samr_SetUserInfo2 *r); -NTSTATUS _samr_GetAliasMembership(pipes_struct *p, - struct samr_GetAliasMembership *r); -NTSTATUS _samr_GetMembersInAlias(pipes_struct *p, - struct samr_GetMembersInAlias *r); -NTSTATUS _samr_QueryGroupMember(pipes_struct *p, - struct samr_QueryGroupMember *r); -NTSTATUS _samr_AddAliasMember(pipes_struct *p, - struct samr_AddAliasMember *r); -NTSTATUS _samr_DeleteAliasMember(pipes_struct *p, - struct samr_DeleteAliasMember *r); -NTSTATUS _samr_AddGroupMember(pipes_struct *p, - struct samr_AddGroupMember *r); -NTSTATUS _samr_DeleteGroupMember(pipes_struct *p, - struct samr_DeleteGroupMember *r); -NTSTATUS _samr_DeleteUser(pipes_struct *p, - struct samr_DeleteUser *r); -NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p, - struct samr_DeleteDomainGroup *r); -NTSTATUS _samr_DeleteDomAlias(pipes_struct *p, - struct samr_DeleteDomAlias *r); -NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, - struct samr_CreateDomainGroup *r); -NTSTATUS _samr_CreateDomAlias(pipes_struct *p, - struct samr_CreateDomAlias *r); -NTSTATUS _samr_QueryGroupInfo(pipes_struct *p, - struct samr_QueryGroupInfo *r); -NTSTATUS _samr_SetGroupInfo(pipes_struct *p, - struct samr_SetGroupInfo *r); -NTSTATUS _samr_SetAliasInfo(pipes_struct *p, - struct samr_SetAliasInfo *r); -NTSTATUS _samr_GetDomPwInfo(pipes_struct *p, - struct samr_GetDomPwInfo *r); -NTSTATUS _samr_OpenGroup(pipes_struct *p, - struct samr_OpenGroup *r); -NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p, - struct samr_RemoveMemberFromForeignDomain *r); -NTSTATUS _samr_QueryDomainInfo2(pipes_struct *p, - struct samr_QueryDomainInfo2 *r); -NTSTATUS _samr_SetDomainInfo(pipes_struct *p, - struct samr_SetDomainInfo *r); -NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p, - struct samr_GetDisplayEnumerationIndex *r); -NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p, - struct samr_GetDisplayEnumerationIndex2 *r); -NTSTATUS _samr_Shutdown(pipes_struct *p, - struct samr_Shutdown *r); -NTSTATUS _samr_CreateUser(pipes_struct *p, - struct samr_CreateUser *r); -NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p, - struct samr_SetMemberAttributesOfGroup *r); -NTSTATUS _samr_ChangePasswordUser(pipes_struct *p, - struct samr_ChangePasswordUser *r); -NTSTATUS _samr_TestPrivateFunctionsDomain(pipes_struct *p, - struct samr_TestPrivateFunctionsDomain *r); -NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p, - struct samr_TestPrivateFunctionsUser *r); -NTSTATUS _samr_QueryUserInfo2(pipes_struct *p, - struct samr_QueryUserInfo2 *r); -NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p, - struct samr_AddMultipleMembersToAlias *r); -NTSTATUS _samr_RemoveMultipleMembersFromAlias(pipes_struct *p, - struct samr_RemoveMultipleMembersFromAlias *r); -NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p, - struct samr_OemChangePasswordUser2 *r); -NTSTATUS _samr_SetBootKeyInformation(pipes_struct *p, - struct samr_SetBootKeyInformation *r); -NTSTATUS _samr_GetBootKeyInformation(pipes_struct *p, - struct samr_GetBootKeyInformation *r); -NTSTATUS _samr_Connect3(pipes_struct *p, - struct samr_Connect3 *r); -NTSTATUS _samr_RidToSid(pipes_struct *p, - struct samr_RidToSid *r); -NTSTATUS _samr_SetDsrmPassword(pipes_struct *p, - struct samr_SetDsrmPassword *r); -NTSTATUS _samr_ValidatePassword(pipes_struct *p, - struct samr_ValidatePassword *r); - /* The following definitions come from rpc_server/srv_samr_util.c */ void copy_id20_to_sam_passwd(struct samu *to, @@ -7333,79 +6757,7 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X /* The following definitions come from rpc_server/srv_srvsvc_nt.c */ -WERROR _srvsvc_NetFileEnum(pipes_struct *p, - struct srvsvc_NetFileEnum *r); -WERROR _srvsvc_NetSrvGetInfo(pipes_struct *p, - struct srvsvc_NetSrvGetInfo *r); -WERROR _srvsvc_NetSrvSetInfo(pipes_struct *p, - struct srvsvc_NetSrvSetInfo *r); -WERROR _srvsvc_NetConnEnum(pipes_struct *p, - struct srvsvc_NetConnEnum *r); -WERROR _srvsvc_NetSessEnum(pipes_struct *p, - struct srvsvc_NetSessEnum *r); -WERROR _srvsvc_NetSessDel(pipes_struct *p, - struct srvsvc_NetSessDel *r); -WERROR _srvsvc_NetShareEnumAll(pipes_struct *p, - struct srvsvc_NetShareEnumAll *r); -WERROR _srvsvc_NetShareEnum(pipes_struct *p, - struct srvsvc_NetShareEnum *r); -WERROR _srvsvc_NetShareGetInfo(pipes_struct *p, - struct srvsvc_NetShareGetInfo *r); char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname); -WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, - struct srvsvc_NetShareSetInfo *r); -WERROR _srvsvc_NetShareAdd(pipes_struct *p, - struct srvsvc_NetShareAdd *r); -WERROR _srvsvc_NetShareDel(pipes_struct *p, - struct srvsvc_NetShareDel *r); -WERROR _srvsvc_NetShareDelSticky(pipes_struct *p, - struct srvsvc_NetShareDelSticky *r); -WERROR _srvsvc_NetRemoteTOD(pipes_struct *p, - struct srvsvc_NetRemoteTOD *r); -WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, - struct srvsvc_NetGetFileSecurity *r); -WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, - struct srvsvc_NetSetFileSecurity *r); -WERROR _srvsvc_NetDiskEnum(pipes_struct *p, - struct srvsvc_NetDiskEnum *r); -WERROR _srvsvc_NetNameValidate(pipes_struct *p, - struct srvsvc_NetNameValidate *r); -WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r); -WERROR _srvsvc_NetCharDevEnum(pipes_struct *p, struct srvsvc_NetCharDevEnum *r); -WERROR _srvsvc_NetCharDevGetInfo(pipes_struct *p, struct srvsvc_NetCharDevGetInfo *r); -WERROR _srvsvc_NetCharDevControl(pipes_struct *p, struct srvsvc_NetCharDevControl *r); -WERROR _srvsvc_NetCharDevQEnum(pipes_struct *p, struct srvsvc_NetCharDevQEnum *r); -WERROR _srvsvc_NetCharDevQGetInfo(pipes_struct *p, struct srvsvc_NetCharDevQGetInfo *r); -WERROR _srvsvc_NetCharDevQSetInfo(pipes_struct *p, struct srvsvc_NetCharDevQSetInfo *r); -WERROR _srvsvc_NetCharDevQPurge(pipes_struct *p, struct srvsvc_NetCharDevQPurge *r); -WERROR _srvsvc_NetCharDevQPurgeSelf(pipes_struct *p, struct srvsvc_NetCharDevQPurgeSelf *r); -WERROR _srvsvc_NetFileGetInfo(pipes_struct *p, struct srvsvc_NetFileGetInfo *r); -WERROR _srvsvc_NetShareCheck(pipes_struct *p, struct srvsvc_NetShareCheck *r); -WERROR _srvsvc_NetServerStatisticsGet(pipes_struct *p, struct srvsvc_NetServerStatisticsGet *r); -WERROR _srvsvc_NetTransportAdd(pipes_struct *p, struct srvsvc_NetTransportAdd *r); -WERROR _srvsvc_NetTransportEnum(pipes_struct *p, struct srvsvc_NetTransportEnum *r); -WERROR _srvsvc_NetTransportDel(pipes_struct *p, struct srvsvc_NetTransportDel *r); -WERROR _srvsvc_NetSetServiceBits(pipes_struct *p, struct srvsvc_NetSetServiceBits *r); -WERROR _srvsvc_NetPathType(pipes_struct *p, struct srvsvc_NetPathType *r); -WERROR _srvsvc_NetPathCanonicalize(pipes_struct *p, struct srvsvc_NetPathCanonicalize *r); -WERROR _srvsvc_NetPathCompare(pipes_struct *p, struct srvsvc_NetPathCompare *r); -WERROR _srvsvc_NETRPRNAMECANONICALIZE(pipes_struct *p, struct srvsvc_NETRPRNAMECANONICALIZE *r); -WERROR _srvsvc_NetPRNameCompare(pipes_struct *p, struct srvsvc_NetPRNameCompare *r); -WERROR _srvsvc_NetShareDelStart(pipes_struct *p, struct srvsvc_NetShareDelStart *r); -WERROR _srvsvc_NetShareDelCommit(pipes_struct *p, struct srvsvc_NetShareDelCommit *r); -WERROR _srvsvc_NetServerTransportAddEx(pipes_struct *p, struct srvsvc_NetServerTransportAddEx *r); -WERROR _srvsvc_NetServerSetServiceBitsEx(pipes_struct *p, struct srvsvc_NetServerSetServiceBitsEx *r); -WERROR _srvsvc_NETRDFSGETVERSION(pipes_struct *p, struct srvsvc_NETRDFSGETVERSION *r); -WERROR _srvsvc_NETRDFSCREATELOCALPARTITION(pipes_struct *p, struct srvsvc_NETRDFSCREATELOCALPARTITION *r); -WERROR _srvsvc_NETRDFSDELETELOCALPARTITION(pipes_struct *p, struct srvsvc_NETRDFSDELETELOCALPARTITION *r); -WERROR _srvsvc_NETRDFSSETLOCALVOLUMESTATE(pipes_struct *p, struct srvsvc_NETRDFSSETLOCALVOLUMESTATE *r); -WERROR _srvsvc_NETRDFSSETSERVERINFO(pipes_struct *p, struct srvsvc_NETRDFSSETSERVERINFO *r); -WERROR _srvsvc_NETRDFSCREATEEXITPOINT(pipes_struct *p, struct srvsvc_NETRDFSCREATEEXITPOINT *r); -WERROR _srvsvc_NETRDFSDELETEEXITPOINT(pipes_struct *p, struct srvsvc_NETRDFSDELETEEXITPOINT *r); -WERROR _srvsvc_NETRDFSMODIFYPREFIX(pipes_struct *p, struct srvsvc_NETRDFSMODIFYPREFIX *r); -WERROR _srvsvc_NETRDFSFIXLOCALVOLUME(pipes_struct *p, struct srvsvc_NETRDFSFIXLOCALVOLUME *r); -WERROR _srvsvc_NETRDFSMANAGERREPORTSITEINFO(pipes_struct *p, struct srvsvc_NETRDFSMANAGERREPORTSITEINFO *r); -WERROR _srvsvc_NETRSERVERTRANSPORTDELEX(pipes_struct *p, struct srvsvc_NETRSERVERTRANSPORTDELEX *r); /* The following definitions come from rpc_server/srv_svcctl.c */ @@ -7415,138 +6767,9 @@ NTSTATUS rpc_svcctl2_init(void); /* The following definitions come from rpc_server/srv_svcctl_nt.c */ bool init_service_op_table( void ); -WERROR _svcctl_OpenSCManagerW(pipes_struct *p, - struct svcctl_OpenSCManagerW *r); -WERROR _svcctl_OpenServiceW(pipes_struct *p, - struct svcctl_OpenServiceW *r); -WERROR _svcctl_CloseServiceHandle(pipes_struct *p, struct svcctl_CloseServiceHandle *r); -WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p, - struct svcctl_GetServiceDisplayNameW *r); -WERROR _svcctl_QueryServiceStatus(pipes_struct *p, - struct svcctl_QueryServiceStatus *r); WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STATUS *q_u, SVCCTL_R_ENUM_SERVICES_STATUS *r_u); -WERROR _svcctl_StartServiceW(pipes_struct *p, - struct svcctl_StartServiceW *r); -WERROR _svcctl_ControlService(pipes_struct *p, - struct svcctl_ControlService *r); -WERROR _svcctl_EnumDependentServicesW(pipes_struct *p, - struct svcctl_EnumDependentServicesW *r); WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_STATUSEX *q_u, SVCCTL_R_QUERY_SERVICE_STATUSEX *r_u ); WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG2 *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG2 *r_u ); -WERROR _svcctl_LockServiceDatabase(pipes_struct *p, - struct svcctl_LockServiceDatabase *r); -WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p, - struct svcctl_UnlockServiceDatabase *r); -WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p, - struct svcctl_QueryServiceObjectSecurity *r); -WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, - struct svcctl_SetServiceObjectSecurity *r); -WERROR _svcctl_DeleteService(pipes_struct *p, struct svcctl_DeleteService *r); -WERROR _svcctl_SetServiceStatus(pipes_struct *p, struct svcctl_SetServiceStatus *r); -WERROR _svcctl_NotifyBootConfigStatus(pipes_struct *p, struct svcctl_NotifyBootConfigStatus *r); -WERROR _svcctl_SCSetServiceBitsW(pipes_struct *p, struct svcctl_SCSetServiceBitsW *r); -WERROR _svcctl_ChangeServiceConfigW(pipes_struct *p, struct svcctl_ChangeServiceConfigW *r); -WERROR _svcctl_CreateServiceW(pipes_struct *p, struct svcctl_CreateServiceW *r); -WERROR _svcctl_EnumServicesStatusW(pipes_struct *p, struct svcctl_EnumServicesStatusW *r); -WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, struct svcctl_QueryServiceConfigW *r); -WERROR _svcctl_QueryServiceLockStatusW(pipes_struct *p, struct svcctl_QueryServiceLockStatusW *r); -WERROR _svcctl_GetServiceKeyNameW(pipes_struct *p, struct svcctl_GetServiceKeyNameW *r); -WERROR _svcctl_SCSetServiceBitsA(pipes_struct *p, struct svcctl_SCSetServiceBitsA *r); -WERROR _svcctl_ChangeServiceConfigA(pipes_struct *p, struct svcctl_ChangeServiceConfigA *r); -WERROR _svcctl_CreateServiceA(pipes_struct *p, struct svcctl_CreateServiceA *r); -WERROR _svcctl_EnumDependentServicesA(pipes_struct *p, struct svcctl_EnumDependentServicesA *r); -WERROR _svcctl_EnumServicesStatusA(pipes_struct *p, struct svcctl_EnumServicesStatusA *r); -WERROR _svcctl_OpenSCManagerA(pipes_struct *p, struct svcctl_OpenSCManagerA *r); -WERROR _svcctl_OpenServiceA(pipes_struct *p, struct svcctl_OpenServiceA *r); -WERROR _svcctl_QueryServiceConfigA(pipes_struct *p, struct svcctl_QueryServiceConfigA *r); -WERROR _svcctl_QueryServiceLockStatusA(pipes_struct *p, struct svcctl_QueryServiceLockStatusA *r); -WERROR _svcctl_StartServiceA(pipes_struct *p, struct svcctl_StartServiceA *r); -WERROR _svcctl_GetServiceDisplayNameA(pipes_struct *p, struct svcctl_GetServiceDisplayNameA *r); -WERROR _svcctl_GetServiceKeyNameA(pipes_struct *p, struct svcctl_GetServiceKeyNameA *r); -WERROR _svcctl_GetCurrentGroupeStateW(pipes_struct *p, struct svcctl_GetCurrentGroupeStateW *r); -WERROR _svcctl_EnumServiceGroupW(pipes_struct *p, struct svcctl_EnumServiceGroupW *r); -WERROR _svcctl_ChangeServiceConfig2A(pipes_struct *p, struct svcctl_ChangeServiceConfig2A *r); -WERROR _svcctl_ChangeServiceConfig2W(pipes_struct *p, struct svcctl_ChangeServiceConfig2W *r); -WERROR _svcctl_QueryServiceConfig2A(pipes_struct *p, struct svcctl_QueryServiceConfig2A *r); -WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p, struct svcctl_QueryServiceConfig2W *r); -WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p, struct svcctl_QueryServiceStatusEx *r); -WERROR _EnumServicesStatusExA(pipes_struct *p, struct EnumServicesStatusExA *r); -WERROR _EnumServicesStatusExW(pipes_struct *p, struct EnumServicesStatusExW *r); -WERROR _svcctl_SCSendTSMessage(pipes_struct *p, struct svcctl_SCSendTSMessage *r); - -/* The following definitions come from rpc_server/srv_winreg_nt.c */ - -WERROR _winreg_CloseKey(pipes_struct *p, struct winreg_CloseKey *r); -WERROR _winreg_OpenHKLM(pipes_struct *p, struct winreg_OpenHKLM *r); -WERROR _winreg_OpenHKPD(pipes_struct *p, struct winreg_OpenHKPD *r); -WERROR _winreg_OpenHKPT(pipes_struct *p, struct winreg_OpenHKPT *r); -WERROR _winreg_OpenHKCR(pipes_struct *p, struct winreg_OpenHKCR *r); -WERROR _winreg_OpenHKU(pipes_struct *p, struct winreg_OpenHKU *r); -WERROR _winreg_OpenHKCU(pipes_struct *p, struct winreg_OpenHKCU *r); -WERROR _winreg_OpenHKCC(pipes_struct *p, struct winreg_OpenHKCC *r); -WERROR _winreg_OpenHKDD(pipes_struct *p, struct winreg_OpenHKDD *r); -WERROR _winreg_OpenHKPN(pipes_struct *p, struct winreg_OpenHKPN *r); -WERROR _winreg_OpenKey(pipes_struct *p, struct winreg_OpenKey *r); -WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r); -WERROR _winreg_QueryInfoKey(pipes_struct *p, struct winreg_QueryInfoKey *r); -WERROR _winreg_GetVersion(pipes_struct *p, struct winreg_GetVersion *r); -WERROR _winreg_EnumKey(pipes_struct *p, struct winreg_EnumKey *r); -WERROR _winreg_EnumValue(pipes_struct *p, struct winreg_EnumValue *r); -WERROR _winreg_InitiateSystemShutdown(pipes_struct *p, struct winreg_InitiateSystemShutdown *r); -WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, struct winreg_InitiateSystemShutdownEx *r); -WERROR _winreg_AbortSystemShutdown(pipes_struct *p, struct winreg_AbortSystemShutdown *r); -WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r); -WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r); -WERROR _winreg_SaveKeyEx(pipes_struct *p, struct winreg_SaveKeyEx *r); -WERROR _winreg_CreateKey( pipes_struct *p, struct winreg_CreateKey *r); -WERROR _winreg_SetValue(pipes_struct *p, struct winreg_SetValue *r); -WERROR _winreg_DeleteKey(pipes_struct *p, struct winreg_DeleteKey *r); -WERROR _winreg_DeleteValue(pipes_struct *p, struct winreg_DeleteValue *r); -WERROR _winreg_GetKeySecurity(pipes_struct *p, struct winreg_GetKeySecurity *r); -WERROR _winreg_SetKeySecurity(pipes_struct *p, struct winreg_SetKeySecurity *r); -WERROR _winreg_FlushKey(pipes_struct *p, struct winreg_FlushKey *r); -WERROR _winreg_UnLoadKey(pipes_struct *p, struct winreg_UnLoadKey *r); -WERROR _winreg_ReplaceKey(pipes_struct *p, struct winreg_ReplaceKey *r); -WERROR _winreg_LoadKey(pipes_struct *p, struct winreg_LoadKey *r); -WERROR _winreg_NotifyChangeKeyValue(pipes_struct *p, struct winreg_NotifyChangeKeyValue *r); -WERROR _winreg_QueryMultipleValues(pipes_struct *p, struct winreg_QueryMultipleValues *r); -WERROR _winreg_QueryMultipleValues2(pipes_struct *p, struct winreg_QueryMultipleValues2 *r); - -/* The following definitions come from rpc_server/srv_wkssvc_nt.c */ - -WERROR _wkssvc_NetWkstaGetInfo(pipes_struct *p, struct wkssvc_NetWkstaGetInfo *r); -WERROR _wkssvc_NetWkstaSetInfo(pipes_struct *p, struct wkssvc_NetWkstaSetInfo *r); -WERROR _wkssvc_NetWkstaEnumUsers(pipes_struct *p, struct wkssvc_NetWkstaEnumUsers *r); -WERROR _wkssvc_NetrWkstaUserGetInfo(pipes_struct *p, struct wkssvc_NetrWkstaUserGetInfo *r); -WERROR _wkssvc_NetrWkstaUserSetInfo(pipes_struct *p, struct wkssvc_NetrWkstaUserSetInfo *r); -WERROR _wkssvc_NetWkstaTransportEnum(pipes_struct *p, struct wkssvc_NetWkstaTransportEnum *r); -WERROR _wkssvc_NetrWkstaTransportAdd(pipes_struct *p, struct wkssvc_NetrWkstaTransportAdd *r); -WERROR _wkssvc_NetrWkstaTransportDel(pipes_struct *p, struct wkssvc_NetrWkstaTransportDel *r); -WERROR _wkssvc_NetrUseAdd(pipes_struct *p, struct wkssvc_NetrUseAdd *r); -WERROR _wkssvc_NetrUseGetInfo(pipes_struct *p, struct wkssvc_NetrUseGetInfo *r); -WERROR _wkssvc_NetrUseDel(pipes_struct *p, struct wkssvc_NetrUseDel *r); -WERROR _wkssvc_NetrUseEnum(pipes_struct *p, struct wkssvc_NetrUseEnum *r); -WERROR _wkssvc_NetrMessageBufferSend(pipes_struct *p, struct wkssvc_NetrMessageBufferSend *r); -WERROR _wkssvc_NetrWorkstationStatisticsGet(pipes_struct *p, struct wkssvc_NetrWorkstationStatisticsGet *r) ; -WERROR _wkssvc_NetrLogonDomainNameAdd(pipes_struct *p, struct wkssvc_NetrLogonDomainNameAdd *r); -WERROR _wkssvc_NetrLogonDomainNameDel(pipes_struct *p, struct wkssvc_NetrLogonDomainNameDel *r); -WERROR _wkssvc_NetrJoinDomain(pipes_struct *p, struct wkssvc_NetrJoinDomain *r); -WERROR _wkssvc_NetrUnjoinDomain(pipes_struct *p, struct wkssvc_NetrUnjoinDomain *r); -WERROR _wkssvc_NetrRenameMachineInDomain(pipes_struct *p, struct wkssvc_NetrRenameMachineInDomain *r); -WERROR _wkssvc_NetrValidateName(pipes_struct *p, struct wkssvc_NetrValidateName *r); -WERROR _wkssvc_NetrGetJoinInformation(pipes_struct *p, struct wkssvc_NetrGetJoinInformation *r); -WERROR _wkssvc_NetrGetJoinableOus(pipes_struct *p, struct wkssvc_NetrGetJoinableOus *r); -WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, - struct wkssvc_NetrJoinDomain2 *r); -WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, - struct wkssvc_NetrUnjoinDomain2 *r); -WERROR _wkssvc_NetrRenameMachineInDomain2(pipes_struct *p, struct wkssvc_NetrRenameMachineInDomain2 *r); -WERROR _wkssvc_NetrValidateName2(pipes_struct *p, struct wkssvc_NetrValidateName2 *r); -WERROR _wkssvc_NetrGetJoinableOus2(pipes_struct *p, struct wkssvc_NetrGetJoinableOus2 *r); -WERROR _wkssvc_NetrAddAlternateComputerName(pipes_struct *p, struct wkssvc_NetrAddAlternateComputerName *r); -WERROR _wkssvc_NetrRemoveAlternateComputerName(pipes_struct *p, struct wkssvc_NetrRemoveAlternateComputerName *r); -WERROR _wkssvc_NetrSetPrimaryComputername(pipes_struct *p, struct wkssvc_NetrSetPrimaryComputername *r); -WERROR _wkssvc_NetrEnumerateComputerNames(pipes_struct *p, struct wkssvc_NetrEnumerateComputerNames *r); /* The following definitions come from rpcclient/cmd_dfs.c */ @@ -7819,6 +7042,7 @@ bool dns_register_smbd_reply(struct dns_reg_state *dns_state, mode_t unix_mode(connection_struct *conn, int dosmode, const char *fname, const char *inherit_from_dir); uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf); +int dos_attributes_to_stat_dos_flags(uint32_t dosmode); uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf); int file_set_dosmode(connection_struct *conn, const char *fname, uint32 dosmode, SMB_STRUCT_STAT *st, @@ -7894,6 +7118,9 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, char **pp_saved_last_component, SMB_STRUCT_STAT *pst); NTSTATUS check_name(connection_struct *conn, const char *name); +int get_real_filename(connection_struct *conn, const char *path, + const char *name, TALLOC_CTX *mem_ctx, + char **found_name); /* The following definitions come from smbd/files.c */ @@ -8095,78 +7322,74 @@ NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd, uint32_t access_desired, uint32_t *access_granted); NTSTATUS fd_close(files_struct *fsp); +void change_file_owner_to_parent(connection_struct *conn, + const char *inherit_from_dir, + files_struct *fsp); +NTSTATUS change_dir_owner_to_parent(connection_struct *conn, + const char *inherit_from_dir, + const char *fname, + SMB_STRUCT_STAT *psbuf); +bool is_executable(const char *fname); +bool is_stat_open(uint32 access_mask); +bool request_timed_out(struct timeval request_time, + struct timeval timeout); +bool open_match_attributes(connection_struct *conn, + const char *path, + uint32 old_dos_attr, + uint32 new_dos_attr, + mode_t existing_unx_mode, + mode_t new_unx_mode, + mode_t *returned_unx_mode); +NTSTATUS fcb_or_dos_open(struct smb_request *req, + connection_struct *conn, + files_struct *fsp_to_dup_into, + const char *fname, + struct file_id id, + uint16 file_pid, + uint16 vuid, + uint32 access_mask, + uint32 share_access, + uint32 create_options); bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func, uint32 *paccess_mask, uint32 *pshare_mode, uint32 *pcreate_disposition, uint32 *pcreate_options); -NTSTATUS open_file_ntcreate(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */ - uint32 share_access, /* share constants (FILE_SHARE_READ etc) */ - uint32 create_disposition, /* FILE_OPEN_IF etc. */ - uint32 create_options, /* options such as delete on close. */ - uint32 new_dos_attributes, /* attributes used for new file. */ - int oplock_request, /* internal Samba oplock codes. */ - /* Information (FILE_EXISTS etc.) */ - int *pinfo, - files_struct **result); NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, files_struct **result); NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp); -NTSTATUS open_directory(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, - uint32 share_access, - uint32 create_disposition, - uint32 create_options, - uint32 file_attributes, - int *pinfo, - files_struct **result); NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory); void msg_file_was_renamed(struct messaging_context *msg, void *private_data, uint32_t msg_type, struct server_id server_id, DATA_BLOB *data); -NTSTATUS create_file_unixpath(connection_struct *conn, - struct smb_request *req, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf); -NTSTATUS create_file(connection_struct *conn, - struct smb_request *req, - uint16_t root_dir_fid, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf); +struct case_semantics_state; +struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx, + connection_struct *conn); +NTSTATUS create_file_default(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); +NTSTATUS get_relative_fid_filename(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, char **new_fname); /* The following definitions come from smbd/oplock.c */ @@ -8501,10 +7724,10 @@ bool token_contains_name_in_list(const char *username, const struct nt_user_token *token, const char **list); bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum); + const struct nt_user_token *token, int snum); bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn); /* The following definitions come from smbd/srvstr.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index bcf605ee53..891bd4aaf7 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -209,18 +209,7 @@ typedef uint32 codepoint_t; * * @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp **/ -typedef struct dom_sid { - uint8 sid_rev_num; /**< SID revision number */ - uint8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - /* - * Pointer to sub-authorities. - * - * @note The values in these uint32's are in *native* byteorder, not - * neccessarily little-endian...... JRA. - */ - uint32 sub_auths[MAXSUBAUTHS]; -} DOM_SID; +typedef struct dom_sid DOM_SID; enum id_mapping { ID_UNKNOWN = 0, @@ -710,7 +699,6 @@ struct pending_message_list { }; #define SHARE_MODE_FLAG_POSIX_OPEN 0x1 -#define SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE 0x2 /* struct returned by get_share_modes */ struct share_mode_entry { @@ -1895,4 +1883,9 @@ struct smb_extended_info { char samba_version_string[SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH]; }; +/* + * create_file_flags + */ +#define CFF_DOS_PATH 0x00000001 + #endif /* _SMB_H */ diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 119ceeb158..5149da0cb3 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -333,7 +333,7 @@ do { \ /* Warning - this must only be called with 0 <= c < 128. IT WILL * GIVE GARBAGE if c > 128 or c < 0. JRA. */ -extern char toupper_ascii_fast_table[]; +extern const char toupper_ascii_fast_table[]; #define toupper_ascii_fast(c) toupper_ascii_fast_table[(unsigned int)(c)]; #endif diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 4cedb4a9c6..d02d14b854 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -110,6 +110,7 @@ open handle. JRA. */ /* Changed to version 24 - make security descriptor const in fset_nt_acl. JRA. */ /* Changed to version 25 - Jelmer's change from SMB_BIG_UINT to uint64_t. */ +/* Leave at 25 - not yet released. Add create_file call. -- tprouty. */ #define SMB_VFS_INTERFACE_VERSION 25 @@ -134,6 +135,8 @@ struct connection_struct; struct files_struct; struct security_descriptor; struct vfs_statvfs_struct; +struct smb_request; +struct ea_list; /* Available VFS operations. These values must be in sync with vfs_ops struct @@ -170,6 +173,7 @@ typedef enum _vfs_op_type { /* File operations */ SMB_VFS_OP_OPEN, + SMB_VFS_OP_CREATE_FILE, SMB_VFS_OP_CLOSE, SMB_VFS_OP_READ, SMB_VFS_OP_PREAD, @@ -206,6 +210,7 @@ typedef enum _vfs_op_type { SMB_VFS_OP_CHFLAGS, SMB_VFS_OP_FILE_ID_CREATE, SMB_VFS_OP_STREAMINFO, + SMB_VFS_OP_GET_REAL_FILENAME, /* NT ACL operations. */ @@ -305,6 +310,23 @@ struct vfs_ops { /* File operations */ int (*open)(struct vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode); + NTSTATUS (*create_file)(struct vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); int (*close_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp); ssize_t (*vfs_read)(struct vfs_handle_struct *handle, struct files_struct *fsp, void *data, size_t n); ssize_t (*pread)(struct vfs_handle_struct *handle, struct files_struct *fsp, void *data, size_t n, SMB_OFF_T offset); @@ -354,6 +376,12 @@ struct vfs_ops { unsigned int *num_streams, struct stream_struct **streams); + int (*get_real_filename)(struct vfs_handle_struct *handle, + const char *path, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name); + /* NT ACL operations. */ NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle, @@ -452,6 +480,7 @@ struct vfs_ops { /* File operations */ struct vfs_handle_struct *open; + struct vfs_handle_struct *create_file; struct vfs_handle_struct *close_hnd; struct vfs_handle_struct *vfs_read; struct vfs_handle_struct *pread; @@ -488,6 +517,7 @@ struct vfs_ops { struct vfs_handle_struct *chflags; struct vfs_handle_struct *file_id_create; struct vfs_handle_struct *streaminfo; + struct vfs_handle_struct *get_real_filename; /* NT ACL operations. */ diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index 8fbc21b12d..b008d86b3c 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -48,6 +48,7 @@ /* File operations */ #define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs.ops.open)((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_CREATE_FILE(conn, req, root_dir_fid, fname, create_file_flags, access_mask, share_access, create_disposition, create_options, file_attributes, oplock_request, allocation_size, sd, ea_list, result, pinfo, psbuf) (((conn)->vfs.ops.create_file)((conn)->vfs.handles.create_file, (req), (root_dir_fid), (fname), (create_file_flags), (access_mask), (share_access), (create_disposition), (create_options), (file_attributes), (oplock_request), (allocation_size), (sd), (ea_list), (result), (pinfo), (psbuf))) #define SMB_VFS_CLOSE(fsp) ((fsp)->conn->vfs.ops.close_fn((fsp)->conn->vfs.handles.close_hnd, (fsp))) #define SMB_VFS_READ(fsp, data, n) ((fsp)->conn->vfs.ops.vfs_read((fsp)->conn->vfs.handles.vfs_read, (fsp), (data), (n))) #define SMB_VFS_PREAD(fsp, data, n, off) ((fsp)->conn->vfs.ops.pread((fsp)->conn->vfs.handles.pread, (fsp), (data), (n), (off))) @@ -84,6 +85,7 @@ #define SMB_VFS_CHFLAGS(conn, path, flags) ((conn)->vfs.ops.chflags((conn)->vfs.handles.chflags, (path), (flags))) #define SMB_VFS_FILE_ID_CREATE(conn, dev, inode) ((conn)->vfs.ops.file_id_create((conn)->vfs.handles.file_id_create, (dev), (inode))) #define SMB_VFS_STREAMINFO(conn, fsp, fname, mem_ctx, num_streams, streams) ((conn)->vfs.ops.streaminfo((conn)->vfs.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams))) +#define SMB_VFS_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name) ((conn)->vfs.ops.get_real_filename((conn)->vfs.handles.get_real_filename, (path), (name), (mem_ctx), (found_name))) /* NT ACL operations. */ #define SMB_VFS_FGET_NT_ACL(fsp, security_info, ppdesc) ((fsp)->conn->vfs.ops.fget_nt_acl((fsp)->conn->vfs.handles.fget_nt_acl, (fsp), (security_info), (ppdesc))) @@ -173,6 +175,7 @@ /* File operations */ #define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs_opaque.ops.open)((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_OPAQUE_CREATE_FILE(conn, req, root_dir_fid, fname, create_file_flags, access_mask, share_access, create_disposition, create_options, file_attributes, oplock_request, allocation_size, sd, ea_list, result, pinfo, psbuf) (((conn)->vfs_opaque.ops.create_file)((conn)->vfs_opaque.handles.create_file, (req), (root_dir_fid), (fname), (create_file_flags), (access_mask), (share_access), (create_disposition), (create_options), (file_attributes), (oplock_request), (allocation_size), (sd), (ea_list), (result), (pinfo), (psbuf))) #define SMB_VFS_OPAQUE_CLOSE(fsp) ((fsp)->conn->vfs_opaque.ops.close_fn((fsp)->conn->vfs_opaque.handles.close_hnd, (fsp))) #define SMB_VFS_OPAQUE_READ(fsp, data, n) ((fsp)->conn->vfs_opaque.ops.vfs_read((fsp)->conn->vfs_opaque.handles.vfs_read, (fsp), (data), (n))) #define SMB_VFS_OPAQUE_PREAD(fsp, data, n, off) ((fsp)->conn->vfs_opaque.ops.pread((fsp)->conn->vfs_opaque.handles.pread, (fsp), (data), (n), (off))) @@ -209,6 +212,7 @@ #define SMB_VFS_OPAQUE_CHFLAGS(conn, path, flags) ((conn)->vfs_opaque.ops.chflags((conn)->vfs_opaque.handles.chflags, (path), (flags))) #define SMB_VFS_OPAQUE_FILE_ID_CREATE(conn, dev, inode) ((conn)->vfs.ops_opaque.file_id_create((conn)->vfs_opaque.handles.file_id_create, (dev), (inode))) #define SMB_VFS_OPAQUE_STREAMINFO(conn, fsp, fname, mem_ctx, num_streams, streams) ((conn)->vfs_opaque.ops.streaminfo((conn)->vfs_opaque.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams))) +#define SMB_VFS_OPAQUE_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name) ((conn)->vfs_opaque.ops.get_real_filename((conn)->vfs_opaque.handles.get_real_filename, (path), (name), (mem_ctx), (found_name))) /* NT ACL operations. */ #define SMB_VFS_OPAQUE_FGET_NT_ACL(fsp, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.fget_nt_acl((fsp)->conn->vfs_opaque.handles.fget_nt_acl, (fsp), (security_info), (ppdesc))) @@ -299,6 +303,7 @@ /* File operations */ #define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)->vfs_next.ops.open)((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode))) +#define SMB_VFS_NEXT_CREATE_FILE(handle, req, root_dir_fid, fname, create_file_flags, access_mask, share_access, create_disposition, create_options, file_attributes, oplock_request, allocation_size, sd, ea_list, result, pinfo, psbuf) (((handle)->vfs_next.ops.create_file)((handle)->vfs_next.handles.create_file, (req), (root_dir_fid), (fname), (create_file_flags), (access_mask), (share_access), (create_disposition), (create_options), (file_attributes), (oplock_request), (allocation_size), (sd), (ea_list), (result), (pinfo), (psbuf))) #define SMB_VFS_NEXT_CLOSE(handle, fsp) ((handle)->vfs_next.ops.close_fn((handle)->vfs_next.handles.close_hnd, (fsp))) #define SMB_VFS_NEXT_READ(handle, fsp, data, n) ((handle)->vfs_next.ops.vfs_read((handle)->vfs_next.handles.vfs_read, (fsp), (data), (n))) #define SMB_VFS_NEXT_PREAD(handle, fsp, data, n, off) ((handle)->vfs_next.ops.pread((handle)->vfs_next.handles.pread, (fsp), (data), (n), (off))) @@ -335,6 +340,7 @@ #define SMB_VFS_NEXT_CHFLAGS(handle, path, flags) ((handle)->vfs_next.ops.chflags((handle)->vfs_next.handles.chflags, (path), (flags))) #define SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode) ((handle)->vfs_next.ops.file_id_create((handle)->vfs_next.handles.file_id_create, (dev), (inode))) #define SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx, num_streams, streams) ((handle)->vfs_next.ops.streaminfo((handle)->vfs_next.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams))) +#define SMB_VFS_NEXT_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name) ((conn)->vfs_next.ops.get_real_filename((conn)->vfs_next.handles.get_real_filename, (path), (name), (mem_ctx), (found_name))) /* NT ACL operations. */ #define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc) ((handle)->vfs_next.ops.fget_nt_acl((handle)->vfs_next.handles.fget_nt_acl, (fsp), (security_info), (ppdesc))) diff --git a/source3/lib/async_req.c b/source3/lib/async_req.c index 501a6b5524..159666f15c 100644 --- a/source3/lib/async_req.c +++ b/source3/lib/async_req.c @@ -172,3 +172,26 @@ bool async_req_nomem(const void *p, struct async_req *req) async_req_error(req, NT_STATUS_NO_MEMORY); return true; } + +bool async_req_is_error(struct async_req *req, NTSTATUS *status) +{ + if (req->state < ASYNC_REQ_DONE) { + *status = NT_STATUS_INTERNAL_ERROR; + return true; + } + if (req->state == ASYNC_REQ_ERROR) { + *status = req->status; + return true; + } + return false; +} + +NTSTATUS async_req_simple_recv(struct async_req *req) +{ + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + return NT_STATUS_OK; +} diff --git a/source3/lib/async_sock.c b/source3/lib/async_sock.c index ffba6de832..225cc7b195 100644 --- a/source3/lib/async_sock.c +++ b/source3/lib/async_sock.c @@ -177,18 +177,13 @@ static struct async_req *async_fde_syscall_new( * @retval The return value from the asynchronously called syscall */ -ssize_t async_syscall_result_ssize_t(struct async_req **req, int *perrno) +ssize_t async_syscall_result_ssize_t(struct async_req *req, int *perrno) { struct async_syscall_state *state = talloc_get_type_abort( - (*req)->private_data, struct async_syscall_state); - - int sys_errno = state->sys_errno; - ssize_t result = state->result.result_ssize_t; - - TALLOC_FREE(*req); + req->private_data, struct async_syscall_state); - *perrno = sys_errno; - return result; + *perrno = state->sys_errno; + return state->result.result_ssize_t; } /** @@ -198,18 +193,13 @@ ssize_t async_syscall_result_ssize_t(struct async_req **req, int *perrno) * @retval The return value from the asynchronously called syscall */ -size_t async_syscall_result_size_t(struct async_req **req, int *perrno) +size_t async_syscall_result_size_t(struct async_req *req, int *perrno) { struct async_syscall_state *state = talloc_get_type_abort( - (*req)->private_data, struct async_syscall_state); - - int sys_errno = state->sys_errno; - size_t result = state->result.result_ssize_t; - - TALLOC_FREE(*req); + req->private_data, struct async_syscall_state); - *perrno = sys_errno; - return result; + *perrno = state->sys_errno; + return state->result.result_size_t; } /** @@ -219,18 +209,13 @@ size_t async_syscall_result_size_t(struct async_req **req, int *perrno) * @retval The return value from the asynchronously called syscall */ -ssize_t async_syscall_result_int(struct async_req **req, int *perrno) +ssize_t async_syscall_result_int(struct async_req *req, int *perrno) { struct async_syscall_state *state = talloc_get_type_abort( - (*req)->private_data, struct async_syscall_state); - - int sys_errno = state->sys_errno; - int result = state->result.result_ssize_t; - - TALLOC_FREE(*req); + req->private_data, struct async_syscall_state); - *perrno = sys_errno; - return result; + *perrno = state->sys_errno; + return state->result.result_int; } /** @@ -353,9 +338,9 @@ static void async_sendall_callback(struct event_context *ev, * "length" bytes */ -struct async_req *async_sendall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, const void *buffer, size_t length, - int flags) +struct async_req *sendall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, const void *buffer, size_t length, + int flags) { struct async_req *result; struct async_syscall_state *state; @@ -377,6 +362,11 @@ struct async_req *async_sendall(TALLOC_CTX *mem_ctx, struct event_context *ev, return result; } +NTSTATUS sendall_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + /** * fde event handler for the "recv" syscall * @param[in] ev The event context that sent us here @@ -498,9 +488,9 @@ static void async_recvall_callback(struct event_context *ev, * async_recvall will call recv(2) until "length" bytes are received */ -struct async_req *async_recvall(TALLOC_CTX *mem_ctx, struct event_context *ev, - int fd, void *buffer, size_t length, - int flags) +struct async_req *recvall_send(TALLOC_CTX *mem_ctx, struct event_context *ev, + int fd, void *buffer, size_t length, + int flags) { struct async_req *result; struct async_syscall_state *state; @@ -522,6 +512,11 @@ struct async_req *async_recvall(TALLOC_CTX *mem_ctx, struct event_context *ev, return result; } +NTSTATUS recvall_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + /** * fde event handler for connect(2) * @param[in] ev The event context that sent us here diff --git a/source3/lib/debug.c b/source3/lib/debug.c index d64fcb66d9..193e9efc96 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -851,7 +851,7 @@ void check_log_size( void ) ret = vasprintf(&msgbuf, format_str, ap); va_end(ap); - if (ret == -1) { + if (ret != -1) { syslog(priority, "%s", msgbuf); } SAFE_FREE(msgbuf); diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c index a0d93d6fe7..636639c11d 100644 --- a/source3/lib/display_sec.c +++ b/source3/lib/display_sec.c @@ -240,7 +240,7 @@ void display_sec_acl(SEC_ACL *sec_acl) void display_acl_type(uint16 type) { - static fstring typestr=""; + fstring typestr=""; typestr[0] = 0; diff --git a/source3/lib/interface.c b/source3/lib/interface.c index f533ec92c7..48fa4d32a9 100644 --- a/source3/lib/interface.c +++ b/source3/lib/interface.c @@ -33,7 +33,7 @@ bool ismyaddr(const struct sockaddr *ip) { struct interface *i; for (i=local_interfaces;i;i=i->next) { - if (addr_equal((struct sockaddr *)&i->ip,ip)) { + if (sockaddr_equal((struct sockaddr *)&i->ip,ip)) { return true; } } @@ -65,7 +65,7 @@ static struct interface *iface_find(const struct sockaddr *ip, if (same_net(ip, (struct sockaddr *)&i->ip, (struct sockaddr *)&i->netmask)) { return i; } - } else if (addr_equal((struct sockaddr *)&i->ip, ip)) { + } else if (sockaddr_equal((struct sockaddr *)&i->ip, ip)) { return i; } } @@ -93,7 +93,7 @@ void setup_linklocal_scope_id(struct sockaddr *pss) { struct interface *i; for (i=local_interfaces;i;i=i->next) { - if (addr_equal((struct sockaddr *)&i->ip,pss)) { + if (sockaddr_equal((struct sockaddr *)&i->ip,pss)) { struct sockaddr_in6 *psa6 = (struct sockaddr_in6 *)pss; psa6->sin6_scope_id = if_nametoindex(i->name); @@ -388,7 +388,7 @@ static void interpret_interface(char *token) } for (i=0;i<total_probed;i++) { - if (addr_equal((struct sockaddr *)&ss, (struct sockaddr *)&probed_ifaces[i].ip)) { + if (sockaddr_equal((struct sockaddr *)&ss, (struct sockaddr *)&probed_ifaces[i].ip)) { add_interface(&probed_ifaces[i]); return; } @@ -441,8 +441,8 @@ static void interpret_interface(char *token) make_net(&ss_net, &ss, &ss_mask); /* Maybe the first component was a broadcast address. */ - if (addr_equal((struct sockaddr *)&ss_bcast, (struct sockaddr *)&ss) || - addr_equal((struct sockaddr *)&ss_net, (struct sockaddr *)&ss)) { + if (sockaddr_equal((struct sockaddr *)&ss_bcast, (struct sockaddr *)&ss) || + sockaddr_equal((struct sockaddr *)&ss_net, (struct sockaddr *)&ss)) { for (i=0;i<total_probed;i++) { if (same_net((struct sockaddr *)&ss, (struct sockaddr *)&probed_ifaces[i].ip, diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index 2e319cf23c..1f4b03f677 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -46,7 +46,7 @@ static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX, fields_present |= SAMR_FIELD_ACCOUNT_NAME; } if (infoX->usriX_password) { - fields_present |= SAMR_FIELD_PASSWORD; + fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT; } if (infoX->usriX_flags) { fields_present |= SAMR_FIELD_ACCT_FLAGS; diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index 2e6d3b3cb1..cad14ec493 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -166,7 +166,7 @@ struct poptOption popt_common_configfile[] = { }; struct poptOption popt_common_version[] = { - { NULL, 0, POPT_ARG_CALLBACK, (void *)popt_common_callback }, + { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_POST, (void *)popt_common_callback }, { "version", 'V', POPT_ARG_NONE, NULL, 'V', "Print version" }, POPT_TABLEEND }; @@ -318,7 +318,7 @@ const struct poptOption popt_common_dynconfig[] = { * exit on failure * ****************************************************************************/ -static void get_password_file(void) +static void get_password_file(struct user_auth_info *auth_info) { int fd = -1; char *p; @@ -377,13 +377,14 @@ static void get_password_file(void) } SAFE_FREE(spec); - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(auth_info, pass); if (close_it) { close(fd); } } -static void get_credentials_file(const char *file) +static void get_credentials_file(struct user_auth_info *auth_info, + const char *file) { XFILE *auth; fstring buf; @@ -426,9 +427,9 @@ static void get_credentials_file(const char *file) val++; if (strwicmp("password", param) == 0) { - set_cmdline_auth_info_password(val); + set_cmdline_auth_info_password(auth_info, val); } else if (strwicmp("username", param) == 0) { - set_cmdline_auth_info_username(val); + set_cmdline_auth_info_username(auth_info, val); } else if (strwicmp("domain", param) == 0) { set_global_myworkgroup(val); } @@ -453,13 +454,16 @@ static void popt_common_credentials_callback(poptContext con, const struct poptOption *opt, const char *arg, const void *data) { + struct user_auth_info *auth_info = talloc_get_type_abort( + *((const char **)data), struct user_auth_info); char *p; if (reason == POPT_CALLBACK_REASON_PRE) { - set_cmdline_auth_info_username("GUEST"); + set_cmdline_auth_info_username(auth_info, "GUEST"); if (getenv("LOGNAME")) { - set_cmdline_auth_info_username(getenv("LOGNAME")); + set_cmdline_auth_info_username(auth_info, + getenv("LOGNAME")); } if (getenv("USER")) { @@ -467,24 +471,25 @@ static void popt_common_credentials_callback(poptContext con, if (!puser) { exit(ENOMEM); } - set_cmdline_auth_info_username(puser); + set_cmdline_auth_info_username(auth_info, puser); if ((p = strchr_m(puser,'%'))) { size_t len; *p = 0; len = strlen(p+1); - set_cmdline_auth_info_password(p+1); + set_cmdline_auth_info_password(auth_info, p+1); memset(strchr_m(getenv("USER"),'%')+1,'X',len); } SAFE_FREE(puser); } if (getenv("PASSWD")) { - set_cmdline_auth_info_password(getenv("PASSWD")); + set_cmdline_auth_info_password(auth_info, + getenv("PASSWD")); } if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) { - get_password_file(); + get_password_file(auth_info); } return; @@ -499,19 +504,22 @@ static void popt_common_credentials_callback(poptContext con, if ((lp=strchr_m(puser,'%'))) { size_t len; *lp = 0; - set_cmdline_auth_info_username(puser); - set_cmdline_auth_info_password(lp+1); + set_cmdline_auth_info_username(auth_info, + puser); + set_cmdline_auth_info_password(auth_info, + lp+1); len = strlen(lp+1); memset(strchr_m(arg,'%')+1,'X',len); } else { - set_cmdline_auth_info_username(puser); + set_cmdline_auth_info_username(auth_info, + puser); } SAFE_FREE(puser); } break; case 'A': - get_credentials_file(arg); + get_credentials_file(auth_info, arg); break; case 'k': @@ -519,31 +527,40 @@ static void popt_common_credentials_callback(poptContext con, d_printf("No kerberos support compiled in\n"); exit(1); #else - set_cmdline_auth_info_use_krb5_ticket(); + set_cmdline_auth_info_use_krb5_ticket(auth_info); #endif break; case 'S': - if (!set_cmdline_auth_info_signing_state(arg)) { + if (!set_cmdline_auth_info_signing_state(auth_info, arg)) { fprintf(stderr, "Unknown signing option %s\n", arg ); exit(1); } break; case 'P': - set_cmdline_auth_info_use_machine_account(); + set_cmdline_auth_info_use_machine_account(auth_info); break; case 'N': - set_cmdline_auth_info_password(""); + set_cmdline_auth_info_password(auth_info, ""); break; case 'e': - set_cmdline_auth_info_smb_encrypt(); + set_cmdline_auth_info_smb_encrypt(auth_info); break; } } +static struct user_auth_info *global_auth_info; + +void popt_common_set_auth_info(struct user_auth_info *auth_info) +{ + global_auth_info = auth_info; +} + struct poptOption popt_common_credentials[] = { - { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, (void *)popt_common_credentials_callback }, + { NULL, 0, POPT_ARG_CALLBACK|POPT_CBFLAG_PRE, + (void *)popt_common_credentials_callback, 0, + (const char *)&global_auth_info }, { "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set the network username", "USERNAME" }, { "no-pass", 'N', POPT_ARG_NONE, NULL, 'N', "Don't ask for a password" }, { "kerberos", 'k', POPT_ARG_NONE, NULL, 'k', "Use kerberos (active directory) authentication" }, diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index df85336603..400f5f31b0 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -100,6 +100,33 @@ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) } /******************************************************************* + Given a security_descriptor return the sec_info. +********************************************************************/ + +uint32_t get_sec_info(const SEC_DESC *sd) +{ + uint32_t sec_info = ALL_SECURITY_INFORMATION; + + SMB_ASSERT(sd); + + if (sd->owner_sid == NULL) { + sec_info &= ~OWNER_SECURITY_INFORMATION; + } + if (sd->group_sid == NULL) { + sec_info &= ~GROUP_SECURITY_INFORMATION; + } + if (sd->sacl == NULL) { + sec_info &= ~SACL_SECURITY_INFORMATION; + } + if (sd->dacl == NULL) { + sec_info &= ~DACL_SECURITY_INFORMATION; + } + + return sec_info; +} + + +/******************************************************************* Merge part of security descriptor old_sec in to the empty sections of security descriptor new_sec. ********************************************************************/ diff --git a/source3/lib/util.c b/source3/lib/util.c index 074b523ae0..dd23d547b5 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -280,135 +280,154 @@ bool init_names(void) Used mainly in client tools. ****************************************************************************/ -static struct user_auth_info cmdline_auth_info = { - NULL, /* username */ - NULL, /* password */ - false, /* got_pass */ - false, /* use_kerberos */ - Undefined, /* signing state */ - false, /* smb_encrypt */ - false /* use machine account */ -}; - -const char *get_cmdline_auth_info_username(void) -{ - if (!cmdline_auth_info.username) { +struct user_auth_info *user_auth_info_init(TALLOC_CTX *mem_ctx) +{ + struct user_auth_info *result; + + result = TALLOC_ZERO_P(mem_ctx, struct user_auth_info); + if (result == NULL) { + return NULL; + } + + result->signing_state = Undefined; + return result; +} + +const char *get_cmdline_auth_info_username(struct user_auth_info *auth_info) +{ + if (!auth_info->username) { return ""; } - return cmdline_auth_info.username; + return auth_info->username; } -void set_cmdline_auth_info_username(const char *username) +void set_cmdline_auth_info_username(struct user_auth_info *auth_info, + const char *username) { - SAFE_FREE(cmdline_auth_info.username); - cmdline_auth_info.username = SMB_STRDUP(username); - if (!cmdline_auth_info.username) { + TALLOC_FREE(auth_info->username); + auth_info->username = talloc_strdup(auth_info, username); + if (!auth_info->username) { exit(ENOMEM); } } -const char *get_cmdline_auth_info_password(void) +const char *get_cmdline_auth_info_password(struct user_auth_info *auth_info) { - if (!cmdline_auth_info.password) { + if (!auth_info->password) { return ""; } - return cmdline_auth_info.password; + return auth_info->password; } -void set_cmdline_auth_info_password(const char *password) +void set_cmdline_auth_info_password(struct user_auth_info *auth_info, + const char *password) { - SAFE_FREE(cmdline_auth_info.password); - cmdline_auth_info.password = SMB_STRDUP(password); - if (!cmdline_auth_info.password) { + TALLOC_FREE(auth_info->password); + auth_info->password = talloc_strdup(auth_info, password); + if (!auth_info->password) { exit(ENOMEM); } - cmdline_auth_info.got_pass = true; + auth_info->got_pass = true; } -bool set_cmdline_auth_info_signing_state(const char *arg) +bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info, + const char *arg) { - cmdline_auth_info.signing_state = -1; + auth_info->signing_state = -1; if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false")) { - cmdline_auth_info.signing_state = false; + auth_info->signing_state = false; } else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") || strequal(arg, "auto")) { - cmdline_auth_info.signing_state = true; + auth_info->signing_state = true; } else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced")) { - cmdline_auth_info.signing_state = Required; + auth_info->signing_state = Required; } else { return false; } return true; } -int get_cmdline_auth_info_signing_state(void) +int get_cmdline_auth_info_signing_state(struct user_auth_info *auth_info) { - return cmdline_auth_info.signing_state; + return auth_info->signing_state; } -void set_cmdline_auth_info_use_kerberos(bool b) +void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info, + bool b) { - cmdline_auth_info.use_kerberos = b; + auth_info->use_kerberos = b; } -bool get_cmdline_auth_info_use_kerberos(void) +bool get_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info) { - return cmdline_auth_info.use_kerberos; + return auth_info->use_kerberos; } /* This should only be used by lib/popt_common.c JRA */ -void set_cmdline_auth_info_use_krb5_ticket(void) +void set_cmdline_auth_info_use_krb5_ticket(struct user_auth_info *auth_info) { - cmdline_auth_info.use_kerberos = true; - cmdline_auth_info.got_pass = true; + auth_info->use_kerberos = true; + auth_info->got_pass = true; } /* This should only be used by lib/popt_common.c JRA */ -void set_cmdline_auth_info_smb_encrypt(void) +void set_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info) { - cmdline_auth_info.smb_encrypt = true; + auth_info->smb_encrypt = true; } -void set_cmdline_auth_info_use_machine_account(void) +void set_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info) { - cmdline_auth_info.use_machine_account = true; + auth_info->use_machine_account = true; } -bool get_cmdline_auth_info_got_pass(void) +bool get_cmdline_auth_info_got_pass(struct user_auth_info *auth_info) { - return cmdline_auth_info.got_pass; + return auth_info->got_pass; } -bool get_cmdline_auth_info_smb_encrypt(void) +bool get_cmdline_auth_info_smb_encrypt(struct user_auth_info *auth_info) { - return cmdline_auth_info.smb_encrypt; + return auth_info->smb_encrypt; } -bool get_cmdline_auth_info_use_machine_account(void) +bool get_cmdline_auth_info_use_machine_account(struct user_auth_info *auth_info) { - return cmdline_auth_info.use_machine_account; + return auth_info->use_machine_account; } -bool get_cmdline_auth_info_copy(struct user_auth_info *info) +struct user_auth_info *get_cmdline_auth_info_copy(TALLOC_CTX *mem_ctx, + struct user_auth_info *src) { - *info = cmdline_auth_info; - /* Now re-alloc the strings. */ - info->username = SMB_STRDUP(get_cmdline_auth_info_username()); - info->password = SMB_STRDUP(get_cmdline_auth_info_password()); - if (!info->username || !info->password) { - return false; + struct user_auth_info *result; + + result = user_auth_info_init(mem_ctx); + if (result == NULL) { + return NULL; } - return true; + + *result = *src; + + result->username = talloc_strdup( + result, get_cmdline_auth_info_username(src)); + result->password = talloc_strdup( + result, get_cmdline_auth_info_password(src)); + if ((result->username == NULL) || (result->password == NULL)) { + TALLOC_FREE(result); + return NULL; + } + + return result; } -bool set_cmdline_auth_info_machine_account_creds(void) +bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_info) { char *pass = NULL; char *account = NULL; - if (!get_cmdline_auth_info_use_machine_account()) { + if (!get_cmdline_auth_info_use_machine_account(auth_info)) { return false; } @@ -430,8 +449,8 @@ bool set_cmdline_auth_info_machine_account_creds(void) return false; } - set_cmdline_auth_info_username(account); - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_username(auth_info, account); + set_cmdline_auth_info_password(auth_info, pass); SAFE_FREE(account); SAFE_FREE(pass); diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 5721f412d6..605bbf1fb6 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -52,7 +52,7 @@ bool interpret_string_addr(struct sockaddr_storage *pss, } #endif - zero_addr(pss); + zero_sockaddr(pss); if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) { return false; @@ -81,7 +81,7 @@ bool interpret_string_addr(struct sockaddr_storage *pss, Set an address to INADDR_ANY. ******************************************************************/ -void zero_addr(struct sockaddr_storage *pss) +void zero_sockaddr(struct sockaddr_storage *pss) { memset(pss, '\0', sizeof(*pss)); /* Ensure we're at least a valid sockaddr-storage. */ @@ -1254,7 +1254,7 @@ static bool matchname(const char *remotehost, if (!res->ai_addr) { continue; } - if (addr_equal((const struct sockaddr *)res->ai_addr, + if (sockaddr_equal((const struct sockaddr *)res->ai_addr, (struct sockaddr *)pss)) { freeaddrinfo(ailist); return true; @@ -1367,7 +1367,7 @@ const char *get_peer_name(int fd, bool force_lookup) p = get_peer_addr_internal(fd, addr_buf, sizeof(addr_buf), (struct sockaddr *)&ss, &length); /* it might be the same as the last one - save some DNS work */ - if (addr_equal((struct sockaddr *)&ss, (struct sockaddr *)&nc.ss)) { + if (sockaddr_equal((struct sockaddr *)&ss, (struct sockaddr *)&nc.ss)) { return nc.name ? nc.name : "UNKNOWN"; } @@ -1687,7 +1687,7 @@ bool is_myname_or_ipaddr(const char *s) } n = get_interfaces(nics, MAX_INTERFACES); for (i=0; i<n; i++) { - if (addr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) { + if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) { TALLOC_FREE(nics); return true; } diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index fde4f825e8..9358061797 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -24,7 +24,7 @@ #include "includes.h" -char toupper_ascii_fast_table[128] = { +const char toupper_ascii_fast_table[128] = { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 4658f66cfd..7dfc19b462 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -772,7 +772,7 @@ static char *get_kdc_ip_string(char *mem_ctx, get_kdc_list(realm, sitename, &ip_srv_site, &count_site); for (i = 0; i < count_site; i++) { - if (addr_equal((struct sockaddr *)&ip_srv_site[i].ss, + if (sockaddr_equal((struct sockaddr *)&ip_srv_site[i].ss, (struct sockaddr *)pss)) { continue; } @@ -795,13 +795,13 @@ static char *get_kdc_ip_string(char *mem_ctx, for (i = 0; i < count_nonsite; i++) { int j; - if (addr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, (struct sockaddr *)pss)) { + if (sockaddr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, (struct sockaddr *)pss)) { continue; } /* Ensure this isn't an IP already seen (YUK! this is n*n....) */ for (j = 0; j < count_site; j++) { - if (addr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, + if (sockaddr_equal((struct sockaddr *)&ip_srv_nonsite[i].ss, (struct sockaddr *)&ip_srv_site[j].ss)) { break; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 932e42e076..cf8a7ebb1b 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -162,6 +162,11 @@ bool ads_closest_dc(ADS_STRUCT *ads) return True; } + if (ads->config.client_site_name == NULL) { + DEBUG(10,("ads_closest_dc: client belongs to no site\n")); + return True; + } + DEBUG(10,("ads_closest_dc: %s is not the closest DC\n", ads->config.ldap_server_name)); @@ -267,10 +272,12 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) static NTSTATUS ads_find_dc(ADS_STRUCT *ads) { + const char *c_domain; const char *c_realm; int count, i=0; struct ip_service *ip_list; const char *realm; + const char *domain; bool got_realm = False; bool use_own_domain = False; char *sitename; @@ -308,13 +315,44 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ } + if ( use_own_domain ) { + c_domain = lp_workgroup(); + } else { + c_domain = ads->server.workgroup; + } + realm = c_realm; + domain = c_domain; + + /* + * In case of LDAP we use get_dc_name() as that + * creates the custom krb5.conf file + */ + if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) { + fstring srv_name; + struct sockaddr_storage ip_out; + + DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n", + (got_realm ? "realm" : "domain"), realm)); + + if (get_dc_name(domain, realm, srv_name, &ip_out)) { + /* + * we call ads_try_connect() to fill in the + * ads->config details + */ + if (ads_try_connect(ads, srv_name, false)) { + return NT_STATUS_OK; + } + } + + return NT_STATUS_NO_LOGON_SERVERS; + } sitename = sitename_fetch(realm); again: - DEBUG(6,("ads_find_dc: looking for %s '%s'\n", + DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n", (got_realm ? "realm" : "domain"), realm)); status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm); @@ -613,9 +651,8 @@ got_connection: /* cache the successful connection for workgroup and realm */ if (ads_closest_dc(ads)) { - print_sockaddr(addr, sizeof(addr), &ads->ldap.ss); - saf_store( ads->server.workgroup, addr); - saf_store( ads->server.realm, addr); + saf_store( ads->server.workgroup, ads->config.ldap_server_name); + saf_store( ads->server.realm, ads->config.ldap_server_name); } ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version); diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c index 6324a22041..6ada66ca40 100644 --- a/source3/libads/ndr.c +++ b/source3/libads/ndr.c @@ -75,7 +75,6 @@ void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ndr_print_string(ndr, "server_site_name", r->config.server_site_name); ndr_print_string(ndr, "client_site_name", r->config.client_site_name); ndr_print_time_t(ndr, "current_time", r->config.current_time); - ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc); ndr_print_string(ndr, "schema_path", r->config.schema_path); ndr_print_string(ndr, "config_path", r->config.config_path); ndr->depth--; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 908fb78ab4..691f6ff8eb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1521,7 +1521,10 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, return WERR_OK; } - saf_store(r->in.domain_name, r->in.dc_name); + saf_join_store(r->out.netbios_domain_name, r->in.dc_name); + if (r->out.dns_domain_name) { + saf_join_store(r->out.dns_domain_name, r->in.dc_name); + } #ifdef WITH_ADS if (r->out.domain_is_ad) { @@ -1752,6 +1755,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->in.domain_name, NULL, NULL, + DS_FORCE_REDISCOVERY | DS_DIRECTORY_SERVICE_REQUIRED | DS_WRITABLE_REQUIRED | DS_RETURN_DNS_NAME, diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 990f6f6a63..81956942ca 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -324,7 +324,7 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); if (ret) { - DEBUG(10, ("krb5_kt_start_seq_get failed: %s", + DEBUG(10, ("krb5_kt_start_seq_get failed: %s\n", error_message(ret))); return NULL; } diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 4351810169..73d4439743 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -282,8 +282,8 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, * libnet_samsync */ -void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, - struct netr_ChangeLogEntry *e) +static void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, + struct netr_ChangeLogEntry *e) { ZERO_STRUCTP(e); diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c index 1af3249473..1ce4e67c56 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.c +++ b/source3/librpc/gen_ndr/cli_netlogon.c @@ -2296,23 +2296,36 @@ NTSTATUS rpccli_netr_LogonSamLogonWithFlags(struct rpc_pipe_client *cli, return r.out.result; } -NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - WERROR *werror) +NTSTATUS rpccli_netr_ServerGetTrustInfo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *server_name /* [in] [unique,charset(UTF16)] */, + const char *account_name /* [in] [ref,charset(UTF16)] */, + enum netr_SchannelType secure_channel_type /* [in] */, + const char *computer_name /* [in] [ref,charset(UTF16)] */, + struct netr_Authenticator *credential /* [in] [ref] */, + struct netr_Authenticator *return_authenticator /* [out] [ref] */, + struct samr_Password *new_owf_password /* [out] [ref] */, + struct samr_Password *old_owf_password /* [out] [ref] */, + struct netr_TrustInfo **trust_info /* [out] [ref] */) { - struct netr_NETRSERVERGETTRUSTINFO r; + struct netr_ServerGetTrustInfo r; NTSTATUS status; /* In parameters */ + r.in.server_name = server_name; + r.in.account_name = account_name; + r.in.secure_channel_type = secure_channel_type; + r.in.computer_name = computer_name; + r.in.credential = credential; if (DEBUGLEVEL >= 10) { - NDR_PRINT_IN_DEBUG(netr_NETRSERVERGETTRUSTINFO, &r); + NDR_PRINT_IN_DEBUG(netr_ServerGetTrustInfo, &r); } status = cli_do_rpc_ndr(cli, mem_ctx, &ndr_table_netlogon, - NDR_NETR_NETRSERVERGETTRUSTINFO, + NDR_NETR_SERVERGETTRUSTINFO, &r); if (!NT_STATUS_IS_OK(status)) { @@ -2320,7 +2333,7 @@ NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, } if (DEBUGLEVEL >= 10) { - NDR_PRINT_OUT_DEBUG(netr_NETRSERVERGETTRUSTINFO, &r); + NDR_PRINT_OUT_DEBUG(netr_ServerGetTrustInfo, &r); } if (NT_STATUS_IS_ERR(status)) { @@ -2328,12 +2341,12 @@ NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, } /* Return variables */ + *return_authenticator = *r.out.return_authenticator; + *new_owf_password = *r.out.new_owf_password; + *old_owf_password = *r.out.old_owf_password; + *trust_info = *r.out.trust_info; /* Return result */ - if (werror) { - *werror = r.out.result; - } - - return werror_to_ntstatus(r.out.result); + return r.out.result; } diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h index 9f5eac15b2..3fbc00e9da 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.h +++ b/source3/librpc/gen_ndr/cli_netlogon.h @@ -356,7 +356,15 @@ NTSTATUS rpccli_netr_LogonSamLogonWithFlags(struct rpc_pipe_client *cli, union netr_Validation *validation /* [out] [ref,switch_is(validation_level)] */, uint8_t *authoritative /* [out] [ref] */, uint32_t *flags /* [in,out] [ref] */); -NTSTATUS rpccli_netr_NETRSERVERGETTRUSTINFO(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - WERROR *werror); +NTSTATUS rpccli_netr_ServerGetTrustInfo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *server_name /* [in] [unique,charset(UTF16)] */, + const char *account_name /* [in] [ref,charset(UTF16)] */, + enum netr_SchannelType secure_channel_type /* [in] */, + const char *computer_name /* [in] [ref,charset(UTF16)] */, + struct netr_Authenticator *credential /* [in] [ref] */, + struct netr_Authenticator *return_authenticator /* [out] [ref] */, + struct samr_Password *new_owf_password /* [out] [ref] */, + struct samr_Password *old_owf_password /* [out] [ref] */, + struct netr_TrustInfo **trust_info /* [out] [ref] */); #endif /* __CLI_NETLOGON__ */ diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h index 0ccbcdf5b0..ee8a31138d 100644 --- a/source3/librpc/gen_ndr/lsa.h +++ b/source3/librpc/gen_ndr/lsa.h @@ -17,7 +17,7 @@ struct lsa_String { uint16_t length;/* [value(2*strlen_m(string))] */ uint16_t size;/* [value(2*strlen_m(string))] */ const char *string;/* [unique,charset(UTF16),length_is(length/2),size_is(size/2)] */ -}/* [public,noejs] */; +}/* [public] */; struct lsa_StringLarge { uint16_t length;/* [value(2*strlen_m(string))] */ diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h index d1cf64e0eb..de4abdcae5 100644 --- a/source3/librpc/gen_ndr/misc.h +++ b/source3/librpc/gen_ndr/misc.h @@ -11,7 +11,7 @@ struct GUID { uint16_t time_hi_and_version; uint8_t clock_seq[2]; uint8_t node[6]; -}/* [noprint,gensize,public,noejs] */; +}/* [noprint,gensize,public] */; struct ndr_syntax_id { struct GUID uuid; diff --git a/source3/librpc/gen_ndr/ndr_drsblobs.c b/source3/librpc/gen_ndr/ndr_drsblobs.c index dd8d77ea15..d965e40bd2 100644 --- a/source3/librpc/gen_ndr/ndr_drsblobs.c +++ b/source3/librpc/gen_ndr/ndr_drsblobs.c @@ -2351,7 +2351,6 @@ static enum ndr_err_code ndr_push_AuthInfoNT4Owf(struct ndr_push *ndr, int ndr_f NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->password)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->password)); } return NDR_ERR_SUCCESS; } @@ -2364,7 +2363,6 @@ static enum ndr_err_code ndr_pull_AuthInfoNT4Owf(struct ndr_pull *ndr, int ndr_f NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->password)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->password)); } return NDR_ERR_SUCCESS; } @@ -2477,7 +2475,6 @@ static enum ndr_err_code ndr_push_AuthInfo(struct ndr_push *ndr, int ndr_flags, break; case TRUST_AUTH_TYPE_NT4OWF: - NDR_CHECK(ndr_push_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf)); break; case TRUST_AUTH_TYPE_CLEAR: @@ -2525,7 +2522,6 @@ static enum ndr_err_code ndr_pull_AuthInfo(struct ndr_pull *ndr, int ndr_flags, break; case TRUST_AUTH_TYPE_NT4OWF: - NDR_CHECK(ndr_pull_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf)); break; case TRUST_AUTH_TYPE_CLEAR: @@ -2584,7 +2580,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_AuthenticationInformation(struct ndr_push *n } } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo)); } return NDR_ERR_SUCCESS; } @@ -2605,7 +2600,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_AuthenticationInformation(struct ndr_pull *n } } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo)); } return NDR_ERR_SUCCESS; } @@ -2641,7 +2635,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_trustCurrentPasswords(struct ndr_push *ndr, for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) { if (r->current[cntr_current_0]) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current[cntr_current_0])); - NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0])); + NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0])); } } } @@ -2681,7 +2675,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current[cntr_current_0])); _mem_save_current_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->current[cntr_current_0], 0); - NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0])); + NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0])); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_1, 0); ndr->offset = _relative_save_offset; } diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index c4102eba6e..81f8ddcab9 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -8617,6 +8617,145 @@ _PUBLIC_ void ndr_print_DcSitesCtr(struct ndr_print *ndr, const char *name, cons ndr->depth--; } +static enum ndr_err_code ndr_push_netr_TrustInfo(struct ndr_push *ndr, int ndr_flags, const struct netr_TrustInfo *r) +{ + uint32_t cntr_data_1; + uint32_t cntr_entries_1; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->data)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->entry_count)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->data) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + for (cntr_data_1 = 0; cntr_data_1 < r->count; cntr_data_1++) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->data[cntr_data_1])); + } + } + if (r->entries) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); + } + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); + } + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_netr_TrustInfo(struct ndr_pull *ndr, int ndr_flags, struct netr_TrustInfo *r) +{ + uint32_t _ptr_data; + uint32_t cntr_data_1; + TALLOC_CTX *_mem_save_data_0; + TALLOC_CTX *_mem_save_data_1; + uint32_t _ptr_entries; + uint32_t cntr_entries_1; + TALLOC_CTX *_mem_save_entries_0; + TALLOC_CTX *_mem_save_entries_1; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data)); + if (_ptr_data) { + NDR_PULL_ALLOC(ndr, r->data); + } else { + r->data = NULL; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->entry_count)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries)); + if (_ptr_entries) { + NDR_PULL_ALLOC(ndr, r->entries); + } else { + r->entries = NULL; + } + } + if (ndr_flags & NDR_BUFFERS) { + if (r->data) { + _mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->data)); + NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data)); + _mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->data, 0); + for (cntr_data_1 = 0; cntr_data_1 < r->count; cntr_data_1++) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->data[cntr_data_1])); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, 0); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0); + } + if (r->entries) { + _mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->entries)); + NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries)); + _mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0); + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->entries[cntr_entries_1])); + } + for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) { + NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1])); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0); + } + if (r->data) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->data, r->count)); + } + if (r->entries) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count)); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_TrustInfo(struct ndr_print *ndr, const char *name, const struct netr_TrustInfo *r) +{ + uint32_t cntr_data_1; + uint32_t cntr_entries_1; + ndr_print_struct(ndr, name, "netr_TrustInfo"); + ndr->depth++; + ndr_print_uint32(ndr, "count", r->count); + ndr_print_ptr(ndr, "data", r->data); + ndr->depth++; + if (r->data) { + ndr->print(ndr, "%s: ARRAY(%d)", "data", (int)r->count); + ndr->depth++; + for (cntr_data_1=0;cntr_data_1<r->count;cntr_data_1++) { + char *idx_1=NULL; + if (asprintf(&idx_1, "[%d]", cntr_data_1) != -1) { + ndr_print_uint32(ndr, "data", r->data[cntr_data_1]); + free(idx_1); + } + } + ndr->depth--; + } + ndr->depth--; + ndr_print_uint32(ndr, "entry_count", r->entry_count); + ndr_print_ptr(ndr, "entries", r->entries); + ndr->depth++; + if (r->entries) { + ndr->print(ndr, "%s: ARRAY(%d)", "entries", (int)r->count); + ndr->depth++; + for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) { + char *idx_1=NULL; + if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) { + ndr_print_lsa_String(ndr, "entries", &r->entries[cntr_entries_1]); + free(idx_1); + } + } + ndr->depth--; + } + ndr->depth--; + ndr->depth--; +} + static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int flags, const struct netr_LogonUasLogon *r) { if (flags & NDR_IN) { @@ -15424,42 +15563,225 @@ _PUBLIC_ void ndr_print_netr_LogonSamLogonWithFlags(struct ndr_print *ndr, const ndr->depth--; } -static enum ndr_err_code ndr_push_netr_NETRSERVERGETTRUSTINFO(struct ndr_push *ndr, int flags, const struct netr_NETRSERVERGETTRUSTINFO *r) +static enum ndr_err_code ndr_push_netr_ServerGetTrustInfo(struct ndr_push *ndr, int flags, const struct netr_ServerGetTrustInfo *r) { if (flags & NDR_IN) { + NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name)); + if (r->in.server_name) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->in.account_name == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.account_name, ndr_charset_length(r->in.account_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_push_netr_SchannelType(ndr, NDR_SCALARS, r->in.secure_channel_type)); + if (r->in.computer_name == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + if (r->in.credential == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); } if (flags & NDR_OUT) { - NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); + if (r->out.return_authenticator == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator)); + if (r->out.new_owf_password == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.new_owf_password)); + if (r->out.old_owf_password == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.old_owf_password)); + if (r->out.trust_info == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.trust_info)); + if (*r->out.trust_info) { + NDR_CHECK(ndr_push_netr_TrustInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.trust_info)); + } + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_netr_NETRSERVERGETTRUSTINFO(struct ndr_pull *ndr, int flags, struct netr_NETRSERVERGETTRUSTINFO *r) +static enum ndr_err_code ndr_pull_netr_ServerGetTrustInfo(struct ndr_pull *ndr, int flags, struct netr_ServerGetTrustInfo *r) { + uint32_t _ptr_server_name; + uint32_t _ptr_trust_info; + TALLOC_CTX *_mem_save_server_name_0; + TALLOC_CTX *_mem_save_credential_0; + TALLOC_CTX *_mem_save_return_authenticator_0; + TALLOC_CTX *_mem_save_new_owf_password_0; + TALLOC_CTX *_mem_save_old_owf_password_0; + TALLOC_CTX *_mem_save_trust_info_0; + TALLOC_CTX *_mem_save_trust_info_1; if (flags & NDR_IN) { + ZERO_STRUCT(r->out); + + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name)); + if (_ptr_server_name) { + NDR_PULL_ALLOC(ndr, r->in.server_name); + } else { + r->in.server_name = NULL; + } + if (r->in.server_name) { + _mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name)); + if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); + } + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name)); + if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); + if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->in.credential); + } + _mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC); + NDR_PULL_ALLOC(ndr, r->out.return_authenticator); + ZERO_STRUCTP(r->out.return_authenticator); + NDR_PULL_ALLOC(ndr, r->out.new_owf_password); + ZERO_STRUCTP(r->out.new_owf_password); + NDR_PULL_ALLOC(ndr, r->out.old_owf_password); + ZERO_STRUCTP(r->out.old_owf_password); + NDR_PULL_ALLOC(ndr, r->out.trust_info); + ZERO_STRUCTP(r->out.trust_info); } if (flags & NDR_OUT) { - NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.return_authenticator); + } + _mem_save_return_authenticator_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.return_authenticator, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.new_owf_password); + } + _mem_save_new_owf_password_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.new_owf_password, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.new_owf_password)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_owf_password_0, LIBNDR_FLAG_REF_ALLOC); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.old_owf_password); + } + _mem_save_old_owf_password_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.old_owf_password, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.old_owf_password)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_owf_password_0, LIBNDR_FLAG_REF_ALLOC); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.trust_info); + } + _mem_save_trust_info_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.trust_info, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trust_info)); + if (_ptr_trust_info) { + NDR_PULL_ALLOC(ndr, *r->out.trust_info); + } else { + *r->out.trust_info = NULL; + } + if (*r->out.trust_info) { + _mem_save_trust_info_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, *r->out.trust_info, 0); + NDR_CHECK(ndr_pull_netr_TrustInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.trust_info)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trust_info_1, 0); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trust_info_0, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_netr_NETRSERVERGETTRUSTINFO(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERGETTRUSTINFO *r) +_PUBLIC_ void ndr_print_netr_ServerGetTrustInfo(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerGetTrustInfo *r) { - ndr_print_struct(ndr, name, "netr_NETRSERVERGETTRUSTINFO"); + ndr_print_struct(ndr, name, "netr_ServerGetTrustInfo"); ndr->depth++; if (flags & NDR_SET_VALUES) { ndr->flags |= LIBNDR_PRINT_SET_VALUES; } if (flags & NDR_IN) { - ndr_print_struct(ndr, "in", "netr_NETRSERVERGETTRUSTINFO"); + ndr_print_struct(ndr, "in", "netr_ServerGetTrustInfo"); + ndr->depth++; + ndr_print_ptr(ndr, "server_name", r->in.server_name); ndr->depth++; + if (r->in.server_name) { + ndr_print_string(ndr, "server_name", r->in.server_name); + } + ndr->depth--; + ndr_print_ptr(ndr, "account_name", r->in.account_name); + ndr->depth++; + ndr_print_string(ndr, "account_name", r->in.account_name); + ndr->depth--; + ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type); + ndr_print_ptr(ndr, "computer_name", r->in.computer_name); + ndr->depth++; + ndr_print_string(ndr, "computer_name", r->in.computer_name); + ndr->depth--; + ndr_print_ptr(ndr, "credential", r->in.credential); + ndr->depth++; + ndr_print_netr_Authenticator(ndr, "credential", r->in.credential); + ndr->depth--; ndr->depth--; } if (flags & NDR_OUT) { - ndr_print_struct(ndr, "out", "netr_NETRSERVERGETTRUSTINFO"); + ndr_print_struct(ndr, "out", "netr_ServerGetTrustInfo"); ndr->depth++; - ndr_print_WERROR(ndr, "result", r->out.result); + ndr_print_ptr(ndr, "return_authenticator", r->out.return_authenticator); + ndr->depth++; + ndr_print_netr_Authenticator(ndr, "return_authenticator", r->out.return_authenticator); + ndr->depth--; + ndr_print_ptr(ndr, "new_owf_password", r->out.new_owf_password); + ndr->depth++; + ndr_print_samr_Password(ndr, "new_owf_password", r->out.new_owf_password); + ndr->depth--; + ndr_print_ptr(ndr, "old_owf_password", r->out.old_owf_password); + ndr->depth++; + ndr_print_samr_Password(ndr, "old_owf_password", r->out.old_owf_password); + ndr->depth--; + ndr_print_ptr(ndr, "trust_info", r->out.trust_info); + ndr->depth++; + ndr_print_ptr(ndr, "trust_info", *r->out.trust_info); + ndr->depth++; + if (*r->out.trust_info) { + ndr_print_netr_TrustInfo(ndr, "trust_info", *r->out.trust_info); + } + ndr->depth--; + ndr->depth--; + ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; } ndr->depth--; @@ -15835,11 +16157,11 @@ static const struct ndr_interface_call netlogon_calls[] = { false, }, { - "netr_NETRSERVERGETTRUSTINFO", - sizeof(struct netr_NETRSERVERGETTRUSTINFO), - (ndr_push_flags_fn_t) ndr_push_netr_NETRSERVERGETTRUSTINFO, - (ndr_pull_flags_fn_t) ndr_pull_netr_NETRSERVERGETTRUSTINFO, - (ndr_print_function_t) ndr_print_netr_NETRSERVERGETTRUSTINFO, + "netr_ServerGetTrustInfo", + sizeof(struct netr_ServerGetTrustInfo), + (ndr_push_flags_fn_t) ndr_push_netr_ServerGetTrustInfo, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerGetTrustInfo, + (ndr_print_function_t) ndr_print_netr_ServerGetTrustInfo, false, }, { NULL, 0, NULL, NULL, NULL, false } diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h index be20448636..5858906c1c 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.h +++ b/source3/librpc/gen_ndr/ndr_netlogon.h @@ -104,7 +104,7 @@ extern const struct ndr_interface_table ndr_table_netlogon; #define NDR_NETR_LOGONSAMLOGONWITHFLAGS (0x2d) -#define NDR_NETR_NETRSERVERGETTRUSTINFO (0x2e) +#define NDR_NETR_SERVERGETTRUSTINFO (0x2e) #define NDR_NETLOGON_CALL_COUNT (47) void ndr_print_netr_UasInfo(struct ndr_print *ndr, const char *name, const struct netr_UasInfo *r); @@ -226,6 +226,7 @@ void ndr_print_netr_DomainTrust(struct ndr_print *ndr, const char *name, const s void ndr_print_netr_DomainTrustList(struct ndr_print *ndr, const char *name, const struct netr_DomainTrustList *r); void ndr_print_netr_DsRAddressToSitenamesExWCtr(struct ndr_print *ndr, const char *name, const struct netr_DsRAddressToSitenamesExWCtr *r); void ndr_print_DcSitesCtr(struct ndr_print *ndr, const char *name, const struct DcSitesCtr *r); +void ndr_print_netr_TrustInfo(struct ndr_print *ndr, const char *name, const struct netr_TrustInfo *r); void ndr_print_netr_LogonUasLogon(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonUasLogon *r); void ndr_print_netr_LogonUasLogoff(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonUasLogoff *r); void ndr_print_netr_LogonSamLogon(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonSamLogon *r); @@ -276,5 +277,5 @@ void ndr_print_netr_ServerTrustPasswordsGet(struct ndr_print *ndr, const char *n void ndr_print_netr_DsRGetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetForestTrustInformation *r); void ndr_print_netr_GetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_GetForestTrustInformation *r); void ndr_print_netr_LogonSamLogonWithFlags(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonSamLogonWithFlags *r); -void ndr_print_netr_NETRSERVERGETTRUSTINFO(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERGETTRUSTINFO *r); +void ndr_print_netr_ServerGetTrustInfo(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerGetTrustInfo *r); #endif /* _HEADER_NDR_netlogon */ diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index 975bde3340..83db0faaef 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -852,8 +852,7 @@ static enum ndr_err_code ndr_push_samr_DomInfo13(struct ndr_push *ndr, int ndr_f NDR_CHECK(ndr_push_align(ndr, 8)); NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->sequence_num)); NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->domain_create_time)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown2)); + NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->modified_count_at_last_promotion)); } if (ndr_flags & NDR_BUFFERS) { } @@ -866,8 +865,7 @@ static enum ndr_err_code ndr_pull_samr_DomInfo13(struct ndr_pull *ndr, int ndr_f NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->sequence_num)); NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->domain_create_time)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2)); + NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->modified_count_at_last_promotion)); } if (ndr_flags & NDR_BUFFERS) { } @@ -880,8 +878,7 @@ _PUBLIC_ void ndr_print_samr_DomInfo13(struct ndr_print *ndr, const char *name, ndr->depth++; ndr_print_hyper(ndr, "sequence_num", r->sequence_num); ndr_print_NTTIME(ndr, "domain_create_time", r->domain_create_time); - ndr_print_uint32(ndr, "unknown1", r->unknown1); - ndr_print_uint32(ndr, "unknown2", r->unknown2); + ndr_print_hyper(ndr, "modified_count_at_last_promotion", r->modified_count_at_last_promotion); ndr->depth--; } @@ -2652,10 +2649,11 @@ static enum ndr_err_code ndr_push_samr_UserInfo18(struct ndr_push *ndr, int ndr_ { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 1)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->nt_pwd)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_pwd_active)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_pwd_active)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_pwd_active)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2666,10 +2664,11 @@ static enum ndr_err_code ndr_pull_samr_UserInfo18(struct ndr_pull *ndr, int ndr_ { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->nt_pwd)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_pwd_active)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_pwd_active)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_pwd_active)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -2680,10 +2679,11 @@ _PUBLIC_ void ndr_print_samr_UserInfo18(struct ndr_print *ndr, const char *name, { ndr_print_struct(ndr, name, "samr_UserInfo18"); ndr->depth++; - ndr_print_samr_Password(ndr, "lm_pwd", &r->lm_pwd); ndr_print_samr_Password(ndr, "nt_pwd", &r->nt_pwd); - ndr_print_uint8(ndr, "lm_pwd_active", r->lm_pwd_active); + ndr_print_samr_Password(ndr, "lm_pwd", &r->lm_pwd); ndr_print_uint8(ndr, "nt_pwd_active", r->nt_pwd_active); + ndr_print_uint8(ndr, "lm_pwd_active", r->lm_pwd_active); + ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr->depth--; } @@ -2761,8 +2761,8 @@ _PUBLIC_ void ndr_print_samr_FieldsPresent(struct ndr_print *ndr, const char *na ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PARAMETERS", SAMR_FIELD_PARAMETERS, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_COUNTRY_CODE", SAMR_FIELD_COUNTRY_CODE, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_CODE_PAGE", SAMR_FIELD_CODE_PAGE, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PASSWORD", SAMR_FIELD_PASSWORD, r); - ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PASSWORD2", SAMR_FIELD_PASSWORD2, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_NT_PASSWORD_PRESENT", SAMR_FIELD_NT_PASSWORD_PRESENT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_LM_PASSWORD_PRESENT", SAMR_FIELD_LM_PASSWORD_PRESENT, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PRIVATE_DATA", SAMR_FIELD_PRIVATE_DATA, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_EXPIRED_FLAG", SAMR_FIELD_EXPIRED_FLAG, r); ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_SEC_DESC", SAMR_FIELD_SEC_DESC, r); @@ -2790,8 +2790,8 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->workstations)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment)); NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown2)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->lm_owf_password)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->nt_owf_password)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->buf_count)); NDR_CHECK(ndr_push_unique_ptr(ndr, r->buffer)); @@ -2804,8 +2804,8 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->logon_count)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->country_code)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->code_page)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_password_set)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_password_set)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_password_set)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->unknown4)); } @@ -2820,8 +2820,8 @@ static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown2)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->lm_owf_password)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->nt_owf_password)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown3)); if (r->buffer) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->buf_count)); @@ -2854,8 +2854,8 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->workstations)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment)); NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown1)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown2)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->lm_owf_password)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->nt_owf_password)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown3)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->buf_count)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_buffer)); @@ -2873,8 +2873,8 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->logon_count)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->country_code)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->code_page)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_password_set)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_password_set)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_password_set)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->unknown4)); } @@ -2889,8 +2889,8 @@ static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown2)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->lm_owf_password)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->nt_owf_password)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown3)); if (r->buffer) { _mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); @@ -2928,8 +2928,8 @@ _PUBLIC_ void ndr_print_samr_UserInfo21(struct ndr_print *ndr, const char *name, ndr_print_lsa_String(ndr, "workstations", &r->workstations); ndr_print_lsa_String(ndr, "comment", &r->comment); ndr_print_lsa_BinaryString(ndr, "parameters", &r->parameters); - ndr_print_lsa_String(ndr, "unknown1", &r->unknown1); - ndr_print_lsa_String(ndr, "unknown2", &r->unknown2); + ndr_print_lsa_BinaryString(ndr, "lm_owf_password", &r->lm_owf_password); + ndr_print_lsa_BinaryString(ndr, "nt_owf_password", &r->nt_owf_password); ndr_print_lsa_String(ndr, "unknown3", &r->unknown3); ndr_print_uint32(ndr, "buf_count", r->buf_count); ndr_print_ptr(ndr, "buffer", r->buffer); @@ -2947,8 +2947,8 @@ _PUBLIC_ void ndr_print_samr_UserInfo21(struct ndr_print *ndr, const char *name, ndr_print_uint16(ndr, "logon_count", r->logon_count); ndr_print_uint16(ndr, "country_code", r->country_code); ndr_print_uint16(ndr, "code_page", r->code_page); - ndr_print_uint8(ndr, "nt_password_set", r->nt_password_set); ndr_print_uint8(ndr, "lm_password_set", r->lm_password_set); + ndr_print_uint8(ndr, "nt_password_set", r->nt_password_set); ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr_print_uint8(ndr, "unknown4", r->unknown4); ndr->depth--; diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c index 108f2f689c..8339a40d40 100644 --- a/source3/librpc/gen_ndr/ndr_security.c +++ b/source3/librpc/gen_ndr/ndr_security.c @@ -427,7 +427,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_f } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->trustee)); } return NDR_ERR_SUCCESS; } @@ -621,11 +620,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, in if (ndr_flags & NDR_BUFFERS) { if (r->owner_sid) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); } if (r->group_sid) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid)); } if (r->sacl) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl)); @@ -694,7 +693,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid)); _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0); ndr->offset = _relative_save_offset; } @@ -704,7 +703,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid)); _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); ndr->offset = _relative_save_offset; } @@ -855,14 +854,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr } if (ndr_flags & NDR_BUFFERS) { if (r->user_sid) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->user_sid)); } if (r->group_sid) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid)); } for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { if (r->sids[cntr_sids_0]) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0])); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0])); } } } @@ -916,13 +915,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr if (r->user_sid) { _mem_save_user_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->user_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->user_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_sid_0, 0); } if (r->group_sid) { _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); } _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); @@ -931,7 +930,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr if (r->sids[cntr_sids_0]) { _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0])); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0])); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); } } diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h index bddf1bd2b7..f8cbf4afa8 100644 --- a/source3/librpc/gen_ndr/ndr_security.h +++ b/source3/librpc/gen_ndr/ndr_security.h @@ -8,6 +8,10 @@ #include "librpc/gen_ndr/ndr_dom_sid.h" #define NDR_SECURITY_CALL_COUNT (0) +enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r); +enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r); +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *r); +size_t ndr_size_dom_sid(const struct dom_sid *r, int flags); enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r); enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r); void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r); diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.c b/source3/librpc/gen_ndr/ndr_srvsvc.c index 9ac3aa82c9..125542d14a 100644 --- a/source3/librpc/gen_ndr/ndr_srvsvc.c +++ b/source3/librpc/gen_ndr/ndr_srvsvc.c @@ -6358,7 +6358,7 @@ _PUBLIC_ void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *nam ndr_print_enum(ndr, name, "ENUM", val, r); } -static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r) +_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); @@ -6376,7 +6376,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) +_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) { uint32_t _ptr_server_name; TALLOC_CTX *_mem_save_server_name_0; @@ -6421,7 +6421,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char * ndr->depth--; } -static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r) +_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); @@ -6449,7 +6449,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) +_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) { uint32_t _ptr_server_name; TALLOC_CTX *_mem_save_server_name_0; diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.h b/source3/librpc/gen_ndr/ndr_srvsvc.h index 33569d1870..126680cad0 100644 --- a/source3/librpc/gen_ndr/ndr_srvsvc.h +++ b/source3/librpc/gen_ndr/ndr_srvsvc.h @@ -186,7 +186,11 @@ void ndr_print_srvsvc_NetShareInfoCtr(struct ndr_print *ndr, const char *name, c enum ndr_err_code ndr_push_srvsvc_PlatformId(struct ndr_push *ndr, int ndr_flags, enum srvsvc_PlatformId r); enum ndr_err_code ndr_pull_srvsvc_PlatformId(struct ndr_pull *ndr, int ndr_flags, enum srvsvc_PlatformId *r); void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *name, enum srvsvc_PlatformId r); +enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r); +enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r); void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo100 *r); +enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r); +enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r); void ndr_print_srvsvc_NetSrvInfo101(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo101 *r); void ndr_print_srvsvc_NetSrvInfo102(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo102 *r); void ndr_print_srvsvc_NetSrvInfo402(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo402 *r); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index 4d9b549e75..7fb253446a 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -964,6 +964,13 @@ struct DcSitesCtr { struct lsa_String *sites;/* [unique,size_is(num_sites)] */ }; +struct netr_TrustInfo { + uint32_t count; + uint32_t *data;/* [unique,size_is(count)] */ + uint32_t entry_count; + struct lsa_String *entries;/* [unique,size_is(count)] */ +}; + struct netr_LogonUasLogon { struct { @@ -1706,9 +1713,21 @@ struct netr_LogonSamLogonWithFlags { }; -struct netr_NETRSERVERGETTRUSTINFO { +struct netr_ServerGetTrustInfo { struct { - WERROR result; + const char *server_name;/* [unique,charset(UTF16)] */ + const char *account_name;/* [ref,charset(UTF16)] */ + enum netr_SchannelType secure_channel_type; + const char *computer_name;/* [ref,charset(UTF16)] */ + struct netr_Authenticator *credential;/* [ref] */ + } in; + + struct { + struct netr_Authenticator *return_authenticator;/* [ref] */ + struct samr_Password *new_owf_password;/* [ref] */ + struct samr_Password *old_owf_password;/* [ref] */ + struct netr_TrustInfo **trust_info;/* [ref] */ + NTSTATUS result; } out; }; diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index 537f144940..3116f26d8c 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -252,8 +252,7 @@ struct samr_DomInfo12 { struct samr_DomInfo13 { uint64_t sequence_num; NTTIME domain_create_time; - uint32_t unknown1; - uint32_t unknown2; + uint64_t modified_count_at_last_promotion; }; union samr_DomainInfo { @@ -477,10 +476,11 @@ struct samr_Password { }/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */; struct samr_UserInfo18 { - struct samr_Password lm_pwd; struct samr_Password nt_pwd; - uint8_t lm_pwd_active; + struct samr_Password lm_pwd; uint8_t nt_pwd_active; + uint8_t lm_pwd_active; + uint8_t password_expired; }; struct samr_UserInfo20 { @@ -512,8 +512,8 @@ struct samr_UserInfo20 { #define SAMR_FIELD_PARAMETERS ( 0x00200000 ) #define SAMR_FIELD_COUNTRY_CODE ( 0x00400000 ) #define SAMR_FIELD_CODE_PAGE ( 0x00800000 ) -#define SAMR_FIELD_PASSWORD ( 0x01000000 ) -#define SAMR_FIELD_PASSWORD2 ( 0x02000000 ) +#define SAMR_FIELD_NT_PASSWORD_PRESENT ( 0x01000000 ) +#define SAMR_FIELD_LM_PASSWORD_PRESENT ( 0x02000000 ) #define SAMR_FIELD_PRIVATE_DATA ( 0x04000000 ) #define SAMR_FIELD_EXPIRED_FLAG ( 0x08000000 ) #define SAMR_FIELD_SEC_DESC ( 0x10000000 ) @@ -536,8 +536,8 @@ struct samr_UserInfo21 { struct lsa_String workstations; struct lsa_String comment; struct lsa_BinaryString parameters; - struct lsa_String unknown1; - struct lsa_String unknown2; + struct lsa_BinaryString lm_owf_password; + struct lsa_BinaryString nt_owf_password; struct lsa_String unknown3; uint32_t buf_count; uint8_t *buffer;/* [unique,size_is(buf_count)] */ @@ -550,8 +550,8 @@ struct samr_UserInfo21 { uint16_t logon_count; uint16_t country_code; uint16_t code_page; - uint8_t nt_password_set; uint8_t lm_password_set; + uint8_t nt_password_set; uint8_t password_expired; uint8_t unknown4; }; diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index fe23347fdf..99e1f4b1c9 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -4,6 +4,9 @@ #include "librpc/gen_ndr/misc.h" #include "librpc/gen_ndr/dom_sid.h" +#define dom_sid2 dom_sid +#define dom_sid28 dom_sid +#define dom_sid0 dom_sid #ifndef _HEADER_security #define _HEADER_security @@ -129,6 +132,13 @@ #define DOMAIN_RID_ENTERPRISE_ADMINS ( 519 ) #define NT4_ACL_REVISION ( SECURITY_ACL_REVISION_NT4 ) #define SD_REVISION ( SECURITY_DESCRIPTOR_REVISION_1 ) +struct dom_sid { + uint8_t sid_rev_num; + int8_t num_auths;/* [range(0,15)] */ + uint8_t id_auth[6]; + uint32_t sub_auths[15]; +}/* [noprint,gensize,nopull,public,nopush,nosize] */; + enum sec_privilege #ifndef USE_UINT_ENUMS { diff --git a/source3/librpc/gen_ndr/srv_netlogon.c b/source3/librpc/gen_ndr/srv_netlogon.c index 2cb2978af2..8cb461e94d 100644 --- a/source3/librpc/gen_ndr/srv_netlogon.c +++ b/source3/librpc/gen_ndr/srv_netlogon.c @@ -3733,18 +3733,18 @@ static bool api_netr_LogonSamLogonWithFlags(pipes_struct *p) return true; } -static bool api_netr_NETRSERVERGETTRUSTINFO(pipes_struct *p) +static bool api_netr_ServerGetTrustInfo(pipes_struct *p) { const struct ndr_interface_call *call; struct ndr_pull *pull; struct ndr_push *push; enum ndr_err_code ndr_err; DATA_BLOB blob; - struct netr_NETRSERVERGETTRUSTINFO *r; + struct netr_ServerGetTrustInfo *r; - call = &ndr_table_netlogon.calls[NDR_NETR_NETRSERVERGETTRUSTINFO]; + call = &ndr_table_netlogon.calls[NDR_NETR_SERVERGETTRUSTINFO]; - r = talloc(talloc_tos(), struct netr_NETRSERVERGETTRUSTINFO); + r = talloc(talloc_tos(), struct netr_ServerGetTrustInfo); if (r == NULL) { return false; } @@ -3768,10 +3768,35 @@ static bool api_netr_NETRSERVERGETTRUSTINFO(pipes_struct *p) } if (DEBUGLEVEL >= 10) { - NDR_PRINT_IN_DEBUG(netr_NETRSERVERGETTRUSTINFO, r); + NDR_PRINT_IN_DEBUG(netr_ServerGetTrustInfo, r); } - r->out.result = _netr_NETRSERVERGETTRUSTINFO(p, r); + ZERO_STRUCT(r->out); + r->out.return_authenticator = talloc_zero(r, struct netr_Authenticator); + if (r->out.return_authenticator == NULL) { + talloc_free(r); + return false; + } + + r->out.new_owf_password = talloc_zero(r, struct samr_Password); + if (r->out.new_owf_password == NULL) { + talloc_free(r); + return false; + } + + r->out.old_owf_password = talloc_zero(r, struct samr_Password); + if (r->out.old_owf_password == NULL) { + talloc_free(r); + return false; + } + + r->out.trust_info = talloc_zero(r, struct netr_TrustInfo *); + if (r->out.trust_info == NULL) { + talloc_free(r); + return false; + } + + r->out.result = _netr_ServerGetTrustInfo(p, r); if (p->rng_fault_state) { talloc_free(r); @@ -3780,7 +3805,7 @@ static bool api_netr_NETRSERVERGETTRUSTINFO(pipes_struct *p) } if (DEBUGLEVEL >= 10) { - NDR_PRINT_OUT_DEBUG(netr_NETRSERVERGETTRUSTINFO, r); + NDR_PRINT_OUT_DEBUG(netr_ServerGetTrustInfo, r); } push = ndr_push_init_ctx(r, NULL); @@ -3856,7 +3881,7 @@ static struct api_struct api_netlogon_cmds[] = {"NETR_DSRGETFORESTTRUSTINFORMATION", NDR_NETR_DSRGETFORESTTRUSTINFORMATION, api_netr_DsRGetForestTrustInformation}, {"NETR_GETFORESTTRUSTINFORMATION", NDR_NETR_GETFORESTTRUSTINFORMATION, api_netr_GetForestTrustInformation}, {"NETR_LOGONSAMLOGONWITHFLAGS", NDR_NETR_LOGONSAMLOGONWITHFLAGS, api_netr_LogonSamLogonWithFlags}, - {"NETR_NETRSERVERGETTRUSTINFO", NDR_NETR_NETRSERVERGETTRUSTINFO, api_netr_NETRSERVERGETTRUSTINFO}, + {"NETR_SERVERGETTRUSTINFO", NDR_NETR_SERVERGETTRUSTINFO, api_netr_ServerGetTrustInfo}, }; void netlogon_get_pipe_fns(struct api_struct **fns, int *n_fns) diff --git a/source3/librpc/gen_ndr/srv_netlogon.h b/source3/librpc/gen_ndr/srv_netlogon.h index 1fe16c603b..cd68d12f1e 100644 --- a/source3/librpc/gen_ndr/srv_netlogon.h +++ b/source3/librpc/gen_ndr/srv_netlogon.h @@ -47,7 +47,7 @@ NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, struct netr_ServerTrustP WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, struct netr_DsRGetForestTrustInformation *r); WERROR _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r); NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, struct netr_LogonSamLogonWithFlags *r); -WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p, struct netr_NETRSERVERGETTRUSTINFO *r); +NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, struct netr_ServerGetTrustInfo *r); void netlogon_get_pipe_fns(struct api_struct **fns, int *n_fns); NTSTATUS rpc_netlogon_init(void); #endif /* __SRV_NETLOGON__ */ diff --git a/source3/librpc/gen_ndr/srvsvc.h b/source3/librpc/gen_ndr/srvsvc.h index b50213bb96..6467f72a5b 100644 --- a/source3/librpc/gen_ndr/srvsvc.h +++ b/source3/librpc/gen_ndr/srvsvc.h @@ -431,7 +431,7 @@ enum srvsvc_PlatformId struct srvsvc_NetSrvInfo100 { enum srvsvc_PlatformId platform_id; const char *server_name;/* [unique,charset(UTF16)] */ -}; +}/* [public] */; struct srvsvc_NetSrvInfo101 { enum srvsvc_PlatformId platform_id; @@ -440,7 +440,7 @@ struct srvsvc_NetSrvInfo101 { uint32_t version_minor; uint32_t server_type; const char *comment;/* [unique,charset(UTF16)] */ -}; +}/* [public] */; struct srvsvc_NetSrvInfo102 { enum srvsvc_PlatformId platform_id; diff --git a/source3/librpc/gen_ndr/winreg.h b/source3/librpc/gen_ndr/winreg.h index fbbab33c8d..a98120ccf5 100644 --- a/source3/librpc/gen_ndr/winreg.h +++ b/source3/librpc/gen_ndr/winreg.h @@ -54,7 +54,7 @@ struct winreg_String { uint16_t name_len;/* [value(strlen_m_term(name)*2)] */ uint16_t name_size;/* [value(strlen_m_term(name)*2)] */ const char *name;/* [unique,charset(UTF16)] */ -}/* [public,noejs] */; +}/* [public] */; struct KeySecurityData { uint8_t *data;/* [unique,length_is(len),size_is(size)] */ diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c index 39b7e3cd59..252da85929 100644 --- a/source3/librpc/ndr/sid.c +++ b/source3/librpc/ndr/sid.c @@ -22,72 +22,6 @@ #include "includes.h" /* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num)); - NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - } - return NDR_ERR_SUCCESS; -} - -enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_auths)); - if (r->num_auths > 15) { - return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); - } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - } - return NDR_ERR_SUCCESS; -} - -/* convert a dom_sid to a string */ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) @@ -123,161 +57,3 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) return ret; } - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - uint32_t num_auths; - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); - NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); - if (sid->num_auths != num_auths) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, - "Bad array size %u should exceed %u", - num_auths, sid->num_auths); - } - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth -*/ -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - enum ndr_err_code status; - struct ndr_pull *subndr; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - subndr = talloc_zero(ndr, struct ndr_pull); - NDR_ERR_HAVE_NO_MEMORY(subndr); - subndr->flags = ndr->flags; - subndr->current_mem_ctx = ndr->current_mem_ctx; - - subndr->data = ndr->data + ndr->offset; - subndr->data_size = 28; - subndr->offset = 0; - - NDR_CHECK(ndr_pull_advance(ndr, 28)); - - status = ndr_pull_dom_sid(subndr, ndr_flags, sid); - if (!NDR_ERR_CODE_IS_SUCCESS(status)) { - /* handle a w2k bug which send random data in the buffer */ - ZERO_STRUCTP(sid); - } - - return NDR_ERR_SUCCESS; -} - -/* - push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer -*/ -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - uint32_t old_offset; - uint32_t padding; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (sid->num_auths > 5) { - return ndr_push_error(ndr, NDR_ERR_RANGE, - "dom_sid28 allows only upto 5 sub auth [%u]", - sid->num_auths); - } - - old_offset = ndr->offset; - NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); - - padding = 28 - (ndr->offset - old_offset); - - if (padding > 0) { - NDR_CHECK(ndr_push_zero(ndr, padding)); - } - - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (ndr->data_size == ndr->offset) { - ZERO_STRUCTP(sid); - return NDR_ERR_SUCCESS; - } - - return ndr_pull_dom_sid(ndr, ndr_flags, sid); -} - -/* - push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - struct dom_sid zero_sid; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (!sid) { - return NDR_ERR_SUCCESS; - } - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return NDR_ERR_SUCCESS; - } - - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - diff --git a/source3/librpc/rpc/dcerpc.c b/source3/librpc/rpc/dcerpc.c index 77bb7b33a2..69bfc6f329 100644 --- a/source3/librpc/rpc/dcerpc.c +++ b/source3/librpc/rpc/dcerpc.c @@ -117,6 +117,10 @@ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req) return NT_STATUS_OK; } +#if 0 + +Completely unfinished and unused -- vl :-) + /** * Connect to a DCE/RPC interface. * @@ -178,3 +182,5 @@ _PUBLIC_ NTSTATUS dcerpc_pipe_connect(TALLOC_CTX *parent_ctx, struct dcerpc_pipe return nt_status; } + +#endif diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index d371e057e3..fd2fe930f8 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -218,6 +218,118 @@ static bool find_andx_cmd_ofs(char *buf, size_t *pofs) } /** + * @brief Do the smb chaining at a buffer level + * @param[in] poutbuf Pointer to the talloc'ed buffer to be modified + * @param[in] smb_command The command that we want to issue + * @param[in] wct How many words? + * @param[in] vwv The words, already in network order + * @param[in] bytes_alignment How shall we align "bytes"? + * @param[in] num_bytes How many bytes? + * @param[in] bytes The data the request ships + * + * smb_splice_chain() adds the vwv and bytes to the request already present in + * *poutbuf. + */ + +bool smb_splice_chain(char **poutbuf, uint8_t smb_command, + uint8_t wct, const uint16_t *vwv, + size_t bytes_alignment, + uint16_t num_bytes, const uint8_t *bytes) +{ + char *outbuf; + size_t old_size, new_size; + size_t ofs; + size_t chain_padding = 0; + size_t bytes_padding = 0; + bool first_request; + + old_size = talloc_get_size(*poutbuf); + + /* + * old_size == smb_wct means we're pushing the first request in for + * libsmb/ + */ + + first_request = (old_size == smb_wct); + + if (!first_request && ((old_size % 4) != 0)) { + /* + * Align the wct field of subsequent requests to a 4-byte + * boundary + */ + chain_padding = 4 - (old_size % 4); + } + + /* + * After the old request comes the new wct field (1 byte), the vwv's + * and the num_bytes field. After at we might need to align the bytes + * given to us to "bytes_alignment", increasing the num_bytes value. + */ + + new_size = old_size + chain_padding + 1 + wct * sizeof(uint16_t) + 2; + + if ((bytes_alignment != 0) && ((new_size % bytes_alignment) != 0)) { + bytes_padding = bytes_alignment + (new_size % bytes_alignment); + } + + new_size += bytes_padding + num_bytes; + + if (new_size > 0xffff) { + DEBUG(1, ("splice_chain: %u bytes won't fit\n", + (unsigned)new_size)); + return false; + } + + outbuf = TALLOC_REALLOC_ARRAY(NULL, *poutbuf, char, new_size); + if (outbuf == NULL) { + DEBUG(0, ("talloc failed\n")); + return false; + } + *poutbuf = outbuf; + + if (first_request) { + SCVAL(outbuf, smb_com, smb_command); + } else { + size_t andx_cmd_ofs; + + if (!find_andx_cmd_ofs(outbuf, &andx_cmd_ofs)) { + DEBUG(1, ("invalid command chain\n")); + *poutbuf = TALLOC_REALLOC_ARRAY( + NULL, *poutbuf, char, old_size); + return false; + } + + if (chain_padding != 0) { + memset(outbuf + old_size, 0, chain_padding); + old_size += chain_padding; + } + + SCVAL(outbuf, andx_cmd_ofs, smb_command); + SSVAL(outbuf, andx_cmd_ofs + 2, old_size - 4); + } + + ofs = old_size; + + SCVAL(outbuf, ofs, wct); + ofs += 1; + + memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct); + ofs += sizeof(uint16_t) * wct; + + SSVAL(outbuf, ofs, num_bytes + bytes_padding); + ofs += sizeof(uint16_t); + + if (bytes_padding != 0) { + memset(outbuf + ofs, 0, bytes_padding); + ofs += bytes_padding; + } + + memcpy(outbuf + ofs, bytes, num_bytes); + + return true; +} + +/** * @brief Destroy an async_req that is the visible part of a cli_request * @param[in] req The request to kill * @retval Return 0 to make talloc happy @@ -286,10 +398,7 @@ static struct async_req *cli_request_chain(TALLOC_CTX *mem_ctx, const uint8_t *bytes) { struct async_req **tmp_reqs; - char *tmp_buf; struct cli_request *req; - size_t old_size, new_size; - size_t ofs; req = cli->chain_accumulator; @@ -313,52 +422,11 @@ static struct async_req *cli_request_chain(TALLOC_CTX *mem_ctx, talloc_set_destructor(req->async[req->num_async-1], cli_async_req_destructor); - old_size = talloc_get_size(req->outbuf); - - /* - * We need space for the wct field, the words, the byte count field - * and the bytes themselves. - */ - new_size = old_size + 1 + wct * sizeof(uint16_t) + 2 + num_bytes; - - if (new_size > 0xffff) { - DEBUG(1, ("cli_request_chain: %u bytes won't fit\n", - (unsigned)new_size)); + if (!smb_splice_chain(&req->outbuf, smb_command, wct, vwv, + 0, num_bytes, bytes)) { goto fail; } - tmp_buf = TALLOC_REALLOC_ARRAY(NULL, req->outbuf, char, new_size); - if (tmp_buf == NULL) { - DEBUG(0, ("talloc failed\n")); - goto fail; - } - req->outbuf = tmp_buf; - - if (old_size == smb_wct) { - SCVAL(req->outbuf, smb_com, smb_command); - } else { - size_t andx_cmd_ofs; - if (!find_andx_cmd_ofs(req->outbuf, &andx_cmd_ofs)) { - DEBUG(1, ("invalid command chain\n")); - goto fail; - } - SCVAL(req->outbuf, andx_cmd_ofs, smb_command); - SSVAL(req->outbuf, andx_cmd_ofs + 2, old_size - 4); - } - - ofs = old_size; - - SCVAL(req->outbuf, ofs, wct); - ofs += 1; - - memcpy(req->outbuf + ofs, vwv, sizeof(uint16_t) * wct); - ofs += sizeof(uint16_t) * wct; - - SSVAL(req->outbuf, ofs, num_bytes); - ofs += sizeof(uint16_t); - - memcpy(req->outbuf + ofs, bytes, num_bytes); - return req->async[req->num_async-1]; fail: diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 8b7ac7d718..125345fccb 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -22,22 +22,21 @@ static const struct { int prot; - const char *name; -} prots[] = { - {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"}, - {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"}, - {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"}, - {PROTOCOL_LANMAN1,"LANMAN1.0"}, - {PROTOCOL_LANMAN2,"LM1.2X002"}, - {PROTOCOL_LANMAN2,"DOS LANMAN2.1"}, - {PROTOCOL_LANMAN2,"LANMAN2.1"}, - {PROTOCOL_LANMAN2,"Samba"}, - {PROTOCOL_NT1,"NT LANMAN 1.0"}, - {PROTOCOL_NT1,"NT LM 0.12"}, - {-1,NULL} + const char name[24]; +} prots[10] = { + {PROTOCOL_CORE, "PC NETWORK PROGRAM 1.0"}, + {PROTOCOL_COREPLUS, "MICROSOFT NETWORKS 1.03"}, + {PROTOCOL_LANMAN1, "MICROSOFT NETWORKS 3.0"}, + {PROTOCOL_LANMAN1, "LANMAN1.0"}, + {PROTOCOL_LANMAN2, "LM1.2X002"}, + {PROTOCOL_LANMAN2, "DOS LANMAN2.1"}, + {PROTOCOL_LANMAN2, "LANMAN2.1"}, + {PROTOCOL_LANMAN2, "Samba"}, + {PROTOCOL_NT1, "NT LANMAN 1.0"}, + {PROTOCOL_NT1, "NT LM 0.12"}, }; -static const char *star_smbserver_name = "*SMBSERVER"; +#define STAR_SMBSERVER "*SMBSERVER" /** * Set the user session key for a connection @@ -748,19 +747,11 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use if (NT_STATUS_IS_OK(nt_status)) { - DATA_BLOB key = data_blob(ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); - DATA_BLOB null_blob = data_blob_null; - bool res; - fstrcpy(cli->server_domain, ntlmssp_state->server_domain); cli_set_session_key(cli, ntlmssp_state->session_key); - res = cli_simple_set_signing(cli, key, null_blob); - - data_blob_free(&key); - - if (res) { + if (cli_simple_set_signing( + cli, ntlmssp_state->session_key, data_blob_null)) { /* 'resign' the last message, so we get the right sequence numbers for checking the first reply from the server */ @@ -871,7 +862,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, if (principal == NULL && !is_ipaddress(cli->desthost) && - !strequal(star_smbserver_name, + !strequal(STAR_SMBSERVER, cli->desthost)) { char *realm = NULL; char *machine = NULL; @@ -1229,9 +1220,10 @@ void cli_negprot_send(struct cli_state *cli) cli_set_message(cli->outbuf,0,0,True); p = smb_buf(cli->outbuf); - for (numprots=0; - prots[numprots].name && prots[numprots].prot<=cli->protocol; - numprots++) { + for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { + if (prots[numprots].prot > cli->protocol) { + break; + } *p++ = 2; p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE); } @@ -1260,18 +1252,23 @@ bool cli_negprot(struct cli_state *cli) memset(cli->outbuf,'\0',smb_size); + plength = 0; + /* setup the protocol strings */ - for (plength=0,numprots=0; - prots[numprots].name && prots[numprots].prot<=cli->protocol; - numprots++) + for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { + if (prots[numprots].prot > cli->protocol) { + break; + } plength += strlen(prots[numprots].name)+2; + } cli_set_message(cli->outbuf,0,plength,True); p = smb_buf(cli->outbuf); - for (numprots=0; - prots[numprots].name && prots[numprots].prot<=cli->protocol; - numprots++) { + for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) { + if (prots[numprots].prot > cli->protocol) { + break; + } *p++ = 2; p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE); } @@ -1503,7 +1500,7 @@ NTSTATUS cli_connect(struct cli_state *cli, /* reasonable default hostname */ if (!host) { - host = star_smbserver_name; + host = STAR_SMBSERVER; } fstrcpy(cli->desthost, host); @@ -1623,7 +1620,7 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli, if (dest_ss) { ss = *dest_ss; } else { - zero_addr(&ss); + zero_sockaddr(&ss); } again: @@ -1651,8 +1648,8 @@ again: *p = 0; goto again; } - if (strcmp(called.name, star_smbserver_name)) { - make_nmb_name(&called , star_smbserver_name, 0x20); + if (strcmp(called.name, STAR_SMBSERVER)) { + make_nmb_name(&called , STAR_SMBSERVER, 0x20); goto again; } return NT_STATUS_BAD_NETWORK_NAME; @@ -1782,7 +1779,7 @@ bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srcho */ if(is_ipaddress(desthost)) { - make_nmb_name(&called, star_smbserver_name, 0x20); + make_nmb_name(&called, STAR_SMBSERVER, 0x20); } else { make_nmb_name(&called, desthost, 0x20); } @@ -1791,7 +1788,7 @@ bool attempt_netbios_session_request(struct cli_state **ppcli, const char *srcho NTSTATUS status; struct nmb_name smbservername; - make_nmb_name(&smbservername, star_smbserver_name, 0x20); + make_nmb_name(&smbservername, STAR_SMBSERVER, 0x20); /* * If the name wasn't *SMBSERVER then diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 7b63f9535e..f0ac39fed0 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -144,13 +144,13 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, server_n = server; - zero_addr(&ss); + zero_sockaddr(&ss); make_nmb_name(&calling, global_myname(), 0x0); make_nmb_name(&called , server, name_type); again: - zero_addr(&ss); + zero_sockaddr(&ss); if (have_ip) ss = dest_ss; @@ -471,18 +471,19 @@ static void cm_set_password(const char *newpass) /**************************************************************************** ****************************************************************************/ -void cli_cm_set_credentials(void) +void cli_cm_set_credentials(struct user_auth_info *auth_info) { SAFE_FREE(cm_creds.username); - cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username()); + cm_creds.username = SMB_STRDUP(get_cmdline_auth_info_username( + auth_info)); - if (get_cmdline_auth_info_got_pass()) { - cm_set_password(get_cmdline_auth_info_password()); + if (get_cmdline_auth_info_got_pass(auth_info)) { + cm_set_password(get_cmdline_auth_info_password(auth_info)); } - cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(); + cm_creds.use_kerberos = get_cmdline_auth_info_use_kerberos(auth_info); cm_creds.fallback_after_kerberos = false; - cm_creds.signing_state = get_cmdline_auth_info_signing_state(); + cm_creds.signing_state = get_cmdline_auth_info_signing_state(auth_info); } /**************************************************************************** diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 8a5aedfde5..d94427809c 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -732,12 +732,7 @@ struct async_req *cli_echo_send(TALLOC_CTX *mem_ctx, struct event_context *ev, NTSTATUS cli_echo_recv(struct async_req *req) { - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; - } - - return NT_STATUS_OK; + return async_req_simple_recv(req); } /** diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index a9e81082ea..733abb6510 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -908,9 +908,8 @@ NTSTATUS cli_open_recv(struct async_req *req, int *fnum) uint8_t *bytes; NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes); @@ -985,10 +984,10 @@ NTSTATUS cli_close_recv(struct async_req *req) uint16_t *vwv; uint16_t num_bytes; uint8_t *bytes; + NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } return cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes); diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index 50918458b0..cebafc6919 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -417,7 +417,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, } SAFE_FREE(mask); - if (ff_searchcount > 0) { + if (ff_searchcount > 0 && ff_eos == 0 && finfo.name) { mask = SMB_STRDUP(finfo.name); } else { mask = SMB_STRDUP(""); diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index cc982683d0..1c2a0d56c4 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -109,12 +109,12 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, uint16_t *vwv; uint16_t num_bytes; uint8_t *bytes; + uint8_t *buf; NTSTATUS status; size_t size; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes); @@ -137,6 +137,24 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, return NT_STATUS_UNEXPECTED_IO_ERROR; } + /* + * bcc field must be valid for small reads, for large reads the 16-bit + * bcc field can't be correct. + */ + + if ((size < 0xffff) && (size > num_bytes)) { + DEBUG(5, ("server announced more bytes than sent\n")); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + buf = (uint8_t *)smb_base(cli_req->inbuf) + SVAL(vwv+6, 0); + + if (trans_oob(smb_len(cli_req->inbuf), SVAL(vwv+6, 0), size) + || (buf < bytes)) { + DEBUG(5, ("server returned invalid read&x data offset\n")); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + *rcvbuf = (uint8_t *)(smb_base(cli_req->inbuf) + SVAL(vwv + 6, 0)); *received = size; return NT_STATUS_OK; @@ -405,10 +423,10 @@ NTSTATUS cli_pull_recv(struct async_req *req, SMB_OFF_T *received) { struct cli_pull_state *state = talloc_get_type_abort( req->private_data, struct cli_pull_state); + NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } *received = state->pushed; return NT_STATUS_OK; diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index bbdfb75fcd..120b6c0e29 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -1316,10 +1316,10 @@ NTSTATUS cli_trans_recv(struct async_req *req, TALLOC_CTX *mem_ctx, req->private_data, struct cli_request); struct cli_trans_state *state = talloc_get_type_abort( cli_req->recv_helper.priv, struct cli_trans_state); + NTSTATUS status; - SMB_ASSERT(req->state >= ASYNC_REQ_DONE); - if (req->state == ASYNC_REQ_ERROR) { - return req->status; + if (async_req_is_error(req, &status)) { + return status; } if (setup != NULL) { diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index d8c2b70175..3491544175 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -1119,6 +1119,27 @@ static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx, num_dcs, info); } +static bool is_closest_site(struct netr_DsRGetDCNameInfo *info) +{ + if (info->dc_flags & DS_SERVER_CLOSEST) { + return true; + } + + if (!info->client_site_name) { + return true; + } + + if (!info->dc_site_name) { + return false; + } + + if (strcmp(info->client_site_name, info->dc_site_name) == 0) { + return true; + } + + return false; +} + /******************************************************************** dsgetdcname. @@ -1136,6 +1157,8 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; struct netr_DsRGetDCNameInfo *myinfo = NULL; char *query_site = NULL; + bool first = true; + struct netr_DsRGetDCNameInfo *first_info = NULL; DEBUG(10,("dsgetdcname: domain_name: %s, " "domain_guid: %s, site_name: %s, flags: 0x%08x\n", @@ -1163,7 +1186,6 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, status = dsgetdcname_cached(mem_ctx, msg_ctx, domain_name, domain_guid, flags, query_site, &myinfo); if (NT_STATUS_IS_OK(status)) { - *info = myinfo; goto done; } @@ -1176,12 +1198,27 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, domain_guid, flags, query_site, &myinfo); - if (NT_STATUS_IS_OK(status)) { - *info = myinfo; - } - done: SAFE_FREE(query_site); - return status; + if (!NT_STATUS_IS_OK(status)) { + if (!first) { + *info = first_info; + return NT_STATUS_OK; + } + return status; + } + + if (!first) { + TALLOC_FREE(first_info); + } else if (!is_closest_site(myinfo)) { + first = false; + first_info = myinfo; + /* TODO: may use the next_closest_site here */ + query_site = SMB_STRDUP(myinfo->client_site_name); + goto rediscover; + } + + *info = myinfo; + return NT_STATUS_OK; } diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index 19843383de..becee17f65 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -633,13 +633,19 @@ smbc_set_credentials(char *workgroup, smbc_bool use_kerberos, char *signing_state) { - - set_cmdline_auth_info_username(user); - set_cmdline_auth_info_password(password); - set_cmdline_auth_info_use_kerberos(use_kerberos); - if (! set_cmdline_auth_info_signing_state(signing_state)) { + struct user_auth_info *auth_info; + + auth_info = user_auth_info_init(talloc_tos()); + if (auth_info == NULL) { + return; + } + set_cmdline_auth_info_username(auth_info, user); + set_cmdline_auth_info_password(auth_info, password); + set_cmdline_auth_info_use_kerberos(auth_info, use_kerberos); + if (! set_cmdline_auth_info_signing_state(auth_info, signing_state)) { DEBUG(0, ("Invalid signing state: %s", signing_state)); } set_global_myworkgroup(workgroup); - cli_cm_set_credentials(); + cli_cm_set_credentials(auth_info); + TALLOC_FREE(auth_info); } diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index aa313f2c05..d12e7487f6 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -1193,8 +1193,6 @@ SMBC_mkdir_ctx(SMBCCTX *context, * Our list function simply checks to see if a directory is not empty */ -static int smbc_rmdir_dirempty = True; - static void rmdir_list_fn(const char *mnt, file_info *finfo, @@ -1203,7 +1201,8 @@ rmdir_list_fn(const char *mnt, { if (strncmp(finfo->name, ".", 1) != 0 && strncmp(finfo->name, "..", 2) != 0) { - smbc_rmdir_dirempty = False; + bool *smbc_rmdir_dirempty = (bool *)state; + *smbc_rmdir_dirempty = false; } } @@ -1292,8 +1291,7 @@ SMBC_rmdir_ctx(SMBCCTX *context, /* Local storage to avoid buffer overflows */ char *lpath; - - smbc_rmdir_dirempty = True; /* Make this so ... */ + bool smbc_rmdir_dirempty = true; lpath = talloc_asprintf(frame, "%s\\*", targetpath); @@ -1305,7 +1303,8 @@ SMBC_rmdir_ctx(SMBCCTX *context, if (cli_list(targetcli, lpath, aDIR | aSYSTEM | aHIDDEN, - rmdir_list_fn, NULL) < 0) { + rmdir_list_fn, + &smbc_rmdir_dirempty) < 0) { /* Fix errno to ignore latest error ... */ DEBUG(5, ("smbc_rmdir: " diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index aeec255350..5e37871deb 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -248,7 +248,7 @@ SMBC_server(TALLOC_CTX *ctx, const char *username_used; NTSTATUS status; - zero_addr(&ss); + zero_sockaddr(&ss); ZERO_STRUCT(c); if (server[0] == 0) { @@ -348,7 +348,7 @@ SMBC_server(TALLOC_CTX *ctx, again: - zero_addr(&ss); + zero_sockaddr(&ss); /* have to open a new connection */ if ((c = cli_initialise()) == NULL) { @@ -595,7 +595,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, flags |= CLI_FULL_CONNECTION_USE_KERBEROS; } - zero_addr(&ss); + zero_sockaddr(&ss); nt_status = cli_full_connection(&ipc_cli, global_myname(), server, &ss, 0, "IPC$", "?????", diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index e6eed8289e..05679570d4 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -34,6 +34,8 @@ bool global_in_nmbd = False; ****************************************************************************/ #define SAFKEY_FMT "SAF/DOMAIN/%s" #define SAF_TTL 900 +#define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s" +#define SAFJOIN_TTL 3600 static char *saf_key(const char *domain) { @@ -44,6 +46,15 @@ static char *saf_key(const char *domain) return keystr; } +static char *saf_join_key(const char *domain) +{ + char *keystr; + + asprintf_strupper_m(&keystr, SAFJOINKEY_FMT, domain); + + return keystr; +} + /**************************************************************************** ****************************************************************************/ @@ -69,7 +80,7 @@ bool saf_store( const char *domain, const char *servername ) return False; key = saf_key( domain ); - expire = time( NULL ) + SAF_TTL; + expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL); DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n", domain, servername, (unsigned int)expire )); @@ -81,6 +92,38 @@ bool saf_store( const char *domain, const char *servername ) return ret; } +bool saf_join_store( const char *domain, const char *servername ) +{ + char *key; + time_t expire; + bool ret = False; + + if ( !domain || !servername ) { + DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n")); + return False; + } + + if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) { + DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n")); + return False; + } + + if ( !gencache_init() ) + return False; + + key = saf_join_key( domain ); + expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL); + + DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n", + domain, servername, (unsigned int)expire )); + + ret = gencache_set( key, servername, expire ); + + SAFE_FREE( key ); + + return ret; +} + bool saf_delete( const char *domain ) { char *key; @@ -94,15 +137,22 @@ bool saf_delete( const char *domain ) if ( !gencache_init() ) return False; + key = saf_join_key(domain); + ret = gencache_del(key); + SAFE_FREE(key); + + if (ret) { + DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain )); + } + key = saf_key(domain); ret = gencache_del(key); + SAFE_FREE(key); if (ret) { DEBUG(10,("saf_delete: domain = [%s]\n", domain )); } - SAFE_FREE( key ); - return ret; } @@ -124,6 +174,18 @@ char *saf_fetch( const char *domain ) if ( !gencache_init() ) return False; + key = saf_join_key( domain ); + + ret = gencache_get( key, &server, &timeout ); + + SAFE_FREE( key ); + + if ( ret ) { + DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n", + server, domain )); + return server; + } + key = saf_key( domain ); ret = gencache_get( key, &server, &timeout ); @@ -331,7 +393,7 @@ bool name_status_find(const char *q_name, if (!interpret_string_addr(&ss, lp_socket_address(), AI_NUMERICHOST|AI_PASSIVE)) { - zero_addr(&ss); + zero_sockaddr(&ss); } sock = open_socket_in(SOCK_DGRAM, 0, 3, &ss, True); @@ -526,9 +588,9 @@ static int remove_duplicate_addrs2(struct ip_service *iplist, int count ) } for ( j=i+1; j<count; j++ ) { - if (addr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) && + if (sockaddr_equal((struct sockaddr *)&iplist[i].ss, (struct sockaddr *)&iplist[j].ss) && iplist[i].port == iplist[j].port) { - zero_addr(&iplist[j].ss); + zero_sockaddr(&iplist[j].ss); } } } @@ -954,7 +1016,7 @@ NTSTATUS name_resolve_bcast(const char *name, if (!interpret_string_addr(&ss, lp_socket_address(), AI_NUMERICHOST|AI_PASSIVE)) { - zero_addr(&ss); + zero_sockaddr(&ss); } sock = open_socket_in( SOCK_DGRAM, 0, 3, &ss, true ); @@ -1042,7 +1104,7 @@ NTSTATUS resolve_wins(const char *name, /* the address we will be sending from */ if (!interpret_string_addr(&src_ss, lp_socket_address(), AI_NUMERICHOST|AI_PASSIVE)) { - zero_addr(&src_ss); + zero_sockaddr(&src_ss); } if (src_ss.ss_family != AF_INET) { @@ -2098,6 +2160,15 @@ NTSTATUS get_sorted_dc_list( const char *domain, status = get_dc_list(domain, sitename, ip_list, count, lookup_type, &ordered); + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS) + && sitename) { + DEBUG(3,("get_sorted_dc_list: no server for name %s available" + " in site %s, fallback to all servers\n", + domain, sitename)); + status = get_dc_list(domain, NULL, ip_list, + count, lookup_type, &ordered); + } + if (!NT_STATUS_IS_OK(status)) { SAFE_FREE(*ip_list); *count = 0; diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index 306f720a02..7b0748f86b 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -134,7 +134,7 @@ static bool ads_dc_name(const char *domain, #ifdef HAVE_ADS *dc_ss = ads->ldap.ss; #else - zero_addr(dc_ss); + zero_sockaddr(dc_ss); #endif ads_destroy(&ads); @@ -217,7 +217,7 @@ bool get_dc_name(const char *domain, bool ret; bool our_domain = False; - zero_addr(&dc_ss); + zero_sockaddr(&dc_ss); ret = False; diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index a81ae9afd5..795c8bc14c 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -388,10 +388,17 @@ void common_free_encryption_state(struct smb_trans_enc_state **pp_es) void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf) { + uint16_t enc_ctx_num; + if (!common_encryption_on(es)) { return; } + if (!NT_STATUS_IS_OK(get_enc_ctx_num((const uint8_t *)buf, + &enc_ctx_num))) { + return; + } + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { SAFE_FREE(buf); return; diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 33717f1bb9..a70f9d20fe 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -1067,13 +1067,10 @@ static void add_share_mode_entry(struct share_mode_lock *lck, } void set_share_mode(struct share_mode_lock *lck, files_struct *fsp, - uid_t uid, uint16 mid, uint16 op_type, bool initial_delete_on_close_allowed) + uid_t uid, uint16 mid, uint16 op_type) { struct share_mode_entry entry; fill_share_mode_entry(&entry, fsp, uid, mid, op_type); - if (initial_delete_on_close_allowed) { - entry.flags |= SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE; - } add_share_mode_entry(lck, &entry); } @@ -1271,22 +1268,6 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, bool delete_on_close, return NT_STATUS_OK; } -/**************************************************************************** - Do we have an open file handle that created this entry ? -****************************************************************************/ - -bool can_set_initial_delete_on_close(const struct share_mode_lock *lck) -{ - int i; - - for (i=0; i<lck->num_share_modes; i++) { - if (lck->share_modes[i].flags & SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE) { - return True; - } - } - return False; -} - /************************************************************************* Return a talloced copy of a UNIX_USER_TOKEN. NULL on fail. (Should this be in locking.c.... ?). @@ -1380,31 +1361,6 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKE return True; } -/**************************************************************************** - Sets the allow initial delete on close flag for this share mode. -****************************************************************************/ - -bool set_allow_initial_delete_on_close(struct share_mode_lock *lck, files_struct *fsp, bool delete_on_close) -{ - struct share_mode_entry entry, *e; - - /* Don't care about the pid owner being correct here - just a search. */ - fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK); - - e = find_share_mode_entry(lck, &entry); - if (e == NULL) { - return False; - } - - if (delete_on_close) { - e->flags |= SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE; - } else { - e->flags &= ~SHARE_MODE_ALLOW_INITIAL_DELETE_ON_CLOSE; - } - lck->modified = True; - return True; -} - bool set_sticky_write_time(struct file_id fileid, struct timespec write_time) { struct share_mode_lock *lck; diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c index 4e76b97ccf..16599005b9 100644 --- a/source3/modules/gpfs.c +++ b/source3/modules/gpfs.c @@ -31,6 +31,8 @@ static int (*gpfs_set_share_fn)(int fd, unsigned int allow, unsigned int deny); static int (*gpfs_set_lease_fn)(int fd, unsigned int leaseType); static int (*gpfs_getacl_fn)(char *pathname, int flags, void *acl); static int (*gpfs_putacl_fn)(char *pathname, int flags, void *acl); +static int (*gpfs_get_realfilename_path_fn)(char *pathname, char *filenamep, + int *buflen); bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask, @@ -43,7 +45,7 @@ bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask, if (!gpfs_share_modes) { return True; } - + if (gpfs_set_share_fn == NULL) { return False; } @@ -104,7 +106,7 @@ int set_gpfs_lease(int fd, int leasetype) if (leasetype == F_WRLCK) { gpfs_type = GPFS_LEASE_WRITE; } - + /* we unconditionally set CAP_LEASE, rather than looking for -1/EACCES as there is a bug in some versions of libgpfs_gpl.so which results in a leaked fd on /dev/ss0 @@ -134,6 +136,17 @@ int smbd_gpfs_putacl(char *pathname, int flags, void *acl) return gpfs_putacl_fn(pathname, flags, acl); } +int smbd_gpfs_get_realfilename_path(char *pathname, char *filenamep, + int *buflen) +{ + if (gpfs_get_realfilename_path_fn == NULL) { + errno = ENOSYS; + return -1; + } + + return gpfs_get_realfilename_path_fn(pathname, filenamep, buflen); +} + static bool init_gpfs_function_lib(void *plibhandle_pointer, const char *libname, void *pfn_pointer, const char *fn_name) @@ -142,6 +155,9 @@ static bool init_gpfs_function_lib(void *plibhandle_pointer, void **libhandle_pointer = (void **)plibhandle_pointer; void **fn_pointer = (void **)pfn_pointer; + DEBUG(10, ("trying to load name %s from %s\n", + fn_name, libname)); + if (*libhandle_pointer == NULL) { *libhandle_pointer = dlopen(libname, RTLD_LAZY); did_open_here = true; @@ -187,6 +203,8 @@ void init_gpfs(void) init_gpfs_function(&gpfs_set_lease_fn, "gpfs_set_lease"); init_gpfs_function(&gpfs_getacl_fn, "gpfs_getacl"); init_gpfs_function(&gpfs_putacl_fn, "gpfs_putacl"); + init_gpfs_function(&gpfs_get_realfilename_path_fn, + "gpfs_get_realfilename_path"); gpfs_share_modes = lp_parm_bool(-1, "gpfs", "sharemodes", True); gpfs_leases = lp_parm_bool(-1, "gpfs", "leases", True); @@ -226,6 +244,13 @@ int smbd_gpfs_putacl(char *pathname, int flags, void *acl) return -1; } +int smbd_gpfs_get_realfilename_path(char *pathname, char *fileamep, + int *buflen) +{ + errno = ENOSYS; + return -1; +} + void init_gpfs(void) { return; diff --git a/source3/modules/onefs.h b/source3/modules/onefs.h index 965f39509a..8d0f45abdb 100644 --- a/source3/modules/onefs.h +++ b/source3/modules/onefs.h @@ -21,6 +21,10 @@ #ifndef _ONEFS_H #define _ONEFS_H +#include "includes.h" + +#include <sys/isi_acl.h> + /* OneFS Module smb.conf parameters and defaults */ /** @@ -34,13 +38,6 @@ enum onefs_acl_wire_format ACL_FORMAT_ALWAYS /**< Always canonicalize */ }; -const struct enum_list enum_onefs_acl_wire_format[] = { - {ACL_FORMAT_RAW, "No Format"}, - {ACL_FORMAT_WINDOWS_SD, "Format Windows SD"}, - {ACL_FORMAT_ALWAYS, "Always Format SD"}, - {-1, NULL} -}; - #define PARM_ONEFS_TYPE "onefs" #define PARM_ACL_WIRE_FORMAT "acl wire format" #define PARM_ACL_WIRE_FORMAT_DEFAULT ACL_FORMAT_WINDOWS_SD @@ -49,4 +46,61 @@ const struct enum_list enum_onefs_acl_wire_format[] = { #define PARM_CREATOR_OWNER_GETS_FULL_CONTROL "creator owner gets full control" #define PARM_CREATOR_OWNER_GETS_FULL_CONTROL_DEFAULT true +/* + * vfs interface handlers + */ +NTSTATUS onefs_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); + +NTSTATUS onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info, SEC_DESC **ppdesc); + +NTSTATUS onefs_get_nt_acl(vfs_handle_struct *handle, const char* name, + uint32 security_info, SEC_DESC **ppdesc); + +NTSTATUS onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info_sent, SEC_DESC *psd); + + +/* + * Utility functions + */ +NTSTATUS onefs_setup_sd(uint32 security_info_sent, SEC_DESC *psd, + struct ifs_security_descriptor *sd); + +/* + * System Interfaces + */ +int onefs_sys_create_file(connection_struct *conn, + int base_fd, + const char *path, + uint32_t access_mask, + uint32_t open_access_mask, + uint32_t share_access, + uint32_t create_options, + int flags, + mode_t mode, + int oplock_request, + uint64_t id, + struct security_descriptor *sd, + uint32_t ntfs_flags, + int *granted_oplock); + + + #endif /* _ONEFS_H */ diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 3a692c95ab..5351118a87 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -19,20 +19,23 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ -#include "includes.h" +#include "onefs.h" -#include <sys/isi_acl.h> #include <isi_acl/isi_acl_util.h> -#include <sys/isi_oplock.h> #include <ifs/ifs_syscalls.h> -#include "onefs.h" +const struct enum_list enum_onefs_acl_wire_format[] = { + {ACL_FORMAT_RAW, "No Format"}, + {ACL_FORMAT_WINDOWS_SD, "Format Windows SD"}, + {ACL_FORMAT_ALWAYS, "Always Format SD"}, + {-1, NULL} +}; /** * Turn SID into UID/GID and setup a struct ifs_identity */ static bool -onefs_sid_to_identity(DOM_SID *sid, struct ifs_identity *id, bool is_group) +onefs_sid_to_identity(const DOM_SID *sid, struct ifs_identity *id, bool is_group) { enum ifs_identity_type type = IFS_ID_TYPE_LAST+1; uid_t uid = 0; @@ -514,15 +517,22 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, if (security_info & SACL_SECURITY_INFORMATION) desired_access |= IFS_RTS_SACL_ACCESS; - if ((fsp->fh->fd = ifs_createfile(-1, - fsp->fsp_name, - desired_access, - 0, 0, - OPLOCK_NONE, - 0, NULL, 0, - NULL, 0, NULL)) == -1) { - DEBUG(0, ("Error opening file %s. errno=%d\n", - fsp->fsp_name, errno)); + if ((fsp->fh->fd = onefs_sys_create_file(handle->conn, + -1, + fsp->fsp_name, + desired_access, + desired_access, + 0, + 0, + 0, + 0, + INTERNAL_OPEN_ONLY, + 0, + NULL, + 0, + NULL)) == -1) { + DEBUG(0, ("Error opening file %s. errno=%d (%s)\n", + fsp->fsp_name, errno, strerror(errno))); status = map_nt_error_from_unix(errno); goto out; } @@ -679,22 +689,18 @@ onefs_get_nt_acl(vfs_handle_struct *handle, const char* name, } /** - * Isilon-specific function for setting an NTFS ACL on an open file. + * Isilon-specific function for setting up an ifs_security_descriptor, given a + * samba SEC_DESC. * - * @return NT_STATUS_UNSUCCESSFUL for userspace errors, NTSTATUS based off - * errno on syscall errors + * @param[out] sd ifs_security_descriptor to fill in + * + * @return NTSTATUS_OK if successful */ -NTSTATUS -onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS onefs_setup_sd(uint32 security_info_sent, SEC_DESC *psd, + struct ifs_security_descriptor *sd) { - struct ifs_security_descriptor sd = {}; struct ifs_security_acl dacl, sacl, *daclp, *saclp; struct ifs_identity owner, group, *ownerp, *groupp; - int fd; - bool fopened = false; - - DEBUG(5,("Setting SD on file %s.\n", fsp->fsp_name )); ownerp = NULL; groupp = NULL; @@ -759,10 +765,37 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, /* Setup ifs_security_descriptor */ DEBUG(5,("Setting up SD\n")); - if (aclu_initialize_sd(&sd, psd->type, ownerp, groupp, - (daclp ? &daclp : NULL), (saclp ? &saclp : NULL), false)) + if (aclu_initialize_sd(sd, psd->type, ownerp, groupp, + (daclp ? &daclp : NULL), (saclp ? &saclp : NULL), false)) return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_OK; +} + +/** + * Isilon-specific function for setting an NTFS ACL on an open file. + * + * @return NT_STATUS_UNSUCCESSFUL for userspace errors, NTSTATUS based off + * errno on syscall errors + */ +NTSTATUS +onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info_sent, SEC_DESC *psd) +{ + struct ifs_security_descriptor sd = {}; + int fd; + bool fopened = false; + NTSTATUS status; + + DEBUG(5,("Setting SD on file %s.\n", fsp->fsp_name )); + + status = onefs_setup_sd(security_info_sent, psd, &sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("SD initialization failure: %s", nt_errstr(status))); + return status; + } + fd = fsp->fh->fd; if (fd == -1) { enum ifs_ace_rights desired_access = 0; @@ -775,16 +808,24 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, if (security_info_sent & SACL_SECURITY_INFORMATION) desired_access |= IFS_RTS_SACL_ACCESS; - if ((fd = ifs_createfile(-1, - fsp->fsp_name, - desired_access, - 0, 0, - OPLOCK_NONE, - 0, NULL, 0, - NULL, 0, NULL)) == -1) { - DEBUG(0, ("Error opening file %s. errno=%d\n", - fsp->fsp_name, errno)); - return map_nt_error_from_unix(errno); + if ((fd = onefs_sys_create_file(handle->conn, + -1, + fsp->fsp_name, + desired_access, + desired_access, + 0, + 0, + 0, + 0, + INTERNAL_OPEN_ONLY, + 0, + NULL, + 0, + NULL)) == -1) { + DEBUG(0, ("Error opening file %s. errno=%d (%s)\n", + fsp->fsp_name, errno, strerror(errno))); + status = map_nt_error_from_unix(errno); + goto out; } fopened = true; } @@ -792,10 +833,12 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, errno = 0; if (ifs_set_security_descriptor(fd, security_info_sent, &sd)) { DEBUG(0, ("Error setting security descriptor = %d\n", errno)); + status = map_nt_error_from_unix(errno); goto out; } DEBUG(5, ("Security descriptor set correctly!\n")); + status = NT_STATUS_OK; /* FALLTHROUGH */ out: @@ -803,5 +846,5 @@ out: close(fd); aclu_free_sd(&sd, false); - return errno ? map_nt_error_from_unix(errno) : NT_STATUS_OK; + return status; } diff --git a/source3/modules/onefs_open.c b/source3/modules/onefs_open.c new file mode 100644 index 0000000000..d0310d0174 --- /dev/null +++ b/source3/modules/onefs_open.c @@ -0,0 +1,2153 @@ +/* + * Unix SMB/CIFS implementation. + * + * This file began with some code from source3/smbd/open.c and modified it to + * work with ifs_createfile. + * + * ifs_createfile is a CIFS-specific syscall for opening/files and + * directories. It adds support for: + * - Full in-kernel access checks using a windows access_mask + * - Cluster-coherent share mode locks + * - Cluster-coherent oplocks + * - Streams + * - Setting security descriptors at create time + * - Setting dos_attributes at create time + * + * Copyright (C) Andrew Tridgell 1992-1998 + * Copyright (C) Jeremy Allison 2001-2004 + * Copyright (C) Volker Lendecke 2005 + * Copyright (C) Tim Prouty, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "onefs.h" + +extern const struct generic_mapping file_generic_mapping; +extern bool global_client_failed_oplock_break; + +struct deferred_open_record { + bool delayed_for_oplocks; + bool failed; /* added for onefs_oplocks */ + struct file_id id; +}; + +static NTSTATUS onefs_create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); + +/**************************************************************************** + Open a file. +****************************************************************************/ + +static NTSTATUS onefs_open_file(files_struct *fsp, + connection_struct *conn, + struct smb_request *req, + const char *parent_dir, + const char *name, + const char *path, + SMB_STRUCT_STAT *psbuf, + int flags, + mode_t unx_mode, + uint32 access_mask, + uint32 open_access_mask, + int oplock_request, + uint64 id, + uint32 share_access, + uint32 create_options, + uint32_t new_dos_attributes, + struct security_descriptor *sd, + int *granted_oplock) +{ + NTSTATUS status = NT_STATUS_OK; + int accmode = (flags & O_ACCMODE); + int local_flags = flags; + bool file_existed = VALID_STAT(*psbuf); + const char *wild; + + fsp->fh->fd = -1; + errno = EPERM; + + /* Check permissions */ + + /* + * This code was changed after seeing a client open request + * containing the open mode of (DENY_WRITE/read-only) with + * the 'create if not exist' bit set. The previous code + * would fail to open the file read only on a read-only share + * as it was checking the flags parameter directly against O_RDONLY, + * this was failing as the flags parameter was set to O_RDONLY|O_CREAT. + * JRA. + */ + + if (!CAN_WRITE(conn)) { + /* It's a read-only share - fail if we wanted to write. */ + if(accmode != O_RDONLY) { + DEBUG(3,("Permission denied opening %s\n", path)); + return NT_STATUS_ACCESS_DENIED; + } else if(flags & O_CREAT) { + /* We don't want to write - but we must make sure that + O_CREAT doesn't create the file if we have write + access into the directory. + */ + flags &= ~O_CREAT; + local_flags &= ~O_CREAT; + } + } + + /* + * This little piece of insanity is inspired by the + * fact that an NT client can open a file for O_RDONLY, + * but set the create disposition to FILE_EXISTS_TRUNCATE. + * If the client *can* write to the file, then it expects to + * truncate the file, even though it is opening for readonly. + * Quicken uses this stupid trick in backup file creation... + * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net> + * for helping track this one down. It didn't bite us in 2.0.x + * as we always opened files read-write in that release. JRA. + */ + + if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) { + DEBUG(10,("onefs_open_file: truncate requested on read-only " + "open for file %s\n", path)); + local_flags = (flags & ~O_ACCMODE)|O_RDWR; + } + +#if defined(O_NONBLOCK) && defined(S_ISFIFO) + /* + * We would block on opening a FIFO with no one else on the + * other end. Do what we used to do and add O_NONBLOCK to the + * open flags. JRA. + */ + + if (file_existed && S_ISFIFO(psbuf->st_mode)) { + local_flags |= O_NONBLOCK; + } +#endif + + /* Don't create files with Microsoft wildcard characters. */ + if (fsp->base_fsp) { + /* + * wildcard characters are allowed in stream names + * only test the basefilename + */ + wild = fsp->base_fsp->fsp_name; + } else { + wild = path; + } + if ((local_flags & O_CREAT) && !file_existed && + ms_has_wild(wild)) { + /* + * XXX: may need to remvoe this return... + * + * We dont think this check needs to exist. All it does is + * block creating files with Microsoft wildcards, which is + * fine if the creation originated from NFS or locally and + * then was copied via Samba. + */ + DEBUG(1, ("onefs_open_file: creating file with wildcard: %s\n", + path)); + return NT_STATUS_OBJECT_NAME_INVALID; + } + + /* Actually do the open */ + +#ifdef O_NOFOLLOW + /* + * Never follow symlinks on a POSIX client. The + * client should be doing this. + */ + + if (fsp->posix_open || !lp_symlinks(SNUM(conn))) { + flags |= O_NOFOLLOW; + } +#endif + /* Don't request an oplock if oplocks are turned off for the + * share. */ + if (!lp_oplocks(SNUM(conn))) + oplock_request = 0; + + fsp->fh->fd = onefs_sys_create_file(conn, + -1, + path, + access_mask, + open_access_mask, + share_access, + create_options, + flags, + unx_mode, + oplock_request, + id, + sd, + new_dos_attributes, + granted_oplock); + + if (fsp->fh->fd == -1) { + if (errno == EMFILE) { + static time_t last_warned = 0L; + + if (time((time_t *) NULL) > last_warned) { + DEBUG(0, ("Too many open files, unable " + "to open more! smbd's max " + "open files = %d, also check " + "sysctl kern.maxfiles and " + "sysctl kern.maxfilesperproc\n", + lp_max_open_files())); + last_warned = time((time_t *) NULL); + } + } + + status = map_nt_error_from_unix(errno); + DEBUG(3,("Error opening file %s (%s) (local_flags=%d) " + "(flags=%d)\n", + path,nt_errstr(status),local_flags,flags)); + return status; + } + + if ((local_flags & O_CREAT) && !file_existed) { + + /* Inherit the ACL if required */ + if (lp_inherit_perms(SNUM(conn))) { + inherit_access_posix_acl(conn, parent_dir, path, + unx_mode); + } + + /* Change the owner if required. */ + if (lp_inherit_owner(SNUM(conn))) { + change_file_owner_to_parent(conn, parent_dir, + fsp); + } + + notify_fname(conn, NOTIFY_ACTION_ADDED, + FILE_NOTIFY_CHANGE_FILE_NAME, path); + } + + if (!file_existed) { + int ret; + + if (fsp->fh->fd == -1) { + ret = SMB_VFS_STAT(conn, path, psbuf); + } else { + ret = SMB_VFS_FSTAT(fsp, psbuf); + /* If we have an fd, this stat should succeed. */ + if (ret == -1) { + DEBUG(0,("Error doing fstat on open file %s " + "(%s)\n", path,strerror(errno) )); + } + } + + /* For a non-io open, this stat failing means file not found. JRA */ + if (ret == -1) { + status = map_nt_error_from_unix(errno); + fd_close(fsp); + return status; + } + } + + /* + * POSIX allows read-only opens of directories. We don't + * want to do this (we use a different code path for this) + * so catch a directory open and return an EISDIR. JRA. + */ + + if(S_ISDIR(psbuf->st_mode)) { + fd_close(fsp); + errno = EISDIR; + return NT_STATUS_FILE_IS_A_DIRECTORY; + } + + fsp->mode = psbuf->st_mode; + fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); + fsp->vuid = req ? req->vuid : UID_FIELD_INVALID; + fsp->file_pid = req ? req->smbpid : 0; + fsp->can_lock = True; + fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False; + if (!CAN_WRITE(conn)) { + fsp->can_write = False; + } else { + fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ? + True : False; + } + fsp->print_file = False; + fsp->modified = False; + fsp->sent_oplock_break = NO_BREAK_SENT; + fsp->is_directory = False; + if (conn->aio_write_behind_list && + is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) { + fsp->aio_write_behind = True; + } + + string_set(&fsp->fsp_name, path); + fsp->wcp = NULL; /* Write cache pointer. */ + + DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n", + conn->server_info->unix_name, + fsp->fsp_name, + BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write), + conn->num_files_open)); + + errno = 0; + return NT_STATUS_OK; +} + +/**************************************************************************** + Handle the 1 second delay in returning a SHARING_VIOLATION error. +****************************************************************************/ + +static void defer_open(struct share_mode_lock *lck, + struct timeval request_time, + struct timeval timeout, + struct smb_request *req, + struct deferred_open_record *state) +{ + int i; + + /* Paranoia check */ + + for (i=0; i<lck->num_share_modes; i++) { + struct share_mode_entry *e = &lck->share_modes[i]; + + if (!is_deferred_open_entry(e)) { + continue; + } + + if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) { + DEBUG(0, ("Trying to defer an already deferred " + "request: mid=%d, exiting\n", req->mid)); + exit_server("attempt to defer a deferred request"); + } + } + + /* End paranoia check */ + + DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred " + "open entry for mid %u\n", + (unsigned int)request_time.tv_sec, + (unsigned int)request_time.tv_usec, + (unsigned int)req->mid)); + + if (!push_deferred_smb_message(req, request_time, timeout, + (char *)state, sizeof(*state))) { + exit_server("push_deferred_smb_message failed"); + } + add_deferred_open(lck, req->mid, request_time, state->id); + + /* + * Push the MID of this packet on the signing queue. + * We only do this once, the first time we push the packet + * onto the deferred open queue, as this has a side effect + * of incrementing the response sequence number. + */ + + srv_defer_sign_response(req->mid); +} + +static void schedule_defer_open(struct share_mode_lock *lck, + struct timeval request_time, + struct smb_request *req) +{ + struct deferred_open_record state; + + /* This is a relative time, added to the absolute + request_time value to get the absolute timeout time. + Note that if this is the second or greater time we enter + this codepath for this particular request mid then + request_time is left as the absolute time of the *first* + time this request mid was processed. This is what allows + the request to eventually time out. */ + + struct timeval timeout; + + /* Normally the smbd we asked should respond within + * OPLOCK_BREAK_TIMEOUT seconds regardless of whether + * the client did, give twice the timeout as a safety + * measure here in case the other smbd is stuck + * somewhere else. */ + + timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0); + + /* Nothing actually uses state.delayed_for_oplocks + but it's handy to differentiate in debug messages + between a 30 second delay due to oplock break, and + a 1 second delay for share mode conflicts. */ + + state.delayed_for_oplocks = True; + state.failed = False; + state.id = lck->id; + + if (!request_timed_out(request_time, timeout)) { + defer_open(lck, request_time, timeout, req, &state); + } +} + +/**************************************************************************** + Open a file with a share mode. Passed in an already created files_struct. +****************************************************************************/ +NTSTATUS onefs_open_file_ntcreate(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32 access_mask, + uint32 share_access, + uint32 create_disposition, + uint32 create_options, + uint32 new_dos_attributes, + int oplock_request, + struct security_descriptor *sd, + files_struct *fsp, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + int flags=0; + int flags2=0; + bool file_existed = VALID_STAT(*psbuf); + bool def_acl = False; + bool posix_open = False; + bool new_file_created = False; + struct file_id id; + mode_t new_unx_mode = (mode_t)0; + mode_t unx_mode = (mode_t)0; + int info; + uint32 existing_dos_attributes = 0; + struct pending_message_list *pml = NULL; + struct timeval request_time = timeval_zero(); + struct share_mode_lock *lck = NULL; + uint32 open_access_mask = access_mask; + NTSTATUS status; + int ret_flock; + char *parent_dir; + const char *newname; + int granted_oplock; + uint64 oplock_waiter; + uint32 createfile_attributes = 0; + + ZERO_STRUCT(id); + + if (conn->printer) { + /* + * Printers are handled completely differently. + * Most of the passed parameters are ignored. + */ + + if (pinfo) { + *pinfo = FILE_WAS_CREATED; + } + + DEBUG(10, ("onefs_open_file_ntcreate: printer open fname=%s\n", + fname)); + + return print_fsp_open(req, conn, fname, req->vuid, fsp); + } + + if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir, + &newname)) { + return NT_STATUS_NO_MEMORY; + } + + if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) { + posix_open = True; + unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS); + new_dos_attributes = 0; + } else { + /* We add aARCH to this as this mode is only used if the file is + * created new. */ + unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname, + parent_dir); + } + + DEBUG(10,("onefs_open_file_ntcreate: fname=%s, dos_attrs=0x%x " + "access_mask=0x%x share_access=0x%x " + "create_disposition = 0x%x create_options=0x%x " + "unix mode=0%o oplock_request=0x%x\n", + fname, new_dos_attributes, access_mask, share_access, + create_disposition, create_options, unx_mode, + oplock_request)); + + if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) { + DEBUG(0, ("No smb request but not an internal only open!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + /* + * Only non-internal opens can be deferred at all + */ + + if ((req != NULL) + && ((pml = get_open_deferred_message(req->mid)) != NULL)) { + struct deferred_open_record *state = + (struct deferred_open_record *)pml->private_data.data; + + /* Remember the absolute time of the original + request with this mid. We'll use it later to + see if this has timed out. */ + + request_time = pml->request_time; + + /* Remove the deferred open entry under lock. */ + lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL, + NULL); + if (lck == NULL) { + DEBUG(0, ("could not get share mode lock\n")); + } else { + del_deferred_open_entry(lck, req->mid); + TALLOC_FREE(lck); + } + + /* Ensure we don't reprocess this message. */ + remove_deferred_open_smb_message(req->mid); + + /* + * When receiving a semlock_async_failure message, the + * deferred open will be marked as "failed". Returning + * INTERNAL_ERROR. + */ + if (state->failed) { + DEBUG(0, ("onefs_open_file_ntcreate: " + "semlock_async_failure detected!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + } + + status = check_name(conn, fname); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!posix_open) { + new_dos_attributes &= SAMBA_ATTRIBUTES_MASK; + if (file_existed) { + existing_dos_attributes = dos_mode(conn, fname, psbuf); + } + } + + /* Setup dos_attributes to be set by ifs_createfile */ + if (lp_store_dos_attributes(SNUM(conn))) { + createfile_attributes = (new_dos_attributes | aARCH) & + ~(FILE_ATTRIBUTE_NONINDEXED | FILE_ATTRIBUTE_COMPRESSED); + } + + /* Ignore oplock requests if oplocks are disabled. */ + if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break || + IS_VETO_OPLOCK_PATH(conn, fname)) { + /* Mask off everything except the private Samba bits. */ + oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK; + } + + /* this is for OS/2 long file names - say we don't support them */ + if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) { + /* OS/2 Workplace shell fix may be main code stream in a later + * release. */ + DEBUG(5,("onefs_open_file_ntcreate: OS/2 long filenames are " + "not supported.\n")); + if (use_nt_status()) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + return NT_STATUS_DOS(ERRDOS, ERRcannotopen); + } + + switch( create_disposition ) { + /* + * Currently we're using FILE_SUPERSEDE as the same as + * FILE_OVERWRITE_IF but they really are + * different. FILE_SUPERSEDE deletes an existing file + * (requiring delete access) then recreates it. + */ + case FILE_SUPERSEDE: + /* If file exists replace/overwrite. If file doesn't + * exist create. */ + /** + * @todo: Clear all file attributes? + * http://www.osronline.com/article.cfm?article=302 + * create if not exist, trunc if exist + * + * If file exists replace/overwrite. If file doesn't + * exist create. + */ + flags2 |= (O_CREAT | O_TRUNC); + break; + + case FILE_OVERWRITE_IF: + /* If file exists replace/overwrite. If file doesn't + * exist create. */ + flags2 |= (O_CREAT | O_TRUNC); + break; + + case FILE_OPEN: + /* If file exists open. If file doesn't exist error. */ + if (!file_existed) { + DEBUG(5,("onefs_open_file_ntcreate: FILE_OPEN " + "requested for file %s and file " + "doesn't exist.\n", fname )); + errno = ENOENT; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + break; + + case FILE_OVERWRITE: + /* If file exists overwrite. If file doesn't exist + * error. */ + if (!file_existed) { + DEBUG(5, ("onefs_open_file_ntcreate: " + "FILE_OVERWRITE requested for file " + "%s and file doesn't exist.\n", + fname)); + errno = ENOENT; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + flags2 |= O_TRUNC; + break; + + case FILE_CREATE: + /* If file exists error. If file doesn't exist + * create. */ + if (file_existed) { + DEBUG(5, ("onefs_open_file_ntcreate: " + "FILE_CREATE requested for file %s " + "and file already exists.\n", + fname)); + if (S_ISDIR(psbuf->st_mode)) { + errno = EISDIR; + } else { + errno = EEXIST; + } + return map_nt_error_from_unix(errno); + } + flags2 |= (O_CREAT|O_EXCL); + break; + + case FILE_OPEN_IF: + /* If file exists open. If file doesn't exist + * create. */ + flags2 |= O_CREAT; + break; + + default: + return NT_STATUS_INVALID_PARAMETER; + } + + /* Match attributes on file exists and overwrite. */ + if (!posix_open && file_existed && + ((create_disposition == FILE_OVERWRITE) || + (create_disposition == FILE_OVERWRITE_IF))) { + if (!open_match_attributes(conn, fname, + existing_dos_attributes, + new_dos_attributes, psbuf->st_mode, + unx_mode, &new_unx_mode)) { + DEBUG(5, ("onefs_open_file_ntcreate: attributes " + "missmatch for file %s (%x %x) (0%o, 0%o)\n", + fname, existing_dos_attributes, + new_dos_attributes, + (unsigned int)psbuf->st_mode, + (unsigned int)unx_mode )); + errno = EACCES; + return NT_STATUS_ACCESS_DENIED; + } + } + + /* + * OneFS understands MAXIMUM_ALLOWED_ACCESS, so only hack the + * access_mask, but leave the MAA for the actual open in + * open_access_mask. + */ + open_access_mask = access_mask; + if (open_access_mask & MAXIMUM_ALLOWED_ACCESS) { + access_mask |= FILE_GENERIC_ALL; + } + + /* Convert GENERIC bits to specific bits. */ + se_map_generic(&access_mask, &file_generic_mapping); + se_map_generic(&open_access_mask, &file_generic_mapping); + + if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) { + /* This will cause oplock breaks. */ + open_access_mask |= FILE_WRITE_DATA; + } + + DEBUG(10, ("onefs_open_file_ntcreate: fname=%s, after mapping " + "open_access_mask=%#x, access_mask=0x%x\n", + fname, open_access_mask, access_mask)); + + /* + * Note that we ignore the append flag as append does not + * mean the same thing under DOS and Unix. + */ + + if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) || + (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) { + + /* + * DENY_DOS opens are always underlying read-write on the + * file handle, no matter what the requested access mask + * says. Stock samba just sets the flags, but since + * ifs_createfile uses the access_mask, it must be updated as + * well. This allows BASE-DENY* to pass. + */ + if (create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) { + + DEBUG(10,("onefs_open_file_ntcreate: deny_dos: " + "Adding O_RDWR to flags " + "(0x%x) and some READ bits to " + "open_access_mask (0x%x)\n", + flags, open_access_mask)); + + flags = O_RDWR; + open_access_mask |= (FILE_READ_ATTRIBUTES | + FILE_READ_DATA | FILE_READ_EA | FILE_EXECUTE); + + } else if (access_mask & (FILE_READ_ATTRIBUTES | + FILE_READ_DATA | + FILE_READ_EA | + FILE_EXECUTE)) { + flags = O_RDWR; + } else { + flags = O_WRONLY; + } + } else { + flags = O_RDONLY; + } + + /* Currently we only look at FILE_WRITE_THROUGH for create options. */ +#if defined(O_SYNC) + if ((create_options & FILE_WRITE_THROUGH) && + lp_strict_sync(SNUM(conn))) { + flags2 |= O_SYNC; + } +#endif /* O_SYNC */ + + if (posix_open && (access_mask & FILE_APPEND_DATA)) { + flags2 |= O_APPEND; + } + + if (!posix_open && !CAN_WRITE(conn)) { + /* + * We should really return a permission denied error if either + * O_CREAT or O_TRUNC are set, but for compatibility with + * older versions of Samba we just AND them out. + */ + flags2 &= ~(O_CREAT|O_TRUNC); + + /** + * XXX: TODO + * Apparently this is necessary because we ship with + * lp_acl_check_permissions = no. It is set to no because our + * ifs_createfile does the access check correctly. This check + * was added in the last merge, and the question is why is it + * necessary? Check out Bug 25547 and Bug 14596. The key is + * to figure out what case this is covering, and do some + * testing to see if it's actually necessary. If it is, maybe + * it should go upstream in open.c. + */ + if (!lp_acl_check_permissions(SNUM(conn)) && + (access_mask & DELETE_ACCESS)) { + return map_nt_error_from_unix(EACCES); + } + } + + /* Ensure we can't write on a read-only share or file. */ + if (flags != O_RDONLY && file_existed && + (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) { + DEBUG(5, ("onefs_open_file_ntcreate: write access requested " + "for file %s on read only %s\n", + fname, !CAN_WRITE(conn) ? "share" : "file" )); + errno = EACCES; + return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(10, ("fsp = %p\n", fsp)); + + fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); + fsp->share_access = share_access; + fsp->fh->private_options = create_options; + fsp->access_mask = open_access_mask; /* We change this to the + * requested access_mask after + * the open is done. */ + fsp->posix_open = posix_open; + + /* Ensure no SAMBA_PRIVATE bits can be set. */ + fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK); + + if (timeval_is_zero(&request_time)) { + request_time = fsp->open_time; + } + + if (file_existed) { + struct timespec old_write_time = get_mtimespec(psbuf); + id = vfs_file_id_from_sbuf(conn, psbuf); + + lck = get_share_mode_lock(talloc_tos(), id, + conn->connectpath, + fname, &old_write_time); + + if (lck == NULL) { + DEBUG(0, ("Could not get share mode lock\n")); + return NT_STATUS_SHARING_VIOLATION; + } + + if (lck->delete_on_close) { + /* DELETE_PENDING is not deferred for a second */ + TALLOC_FREE(lck); + return NT_STATUS_DELETE_PENDING; + } + } + + SMB_ASSERT(!file_existed || (lck != NULL)); + + /* + * Ensure we pay attention to default ACLs on directories. May be + * neccessary depending on ACL policies. + */ + if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) && + (def_acl = directory_has_default_acl(conn, parent_dir))) { + unx_mode = 0777; + } + + DEBUG(4,("calling onefs_open_file with flags=0x%X flags2=0x%X " + "mode=0%o, access_mask = 0x%x, open_access_mask = 0x%x\n", + (unsigned int)flags, (unsigned int)flags2, + (unsigned int)unx_mode, (unsigned int)access_mask, + (unsigned int)open_access_mask)); + + oplock_waiter = 1; //ifs_oplock_wait_record(mid); + + if (oplock_waiter == 0) { + return NT_STATUS_NO_MEMORY; + } + + /* Do the open. */ + status = onefs_open_file(fsp, + conn, + req, + parent_dir, + newname, + fname, + psbuf, + flags|flags2, + unx_mode, + access_mask, + open_access_mask, + fsp->oplock_type, + oplock_waiter, + share_access, + create_options, + createfile_attributes, + sd, + &granted_oplock); + + if (!NT_STATUS_IS_OK(status)) { + + /* OneFS Oplock Handling */ + if (errno == EINPROGRESS) { + + if (lck == NULL) { + + struct deferred_open_record state; + struct timespec old_write_time; + + old_write_time = get_mtimespec(psbuf); + + DEBUG(3, ("Someone created file %s with an " + "oplock after we looked: Retrying\n", + fname)); + /* + * We hit the race that when we did the stat + * on the file it did not exist, and someone + * has created it in between the stat and the + * open_file() call. Just retry immediately. + */ + id = vfs_file_id_from_sbuf(conn, psbuf); + if (!(lck = get_share_mode_lock(talloc_tos(), + id, conn->connectpath, fname, + &old_write_time))) { + /* + * Emergency exit + */ + DEBUG(0, ("onefs_open_file_ntcreate: " + "Could not get share mode " + "lock for %s\n", fname)); + status = NT_STATUS_SHARING_VIOLATION; + goto cleanup_destroy; + } + + state.delayed_for_oplocks = False; + state.id = id; + + if (req != NULL) { + defer_open(lck, request_time, + timeval_zero(), req, &state); + } + goto cleanup_destroy; + } + /* Waiting for an oplock */ + SMB_ASSERT(req); + schedule_defer_open(lck, request_time, req); + goto cleanup; + } + + /* Check for a sharing violation */ + if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) { + uint32 can_access_mask; + bool can_access = True; + + /* Check if this can be done with the deny_dos and fcb + * calls. */ + + /* Try to find dup fsp if possible. */ + if (create_options & + (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS| + NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) { + + if (req == NULL) { + DEBUG(0, ("DOS open without an SMB " + "request!\n")); + status = NT_STATUS_INTERNAL_ERROR; + goto cleanup_destroy; + } + + /* Use the client requested access mask here, + * not the one we open with. */ + status = fcb_or_dos_open(req, + conn, + fsp, + fname, + id, + req->smbpid, + req->vuid, + access_mask, + share_access, + create_options); + + if (NT_STATUS_IS_OK(status)) { + TALLOC_FREE(lck); + if (pinfo) { + *pinfo = FILE_WAS_OPENED; + } + status = NT_STATUS_OK; + goto cleanup; + } + } + + /* + * This next line is a subtlety we need for + * MS-Access. If a file open will fail due to share + * permissions and also for security (access) reasons, + * we need to return the access failed error, not the + * share error. We can't open the file due to kernel + * oplock deadlock (it's possible we failed above on + * the open_mode_check()) so use a userspace check. + */ + + if (flags & O_RDWR) { + can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA; + } else if (flags & O_WRONLY) { + can_access_mask = FILE_WRITE_DATA; + } else { + can_access_mask = FILE_READ_DATA; + } + + if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) || + !can_access_file_data(conn,fname,psbuf,can_access_mask)) { + can_access = False; + } + + /* + * If we're returning a share violation, ensure we + * cope with the braindead 1 second delay. + */ + if (!(oplock_request & INTERNAL_OPEN_ONLY) && + lp_defer_sharing_violations()) { + struct timeval timeout; + struct deferred_open_record state; + int timeout_usecs; + + /* this is a hack to speed up torture tests + in 'make test' */ + timeout_usecs = lp_parm_int(SNUM(conn), + "smbd","sharedelay", + SHARING_VIOLATION_USEC_WAIT); + + /* This is a relative time, added to the + absolute request_time value to get the + absolute timeout time. Note that if this + is the second or greater time we enter this + codepath for this particular request mid + then request_time is left as the absolute + time of the *first* time this request mid + was processed. This is what allows the + request to eventually time out. */ + + timeout = timeval_set(0, timeout_usecs); + + /* Nothing actually uses + state.delayed_for_oplocks but it's handy to + differentiate in debug messages between a + 30 second delay due to oplock break, and a + 1 second delay for share mode conflicts. */ + + state.delayed_for_oplocks = False; + state.id = id; + state.failed = false; + + if ((req != NULL) + && !request_timed_out(request_time, + timeout)) { + defer_open(lck, request_time, timeout, + req, &state); + } + } + + if (can_access) { + /* + * We have detected a sharing violation here + * so return the correct error code + */ + status = NT_STATUS_SHARING_VIOLATION; + } else { + status = NT_STATUS_ACCESS_DENIED; + } + + goto cleanup_destroy; + } + + /* + * Normal error, for example EACCES + */ + cleanup_destroy: + //destroy_ifs_callback_record(oplock_waiter); + cleanup: + TALLOC_FREE(lck); + return status; + } + + fsp->oplock_type = granted_oplock; + + /* XXX uncomment for oplocks */ + //ifs_set_oplock_callback(oplock_waiter, fsp); + //fsp->oplock_callback_id = oplock_waiter; + + if (!file_existed) { + struct timespec old_write_time = get_mtimespec(psbuf); + /* + * Deal with the race condition where two smbd's detect the + * file doesn't exist and do the create at the same time. One + * of them will win and set a share mode, the other (ie. this + * one) should check if the requested share mode for this + * create is allowed. + */ + + /* + * Now the file exists and fsp is successfully opened, + * fsp->dev and fsp->inode are valid and should replace the + * dev=0,inode=0 from a non existent file. Spotted by + * Nadav Danieli <nadavd@exanet.com>. JRA. + */ + + id = fsp->file_id; + + lck = get_share_mode_lock(talloc_tos(), id, + conn->connectpath, + fname, &old_write_time); + + if (lck == NULL) { + DEBUG(0, ("onefs_open_file_ntcreate: Could not get " + "share mode lock for %s\n", fname)); + fd_close(fsp); + return NT_STATUS_SHARING_VIOLATION; + } + + if (lck->delete_on_close) { + status = NT_STATUS_DELETE_PENDING; + } + + if (!NT_STATUS_IS_OK(status)) { + struct deferred_open_record state; + + fd_close(fsp); + + state.delayed_for_oplocks = False; + state.id = id; + + /* Do it all over again immediately. In the second + * round we will find that the file existed and handle + * the DELETE_PENDING and FCB cases correctly. No need + * to duplicate the code here. Essentially this is a + * "goto top of this function", but don't tell + * anybody... */ + + if (req != NULL) { + defer_open(lck, request_time, timeval_zero(), + req, &state); + } + TALLOC_FREE(lck); + return status; + } + + /* + * We exit this block with the share entry *locked*..... + */ + + } + + SMB_ASSERT(lck != NULL); + + /* note that we ignore failure for the following. It is + basically a hack for NFS, and NFS will never set one of + these only read them. Nobody but Samba can ever set a deny + mode and we have already checked our more authoritative + locking database for permission to set this deny mode. If + the kernel refuses the operations then the kernel is wrong. + note that GPFS supports it as well - jmcd */ + + if (fsp->fh->fd != -1) { + ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access); + if(ret_flock == -1 ){ + + TALLOC_FREE(lck); + fd_close(fsp); + return NT_STATUS_SHARING_VIOLATION; + } + } + + /* + * At this point onwards, we can guarentee that the share entry + * is locked, whether we created the file or not, and that the + * deny mode is compatible with all current opens. + */ + + /* Record the options we were opened with. */ + fsp->share_access = share_access; + fsp->fh->private_options = create_options; + /* + * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, + */ + fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; + + if (file_existed) { + /* stat opens on existing files don't get oplocks. */ + if (is_stat_open(open_access_mask)) { + fsp->oplock_type = NO_OPLOCK; + } + + if (!(flags2 & O_TRUNC)) { + info = FILE_WAS_OPENED; + } else { + info = FILE_WAS_OVERWRITTEN; + } + } else { + info = FILE_WAS_CREATED; + } + + if (pinfo) { + *pinfo = info; + } + + /* + * Setup the oplock info in both the shared memory and + * file structs. + */ + + if ((fsp->oplock_type != NO_OPLOCK) && + (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) { + if (!set_file_oplock(fsp, fsp->oplock_type)) { + /* Could not get the kernel oplock */ + fsp->oplock_type = NO_OPLOCK; + } + } + + if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || + info == FILE_WAS_SUPERSEDED) { + new_file_created = True; + } + + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, + fsp->oplock_type); + + /* Handle strange delete on close create semantics. */ + if (create_options & FILE_DELETE_ON_CLOSE) { + status = can_set_delete_on_close(fsp, True, new_dos_attributes); + + if (!NT_STATUS_IS_OK(status)) { + /* Remember to delete the mode we just added. */ + del_share_mode(lck, fsp); + TALLOC_FREE(lck); + fd_close(fsp); + return status; + } + /* Note that here we set the *inital* delete on close flag, + not the regular one. The magic gets handled in close. */ + fsp->initial_delete_on_close = True; + } + + /* + * Take care of inherited ACLs on created files - if default ACL not + * selected. + * May be necessary depending on acl policies. + */ + if (!posix_open && !file_existed && !def_acl && !(VALID_STAT(*psbuf) + && (psbuf->st_flags & SF_HASNTFSACL))) { + + int saved_errno = errno; /* We might get ENOSYS in the next + * call.. */ + + if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 && + errno == ENOSYS) { + errno = saved_errno; /* Ignore ENOSYS */ + } + + } else if (new_unx_mode) { + + int ret = -1; + + /* Attributes need changing. File already existed. */ + + { + int saved_errno = errno; /* We might get ENOSYS in the + * next call.. */ + ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode); + + if (ret == -1 && errno == ENOSYS) { + errno = saved_errno; /* Ignore ENOSYS */ + } else { + DEBUG(5, ("onefs_open_file_ntcreate: reset " + "attributes of file %s to 0%o\n", + fname, (unsigned int)new_unx_mode)); + ret = 0; /* Don't do the fchmod below. */ + } + } + + if ((ret == -1) && + (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1)) + DEBUG(5, ("onefs_open_file_ntcreate: failed to reset " + "attributes of file %s to 0%o\n", + fname, (unsigned int)new_unx_mode)); + } + + /* If this is a successful open, we must remove any deferred open + * records. */ + if (req != NULL) { + del_deferred_open_entry(lck, req->mid); + } + TALLOC_FREE(lck); + + return NT_STATUS_OK; +} + + +/**************************************************************************** + Open a directory from an NT SMB call. +****************************************************************************/ +static NTSTATUS onefs_open_directory(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32 access_mask, + uint32 share_access, + uint32 create_disposition, + uint32 create_options, + uint32 file_attributes, + struct security_descriptor *sd, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + files_struct *fsp = NULL; + struct share_mode_lock *lck = NULL; + NTSTATUS status; + struct timespec mtimespec; + int info = 0; + char *parent_dir; + const char *dirname; + bool posix_open = false; + uint32 create_flags = 0; + uint32 mode = lp_dir_mask(SNUM(conn)); + + DEBUG(5, ("onefs_open_directory: opening directory %s, " + "access_mask = 0x%x, " + "share_access = 0x%x create_options = 0x%x, " + "create_disposition = 0x%x, file_attributes = 0x%x\n", + fname, (unsigned int)access_mask, (unsigned int)share_access, + (unsigned int)create_options, (unsigned int)create_disposition, + (unsigned int)file_attributes)); + + if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && + (conn->fs_capabilities & FILE_NAMED_STREAMS) && + is_ntfs_stream_name(fname)) { + DEBUG(2, ("onefs_open_directory: %s is a stream name!\n", fname)); + return NT_STATUS_NOT_A_DIRECTORY; + } + + switch (create_disposition) { + case FILE_OPEN: + /* If directory exists open. If directory doesn't + * exist error. */ + create_flags = 0; + info = FILE_WAS_OPENED; + break; + case FILE_CREATE: + /* If directory exists error. If directory doesn't + * exist create. */ + create_flags = O_CREAT | O_EXCL; + info = FILE_WAS_CREATED; + break; + case FILE_OPEN_IF: + /* If directory exists open. If directory doesn't + * exist create. */ + + /* Note: in order to return whether the directory was + * opened or created, we first try to open and then try + * to create. */ + create_flags = 0; + info = FILE_WAS_OPENED; + break; + case FILE_SUPERSEDE: + case FILE_OVERWRITE: + case FILE_OVERWRITE_IF: + default: + DEBUG(5, ("onefs_open_directory: invalid " + "create_disposition 0x%x for directory %s\n", + (unsigned int)create_disposition, fname)); + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * Check for write access to the share. Done in mkdir_internal() in + * mainline samba. + */ + if (!CAN_WRITE(conn) && (create_flags & O_CREAT)) { + return NT_STATUS_ACCESS_DENIED; + } + + /* Get parent dirname */ + if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir, + &dirname)) { + return NT_STATUS_NO_MEMORY; + } + + if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { + posix_open = true; + mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS); + file_attributes = 0; + } else { + mode = unix_mode(conn, aDIR, fname, parent_dir); + } + + /* + * The NONINDEXED and COMPRESSED bits seem to always be cleared on + * directories, no matter if you specify that they should be set. + */ + file_attributes &= + ~(FILE_ATTRIBUTE_NONINDEXED | FILE_ATTRIBUTE_COMPRESSED); + + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + return status; + } + + /* + * Actual open with retry magic to handle FILE_OPEN_IF which is + * unique because the kernel won't tell us if the file was opened or + * created. + */ + retry_open: + fsp->fh->fd = onefs_sys_create_file(conn, + -1, + fname, + access_mask, + access_mask, + share_access, + create_options, + create_flags | O_DIRECTORY, + mode, + 0, + 0, + sd, + file_attributes, + NULL); + + if (fsp->fh->fd == -1) { + DEBUG(3, ("Error opening %s. Errno=%d (%s).\n", fname, errno, + strerror(errno))); + SMB_ASSERT(errno != EINPROGRESS); + + if (create_disposition == FILE_OPEN_IF) { + if (errno == ENOENT) { + /* Try again, creating it this time. */ + create_flags = O_CREAT | O_EXCL; + info = FILE_WAS_CREATED; + goto retry_open; + } else if (errno == EEXIST) { + /* Uggh. Try again again. */ + create_flags = 0; + info = FILE_WAS_OPENED; + goto retry_open; + } + } + + /* Error cases below: */ + file_free(req, fsp); + + if ((errno == ENOENT) && (create_disposition == FILE_OPEN)) { + DEBUG(5,("onefs_open_directory: FILE_OPEN requested " + "for directory %s and it doesn't " + "exist.\n", fname )); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } else if ((errno == EEXIST) && + (create_disposition == FILE_CREATE)) { + DEBUG(5,("onefs_open_directory: FILE_CREATE " + "requested for directory %s and it " + "already exists.\n", fname )); + return NT_STATUS_OBJECT_NAME_COLLISION; + } else if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) { + /* Catch sharing violations. */ + return NT_STATUS_SHARING_VIOLATION; + } + + return map_nt_error_from_unix(errno); + } + + if (info == FILE_WAS_CREATED) { + + /* Pulled from mkdir_internal() */ + if (SMB_VFS_LSTAT(conn, fname, psbuf) == -1) { + DEBUG(2, ("Could not stat directory '%s' just " + "created: %s\n",fname, strerror(errno))); + return map_nt_error_from_unix(errno); + } + + if (!S_ISDIR(psbuf->st_mode)) { + DEBUG(0, ("Directory just '%s' created is not a " + "directory\n", fname)); + return NT_STATUS_ACCESS_DENIED; + } + + if (!posix_open) { + /* + * Check if high bits should have been set, then (if + * bits are missing): add them. Consider bits + * automagically set by UNIX, i.e. SGID bit from + * parent dir. + */ + if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && + (mode & ~psbuf->st_mode)) { + SMB_VFS_CHMOD(conn, fname, (psbuf->st_mode | + (mode & ~psbuf->st_mode))); + } + } + + /* Change the owner if required. */ + if (lp_inherit_owner(SNUM(conn))) { + change_dir_owner_to_parent(conn, parent_dir, fname, + psbuf); + } + + notify_fname(conn, NOTIFY_ACTION_ADDED, + FILE_NOTIFY_CHANGE_DIR_NAME, fname); + } + + /* Stat the fd for Samba bookkeeping. */ + if(SMB_VFS_FSTAT(fsp, psbuf) != 0) { + fd_close(fsp); + file_free(req, fsp); + return map_nt_error_from_unix(errno); + } + + /* Setup the files_struct for it. */ + fsp->mode = psbuf->st_mode; + fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); + fsp->vuid = req ? req->vuid : UID_FIELD_INVALID; + fsp->file_pid = req ? req->smbpid : 0; + fsp->can_lock = False; + fsp->can_read = False; + fsp->can_write = False; + + fsp->share_access = share_access; + fsp->fh->private_options = create_options; + /* + * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, + */ + fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; + fsp->print_file = False; + fsp->modified = False; + fsp->oplock_type = NO_OPLOCK; + fsp->sent_oplock_break = NO_BREAK_SENT; + fsp->is_directory = True; + fsp->posix_open = posix_open; + + string_set(&fsp->fsp_name,fname); + + mtimespec = get_mtimespec(psbuf); + + /* + * Still set the samba share mode lock for correct delete-on-close + * semantics and to make smbstatus more useful. + */ + lck = get_share_mode_lock(talloc_tos(), fsp->file_id, + conn->connectpath, + fname, &mtimespec); + + if (lck == NULL) { + DEBUG(0, ("onefs_open_directory: Could not get share mode " + "lock for %s\n", fname)); + fd_close(fsp); + file_free(req, fsp); + return NT_STATUS_SHARING_VIOLATION; + } + + if (lck->delete_on_close) { + TALLOC_FREE(lck); + fd_close(fsp); + file_free(req, fsp); + return NT_STATUS_DELETE_PENDING; + } + + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK); + + /* + * For directories the delete on close bit at open time seems + * always to be honored on close... See test 19 in Samba4 BASE-DELETE. + */ + if (create_options & FILE_DELETE_ON_CLOSE) { + status = can_set_delete_on_close(fsp, True, 0); + if (!NT_STATUS_IS_OK(status) && + !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) { + TALLOC_FREE(lck); + fd_close(fsp); + file_free(req, fsp); + return status; + } + + if (NT_STATUS_IS_OK(status)) { + /* Note that here we set the *inital* delete on close flag, + not the regular one. The magic gets handled in close. */ + fsp->initial_delete_on_close = True; + } + } + + TALLOC_FREE(lck); + + if (pinfo) { + *pinfo = info; + } + + *result = fsp; + return NT_STATUS_OK; +} + +/* + * If a main file is opened for delete, all streams need to be checked for + * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS. + * If that works, delete them all by setting the delete on close and close. + */ + +static NTSTATUS open_streams_for_delete(connection_struct *conn, + const char *fname) +{ + struct stream_struct *stream_info; + files_struct **streams; + int i; + unsigned int num_streams; + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; + + status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(), + &num_streams, &stream_info); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) + || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + DEBUG(10, ("no streams around\n")); + TALLOC_FREE(frame); + return NT_STATUS_OK; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n", + nt_errstr(status))); + goto fail; + } + + DEBUG(10, ("open_streams_for_delete found %d streams\n", + num_streams)); + + if (num_streams == 0) { + TALLOC_FREE(frame); + return NT_STATUS_OK; + } + + streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams); + if (streams == NULL) { + DEBUG(0, ("talloc failed\n")); + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + for (i=0; i<num_streams; i++) { + char *streamname; + + if (strequal(stream_info[i].name, "::$DATA")) { + streams[i] = NULL; + continue; + } + + streamname = talloc_asprintf(talloc_tos(), "%s%s", fname, + stream_info[i].name); + + if (streamname == NULL) { + DEBUG(0, ("talloc_aprintf failed\n")); + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + status = onefs_create_file_unixpath + (conn, /* conn */ + NULL, /* req */ + streamname, /* fname */ + DELETE_ACCESS, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE + | FILE_SHARE_DELETE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &streams[i], /* result */ + NULL, /* pinfo */ + NULL); /* psbuf */ + + TALLOC_FREE(streamname); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("Could not open stream %s: %s\n", + streamname, nt_errstr(status))); + break; + } + } + + /* + * don't touch the variable "status" beyond this point :-) + */ + + for (i -= 1 ; i >= 0; i--) { + if (streams[i] == NULL) { + continue; + } + + DEBUG(10, ("Closing stream # %d, %s\n", i, + streams[i]->fsp_name)); + close_file(NULL, streams[i], NORMAL_CLOSE); + } + + fail: + TALLOC_FREE(frame); + return status; +} + +/* + * Wrapper around onefs_open_file_ntcreate and onefs_open_directory. + */ +static NTSTATUS onefs_create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + SMB_STRUCT_STAT sbuf; + int info = FILE_WAS_OPENED; + files_struct *base_fsp = NULL; + files_struct *fsp = NULL; + NTSTATUS status; + + DEBUG(10,("onefs_create_file_unixpath: access_mask = 0x%x " + "file_attributes = 0x%x, share_access = 0x%x, " + "create_disposition = 0x%x create_options = 0x%x " + "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, " + "fname = %s\n", + (unsigned int)access_mask, + (unsigned int)file_attributes, + (unsigned int)share_access, + (unsigned int)create_disposition, + (unsigned int)create_options, + (unsigned int)oplock_request, + ea_list, sd, fname)); + + if (create_options & FILE_OPEN_BY_FILE_ID) { + status = NT_STATUS_NOT_SUPPORTED; + goto fail; + } + + if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + + if (req == NULL) { + oplock_request |= INTERNAL_OPEN_ONLY; + } + + if (psbuf != NULL) { + sbuf = *psbuf; + } + else { + if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) { + SET_STAT_INVALID(sbuf); + } + } + + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) + && (access_mask & DELETE_ACCESS) + && !is_ntfs_stream_name(fname)) { + /* + * We can't open a file with DELETE access if any of the + * streams is open without FILE_SHARE_DELETE + */ + status = open_streams_for_delete(conn, fname); + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + } + + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) + && is_ntfs_stream_name(fname) + && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) { + char *base; + uint32 base_create_disposition; + + if (create_options & FILE_DIRECTORY_FILE) { + status = NT_STATUS_NOT_A_DIRECTORY; + goto fail; + } + + status = split_ntfs_stream_name(talloc_tos(), fname, + &base, NULL); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("onefs_create_file_unixpath: " + "split_ntfs_stream_name failed: %s\n", + nt_errstr(status))); + goto fail; + } + + SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */ + + switch (create_disposition) { + case FILE_OPEN: + base_create_disposition = FILE_OPEN; + break; + default: + base_create_disposition = FILE_OPEN_IF; + break; + } + + status = onefs_create_file_unixpath( + conn, /* conn */ + NULL, /* req */ + base, /* fname */ + 0, /* access_mask */ + (FILE_SHARE_READ | + FILE_SHARE_WRITE | + FILE_SHARE_DELETE), /* share_access */ + base_create_disposition, /* create_disposition*/ + 0, /* create_options */ + 0, /* file_attributes */ + NO_OPLOCK, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &base_fsp, /* result */ + NULL, /* pinfo */ + NULL); /* psbuf */ + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("onefs_create_file_unixpath for base %s " + "failed: %s\n", base, nt_errstr(status))); + goto fail; + } + /* + * we don't need to low level fd: This might conflict with + * OneFS streams. + */ + fd_close(base_fsp); + } + + /* Covert generic bits in the security descriptor. */ + if (sd != NULL) { + security_acl_map_generic(sd->dacl, &file_generic_mapping); + security_acl_map_generic(sd->sacl, &file_generic_mapping); + } + + /* + * If it's a request for a directory open, deal with it separately. + */ + + if (create_options & FILE_DIRECTORY_FILE) { + + if (create_options & FILE_NON_DIRECTORY_FILE) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + + /* Can't open a temp directory. IFS kit test. */ + if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && + (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; + } + + /* + * We will get a create directory here if the Win32 + * app specified a security descriptor in the + * CreateDirectory() call. + */ + + status = onefs_open_directory( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + sd, /* sd */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + } else { + + /* + * Ordinary file case. + */ + + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + goto fail; + } + + /* + * We're opening the stream element of a base_fsp + * we already opened. Set up the base_fsp pointer. + */ + if (base_fsp) { + fsp->base_fsp = base_fsp; + } + + status = onefs_open_file_ntcreate( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + sd, /* sd */ + fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + fsp = NULL; + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { + + /* A stream open never opens a directory */ + + if (base_fsp) { + status = NT_STATUS_FILE_IS_A_DIRECTORY; + goto fail; + } + + /* + * Fail the open if it was explicitly a non-directory + * file. + */ + + if (create_options & FILE_NON_DIRECTORY_FILE) { + status = NT_STATUS_FILE_IS_A_DIRECTORY; + goto fail; + } + + create_options |= FILE_DIRECTORY_FILE; + + status = onefs_open_directory( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + sd, /* sd */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + } + } + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + fsp->base_fsp = base_fsp; + + SMB_ASSERT(fsp); + + if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) { + status = set_ea(conn, fsp, fname, ea_list); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + } + + if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) { + status = NT_STATUS_ACCESS_DENIED; + goto fail; + } + + /* Save the requested allocation size. */ + if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) { + if (allocation_size + && (allocation_size > sbuf.st_size)) { + fsp->initial_allocation_size = smb_roundup( + fsp->conn, allocation_size); + if (fsp->is_directory) { + /* Can't set allocation size on a directory. */ + status = NT_STATUS_ACCESS_DENIED; + goto fail; + } + if (vfs_allocate_file_space( + fsp, fsp->initial_allocation_size) == -1) { + status = NT_STATUS_DISK_FULL; + goto fail; + } + } else { + fsp->initial_allocation_size = smb_roundup( + fsp->conn, (uint64_t)sbuf.st_size); + } + } + + DEBUG(10, ("onefs_create_file_unixpath: info=%d\n", info)); + + *result = fsp; + if (pinfo != NULL) { + *pinfo = info; + } + if (psbuf != NULL) { + if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) { + *psbuf = sbuf; + } + else { + SMB_VFS_FSTAT(fsp, psbuf); + } + } + return NT_STATUS_OK; + + fail: + DEBUG(10, ("onefs_create_file_unixpath: %s\n", nt_errstr(status))); + + if (fsp != NULL) { + if (base_fsp && fsp->base_fsp == base_fsp) { + /* + * The close_file below will close + * fsp->base_fsp. + */ + base_fsp = NULL; + } + close_file(req, fsp, ERROR_CLOSE); + fsp = NULL; + } + if (base_fsp != NULL) { + close_file(req, base_fsp, ERROR_CLOSE); + base_fsp = NULL; + } + return status; +} + +/** + * SMB_VFS_CREATE_FILE interface to onefs. + */ +NTSTATUS onefs_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + connection_struct *conn = handle->conn; + struct case_semantics_state *case_state = NULL; + SMB_STRUCT_STAT sbuf; + int info = FILE_WAS_OPENED; + files_struct *fsp = NULL; + NTSTATUS status; + + DEBUG(10,("onefs_create_file: access_mask = 0x%x " + "file_attributes = 0x%x, share_access = 0x%x, " + "create_disposition = 0x%x create_options = 0x%x " + "oplock_request = 0x%x " + "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, " + "create_file_flags = 0x%x, fname = %s\n", + (unsigned int)access_mask, + (unsigned int)file_attributes, + (unsigned int)share_access, + (unsigned int)create_disposition, + (unsigned int)create_options, + (unsigned int)oplock_request, + (unsigned int)root_dir_fid, + ea_list, sd, create_file_flags, fname)); + + /* Get the file name if root_dir_fid was specified. */ + if (root_dir_fid != 0) { + char *new_fname; + + status = get_relative_fid_filename(conn, req, root_dir_fid, + fname, &new_fname); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + fname = new_fname; + } + + /* Resolve the file name if this was a DFS pathname. */ + if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) { + char *resolved_fname; + + status = resolve_dfspath(talloc_tos(), conn, true, fname, + &resolved_fname); + + if (!NT_STATUS_IS_OK(status)) { + /* + * For PATH_NOT_COVERED we had + * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, + * ERRSRV, ERRbadpath); + * Need to fix in callers + */ + goto fail; + } + fname = resolved_fname; + } + + /* Check if POSIX semantics are wanted. */ + if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { + case_state = set_posix_case_semantics(talloc_tos(), conn); + } + + /* Convert dos path to unix path if it hasn't already been done. */ + if (create_file_flags & CFF_DOS_PATH) { + char *converted_fname; + + SET_STAT_INVALID(sbuf); + + status = unix_convert(talloc_tos(), conn, fname, False, + &converted_fname, NULL, &sbuf); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + fname = converted_fname; + } else { + if (psbuf != NULL) { + sbuf = *psbuf; + } else { + if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) { + SET_STAT_INVALID(sbuf); + } + } + + } + + TALLOC_FREE(case_state); + + /* All file access must go through check_name() */ + status = check_name(conn, fname); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + status = onefs_create_file_unixpath( + conn, /* conn */ + req, /* req */ + fname, /* fname */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + sd, /* sd */ + ea_list, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + DEBUG(10, ("onefs_create_file: info=%d\n", info)); + + *result = fsp; + if (pinfo != NULL) { + *pinfo = info; + } + if (psbuf != NULL) { + *psbuf = sbuf; + } + return NT_STATUS_OK; + + fail: + DEBUG(10, ("onefs_create_file: %s\n", nt_errstr(status))); + + if (fsp != NULL) { + close_file(req, fsp, ERROR_CLOSE); + fsp = NULL; + } + return status; +} diff --git a/source3/modules/onefs_system.c b/source3/modules/onefs_system.c new file mode 100644 index 0000000000..485e7f56ac --- /dev/null +++ b/source3/modules/onefs_system.c @@ -0,0 +1,214 @@ +/* + * Unix SMB/CIFS implementation. + * Support for OneFS system interfaces. + * + * Copyright (C) Tim Prouty, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "onefs.h" + +#include <ifs/ifs_syscalls.h> +#include <isi_acl/isi_acl_util.h> + +/* + * Initialize the sm_lock struct before passing it to ifs_createfile. + */ +static void smlock_init(connection_struct *conn, struct sm_lock *sml, + bool isexe, uint32_t access_mask, uint32_t share_access, + uint32_t create_options) +{ + sml->sm_type.doc = false; + sml->sm_type.isexe = isexe; + sml->sm_type.statonly = is_stat_open(access_mask); + sml->sm_type.access_mask = access_mask; + sml->sm_type.share_access = share_access; + + /* + * private_options was previously used for DENY_DOS/DENY_FCB checks in + * the kernel, but are now properly handled by fcb_or_dos_open. In + * these cases, ifs_createfile will return a sharing violation, which + * gives fcb_or_dos_open the chance to open a duplicate file handle. + */ + sml->sm_type.private_options = 0; + + /* 1 second delay is handled in onefs_open.c by deferring the open */ + sml->sm_timeout = timeval_set(0, 0); +} + +static void smlock_dump(int debuglevel, const struct sm_lock *sml) +{ + if (sml == NULL) { + DEBUG(debuglevel, ("sml == NULL\n")); + return; + } + + DEBUG(debuglevel, + ("smlock: doc=%s, isexec=%s, statonly=%s, access_mask=0x%x, " + "share_access=0x%x, private_options=0x%x timeout=%d/%d\n", + sml->sm_type.doc ? "True" : "False", + sml->sm_type.isexe ? "True" : "False", + sml->sm_type.statonly ? "True" : "False", + sml->sm_type.access_mask, + sml->sm_type.share_access, + sml->sm_type.private_options, + (int)sml->sm_timeout.tv_sec, + (int)sml->sm_timeout.tv_usec)); +} + +/* + * Return string value of onefs oplock types. + */ +static const char *onefs_oplock_str(enum oplock_type onefs_oplock_type) +{ + switch (onefs_oplock_type) { + case OPLOCK_NONE: + return "OPLOCK_NONE"; + case OPLOCK_EXCLUSIVE: + return "OPLOCK_EXCLUSIVE"; + case OPLOCK_BATCH: + return "OPLOCK_BATCH"; + case OPLOCK_SHARED: + return "OPLOCK_SHARED"; + default: + break; + } + return "UNKNOWN"; +} + +/* + * Convert from onefs to samba oplock. + */ +static int onefs_to_samba_oplock(enum oplock_type onefs_oplock) +{ + switch (onefs_oplock) { + case OPLOCK_NONE: + return NO_OPLOCK; + case OPLOCK_EXCLUSIVE: + return EXCLUSIVE_OPLOCK; + case OPLOCK_BATCH: + return BATCH_OPLOCK; + case OPLOCK_SHARED: + return LEVEL_II_OPLOCK; + default: + DEBUG(0, ("unknown oplock type %d found\n", onefs_oplock)); + break; + } + return NO_OPLOCK; +} + +/* + * Convert from samba to onefs oplock. + */ +static enum oplock_type samba_to_onefs_oplock(int samba_oplock_type) +{ + if (BATCH_OPLOCK_TYPE(samba_oplock_type)) return OPLOCK_BATCH; + if (EXCLUSIVE_OPLOCK_TYPE(samba_oplock_type)) return OPLOCK_EXCLUSIVE; + if (LEVEL_II_OPLOCK_TYPE(samba_oplock_type)) return OPLOCK_SHARED; + return OPLOCK_NONE; +} + +/** + * External interface to ifs_createfile + */ +int onefs_sys_create_file(connection_struct *conn, + int base_fd, + const char *path, + uint32_t access_mask, + uint32_t open_access_mask, + uint32_t share_access, + uint32_t create_options, + int flags, + mode_t mode, + int oplock_request, + uint64_t id, + struct security_descriptor *sd, + uint32_t dos_flags, + int *granted_oplock) +{ + struct sm_lock sml, *psml = NULL; + enum oplock_type onefs_oplock; + enum oplock_type onefs_granted_oplock = OPLOCK_NONE; + struct ifs_security_descriptor ifs_sd = {}, *pifs_sd = NULL; + int secinfo = 0; + int ret_fd = -1; + uint32_t onefs_dos_attributes; + + /* Setup security descriptor and get secinfo. */ + if (sd != NULL) { + NTSTATUS status; + + secinfo = (get_sec_info(sd) & IFS_SEC_INFO_KNOWN_MASK); + + status = onefs_setup_sd(secinfo, sd, &ifs_sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("SD initialization failure: %s", + nt_errstr(status))); + errno = EINVAL; + goto out; + } + + pifs_sd = &ifs_sd; + } + + onefs_oplock = samba_to_onefs_oplock(oplock_request); + + /* Temporary until oplock work is added to vfs_onefs */ + onefs_oplock = OPLOCK_NONE; + + /* Convert samba dos flags to UF_DOS_* attributes. */ + onefs_dos_attributes = dos_attributes_to_stat_dos_flags(dos_flags); + + DEBUG(10,("onefs_sys_create_file: base_fd = %d, " + "open_access_mask = 0x%x, flags = 0x%x, mode = 0x%x, " + "desired_oplock = %s, id = 0x%x, secinfo = 0x%x, sd = %p, " + "dos_attributes = 0x%x, path = %s\n", base_fd, + (unsigned int)open_access_mask, + (unsigned int)flags, + (unsigned int)mode, + onefs_oplock_str(onefs_oplock), + (unsigned int)id, + (unsigned int)secinfo, sd, + (unsigned int)onefs_dos_attributes, path)); + + /* Initialize smlock struct for files/dirs but not internal opens */ + if (!(oplock_request & INTERNAL_OPEN_ONLY)) { + smlock_init(conn, &sml, is_executable(path), access_mask, + share_access, create_options); + psml = &sml; + } + + smlock_dump(10, psml); + + ret_fd = ifs_createfile(base_fd, path, + (enum ifs_ace_rights)open_access_mask, flags & ~O_ACCMODE, mode, + onefs_oplock, id, psml, secinfo, pifs_sd, onefs_dos_attributes, + &onefs_granted_oplock); + + DEBUG(10,("onefs_sys_create_file(%s): ret_fd = %d, " + "onefs_granted_oplock = %s\n", + ret_fd < 0 ? strerror(errno) : "success", ret_fd, + onefs_oplock_str(onefs_granted_oplock))); + + if (granted_oplock) { + *granted_oplock = onefs_to_samba_oplock(onefs_granted_oplock); + } + + out: + aclu_free_sd(pifs_sd, false); + + return ret_fd; +} diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index d972828ba9..8fa8f6ae06 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -208,6 +208,32 @@ static int vfswrap_open(vfs_handle_struct *handle, const char *fname, return result; } +static NTSTATUS vfswrap_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + return create_file_default(handle->conn, req, root_dir_fid, fname, + create_file_flags, access_mask, share_access, + create_disposition, create_options, + file_attributes, oplock_request, + allocation_size, sd, ea_list, result, pinfo, + psbuf); +} + static int vfswrap_close(vfs_handle_struct *handle, files_struct *fsp) { int result; @@ -1012,6 +1038,16 @@ static NTSTATUS vfswrap_streaminfo(vfs_handle_struct *handle, return NT_STATUS_OK; } +static int vfswrap_get_real_filename(struct vfs_handle_struct *handle, + const char *path, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name) +{ + return get_real_filename(handle->conn, path, name, mem_ctx, + found_name); +} + static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) @@ -1359,6 +1395,8 @@ static vfs_op_tuple vfs_default_ops[] = { {SMB_VFS_OP(vfswrap_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(vfswrap_create_file), SMB_VFS_OP_CREATE_FILE, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_read), SMB_VFS_OP_READ, @@ -1431,6 +1469,8 @@ static vfs_op_tuple vfs_default_ops[] = { SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(vfswrap_streaminfo), SMB_VFS_OP_STREAMINFO, SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(vfswrap_get_real_filename), SMB_VFS_OP_GET_REAL_FILENAME, + SMB_VFS_LAYER_OPAQUE}, /* NT ACL operations. */ diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 6342c4a14e..7970bf2644 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -109,6 +109,23 @@ static int smb_full_audit_closedir(vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp); static int smb_full_audit_open(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode); +static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp); static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp, void *data, size_t n); @@ -353,6 +370,8 @@ static vfs_op_tuple audit_op_tuples[] = { {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_full_audit_create_file),SMB_VFS_OP_CREATE_FILE, + SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE, SMB_VFS_LAYER_LOGGER}, {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ, @@ -1087,6 +1106,51 @@ static int smb_full_audit_open(vfs_handle_struct *handle, return result; } +static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result_fsp, + int *pinfo, + SMB_STRUCT_STAT *psbuf) +{ + NTSTATUS result; + + result = SMB_VFS_NEXT_CREATE_FILE( + handle, /* handle */ + req, /* req */ + root_dir_fid, /* root_dir_fid */ + fname, /* fname */ + create_file_flags, /* create_file_flags */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + sd, /* sd */ + ea_list, /* ea_list */ + result_fsp, /* result */ + pinfo, /* pinfo */ + psbuf); /* psbuf */ + + do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s", + access_mask, fname); + + return result; +} + static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp) { int result; diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index fa0b4e97a5..1d7cdba014 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -1,26 +1,24 @@ /* Unix SMB/CIFS implementation. Wrap gpfs calls in vfs functions. - + Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006 - + Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com> and Gomati Mohanan <gomati.mohanan@in.ibm.com> - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. - - */ #include "includes.h" @@ -55,14 +53,14 @@ static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp, int leasetype) { int ret; - + START_PROFILE(syscall_linux_setlease); - + if ( linux_set_lease_sighandler(fsp->fh->fd) == -1) return -1; ret = set_gpfs_lease(fsp->fh->fd,leasetype); - + if ( ret < 0 ) { /* This must have come from GPFS not being available */ /* or some other error, hence call the default */ @@ -74,7 +72,64 @@ static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp, return ret; } +static int vfs_gpfs_get_real_filename(struct vfs_handle_struct *handle, + const char *path, + const char *name, + TALLOC_CTX *mem_ctx, + char **found_name) +{ + int result; + char *full_path; + char real_pathname[PATH_MAX+1]; + int buflen; + + full_path = talloc_asprintf(talloc_tos(), "%s/%s", path, name); + if (full_path == NULL) { + errno = ENOMEM; + return -1; + } + + buflen = sizeof(real_pathname) - 1; + + result = smbd_gpfs_get_realfilename_path(full_path, real_pathname, + &buflen); + + TALLOC_FREE(full_path); + + if (result == -1) { + DEBUG(10, ("smbd_gpfs_get_realfilename_path returned %s\n", + strerror(errno))); + return -1; + } + + /* + * GPFS does not necessarily null-terminate the returned path + * but instead returns the buffer length in buflen. + */ + + if (buflen < sizeof(real_pathname)) { + real_pathname[buflen] = '\0'; + } else { + real_pathname[sizeof(real_pathname)-1] = '\0'; + } + + DEBUG(10, ("smbd_gpfs_get_realfilename_path: %s/%s -> %s\n", + path, name, real_pathname)); + + name = strrchr_m(real_pathname, '/'); + if (name == NULL) { + errno = ENOENT; + return -1; + } + + *found_name = talloc_strdup(mem_ctx, name+1); + if (*found_name == NULL) { + errno = ENOMEM; + return -1; + } + return 0; +} static void gpfs_dumpacl(int level, struct gpfs_acl *gacl) { @@ -301,13 +356,13 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) gace->aceType = aceprop->aceType; gace->aceFlags = aceprop->aceFlags; gace->aceMask = aceprop->aceMask; - + /* * GPFS can't distinguish between WRITE and APPEND on * files, so one being set without the other is an * error. Sorry for the many ()'s :-) */ - + if (!fsp->is_directory && ((((gace->aceMask & ACE4_MASK_WRITE) == 0) @@ -323,9 +378,9 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) fsp->fsp_name)); gace->aceMask |= ACE4_MASK_WRITE|ACE4_MASK_APPEND; } - + gace->aceIFlags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_IFLAG_SPECIAL_ID : 0; - + if (aceprop->flags&SMB_ACE4_ID_SPECIAL) { switch(aceprop->who.special_id) @@ -478,7 +533,7 @@ static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type) errno = EINVAL; goto done; } - + DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n", pacl->acl_len, pacl->acl_level, pacl->acl_version, pacl->acl_nace)); @@ -497,7 +552,6 @@ static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type) } SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle, - const char *path_p, SMB_ACL_TYPE_T type) { @@ -557,7 +611,7 @@ static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl, for (i=0; i<pacl->count; i++) { const struct smb_acl_entry *ace = &pacl->acl[i]; struct gpfs_ace_v1 *g_ace = &result->ace_v1[i]; - + DEBUG(10, ("Converting type %d perm %x\n", (int)ace->a_type, (int)ace->a_perm)); @@ -612,7 +666,6 @@ static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl, } int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle, - const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T theacl) @@ -639,7 +692,6 @@ int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle, } int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle, - const char *path) { errno = ENOTSUP; @@ -661,11 +713,11 @@ static uint32 gpfsacl_mask_filter(uint32 aceType, uint32 aceMask, uint32 rwx) uint32_t posix_mask = 0x01; uint32_t posix_bit; uint32_t nfs4_bits; - + for(i=0; i<3; i++) { nfs4_bits = posix_nfs4map[i]; posix_bit = rwx & posix_mask; - + if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) { if (posix_bit) aceMask |= nfs4_bits; @@ -678,10 +730,10 @@ static uint32 gpfsacl_mask_filter(uint32 aceType, uint32 aceMask, uint32 rwx) else aceMask &= ~nfs4_bits; } /* other ace types are unexpected */ - + posix_mask <<= 1; } - + return aceMask; } @@ -693,30 +745,30 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) int i; files_struct fake_fsp; /* TODO: rationalize parametrization */ SMB4ACE_T *smbace; - + DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode)); - + result = gpfs_get_nfs4_acl(path, &pacl); if (result) return result; - + if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) { DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path)); } - + for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) { SMB_ACE4PROP_T *ace = smb_get_ace4(smbace); uint32_t specid = ace->who.special_id; - + if (ace->flags&SMB_ACE4_ID_SPECIAL && ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE && specid <= SMB_ACE4_WHO_EVERYONE) { - + uint32_t newMask; - + if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) haveAllowEntry[specid] = True; - + /* mode >> 6 for @owner, mode >> 3 for @group, * mode >> 0 for @everyone */ newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask, @@ -735,35 +787,35 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) */ for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) { SMB_ACE4PROP_T ace; - + if (haveAllowEntry[i]==True) continue; - + ZERO_STRUCT(ace); ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE; ace.flags |= SMB_ACE4_ID_SPECIAL; ace.who.special_id = i; - + if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */ ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP; - + ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask, mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3)); - + /* don't add unnecessary aces */ if (!ace.aceMask) continue; - + /* we add it to the END - as windows expects allow aces */ smb_add_ace4(pacl, &ace); DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n", path, mode, i, ace.aceMask)); } - + /* don't add complementary DENY ACEs here */ ZERO_STRUCT(fake_fsp); fake_fsp.fsp_name = (char *)path; /* no file_new is needed here */ - + /* put the acl */ if (gpfsacl_process_smbacl(&fake_fsp, pacl) == False) return -1; @@ -774,11 +826,11 @@ static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mo { SMB_STRUCT_STAT st; int rc; - + if (SMB_VFS_NEXT_STAT(handle, path, &st) != 0) { return -1; } - + /* avoid chmod() if possible, to preserve acls */ if ((st.st_mode & ~S_IFMT) == mode) { return 0; @@ -794,7 +846,7 @@ static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t { SMB_STRUCT_STAT st; int rc; - + if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) { return -1; } @@ -813,51 +865,55 @@ static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t /* VFS operations structure */ static vfs_op_tuple gpfs_op_tuples[] = { - + { SMB_VFS_OP(vfs_gpfs_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK, SMB_VFS_LAYER_OPAQUE }, - + { SMB_VFS_OP(vfs_gpfs_setlease), SMB_VFS_OP_LINUX_SETLEASE, SMB_VFS_LAYER_OPAQUE }, - + + { SMB_VFS_OP(vfs_gpfs_get_real_filename), + SMB_VFS_OP_GET_REAL_FILENAME, + SMB_VFS_LAYER_OPAQUE }, + { SMB_VFS_OP(gpfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(gpfsacl_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(vfs_gpfs_chmod), SMB_VFS_OP_CHMOD, SMB_VFS_LAYER_TRANSPARENT }, - + { SMB_VFS_OP(vfs_gpfs_fchmod), SMB_VFS_OP_FCHMOD, SMB_VFS_LAYER_TRANSPARENT }, @@ -871,7 +927,7 @@ NTSTATUS vfs_gpfs_init(void); NTSTATUS vfs_gpfs_init(void) { init_gpfs(); - + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs", gpfs_op_tuples); } diff --git a/source3/modules/vfs_onefs.c b/source3/modules/vfs_onefs.c index 193a986cf6..b51858fbae 100644 --- a/source3/modules/vfs_onefs.c +++ b/source3/modules/vfs_onefs.c @@ -1,4 +1,5 @@ /* + * Unix SMB/CIFS implementation. * Support for OneFS * * Copyright (C) Tim Prouty, 2008 @@ -18,20 +19,32 @@ */ #include "includes.h" +#include "onefs.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS -NTSTATUS onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info, SEC_DESC **ppdesc); - -NTSTATUS onefs_get_nt_acl(vfs_handle_struct *handle, const char* name, - uint32 security_info, SEC_DESC **ppdesc); +static int onefs_mkdir(vfs_handle_struct *handle, const char *path, + mode_t mode) +{ + DEBUG(0, ("SMB_VFS_MKDIR should never be called in vfs_onefs")); + return SMB_VFS_NEXT_MKDIR(handle, path, mode); +} -NTSTATUS onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd); +static int onefs_open(vfs_handle_struct *handle, const char *fname, + files_struct *fsp, int flags, mode_t mode) +{ + DEBUG(0, ("SMB_VFS_OPEN should never be called in vfs_onefs")); + return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); +} static vfs_op_tuple onefs_ops[] = { + {SMB_VFS_OP(onefs_mkdir), SMB_VFS_OP_MKDIR, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(onefs_open), SMB_VFS_OP_OPEN, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(onefs_create_file), SMB_VFS_OP_CREATE_FILE, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(onefs_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(onefs_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, diff --git a/source3/modules/vfs_prealloc.c b/source3/modules/vfs_prealloc.c index 2a06e3d81b..5a339dbf8d 100644 --- a/source3/modules/vfs_prealloc.c +++ b/source3/modules/vfs_prealloc.c @@ -56,9 +56,9 @@ static int module_debug; static int preallocate_space(int fd, SMB_OFF_T size) { + int err; #ifndef HAVE_GPFS lock_type fl = {0}; - int err; if (size <= 0) { return 0; diff --git a/source3/nsswitch/libwbclient/wbc_guid.c b/source3/nsswitch/libwbclient/wbc_guid.c index 0cb33e9868..c343e24351 100644 --- a/source3/nsswitch/libwbclient/wbc_guid.c +++ b/source3/nsswitch/libwbclient/wbc_guid.c @@ -24,14 +24,7 @@ #include "libwbclient.h" -/** @brief Convert a binary GUID to a character string - * - * @param guid Binary Guid - * @param **guid_string Resulting character string - * - * @return #wbcErr - **/ - +/* Convert a binary GUID to a character string */ wbcErr wbcGuidToString(const struct wbcGuid *guid, char **guid_string) { @@ -59,14 +52,7 @@ done: return wbc_status; } -/** @brief Convert a character string to a binary GUID - * - * @param *str Character string - * @param guid Resulting binary GUID - * - * @return #wbcErr - **/ - +/* @brief Convert a character string to a binary GUID */ wbcErr wbcStringToGuid(const char *str, struct wbcGuid *guid) { diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 81b369c87c..5b2ab875f6 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -24,15 +24,7 @@ #include "libwbclient.h" -/** @brief Convert a Windows SID to a Unix uid, allocating an uid if needed - * - * @param *sid Pointer to the domain SID to be resolved - * @param *puid Pointer to the resolved uid_t value - * - * @return #wbcErr - * - **/ - +/* Convert a Windows SID to a Unix uid, allocating an uid if needed */ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) { struct winbindd_request request; @@ -71,30 +63,14 @@ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) return wbc_status; } -/** @brief Convert a Windows SID to a Unix uid if there already is a mapping - * - * @param *sid Pointer to the domain SID to be resolved - * @param *puid Pointer to the resolved uid_t value - * - * @return #wbcErr - * - **/ - +/* Convert a Windows SID to a Unix uid if there already is a mapping */ wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, uid_t *puid) { return WBC_ERR_NOT_IMPLEMENTED; } -/** @brief Convert a Unix uid to a Windows SID, allocating a SID if needed - * - * @param uid Unix uid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix uid to a Windows SID, allocating a SID if needed */ wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -127,15 +103,7 @@ done: return wbc_status; } -/** @brief Convert a Unix uid to a Windows SID if there already is a mapping - * - * @param uid Unix uid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix uid to a Windows SID if there already is a mapping */ wbcErr wbcQueryUidToSid(uid_t uid, struct wbcDomainSid *sid) { @@ -189,14 +157,7 @@ wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid) return wbc_status; } -/** @brief Convert a Windows SID to a Unix gid if there already is a mapping - * - * @param *sid Pointer to the domain SID to be resolved - * @param *pgid Pointer to the resolved gid_t value - * - * @return #wbcErr - * - **/ +/* Convert a Windows SID to a Unix gid if there already is a mapping */ wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, gid_t *pgid) @@ -204,15 +165,7 @@ wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, return WBC_ERR_NOT_IMPLEMENTED; } -/** @brief Convert a Unix gid to a Windows SID, allocating a SID if needed - * - * @param gid Unix gid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix gid to a Windows SID, allocating a SID if needed */ wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid) { struct winbindd_request request; @@ -245,28 +198,14 @@ done: return wbc_status; } -/** @brief Convert a Unix gid to a Windows SID if there already is a mapping - * - * @param gid Unix gid to be resolved - * @param *sid Pointer to the resolved domain SID - * - * @return #wbcErr - * - **/ - +/* Convert a Unix gid to a Windows SID if there already is a mapping */ wbcErr wbcQueryGidToSid(gid_t gid, struct wbcDomainSid *sid) { return WBC_ERR_NOT_IMPLEMENTED; } -/** @brief Obtain a new uid from Winbind - * - * @param *puid *pointer to the allocated uid - * - * @return #wbcErr - **/ - +/* Obtain a new uid from Winbind */ wbcErr wbcAllocateUid(uid_t *puid) { struct winbindd_request request; @@ -296,13 +235,7 @@ wbcErr wbcAllocateUid(uid_t *puid) return wbc_status; } -/** @brief Obtain a new gid from Winbind - * - * @param *pgid Pointer to the allocated gid - * - * @return #wbcErr - **/ - +/* Obtain a new gid from Winbind */ wbcErr wbcAllocateGid(gid_t *pgid) { struct winbindd_request request; @@ -336,13 +269,7 @@ wbcErr wbcAllocateGid(gid_t *pgid) #define _ID_TYPE_UID 1 #define _ID_TYPE_GID 2 -/** @brief Set an user id mapping - * - * @param uid Uid of the desired mapping. - * @param *sid Pointer to the sid of the diresired mapping. - * - * @return #wbcErr - **/ +/* Set an user id mapping */ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -379,13 +306,7 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Set a group id mapping - * - * @param gid Gid of the desired mapping. - * @param *sid Pointer to the sid of the diresired mapping. - * - * @return #wbcErr - **/ +/* Set a group id mapping */ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -422,13 +343,7 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Remove a user id mapping - * - * @param uid Uid of the mapping to remove. - * @param *sid Pointer to the sid of the mapping to remove. - * - * @return #wbcErr - **/ +/* Remove a user id mapping */ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -465,13 +380,7 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Remove a group id mapping - * - * @param gid Gid of the mapping to remove. - * @param *sid Pointer to the sid of the mapping to remove. - * - * @return #wbcErr - **/ +/* Remove a group id mapping */ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) { struct winbindd_request request; @@ -508,12 +417,7 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) return wbc_status; } -/** @brief Set the highwater mark for allocated uids. - * - * @param uid_hwm The new uid highwater mark value - * - * @return #wbcErr - **/ +/* Set the highwater mark for allocated uids. */ wbcErr wbcSetUidHwm(uid_t uid_hwm) { struct winbindd_request request; @@ -538,12 +442,7 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm) return wbc_status; } -/** @brief Set the highwater mark for allocated gids. - * - * @param gid_hwm The new gid highwater mark value - * - * @return #wbcErr - **/ +/* Set the highwater mark for allocated gids. */ wbcErr wbcSetGidHwm(gid_t gid_hwm) { struct winbindd_request request; diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 401d2ad2c3..92c6643631 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -24,14 +24,7 @@ #include "libwbclient.h" -/** @brief Authenticate a username/password pair - * - * @param username Name of user to authenticate - * @param password Clear text password os user - * - * @return #wbcErr - **/ - +/* Authenticate a username/password pair */ wbcErr wbcAuthenticateUser(const char *username, const char *password) { @@ -305,16 +298,7 @@ done: return wbc_status; } -/** @brief Authenticate with more detailed information - * - * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH - * is not supported yet - * @param info Output details on WBC_ERR_SUCCESS - * @param error Output details on WBC_ERR_AUTH_ERROR - * - * @return #wbcErr - **/ - +/* Authenticate with more detailed information */ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error) @@ -496,16 +480,7 @@ done: return wbc_status; } -/** @brief Trigger a verification of the trust credentials of a specific domain - * - * @param *domain The name of the domain, only NULL for the default domain is - * supported yet. Other values than NULL will result in - * WBC_ERR_NOT_IMPLEMENTED. - * @param error Output details on WBC_ERR_AUTH_ERROR - * - * @return #wbcErr - * - **/ +/* Trigger a verification of the trust credentials of a specific domain */ wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error) { @@ -547,15 +522,7 @@ wbcErr wbcCheckTrustCredentials(const char *domain, return wbc_status; } -/** @brief Trigger an extended logoff notification to Winbind for a specific user - * - * @param params A wbcLogoffUserParams structure - * @param error User output details on error - * - * @return #wbcErr - * - **/ - +/* Trigger an extended logoff notification to Winbind for a specific user */ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, struct wbcAuthErrorInfo **error) { @@ -642,18 +609,7 @@ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, return wbc_status; } -/** @brief Trigger a logoff notification to Winbind for a specific user - * - * @param username Name of user to remove from Winbind's list of - * logged on users. - * @param uid Uid assigned to the username - * @param ccfilename Absolute path to the Krb5 credentials cache to - * be removed - * - * @return #wbcErr - * - **/ - +/* Trigger a logoff notification to Winbind for a specific user */ wbcErr wbcLogoffUser(const char *username, uid_t uid, const char *ccfilename) @@ -693,16 +649,7 @@ wbcErr wbcLogoffUser(const char *username, return wbc_status; } -/** @brief Change a password for a user with more detailed information upon - * failure - * @param params Input parameters - * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED - * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED - * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED - * - * @return #wbcErr - **/ - +/* Change a password for a user with more detailed information upon failure */ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, struct wbcAuthErrorInfo **error, enum wbcPasswordChangeRejectReason *reject_reason, @@ -907,15 +854,7 @@ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, return wbc_status; } -/** @brief Change a password for a user - * - * @param username Name of user to authenticate - * @param old_password Old clear text password of user - * @param new_password New clear text password of user - * - * @return #wbcErr - **/ - +/* Change a password for a user */ wbcErr wbcChangeUserPassword(const char *username, const char *old_password, const char *new_password) @@ -940,17 +879,7 @@ done: return wbc_status; } -/** @brief Logon a User - * - * @param[in] params Pointer to a wbcLogonUserParams structure - * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure - * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure - * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure - * - * @return #wbcErr - * - **/ - +/* Logon a User */ wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, struct wbcLogonUserInfo **info, struct wbcAuthErrorInfo **error, @@ -1096,14 +1025,7 @@ done: return wbc_status; } -/** @brief Authenticate a user with cached credentials - * - * @param *params Pointer to a wbcCredentialCacheParams structure - * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure - * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure - * - * @return #wbcErr - **/ +/* Authenticate a user with cached credentials */ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, struct wbcCredentialCacheInfo **info, struct wbcAuthErrorInfo **error) diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index d54a5af4fc..cd945996c8 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -126,15 +126,7 @@ done: return grp; } -/** @brief Fill in a struct passwd* for a domain user based - * on username - * - * @param *name Username to lookup - * @param **pwd Pointer to resulting struct passwd* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on username */ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -167,15 +159,7 @@ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd) return wbc_status; } -/** @brief Fill in a struct passwd* for a domain user based - * on uid - * - * @param uid Uid to lookup - * @param **pwd Pointer to resulting struct passwd* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on uid */ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -206,15 +190,7 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) return wbc_status; } -/** @brief Fill in a struct passwd* for a domain user based - * on username - * - * @param *name Username to lookup - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on username */ wbcErr wbcGetgrnam(const char *name, struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -251,15 +227,7 @@ wbcErr wbcGetgrnam(const char *name, struct group **grp) return wbc_status; } -/** @brief Fill in a struct passwd* for a domain user based - * on uid - * - * @param gid Uid to lookup - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Fill in a struct passwd* for a domain user based on uid */ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -309,11 +277,7 @@ static uint32_t pw_cache_idx; */ static struct winbindd_response pw_response; -/** @brief Reset the passwd iterator - * - * @return #wbcErr - **/ - +/* Reset the passwd iterator */ wbcErr wbcSetpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -335,11 +299,7 @@ wbcErr wbcSetpwent(void) return wbc_status; } -/** @brief Close the passwd iterator - * - * @return #wbcErr - **/ - +/* Close the passwd iterator */ wbcErr wbcEndpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -359,13 +319,7 @@ wbcErr wbcEndpwent(void) return wbc_status; } -/** @brief Return the next struct passwd* entry from the pwent iterator - * - * @param **pwd Pointer to resulting struct passwd* from the query. - * - * @return #wbcErr - **/ - +/* Return the next struct passwd* entry from the pwent iterator */ wbcErr wbcGetpwent(struct passwd **pwd) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -425,11 +379,7 @@ static uint32_t gr_cache_idx; */ static struct winbindd_response gr_response; -/** @brief Reset the group iterator - * - * @return #wbcErr - **/ - +/* Reset the group iterator */ wbcErr wbcSetgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -451,11 +401,7 @@ wbcErr wbcSetgrent(void) return wbc_status; } -/** @brief Close the group iterator - * - * @return #wbcErr - **/ - +/* Close the group iterator */ wbcErr wbcEndgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -475,13 +421,7 @@ wbcErr wbcEndgrent(void) return wbc_status; } -/** @brief Return the next struct group* entry from the pwent iterator - * - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Return the next struct group* entry from the pwent iterator */ wbcErr wbcGetgrent(struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -531,15 +471,7 @@ done: return wbc_status; } -/** @brief Return the next struct group* entry from the pwent iterator - * - * This is similar to #wbcGetgrent, just that the member list is empty - * - * @param **grp Pointer to resulting struct group* from the query. - * - * @return #wbcErr - **/ - +/* Return the next struct group* entry from the pwent iterator */ wbcErr wbcGetgrlist(struct group **grp) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; @@ -584,14 +516,7 @@ done: return wbc_status; } -/** @brief Return the unix group array belonging to the given user - * - * @param *account The given user name - * @param *num_groups Number of elements returned in the groups array - * @param **_groups Pointer to resulting gid_t array. - * - * @return #wbcErr - **/ +/* Return the unix group array belonging to the given user */ wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups) diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index ac929b1dd5..e2157b9609 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -25,14 +25,7 @@ #include "libwbclient.h" -/** @brief Convert a binary SID to a character string - * - * @param sid Binary Security Identifier - * @param **sid_string Resulting character string - * - * @return #wbcErr - **/ - +/* Convert a binary SID to a character string */ wbcErr wbcSidToString(const struct wbcDomainSid *sid, char **sid_string) { @@ -40,22 +33,18 @@ wbcErr wbcSidToString(const struct wbcDomainSid *sid, uint32_t id_auth; int i; char *tmp = NULL; - TALLOC_CTX *ctx = NULL; if (!sid) { wbc_status = WBC_ERR_INVALID_SID; BAIL_ON_WBC_ERROR(wbc_status); } - ctx = talloc_init("wbcSidToString"); - BAIL_ON_PTR_ERROR(ctx, wbc_status); - id_auth = sid->id_auth[5] + (sid->id_auth[4] << 8) + (sid->id_auth[3] << 16) + (sid->id_auth[2] << 24); - tmp = talloc_asprintf(ctx, "S-%d-%d", sid->sid_rev_num, id_auth); + tmp = talloc_asprintf(NULL, "S-%d-%d", sid->sid_rev_num, id_auth); BAIL_ON_PTR_ERROR(tmp, wbc_status); for (i=0; i<sid->num_auths; i++) { @@ -66,25 +55,18 @@ wbcErr wbcSidToString(const struct wbcDomainSid *sid, tmp = tmp2; } - *sid_string=talloc_strdup(NULL, tmp); - BAIL_ON_PTR_ERROR((*sid_string), wbc_status); + *sid_string = tmp; + tmp = NULL; wbc_status = WBC_ERR_SUCCESS; done: - talloc_free(ctx); + talloc_free(tmp); return wbc_status; } -/** @brief Convert a character string to a binary SID - * - * @param *str Character string in the form of S-... - * @param sid Resulting binary SID - * - * @return #wbcErr - **/ - +/* Convert a character string to a binary SID */ wbcErr wbcStringToSid(const char *str, struct wbcDomainSid *sid) { @@ -167,17 +149,7 @@ done: } -/** @brief Convert a domain and name to SID - * - * @param domain Domain name (possibly "") - * @param name User or group name - * @param *sid Pointer to the resolved domain SID - * @param *name_type Pointer to the SID type - * - * @return #wbcErr - * - **/ - +/* Convert a domain and name to SID */ wbcErr wbcLookupName(const char *domain, const char *name, struct wbcDomainSid *sid, @@ -220,17 +192,7 @@ wbcErr wbcLookupName(const char *domain, return wbc_status; } -/** @brief Convert a SID to a domain and name - * - * @param *sid Pointer to the domain SID to be resolved - * @param pdomain Resolved Domain name (possibly "") - * @param pname Resolved User or group name - * @param *pname_type Pointer to the resolved SID type - * - * @return #wbcErr - * - **/ - +/* Convert a SID to a domain and name */ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, char **pdomain, char **pname, @@ -314,9 +276,7 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, return wbc_status; } -/** @brief Translate a collection of RIDs within a domain to names - * - **/ +/* Translate a collection of RIDs within a domain to names */ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, int num_rids, @@ -452,10 +412,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, return wbc_status; } -/** @brief Get the groups a user belongs to - * - **/ - +/* Get the groups a user belongs to */ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, bool domain_groups_only, uint32_t *num_sids, @@ -534,10 +491,7 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, return wbc_status; } -/** @brief Lists Users - * - **/ - +/* Lists Users */ wbcErr wbcListUsers(const char *domain_name, uint32_t *_num_users, const char ***_users) @@ -605,10 +559,7 @@ wbcErr wbcListUsers(const char *domain_name, return wbc_status; } -/** @brief Lists Groups - * - **/ - +/* Lists Groups */ wbcErr wbcListGroups(const char *domain_name, uint32_t *_num_groups, const char ***_groups) diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index b4868748ae..7cfb64b87e 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -119,16 +119,7 @@ done: } -/** @brief Lookup the current status of a trusted domain - * - * @param domain Domain to query - * @param *dinfo Pointer to returned domain_info struct - * - * @return #wbcErr - * - **/ - - +/* Lookup the current status of a trusted domain */ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) { struct winbindd_request request; @@ -189,14 +180,7 @@ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) } -/** @brief Resolve a NetbiosName via WINS - * - * @param name Name to resolve - * @param *ip Pointer to the ip address string - * - * @return #wbcErr - * - **/ +/* Resolve a NetbiosName via WINS */ wbcErr wbcResolveWinsByName(const char *name, char **ip) { struct winbindd_request request; @@ -229,14 +213,7 @@ wbcErr wbcResolveWinsByName(const char *name, char **ip) return wbc_status; } -/** @brief Resolve an IP address via WINS into a NetbiosName - * - * @param ip The ip address string - * @param *name Pointer to the name - * - * @return #wbcErr - * - **/ +/* Resolve an IP address via WINS into a NetbiosName */ wbcErr wbcResolveWinsByIP(const char *ip, char **name) { struct winbindd_request request; @@ -401,14 +378,7 @@ static wbcErr process_domain_info_string(TALLOC_CTX *ctx, return wbc_status; } -/** @brief Enumerate the domain trusts known by Winbind - * - * @param **domains Pointer to the allocated domain list array - * @param *num_domains Pointer to number of domains returned - * - * @return #wbcErr - * - **/ +/* Enumerate the domain trusts known by Winbind */ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) { struct winbindd_response response; @@ -493,18 +463,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) return wbc_status; } -/** @brief Enumerate the domain trusts known by Winbind - * - * @param domain Name of the domain to query for a DC - * @param flags Bit flags used to control the domain location query - * @param *dc_info Pointer to the returned domain controller information - * - * @return #wbcErr - * - **/ - - - +/* Enumerate the domain trusts known by Winbind */ wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, struct wbcDomainControllerInfo **dc_info) @@ -617,18 +576,7 @@ done: return wbc_status; } -/** @brief Get extended domain controller information - * - * @param domain Name of the domain to query for a DC - * @param guid Guid of the domain to query for a DC - * @param site Site of the domain to query for a DC - * @param flags Bit flags used to control the domain location query - * @param *dc_info Pointer to the returned extended domain controller information - * - * @return #wbcErr - * - **/ - +/* Get extended domain controller information */ wbcErr wbcLookupDomainControllerEx(const char *domain, struct wbcGuid *guid, const char *site, @@ -690,19 +638,7 @@ done: return wbc_status; } -/** @brief Initialize a named blob and add to list of blobs - * - * @param[in,out] num_blobs Pointer to the number of blobs - * @param[in,out] blobs Pointer to an array of blobs - * @param[in] name Name of the new named blob - * @param[in] flags Flags of the new named blob - * @param[in] data Blob data of new blob - * @param[in] length Blob data length of new blob - * - * @return #wbcErr - * - **/ - +/* Initialize a named blob and add to list of blobs */ wbcErr wbcAddNamedBlob(size_t *num_blobs, struct wbcNamedBlob **blobs, const char *name, diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index c0b7e0675a..3a9afad15d 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -123,13 +123,7 @@ const char *wbcErrorString(wbcErr error) return "unknown wbcErr value"; } -/** @brief Free library allocated memory - * - * @param *p Pointer to free - * - * @return void - **/ - +/* Free library allocated memory */ void wbcFreeMemory(void *p) { if (p) diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index cb31360407..fcad3ff69b 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -486,10 +486,17 @@ struct wbcDomainControllerInfoEx { const char *client_site_name; }; -/* +/********************************************************** * Memory Management - */ + **********************************************************/ +/** + * @brief Free library allocated memory + * + * @param *p Pointer to free + * + * @return void + **/ void wbcFreeMemory(void*); @@ -497,9 +504,25 @@ void wbcFreeMemory(void*); * Utility functions for dealing with SIDs */ +/** + * @brief Convert a binary SID to a character string + * + * @param sid Binary Security Identifier + * @param **sid_string Resulting character string + * + * @return #wbcErr + **/ wbcErr wbcSidToString(const struct wbcDomainSid *sid, char **sid_string); +/** + * @brief Convert a character string to a binary SID + * + * @param *str Character string in the form of S-... + * @param sid Resulting binary SID + * + * @return #wbcErr + **/ wbcErr wbcStringToSid(const char *sid_string, struct wbcDomainSid *sid); @@ -507,32 +530,76 @@ wbcErr wbcStringToSid(const char *sid_string, * Utility functions for dealing with GUIDs */ +/** + * @brief Convert a binary GUID to a character string + * + * @param guid Binary Guid + * @param **guid_string Resulting character string + * + * @return #wbcErr + **/ wbcErr wbcGuidToString(const struct wbcGuid *guid, char **guid_string); +/** + * @brief Convert a character string to a binary GUID + * + * @param *str Character string + * @param guid Resulting binary GUID + * + * @return #wbcErr + **/ wbcErr wbcStringToGuid(const char *guid_string, struct wbcGuid *guid); +/** + * @brief Ping winbindd to see if the daemon is running + * + * @return #wbcErr + **/ wbcErr wbcPing(void); wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details); wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details); -/* +/********************************************************** * Name/SID conversion - */ + **********************************************************/ +/** + * @brief Convert a domain and name to SID + * + * @param domain Domain name (possibly "") + * @param name User or group name + * @param *sid Pointer to the resolved domain SID + * @param *name_type Pointer to the SID type + * + * @return #wbcErr + **/ wbcErr wbcLookupName(const char *dom_name, const char *name, struct wbcDomainSid *sid, enum wbcSidType *name_type); +/** + * @brief Convert a SID to a domain and name + * + * @param *sid Pointer to the domain SID to be resolved + * @param pdomain Resolved Domain name (possibly "") + * @param pname Resolved User or group name + * @param *pname_type Pointer to the resolved SID type + * + * @return #wbcErr + **/ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, char **domain, char **name, enum wbcSidType *name_type); +/** + * @brief Translate a collection of RIDs within a domain to names + */ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, int num_rids, uint32_t *rids, @@ -540,15 +607,24 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, const char ***names, enum wbcSidType **types); +/* + * @brief Get the groups a user belongs to + **/ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, bool domain_groups_only, uint32_t *num_sids, struct wbcDomainSid **sids); +/** + * @brief Lists Users + **/ wbcErr wbcListUsers(const char *domain_name, uint32_t *num_users, const char ***users); +/** + * @brief Lists Groups + **/ wbcErr wbcListGroups(const char *domain_name, uint32_t *num_groups, const char ***groups); @@ -558,88 +634,324 @@ wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid, char **pfullname, enum wbcSidType *pname_type); -/* +/********************************************************** * SID/uid/gid Mappings - */ + **********************************************************/ +/** + * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid); +/** + * @brief Convert a Windows SID to a Unix uid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, uid_t *puid); +/** + * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid); +/** + * @brief Convert a Unix uid to a Windows SID if there already is a mapping + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcQueryUidToSid(uid_t uid, struct wbcDomainSid *sid); +/** + * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid); +/** + * @brief Convert a Windows SID to a Unix gid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, gid_t *pgid); +/** + * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid); +/** + * @brief Convert a Unix gid to a Windows SID if there already is a mapping + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ wbcErr wbcQueryGidToSid(gid_t gid, struct wbcDomainSid *sid); +/** + * @brief Obtain a new uid from Winbind + * + * @param *puid *pointer to the allocated uid + * + * @return #wbcErr + **/ wbcErr wbcAllocateUid(uid_t *puid); +/** + * @brief Obtain a new gid from Winbind + * + * @param *pgid Pointer to the allocated gid + * + * @return #wbcErr + **/ wbcErr wbcAllocateGid(gid_t *pgid); +/** + * @brief Set an user id mapping + * + * @param uid Uid of the desired mapping. + * @param *sid Pointer to the sid of the diresired mapping. + * + * @return #wbcErr + **/ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); +/** + * @brief Set a group id mapping + * + * @param gid Gid of the desired mapping. + * @param *sid Pointer to the sid of the diresired mapping. + * + * @return #wbcErr + **/ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid); +/** + * @brief Remove a user id mapping + * + * @param uid Uid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid); +/** + * @brief Remove a group id mapping + * + * @param gid Gid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid); +/** + * @brief Set the highwater mark for allocated uids. + * + * @param uid_hwm The new uid highwater mark value + * + * @return #wbcErr + **/ wbcErr wbcSetUidHwm(uid_t uid_hwm); +/** + * @brief Set the highwater mark for allocated gids. + * + * @param gid_hwm The new gid highwater mark value + * + * @return #wbcErr + **/ wbcErr wbcSetGidHwm(gid_t gid_hwm); -/* +/********************************************************** * NSS Lookup User/Group details - */ + **********************************************************/ +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetpwnam(const char *name, struct passwd **pwd); +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param uid Uid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd); +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrnam(const char *name, struct group **grp); +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param gid Uid to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrgid(gid_t gid, struct group **grp); +/** + * @brief Reset the passwd iterator + * + * @return #wbcErr + **/ wbcErr wbcSetpwent(void); +/** + * @brief Close the passwd iterator + * + * @return #wbcErr + **/ wbcErr wbcEndpwent(void); +/** + * @brief Return the next struct passwd* entry from the pwent iterator + * + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetpwent(struct passwd **pwd); +/** + * @brief Reset the group iterator + * + * @return #wbcErr + **/ wbcErr wbcSetgrent(void); +/** + * @brief Close the group iterator + * + * @return #wbcErr + **/ wbcErr wbcEndgrent(void); +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrent(struct group **grp); +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * This is similar to #wbcGetgrent, just that the member list is empty + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ wbcErr wbcGetgrlist(struct group **grp); +/** + * @brief Return the unix group array belonging to the given user + * + * @param *account The given user name + * @param *num_groups Number of elements returned in the groups array + * @param **_groups Pointer to resulting gid_t array. + * + * @return #wbcErr + **/ wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups); -/* +/********************************************************** * Lookup Domain information - */ + **********************************************************/ +/** + * @brief Lookup the current status of a trusted domain + * + * @param domain Domain to query + * @param *dinfo Pointer to returned domain_info struct + * + * @return #wbcErr + **/ wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **info); +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param **domains Pointer to the allocated domain list array + * @param *num_domains Pointer to number of domains returned + * + * @return #wbcErr + **/ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains); @@ -665,66 +977,206 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, #define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000 #define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000 +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param domain Name of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned domain controller information + * + * @return #wbcErr + **/ wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, struct wbcDomainControllerInfo **dc_info); +/** + * @brief Get extended domain controller information + * + * @param domain Name of the domain to query for a DC + * @param guid Guid of the domain to query for a DC + * @param site Site of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned extended domain controller information + * + * @return #wbcErr + **/ wbcErr wbcLookupDomainControllerEx(const char *domain, struct wbcGuid *guid, const char *site, uint32_t flags, struct wbcDomainControllerInfoEx **dc_info); -/* +/********************************************************** * Athenticate functions - */ + **********************************************************/ +/** + * @brief Authenticate a username/password pair + * + * @param username Name of user to authenticate + * @param password Clear text password os user + * + * @return #wbcErr + **/ wbcErr wbcAuthenticateUser(const char *username, const char *password); +/** + * @brief Authenticate with more detailed information + * + * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH + * is not supported yet + * @param info Output details on WBC_ERR_SUCCESS + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error); +/** + * @brief Logon a User + * + * @param[in] params Pointer to a wbcLogonUserParams structure + * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure + * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure + * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure + * + * @return #wbcErr + **/ wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, struct wbcLogonUserInfo **info, struct wbcAuthErrorInfo **error, struct wbcUserPasswordPolicyInfo **policy); +/** + * @brief Trigger a logoff notification to Winbind for a specific user + * + * @param username Name of user to remove from Winbind's list of + * logged on users. + * @param uid Uid assigned to the username + * @param ccfilename Absolute path to the Krb5 credentials cache to + * be removed + * + * @return #wbcErr + **/ wbcErr wbcLogoffUser(const char *username, uid_t uid, const char *ccfilename); +/** + * @brief Trigger an extended logoff notification to Winbind for a specific user + * + * @param params A wbcLogoffUserParams structure + * @param error User output details on error + * + * @return #wbcErr + **/ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, struct wbcAuthErrorInfo **error); +/** + * @brief Change a password for a user + * + * @param username Name of user to authenticate + * @param old_password Old clear text password of user + * @param new_password New clear text password of user + * + * @return #wbcErr + **/ wbcErr wbcChangeUserPassword(const char *username, const char *old_password, const char *new_password); +/** + * @brief Change a password for a user with more detailed information upon + * failure + * + * @param params Input parameters + * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED + * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED + * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED + * + * @return #wbcErr + **/ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, struct wbcAuthErrorInfo **error, enum wbcPasswordChangeRejectReason *reject_reason, struct wbcUserPasswordPolicyInfo **policy); +/** + * @brief Authenticate a user with cached credentials + * + * @param *params Pointer to a wbcCredentialCacheParams structure + * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure + * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure + * + * @return #wbcErr + **/ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, struct wbcCredentialCacheInfo **info, struct wbcAuthErrorInfo **error); -/* +/********************************************************** * Resolve functions - */ + **********************************************************/ + +/** + * @brief Resolve a NetbiosName via WINS + * + * @param name Name to resolve + * @param *ip Pointer to the ip address string + * + * @return #wbcErr + **/ wbcErr wbcResolveWinsByName(const char *name, char **ip); + +/** + * @brief Resolve an IP address via WINS into a NetbiosName + * + * @param ip The ip address string + * @param *name Pointer to the name + * + * @return #wbcErr + * + **/ wbcErr wbcResolveWinsByIP(const char *ip, char **name); -/* +/********************************************************** * Trusted domain functions - */ + **********************************************************/ + +/** + * @brief Trigger a verification of the trust credentials of a specific domain + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); -/* + +/********************************************************** * Helper functions - */ + **********************************************************/ + +/** + * @brief Initialize a named blob and add to list of blobs + * + * @param[in,out] num_blobs Pointer to the number of blobs + * @param[in,out] blobs Pointer to an array of blobs + * @param[in] name Name of the new named blob + * @param[in] flags Flags of the new named blob + * @param[in] data Blob data of new blob + * @param[in] length Blob data length of new blob + * + * @return #wbcErr + **/ wbcErr wbcAddNamedBlob(size_t *num_blobs, struct wbcNamedBlob **blobs, const char *name, diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index be22ff3f5e..d049bdb1e7 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -93,8 +93,8 @@ static const char *_pam_error_code_str(int err) return "PAM_CONV_ERR"; case PAM_AUTHTOK_ERR: return "PAM_AUTHTOK_ERR"; - case PAM_AUTHTOK_RECOVERY_ERR: - return "PAM_AUTHTOK_RECOVERY_ERR"; + case PAM_AUTHTOK_RECOVER_ERR: + return "PAM_AUTHTOK_RECOVER_ERR"; case PAM_AUTHTOK_LOCK_BUSY: return "PAM_AUTHTOK_LOCK_BUSY"; case PAM_AUTHTOK_DISABLE_AGING: diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index d14cfe94b7..c85e210cc0 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -146,8 +146,8 @@ static bool parse_mapping_arg(char *arg, int *id, char **sid) return false; /* Because atoi() can return 0 on invalid input, which would be a valid - * UID/GID we must use strtol() and do error checking */ - *id = strtol(tmp, &endptr, 10); + * UID/GID we must use strtoul() and do error checking */ + *id = strtoul(tmp, &endptr, 10); if (endptr[0] != '\0') return false; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 217957ab37..9a55067b01 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -425,6 +425,7 @@ struct service { bool bHideUnReadable; bool bHideUnWriteableFiles; bool bBrowseable; + bool bAccessBasedShareEnum; bool bAvailable; bool bRead_only; bool bNo_set_dir; @@ -568,6 +569,7 @@ static struct service sDefault = { False, /* bHideUnReadable */ False, /* bHideUnWriteableFiles */ True, /* bBrowseable */ + False, /* bAccessBasedShareEnum */ True, /* bAvailable */ True, /* bRead_only */ True, /* bNo_set_dir */ @@ -669,6 +671,8 @@ static void set_server_role(void); static void set_default_server_announce_type(void); static void set_allowed_client_auth(void); +static void *lp_local_ptr(struct service *service, void *ptr); + static const struct enum_list enum_protocol[] = { {PROTOCOL_NT1, "NT1"}, {PROTOCOL_LANMAN2, "LANMAN2"}, @@ -3304,6 +3308,15 @@ static struct parm_struct parm_table[] = { .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT, }, { + .label = "access based share enum", + .type = P_BOOL, + .p_class = P_LOCAL, + .ptr = &sDefault.bAccessBasedShareEnum, + .special = NULL, + .enum_list = NULL, + .flags = FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE + }, + { .label = "browsable", .type = P_BOOL, .p_class = P_LOCAL, @@ -4573,9 +4586,56 @@ static void init_printer_values(struct service *pService) } /** - * Free the allocated data for one parameter for a given share. + * Common part of freeing allocated data for one parameter. */ -static void free_parameter(int snum, struct parm_struct parm) +static void free_one_parameter_common(void *parm_ptr, + struct parm_struct parm) +{ + if ((parm.type == P_STRING) || + (parm.type == P_USTRING)) + { + string_free((char**)parm_ptr); + } else if (parm.type == P_LIST) { + TALLOC_FREE(*((char***)parm_ptr)); + } +} + +/** + * Free the allocated data for one parameter for a share + * given as a service struct. + */ +static void free_one_parameter(struct service *service, + struct parm_struct parm) +{ + void *parm_ptr; + + if (parm.p_class != P_LOCAL) { + return; + } + + parm_ptr = lp_local_ptr(service, parm.ptr); + + free_one_parameter_common(parm_ptr, parm); +} + +/** + * Free the allocated parameter data of a share given + * as a service struct. + */ +static void free_parameters(struct service *service) +{ + uint32_t i; + + for (i=0; parm_table[i].label; i++) { + free_one_parameter(service, parm_table[i]); + } +} + +/** + * Free the allocated data for one parameter for a given share + * specified by an snum. + */ +static void free_one_parameter_by_snum(int snum, struct parm_struct parm) { void *parm_ptr; @@ -4588,27 +4648,22 @@ static void free_parameter(int snum, struct parm_struct parm) } else if (parm.p_class != P_LOCAL) { return; } else { - parm_ptr = lp_local_ptr(snum, parm.ptr); + parm_ptr = lp_local_ptr_by_snum(snum, parm.ptr); } - if ((parm.type == P_STRING) || - (parm.type == P_USTRING)) - { - string_free((char**)parm_ptr); - } else if (parm.type == P_LIST) { - TALLOC_FREE(*((char***)parm_ptr)); - } + free_one_parameter_common(parm_ptr, parm); } /** - * Free the allocated parameter data for a share. + * Free the allocated parameter data for a share specified + * by an snum. */ -static void free_parameters(int snum) +static void free_parameters_by_snum(int snum) { uint32_t i; for (i=0; parm_table[i].label; i++) { - free_parameter(snum, parm_table[i]); + free_one_parameter_by_snum(snum, parm_table[i]); } } @@ -4617,7 +4672,7 @@ static void free_parameters(int snum) */ static void free_global_parameters(void) { - free_parameters(GLOBAL_SECTION_SNUM); + free_parameters_by_snum(GLOBAL_SECTION_SNUM); } /*************************************************************************** @@ -5063,7 +5118,6 @@ FN_GLOBAL_STRING(lp_remote_announce, &Globals.szRemoteAnnounce) FN_GLOBAL_STRING(lp_remote_browse_sync, &Globals.szRemoteBrowseSync) FN_GLOBAL_LIST(lp_wins_server_list, &Globals.szWINSservers) FN_GLOBAL_LIST(lp_interfaces, &Globals.szInterfaces) -FN_GLOBAL_STRING(lp_socket_address, &Globals.szSocketAddress) FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases) @@ -5332,6 +5386,7 @@ FN_LOCAL_BOOL(lp_hide_special_files, bHideSpecialFiles) FN_LOCAL_BOOL(lp_hideunreadable, bHideUnReadable) FN_LOCAL_BOOL(lp_hideunwriteable_files, bHideUnWriteableFiles) FN_LOCAL_BOOL(lp_browseable, bBrowseable) +FN_LOCAL_BOOL(lp_access_based_share_enum, bAccessBasedShareEnum) FN_LOCAL_BOOL(lp_readonly, bRead_only) FN_LOCAL_BOOL(lp_no_set_dir, bNo_set_dir) FN_LOCAL_BOOL(lp_guest_ok, bGuest_ok) @@ -5728,7 +5783,7 @@ static void free_service(struct service *pservice) DEBUG(5, ("free_service: Freeing service %s\n", pservice->szService)); - free_parameters(getservicebyname(pservice->szService, NULL)); + free_parameters(pservice); string_free(&pservice->szService); bitmap_free(pservice->copymap); @@ -5926,6 +5981,7 @@ bool lp_add_home(const char *pszHomename, int iDefaultService, /* set the browseable flag from the global default */ ServicePtrs[i]->bBrowseable = sDefault.bBrowseable; + ServicePtrs[i]->bAccessBasedShareEnum = sDefault.bAccessBasedShareEnum; ServicePtrs[i]->autoloaded = True; @@ -7155,13 +7211,23 @@ static void init_copymap(struct service *pservice) } /*************************************************************************** + Return the local pointer to a parameter given a service struct and the + pointer into the default structure. +***************************************************************************/ + +static void *lp_local_ptr(struct service *service, void *ptr) +{ + return (void *)(((char *)service) + PTR_DIFF(ptr, &sDefault)); +} + +/*************************************************************************** Return the local pointer to a parameter given the service number and the pointer into the default structure. ***************************************************************************/ -void *lp_local_ptr(int snum, void *ptr) +void *lp_local_ptr_by_snum(int snum, void *ptr) { - return (void *)(((char *)ServicePtrs[snum]) + PTR_DIFF(ptr, &sDefault)); + return lp_local_ptr(ServicePtrs[snum], ptr); } /*************************************************************************** @@ -7213,7 +7279,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue pszParmName)); return (True); } - parm_ptr = lp_local_ptr(snum, def_ptr); + parm_ptr = lp_local_ptr_by_snum(snum, def_ptr); } if (snum >= 0) { @@ -9468,3 +9534,18 @@ int lp_min_receive_file_size(void) } return MIN(Globals.iminreceivefile, BUFFER_SIZE); } + +/******************************************************************* + If socket address is an empty character string, it is necessary to + define it as "0.0.0.0". +********************************************************************/ + +const char *lp_socket_address(void) +{ + char *sock_addr = Globals.szSocketAddress; + + if (sock_addr[0] == '\0'){ + string_set(&Globals.szSocketAddress, "0.0.0.0"); + } + return Globals.szSocketAddress; +} diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index ddbb53a9b9..95e9a01ba3 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2014,7 +2014,7 @@ static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods, newname_lower, true, true); - if (rename_script) { + if (!rename_script) { return NT_STATUS_NO_MEMORY; } rename_script = realloc_string_sub2(rename_script, diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 244b3aee03..ba1fb4352c 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1344,14 +1344,24 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr goto error_exit; } - status = open_file_ntcreate(conn, NULL, filepath, &stat_buf, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + filepath, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &stat_buf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { /* Old file not found, so by definition new file is in fact newer */ @@ -1385,14 +1395,24 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr goto error_exit; } - status = open_file_ntcreate(conn, NULL, filepath, &stat_buf, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + filepath, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &stat_buf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { /* New file not found, this shouldn't occur if the caller did its job */ @@ -1528,14 +1548,24 @@ static uint32 get_correct_cversion(struct pipes_struct *p, goto error_exit; } - status = open_file_ntcreate(conn, NULL, driverpath, &st, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + driverpath, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &st); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { DEBUG(3,("get_correct_cversion: Can't open file [%s], errno = %d\n", diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 3c8c60f0e0..ba88f8ee56 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -335,7 +335,7 @@ static struct printjob *print_job_find(const char *sharename, uint32 jobid) uint32_t tmp; TDB_DATA ret; struct tdb_print_db *pdb = get_print_db_byname(sharename); - + DEBUG(10,("print_job_find: looking up job %u for share %s\n", (unsigned int)jobid, sharename )); @@ -350,19 +350,19 @@ static struct printjob *print_job_find(const char *sharename, uint32 jobid) DEBUG(10,("print_job_find: failed to find jobid %u.\n", (unsigned int)jobid )); return NULL; } - + if ( pjob.nt_devmode ) { free_nt_devicemode( &pjob.nt_devmode ); } - + ZERO_STRUCT( pjob ); - + if ( unpack_pjob( ret.dptr, ret.dsize, &pjob ) == -1 ) { DEBUG(10,("print_job_find: failed to unpack jobid %u.\n", (unsigned int)jobid )); SAFE_FREE(ret.dptr); return NULL; } - + SAFE_FREE(ret.dptr); DEBUG(10,("print_job_find: returning system job %d for jobid %u.\n", @@ -1394,7 +1394,19 @@ main thread of the background lpq updater ****************************************************************************/ void start_background_queue(void) { + /* Use local variables for this as we don't + * need to save the parent side of this, just + * ensure it closes when the process exits. + */ + int pause_pipe[2]; + DEBUG(3,("start_background_queue: Starting background LPQ thread\n")); + + if (pipe(pause_pipe) == -1) { + DEBUG(5,("start_background_queue: cannot create pipe. %s\n", strerror(errno) )); + exit(1); + } + background_lpq_updater_pid = sys_fork(); if (background_lpq_updater_pid == -1) { @@ -1406,6 +1418,9 @@ void start_background_queue(void) /* Child. */ DEBUG(5,("start_background_queue: background LPQ thread started\n")); + close(pause_pipe[0]); + pause_pipe[0] = -1; + if (!reinit_after_fork(smbd_messaging_context(), true)) { DEBUG(0,("reinit_after_fork() failed\n")); smb_panic("reinit_after_fork() failed"); @@ -1420,13 +1435,23 @@ void start_background_queue(void) messaging_register(smbd_messaging_context(), NULL, MSG_PRINTER_UPDATE, print_queue_receive); - + DEBUG(5,("start_background_queue: background LPQ thread waiting for messages\n")); while (1) { - pause(); - + fd_set pause_fds; + int pause_select; + + FD_ZERO(&pause_fds); + FD_SET(pause_pipe[1], &pause_fds); + pause_select = sys_select(pause_pipe[1]+1, &pause_fds, NULL, NULL, NULL); + /* If pause_pipe[0] is closed it means the parent smbd + * and children exited or aborted. */ + if (pause_select == 1) { + exit_server_cleanly(NULL); + } + /* check for some essential signals first */ - + if (got_sig_term) { exit_server_cleanly(NULL); } @@ -1437,9 +1462,9 @@ void start_background_queue(void) reload_services(False); reload_after_sighup = 0; } - + /* now check for messages */ - + DEBUG(10,("start_background_queue: background LPQ thread got a message\n")); message_dispatch(smbd_messaging_context()); @@ -1449,6 +1474,8 @@ void start_background_queue(void) 0); } } + + close(pause_pipe[1]); } /**************************************************************************** diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index f0c2f6709e..a2d334230d 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2979,6 +2979,9 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, auth->user_name = talloc_strdup(auth, cli->user_name); auth->domain = talloc_strdup(auth, cli->domain); + auth->user_session_key = data_blob_talloc(auth, + cli->user_session_key.data, + cli->user_session_key.length); if ((auth->user_name == NULL) || (auth->domain == NULL)) { TALLOC_FREE(result); @@ -3443,6 +3446,10 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, cli->auth->a_u.kerberos_auth->session_key.length); break; case PIPE_AUTH_TYPE_NONE: + *session_key = data_blob_talloc(mem_ctx, + cli->auth->user_session_key.data, + cli->auth->user_session_key.length); + break; default: return NT_STATUS_NO_USER_SESSION_KEY; } diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 6a9e6d1682..a6e4ad8a33 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -341,7 +341,8 @@ void init_samr_user_info16(struct samr_UserInfo16 *r, void init_samr_user_info18(struct samr_UserInfo18 *r, const uint8 lm_pwd[16], - const uint8 nt_pwd[16]) + const uint8 nt_pwd[16], + uint8_t password_expired) { DEBUG(5, ("init_samr_user_info18\n")); @@ -349,6 +350,7 @@ void init_samr_user_info18(struct samr_UserInfo18 *r, memcpy(r->lm_pwd.hash, lm_pwd, sizeof(r->lm_pwd.hash)) ? true : false; r->nt_pwd_active = memcpy(r->nt_pwd.hash, nt_pwd, sizeof(r->nt_pwd.hash)) ? true : false; + r->password_expired = password_expired; } /******************************************************************* @@ -391,8 +393,8 @@ void init_samr_user_info21(struct samr_UserInfo21 *r, uint16_t logon_count, uint16_t country_code, uint16_t code_page, - uint8_t nt_password_set, uint8_t lm_password_set, + uint8_t nt_password_set, uint8_t password_expired) { r->last_logon = last_logon; @@ -420,8 +422,8 @@ void init_samr_user_info21(struct samr_UserInfo21 *r, r->logon_count = logon_count; r->country_code = country_code; r->code_page = code_page; - r->nt_password_set = nt_password_set; r->lm_password_set = lm_password_set; + r->nt_password_set = nt_password_set; r->password_expired = password_expired; } @@ -455,8 +457,8 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, uint16_t logon_count, uint16_t country_code, uint16_t code_page, - uint8_t nt_password_set, uint8_t lm_password_set, + uint8_t nt_password_set, uint8_t password_expired, struct samr_CryptPassword *pwd_buf) { @@ -487,8 +489,8 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, logon_count, country_code, code_page, - nt_password_set, lm_password_set, + nt_password_set, password_expired); r->password = *pwd_buf; @@ -538,8 +540,8 @@ void init_samr_user_info25(struct samr_UserInfo25 *r, uint16_t logon_count, uint16_t country_code, uint16_t code_page, - uint8_t nt_password_set, uint8_t lm_password_set, + uint8_t nt_password_set, uint8_t password_expired, struct samr_CryptPasswordEx *pwd_buf) { @@ -572,8 +574,8 @@ void init_samr_user_info25(struct samr_UserInfo25 *r, logon_count, country_code, code_page, - nt_password_set, lm_password_set, + nt_password_set, password_expired); r->password = *pwd_buf; diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 45acd3ed48..038690d0f1 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1402,10 +1402,10 @@ NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, /**************************************************************** ****************************************************************/ -WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p, - struct netr_NETRSERVERGETTRUSTINFO *r) +NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, + struct netr_ServerGetTrustInfo *r) { p->rng_fault_state = true; - return WERR_NOT_SUPPORTED; + return NT_STATUS_NOT_IMPLEMENTED; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index cbcd4de60c..342f432c4e 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2079,7 +2079,7 @@ NTSTATUS _samr_LookupRids(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; status = access_check_samr_function(acc_granted, - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, + 0, /* Don't know the acc_bits yet */ "_samr_LookupRids"); if (!NT_STATUS_IS_OK(status)) { return status; @@ -2430,8 +2430,10 @@ static NTSTATUS get_user_info_18(pipes_struct *p, return NT_STATUS_ACCOUNT_DISABLED; } - init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass), - pdb_get_nt_passwd(smbpass)); + init_samr_user_info18(r, + pdb_get_lanman_passwd(smbpass), + pdb_get_nt_passwd(smbpass), + 0 /* FIXME */); TALLOC_FREE(smbpass); @@ -2607,8 +2609,8 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, pdb_get_logon_count(pw), 0, /* country_code */ 0, /* code_page */ - 0, /* nt_password_set */ 0, /* lm_password_set */ + 0, /* nt_password_set */ password_expired); return NT_STATUS_OK; @@ -2634,7 +2636,7 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, return NT_STATUS_INVALID_HANDLE; status = access_check_samr_function(info->acc_granted, - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, + SAMR_USER_ACCESS_GET_ATTRIBUTES, "_samr_QueryUserInfo"); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3699,29 +3701,62 @@ static bool set_user_info_16(struct samr_UserInfo16 *id16, set_user_info_18 ********************************************************************/ -static bool set_user_info_18(struct samr_UserInfo18 *id18, - struct samu *pwd) +static NTSTATUS set_user_info_18(struct samr_UserInfo18 *id18, + TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + struct samu *pwd) { if (id18 == NULL) { DEBUG(2, ("set_user_info_18: id18 is NULL\n")); - return False; + return NT_STATUS_INVALID_PARAMETER; } - if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) { - return False; + if (id18->nt_pwd_active || id18->lm_pwd_active) { + if (!session_key->length) { + return NT_STATUS_NO_USER_SESSION_KEY; + } } - if (!pdb_set_nt_passwd (pwd, id18->nt_pwd.hash, PDB_CHANGED)) { - return False; + + if (id18->nt_pwd_active) { + + DATA_BLOB in, out; + + in = data_blob_const(id18->nt_pwd.hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + + sess_crypt_blob(&out, &in, session_key, false); + + if (!pdb_set_nt_passwd(pwd, out.data, PDB_CHANGED)) { + return NT_STATUS_ACCESS_DENIED; + } + + pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED); } - if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) { - return False; + + if (id18->lm_pwd_active) { + + DATA_BLOB in, out; + + in = data_blob_const(id18->lm_pwd.hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + + sess_crypt_blob(&out, &in, session_key, false); + + if (!pdb_set_lanman_passwd(pwd, out.data, PDB_CHANGED)) { + return NT_STATUS_ACCESS_DENIED; + } + + pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED); } - if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - return False; - } + if (id18->password_expired) { + pdb_set_pass_last_set_time(pwd, 0, PDB_CHANGED); + } else { + /* FIXME */ + pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED); + } - return True; + return pdb_update_sam_account(pwd); } /******************************************************************* @@ -3856,8 +3891,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, return NT_STATUS_ACCESS_DENIED; } - if ((id23->info.fields_present & SAMR_FIELD_PASSWORD) || - (id23->info.fields_present & SAMR_FIELD_PASSWORD2)) { + if ((id23->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) || + (id23->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) { DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n", pdb_get_username(pwd))); @@ -4178,9 +4213,10 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, case 18: /* Used by AS/U JRA. */ - if (!set_user_info_18(&info->info18, pwd)) { - status = NT_STATUS_ACCESS_DENIED; - } + status = set_user_info_18(&info->info18, + p->mem_ctx, + &p->server_info->user_session_key, + pwd); break; case 20: diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index bf3669022d..15af963c4c 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -493,6 +493,19 @@ static bool is_hidden_share(int snum) } /******************************************************************* + Verify user is allowed to view share, access based enumeration +********************************************************************/ +static bool is_enumeration_allowed(pipes_struct *p, + int snum) +{ + if (!lp_access_based_share_enum(snum)) + return true; + + return share_access_check(p->server_info->ptok, lp_servicename(snum), + FILE_READ_DATA); +} + +/******************************************************************* Fill in a share info structure. ********************************************************************/ @@ -509,6 +522,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, TALLOC_CTX *ctx = p->mem_ctx; int i = 0; int valid_share_count = 0; + bool *allowed = 0; union srvsvc_NetShareCtr ctr; uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0; @@ -521,15 +535,21 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, num_services = lp_numservices(); unbecome_root(); - /* Count the number of entries. */ - for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { - DEBUG(10, ("counting service %s\n", lp_servicename(snum))); - num_entries++; - } else { - DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum))); - } - } + allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services); + W_ERROR_HAVE_NO_MEMORY(allowed); + + /* Count the number of entries. */ + for (snum = 0; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && + is_enumeration_allowed(p, snum) && + (all_shares || !is_hidden_share(snum)) ) { + DEBUG(10, ("counting service %s\n", lp_servicename(snum))); + allowed[snum] = true; + num_entries++; + } else { + DEBUG(10, ("NOT counting service %s\n", lp_servicename(snum))); + } + } if (!num_entries || (resume_handle >= num_entries)) { return WERR_OK; @@ -547,7 +567,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_0(p, &ctr.ctr0->array[i++], snum); } @@ -564,7 +584,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1(p, &ctr.ctr1->array[i++], snum); } @@ -581,7 +601,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_2(p, &ctr.ctr2->array[i++], snum); } @@ -598,7 +618,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_501(p, &ctr.ctr501->array[i++], snum); } @@ -615,7 +635,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_502(p, &ctr.ctr502->array[i++], snum); } @@ -632,7 +652,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1004(p, &ctr.ctr1004->array[i++], snum); } @@ -649,7 +669,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1005(p, &ctr.ctr1005->array[i++], snum); } @@ -666,7 +686,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1006(p, &ctr.ctr1006->array[i++], snum); } @@ -683,7 +703,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1007(p, &ctr.ctr1007->array[i++], snum); } @@ -700,7 +720,7 @@ static WERROR init_srv_share_info_ctr(pipes_struct *p, W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array); for (snum = 0; snum < num_services; snum++) { - if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) && + if (allowed[snum] && (resume_handle <= (i + valid_share_count++)) ) { init_srv_share_info_1501(p, &ctr.ctr1501->array[i++], snum); } @@ -2048,11 +2068,12 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, goto error_exit; } - nt_status = create_file( + nt_status = SMB_VFS_CREATE_FILE( conn, /* conn */ NULL, /* req */ 0, /* root_dir_fid */ r->in.file, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ FILE_READ_ATTRIBUTES, /* access_mask */ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */ FILE_OPEN, /* create_disposition*/ @@ -2162,11 +2183,12 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, goto error_exit; } - nt_status = create_file( + nt_status = SMB_VFS_CREATE_FILE( conn, /* conn */ NULL, /* req */ 0, /* root_dir_fid */ r->in.file, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ FILE_WRITE_ATTRIBUTES, /* access_mask */ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */ FILE_OPEN, /* create_disposition*/ diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index eaf5adbfa5..426e7e9744 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -219,9 +219,8 @@ static void display_sam_dom_info_13(struct samr_DomInfo13 *info13) printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num); printf("Domain Create Time:\t%s\n", http_timestring(talloc_tos(), nt_time_to_unix(info13->domain_create_time))); - printf("Unknown1:\t%d\n", info13->unknown1); - printf("Unknown2:\t%d\n", info13->unknown2); - + printf("Sequence No at last promotion:\t%llu\n", + (unsigned long long)info13->modified_count_at_last_promotion); } static void display_sam_info_1(struct samr_DispEntryGeneral *r) @@ -264,6 +263,35 @@ static void display_sam_info_5(struct samr_DispEntryAscii *r) printf("Account: %s\n", r->account_name.string); } +/**************************************************************************** + ****************************************************************************/ + +static NTSTATUS get_domain_handle(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *sam, + struct policy_handle *connect_pol, + uint32_t access_mask, + struct dom_sid *_domain_sid, + struct policy_handle *domain_pol) +{ + + if (StrCaseCmp(sam, "domain") == 0) { + return rpccli_samr_OpenDomain(cli, mem_ctx, + connect_pol, + access_mask, + _domain_sid, + domain_pol); + } else if (StrCaseCmp(sam, "builtin") == 0) { + return rpccli_samr_OpenDomain(cli, mem_ctx, + connect_pol, + access_mask, + CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), + domain_pol); + } + + return NT_STATUS_INVALID_PARAMETER; +} + /********************************************************************** * Query user information */ @@ -649,21 +677,11 @@ static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - &domain_sid, &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else { - printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]); - return NT_STATUS_INVALID_PARAMETER; - } + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -955,20 +973,11 @@ static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli, /* Get domain policy handle */ - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - access_mask, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1107,20 +1116,11 @@ static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli, /* Open handle on domain */ - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1197,25 +1197,11 @@ static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli, /* Open handle on domain */ - if (strequal(argv[1], "domain")) { - - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - SEC_FLAG_MAXIMUM_ALLOWED, - &domain_sid, - &domain_pol); - - } else if (strequal(argv[1], "builtin")) { - - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - SEC_FLAG_MAXIMUM_ALLOWED, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - - } else { - return NT_STATUS_OK; - } + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + SEC_FLAG_MAXIMUM_ALLOWED, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) { goto done; @@ -1294,20 +1280,11 @@ static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli, /* Open handle on domain */ - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_INVALID_PARAMETER; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1890,20 +1867,11 @@ static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -1973,20 +1941,11 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (StrCaseCmp(argv[1], "domain")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - &domain_sid, - &domain_pol); - else if (StrCaseCmp(argv[1], "builtin")==0) - result = rpccli_samr_OpenDomain(cli, mem_ctx, - &connect_pol, - MAXIMUM_ALLOWED_ACCESS, - CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin), - &domain_pol); - else - return NT_STATUS_OK; + result = get_domain_handle(cli, mem_ctx, argv[1], + &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(result)) goto done; @@ -2658,6 +2617,241 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli, return result; } +static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv, + int opcode) +{ + POLICY_HND connect_pol, domain_pol, user_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + const char *user, *param; + uint32_t access_mask = MAXIMUM_ALLOWED_ACCESS; + uint32_t level; + uint32_t user_rid; + union samr_UserInfo info; + struct samr_CryptPassword pwd_buf; + struct samr_CryptPasswordEx pwd_buf_ex; + uint8_t nt_hash[16]; + uint8_t lm_hash[16]; + DATA_BLOB session_key; + uint8_t password_expired = 0; + + if (argc < 4) { + printf("Usage: %s username level password [password_expired]\n", + argv[0]); + return NT_STATUS_INVALID_PARAMETER; + } + + user = argv[1]; + level = atoi(argv[2]); + param = argv[3]; + + if (argc >= 5) { + password_expired = atoi(argv[4]); + } + + status = cli_get_session_key(mem_ctx, cli, &session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + init_samr_CryptPassword(param, &session_key, &pwd_buf); + init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex); + nt_lm_owf_gen(param, nt_hash, lm_hash); + + switch (level) { + case 18: + { + DATA_BLOB in,out; + in = data_blob_const(nt_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(nt_hash, out.data, out.length); + } + { + DATA_BLOB in,out; + in = data_blob_const(lm_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + memcpy(lm_hash, out.data, out.length); + } + + init_samr_user_info18(&info.info18, + lm_hash, + nt_hash, + password_expired); + break; + case 21: + ZERO_STRUCT(info.info21); + + info.info21.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT | + SAMR_FIELD_LM_PASSWORD_PRESENT; + if (argc >= 5) { + info.info21.fields_present |= SAMR_FIELD_EXPIRED_FLAG; + info.info21.password_expired = password_expired; + } + + info.info21.lm_password_set = true; + info.info21.lm_owf_password.length = 16; + info.info21.lm_owf_password.size = 16; + + info.info21.nt_password_set = true; + info.info21.nt_owf_password.length = 16; + info.info21.nt_owf_password.size = 16; + + { + DATA_BLOB in,out; + in = data_blob_const(nt_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + info.info21.nt_owf_password.array = + (uint16_t *)talloc_memdup(mem_ctx, out.data, 16); + } + { + DATA_BLOB in,out; + in = data_blob_const(lm_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + sess_crypt_blob(&out, &in, &session_key, true); + info.info21.lm_owf_password.array = + (uint16_t *)talloc_memdup(mem_ctx, out.data, 16); + } + + break; + case 23: + ZERO_STRUCT(info.info23); + + info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT | + SAMR_FIELD_LM_PASSWORD_PRESENT; + if (argc >= 5) { + info.info23.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG; + info.info23.info.password_expired = password_expired; + } + + info.info23.password = pwd_buf; + + break; + case 24: + init_samr_user_info24(&info.info24, + &pwd_buf, + password_expired); + break; + case 25: + ZERO_STRUCT(info.info25); + + info.info25.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT | + SAMR_FIELD_LM_PASSWORD_PRESENT; + if (argc >= 5) { + info.info25.info.fields_present |= SAMR_FIELD_EXPIRED_FLAG; + info.info25.info.password_expired = password_expired; + } + + info.info25.password = pwd_buf_ex; + + break; + case 26: + init_samr_user_info26(&info.info26, + &pwd_buf_ex, + password_expired); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* Get sam policy handle */ + + status = rpccli_try_samr_connects(cli, mem_ctx, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + + if (!NT_STATUS_IS_OK(status)) + goto done; + + /* Get domain policy handle */ + + status = rpccli_samr_OpenDomain(cli, mem_ctx, + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); + + if (!NT_STATUS_IS_OK(status)) + goto done; + + user_rid = strtol(user, NULL, 0); + if (user_rid) { + status = rpccli_samr_OpenUser(cli, mem_ctx, + &domain_pol, + access_mask, + user_rid, + &user_pol); + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) || + (user_rid == 0)) { + + /* Probably this was a user name, try lookupnames */ + struct samr_Ids rids, types; + struct lsa_String lsa_acct_name; + + init_lsa_String(&lsa_acct_name, user); + + status = rpccli_samr_LookupNames(cli, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &types); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_samr_OpenUser(cli, mem_ctx, + &domain_pol, + access_mask, + rids.ids[0], + &user_pol); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + switch (opcode) { + case NDR_SAMR_SETUSERINFO: + status = rpccli_samr_SetUserInfo(cli, mem_ctx, + &user_pol, + level, + &info); + break; + case NDR_SAMR_SETUSERINFO2: + status = rpccli_samr_SetUserInfo2(cli, mem_ctx, + &user_pol, + level, + &info); + break; + default: + return NT_STATUS_INVALID_PARAMETER; + } + + done: + return status; +} + +static NTSTATUS cmd_samr_setuserinfo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv, + NDR_SAMR_SETUSERINFO); +} + +static NTSTATUS cmd_samr_setuserinfo2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + return cmd_samr_setuserinfo_int(cli, mem_ctx, argc, argv, + NDR_SAMR_SETUSERINFO2); +} + static NTSTATUS cmd_samr_get_dispinfo_idx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) @@ -2759,5 +2953,7 @@ struct cmd_set samr_commands[] = { { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" }, { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, &ndr_table_samr.syntax_id, NULL, "Change user password", "" }, { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, &ndr_table_samr.syntax_id, NULL, "Get Display Information Index", "" }, + { "setuserinfo", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info", "" }, + { "setuserinfo2", RPC_RTYPE_NTSTATUS, cmd_samr_setuserinfo2, NULL, &ndr_table_samr.syntax_id, NULL, "Set user info2", "" }, { NULL } }; diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 26a73203b9..038acfbcdc 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -2641,6 +2641,8 @@ done: /**************************************************************************** ****************************************************************************/ +extern struct user_auth_info *rpcclient_auth_info; + static WERROR cmd_spoolss_printercmp(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) @@ -2671,11 +2673,11 @@ static WERROR cmd_spoolss_printercmp(struct rpc_pipe_client *cli, nt_status = cli_full_connection(&cli_server2, global_myname(), servername2, NULL, 0, "IPC$", "IPC", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(rpcclient_auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), - get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, - get_cmdline_auth_info_signing_state(), NULL); + get_cmdline_auth_info_password(rpcclient_auth_info), + get_cmdline_auth_info_use_kerberos(rpcclient_auth_info) ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, + get_cmdline_auth_info_signing_state(rpcclient_auth_info), NULL); if ( !NT_STATUS_IS_OK(nt_status) ) return WERR_GENERAL_FAILURE; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 61d8d7c485..dc125007e3 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -28,6 +28,8 @@ static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; static unsigned int timeout = 0; +struct user_auth_info *rpcclient_auth_info; + /* List to hold groups of commands. * * Commands are defined in a list of arrays: arrays are easy to @@ -560,6 +562,7 @@ static void add_command_set(struct cmd_set *cmd_set) * @param cmd Command to run, as a single string. **/ static NTSTATUS do_cmd(struct cli_state *cli, + struct user_auth_info *auth_info, struct cmd_set *cmd_entry, int argc, char **argv) { @@ -589,8 +592,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, cli, cmd_entry->interface, pipe_default_auth_level, lp_workgroup(), - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), &cmd_entry->rpc_pipe); break; case PIPE_AUTH_TYPE_NTLMSSP: @@ -598,8 +601,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, cli, cmd_entry->interface, pipe_default_auth_level, lp_workgroup(), - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), &cmd_entry->rpc_pipe); break; case PIPE_AUTH_TYPE_SCHANNEL: @@ -687,7 +690,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, * * @returns The NTSTATUS from running the command. **/ -static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) +static NTSTATUS process_cmd(struct user_auth_info *auth_info, + struct cli_state *cli, char *cmd) { struct cmd_list *temp_list; NTSTATUS result = NT_STATUS_OK; @@ -713,7 +717,8 @@ static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) goto out_free; } - result = do_cmd(cli, temp_set, argc, argv); + result = do_cmd(cli, auth_info, temp_set, + argc, argv); goto out_free; } @@ -776,7 +781,7 @@ out_free: load_case_tables(); - zero_addr(&server_ss); + zero_sockaddr(&server_ss); setlinebuf(stdout); @@ -784,6 +789,12 @@ out_free: facilities. See lib/debug.c */ setup_logging("rpcclient", True); + rpcclient_auth_info = user_auth_info_init(frame); + if (rpcclient_auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(rpcclient_auth_info); + /* Parse options */ pc = poptGetContext("rpcclient", argc, (const char **) argv, @@ -850,16 +861,16 @@ out_free: * from stdin if necessary */ - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(rpcclient_auth_info) && + !set_cmdline_auth_info_machine_account_creds(rpcclient_auth_info)) { result = 1; goto done; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(rpcclient_auth_info)) { char *pass = getpass("Password:"); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(rpcclient_auth_info, pass); } } @@ -868,7 +879,7 @@ out_free: server += 2; } - if (get_cmdline_auth_info_use_kerberos()) { + if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } @@ -877,11 +888,12 @@ out_free: nt_status = cli_full_connection(&cli, global_myname(), server, opt_ipaddr ? &server_ss : NULL, opt_port, "IPC$", "IPC", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(rpcclient_auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_password(rpcclient_auth_info), flags, - get_cmdline_auth_info_signing_state(),NULL); + get_cmdline_auth_info_signing_state(rpcclient_auth_info), + NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); @@ -889,10 +901,10 @@ out_free: goto done; } - if (get_cmdline_auth_info_smb_encrypt()) { + if (get_cmdline_auth_info_smb_encrypt(rpcclient_auth_info)) { nt_status = cli_cm_force_encryption(cli, - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(rpcclient_auth_info), + get_cmdline_auth_info_password(rpcclient_auth_info), lp_workgroup(), "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { @@ -927,7 +939,7 @@ out_free: result = 0; while((cmd=next_command(&p)) != NULL) { - NTSTATUS cmd_result = process_cmd(cli, cmd); + NTSTATUS cmd_result = process_cmd(rpcclient_auth_info, cli, cmd); SAFE_FREE(cmd); result = NT_STATUS_IS_ERR(cmd_result); } @@ -946,7 +958,7 @@ out_free: break; if (line[0] != '\n') - process_cmd(cli, line); + process_cmd(rpcclient_auth_info, cli, line); SAFE_FREE(line); } diff --git a/source3/samba4.mk b/source3/samba4.mk index 032a3d9c35..38d1ec2e19 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -161,9 +161,11 @@ modules:: $(PLUGINS) pythonmods:: $(PYTHON_PYS) $(PYTHON_SO) -all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 +all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 pythonmods setup torture:: bin/smbtorture4 everything:: $(patsubst %,%4,$(BINARIES)) +setup: + @ln -sf ../source4/setup setup SELFTEST4 = $(LD_LIBPATH_OVERRIDE) $(PERL) $(selftestdir)/selftest.pl --prefix=st4 \ --builddir=$(builddir) --srcdir=$(samba4srcdir) \ diff --git a/source3/smbd/close.c b/source3/smbd/close.c index ce918ab6a3..f91f1fcf8f 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -694,6 +694,13 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, fsp, NT_STATUS_OK); } + status = fd_close(fsp); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not close dir! fname=%s, fd=%d, err=%d=%s\n", + fsp->fsp_name, fsp->fh->fd, errno, strerror(errno))); + } + /* * Do the code common to files and directories. */ diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 954cd5a4d2..de07482369 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -353,7 +353,7 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT Convert dos attributes (FILE_ATTRIBUTE_*) to dos stat flags (UF_*) ****************************************************************************/ -static int dos_attributes_to_stat_dos_flags(uint32_t dosmode) +int dos_attributes_to_stat_dos_flags(uint32_t dosmode) { uint32_t dos_stat_flags = 0; diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 392264bfc0..d240ecfa64 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -26,8 +26,6 @@ #include "includes.h" -static bool scan_directory(connection_struct *conn, const char *path, - char *name, char **found_name); static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx, connection_struct *conn, const char *orig_path, @@ -433,8 +431,9 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, */ if (name_has_wildcard || - !scan_directory(conn, dirpath, - start, &found_name)) { + (SMB_VFS_GET_REAL_FILENAME( + conn, dirpath, start, + talloc_tos(), &found_name) == -1)) { char *unmangled; if (end) { @@ -768,15 +767,15 @@ static bool fname_equal(const char *name1, const char *name2, If the name looks like a mangled name then try via the mangling functions ****************************************************************************/ -static bool scan_directory(connection_struct *conn, const char *path, - char *name, char **found_name) +int get_real_filename(connection_struct *conn, const char *path, + const char *name, TALLOC_CTX *mem_ctx, + char **found_name) { struct smb_Dir *cur_dir; const char *dname; bool mangled; char *unmangled_name = NULL; long curpos; - TALLOC_CTX *ctx = talloc_tos(); mangled = mangle_is_mangled(name, conn->params); @@ -791,7 +790,7 @@ static bool scan_directory(connection_struct *conn, const char *path, */ if (!mangled && !(conn->fs_capabilities & FILE_CASE_SENSITIVE_SEARCH)) { errno = ENOENT; - return False; + return -1; } /* @@ -810,10 +809,9 @@ static bool scan_directory(connection_struct *conn, const char *path, */ if (mangled && !conn->case_sensitive) { - mangled = !mangle_lookup_name_from_8_3(ctx, - name, - &unmangled_name, - conn->params); + mangled = !mangle_lookup_name_from_8_3(talloc_tos(), name, + &unmangled_name, + conn->params); if (!mangled) { /* Name is now unmangled. */ name = unmangled_name; @@ -824,7 +822,7 @@ static bool scan_directory(connection_struct *conn, const char *path, if (!(cur_dir = OpenDir(talloc_tos(), conn, path, NULL, 0))) { DEBUG(3,("scan dir didn't open dir [%s]\n",path)); TALLOC_FREE(unmangled_name); - return(False); + return -1; } /* now scan for matching names */ @@ -850,21 +848,21 @@ static bool scan_directory(connection_struct *conn, const char *path, if ((mangled && mangled_equal(name,dname,conn->params)) || fname_equal(name, dname, conn->case_sensitive)) { /* we've found the file, change it's name and return */ - *found_name = talloc_strdup(ctx,dname); + *found_name = talloc_strdup(mem_ctx, dname); TALLOC_FREE(unmangled_name); TALLOC_FREE(cur_dir); if (!*found_name) { errno = ENOMEM; - return False; + return -1; } - return(True); + return 0; } } TALLOC_FREE(unmangled_name); TALLOC_FREE(cur_dir); errno = ENOENT; - return False; + return -1; } static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 777073e6ba..24a14a8c1b 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -474,10 +474,24 @@ void reply_ntcreate_and_X(struct smb_request *req) ? BATCH_OPLOCK : 0; } - status = create_file(conn, req, root_dir_fid, fname, - access_mask, share_access, create_disposition, - create_options, file_attributes, oplock_request, - allocation_size, NULL, NULL, &fsp, &info, &sbuf); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + root_dir_fid, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -932,10 +946,24 @@ static void call_nt_transact_create(connection_struct *conn, ? BATCH_OPLOCK : 0; } - status = create_file(conn, req, root_dir_fid, fname, - access_mask, share_access, create_disposition, - create_options, file_attributes, oplock_request, - allocation_size, sd, ea_list, &fsp, &info, &sbuf); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + root_dir_fid, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_access, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + file_attributes, /* file_attributes */ + oplock_request, /* oplock_request */ + allocation_size, /* allocation_size */ + sd, /* sd */ + ea_list, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if(!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -1158,27 +1186,49 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx, DEBUG(10,("copy_internals: doing file copy %s to %s\n", oldname, newname)); - status = open_file_ntcreate(conn, req, oldname, &sbuf1, - FILE_READ_DATA, /* Read-only. */ - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, /* No create options. */ - FILE_ATTRIBUTE_NORMAL, - NO_OPLOCK, - &info, &fsp1); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + oldname, /* fname */ + 0, /* create_file_flags */ + FILE_READ_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + NO_OPLOCK, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp1, /* result */ + &info, /* pinfo */ + &sbuf1); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; } - status = open_file_ntcreate(conn, req, newname, &sbuf2, - FILE_WRITE_DATA, /* Read-only. */ - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_CREATE, - 0, /* No create options. */ - fattr, - NO_OPLOCK, - &info, &fsp2); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + newname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_CREATE, /* create_disposition*/ + 0, /* create_options */ + fattr, /* file_attributes */ + NO_OPLOCK, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp2, /* result */ + &info, /* pinfo */ + &sbuf2); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { close_file(NULL, fsp1, ERROR_CLOSE); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index f98415ee33..d22eda2bb5 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -29,6 +29,23 @@ struct deferred_open_record { struct file_id id; }; +static NTSTATUS create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf); + /**************************************************************************** SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES. ****************************************************************************/ @@ -142,7 +159,7 @@ NTSTATUS fd_close(files_struct *fsp) Do this by fd if possible. ****************************************************************************/ -static void change_file_owner_to_parent(connection_struct *conn, +void change_file_owner_to_parent(connection_struct *conn, const char *inherit_from_dir, files_struct *fsp) { @@ -173,7 +190,7 @@ static void change_file_owner_to_parent(connection_struct *conn, (unsigned int)parent_st.st_uid )); } -static NTSTATUS change_dir_owner_to_parent(connection_struct *conn, +NTSTATUS change_dir_owner_to_parent(connection_struct *conn, const char *inherit_from_dir, const char *fname, SMB_STRUCT_STAT *psbuf) @@ -482,7 +499,7 @@ static NTSTATUS open_file(files_struct *fsp, Return True if the filename is one of the special executable types. ********************************************************************/ -static bool is_executable(const char *fname) +bool is_executable(const char *fname) { if ((fname = strrchr_m(fname,'.'))) { if (strequal(fname,".com") || @@ -644,7 +661,7 @@ static void validate_my_share_entries(int num, } #endif -static bool is_stat_open(uint32 access_mask) +bool is_stat_open(uint32 access_mask) { return (access_mask && ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES| @@ -845,8 +862,8 @@ static bool delay_for_oplocks(struct share_mode_lock *lck, return True; } -static bool request_timed_out(struct timeval request_time, - struct timeval timeout) +bool request_timed_out(struct timeval request_time, + struct timeval timeout) { struct timeval now, end_time; GetTimeOfDay(&now); @@ -911,13 +928,13 @@ static void defer_open(struct share_mode_lock *lck, On overwrite open ensure that the attributes match. ****************************************************************************/ -static bool open_match_attributes(connection_struct *conn, - const char *path, - uint32 old_dos_attr, - uint32 new_dos_attr, - mode_t existing_unx_mode, - mode_t new_unx_mode, - mode_t *returned_unx_mode) +bool open_match_attributes(connection_struct *conn, + const char *path, + uint32 old_dos_attr, + uint32 new_dos_attr, + mode_t existing_unx_mode, + mode_t new_unx_mode, + mode_t *returned_unx_mode) { uint32 noarch_old_dos_attr, noarch_new_dos_attr; @@ -961,7 +978,7 @@ static bool open_match_attributes(connection_struct *conn, Try and find a duplicated file handle. ****************************************************************************/ -static NTSTATUS fcb_or_dos_open(struct smb_request *req, +NTSTATUS fcb_or_dos_open(struct smb_request *req, connection_struct *conn, files_struct *fsp_to_dup_into, const char *fname, @@ -1031,7 +1048,7 @@ bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func uint32 access_mask; uint32 share_mode; uint32 create_disposition; - uint32 create_options = 0; + uint32 create_options = FILE_NON_DIRECTORY_FILE; DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, " "open_func = 0x%x\n", @@ -1260,7 +1277,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, Open a file with a share mode. Passed in an already created files_struct *. ****************************************************************************/ -static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, +static NTSTATUS open_file_ntcreate(connection_struct *conn, struct smb_request *req, const char *fname, SMB_STRUCT_STAT *psbuf, @@ -1964,13 +1981,11 @@ static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, } set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, - fsp->oplock_type, new_file_created); + fsp->oplock_type); /* Handle strange delete on close create semantics. */ - if ((create_options & FILE_DELETE_ON_CLOSE) - && (((conn->fs_capabilities & FILE_NAMED_STREAMS) - && is_ntfs_stream_name(fname)) - || can_set_initial_delete_on_close(lck))) { + if (create_options & FILE_DELETE_ON_CLOSE) { + status = can_set_delete_on_close(fsp, True, new_dos_attributes); if (!NT_STATUS_IS_OK(status)) { @@ -2056,55 +2071,6 @@ static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, return NT_STATUS_OK; } -/**************************************************************************** - Open a file with a share mode. -****************************************************************************/ - -NTSTATUS open_file_ntcreate(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */ - uint32 share_access, /* share constants (FILE_SHARE_READ etc) */ - uint32 create_disposition, /* FILE_OPEN_IF etc. */ - uint32 create_options, /* options such as delete on close. */ - uint32 new_dos_attributes, /* attributes used for new file. */ - int oplock_request, /* internal Samba oplock codes. */ - /* Information (FILE_EXISTS etc.) */ - int *pinfo, - files_struct **result) -{ - NTSTATUS status; - files_struct *fsp = NULL; - - *result = NULL; - - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - return status; - } - - status = open_file_ntcreate_internal(conn, - req, - fname, - psbuf, - access_mask, - share_access, - create_disposition, - create_options, - new_dos_attributes, - oplock_request, - pinfo, - fsp); - - if(!NT_STATUS_IS_OK(status)) { - file_free(req, fsp); - return status; - } - - *result = fsp; - return status; -} /**************************************************************************** Open a file for for write to ensure that we can fchmod it. @@ -2126,10 +2092,25 @@ NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn, return status; } - /* note! we must use a non-zero desired access or we don't get - a real file descriptor. Oh what a twisted web we weave. */ - status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY, - 0, FILE_WRITE_DATA, FILE_WRITE_DATA); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + 0, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + psbuf); /* psbuf */ /* * This is not a user visible file open. @@ -2250,17 +2231,17 @@ static NTSTATUS mkdir_internal(connection_struct *conn, Open a directory from an NT SMB call. ****************************************************************************/ -NTSTATUS open_directory(connection_struct *conn, - struct smb_request *req, - const char *fname, - SMB_STRUCT_STAT *psbuf, - uint32 access_mask, - uint32 share_access, - uint32 create_disposition, - uint32 create_options, - uint32 file_attributes, - int *pinfo, - files_struct **result) +static NTSTATUS open_directory(connection_struct *conn, + struct smb_request *req, + const char *fname, + SMB_STRUCT_STAT *psbuf, + uint32 access_mask, + uint32 share_access, + uint32 create_disposition, + uint32 create_options, + uint32 file_attributes, + int *pinfo, + files_struct **result) { files_struct *fsp = NULL; bool dir_existed = VALID_STAT(*psbuf) ? True : False; @@ -2438,8 +2419,7 @@ NTSTATUS open_directory(connection_struct *conn, return status; } - set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK, - True); + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK); /* For directories the delete on close bit at open time seems always to be honored on close... See test 19 in Samba4 BASE-DELETE. */ @@ -2476,14 +2456,24 @@ NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, cons SET_STAT_INVALID(sbuf); - status = open_directory(conn, req, directory, &sbuf, - FILE_READ_ATTRIBUTES, /* Just a stat open */ - FILE_SHARE_NONE, /* Ignored for stat opens */ - FILE_CREATE, - 0, - FILE_ATTRIBUTE_DIRECTORY, - NULL, - &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + directory, /* fname */ + 0, /* create_file_flags */ + FILE_READ_ATTRIBUTES, /* access_mask */ + FILE_SHARE_NONE, /* share_access */ + FILE_CREATE, /* create_disposition*/ + FILE_DIRECTORY_FILE, /* create_options */ + FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf); /* psbuf */ if (NT_STATUS_IS_OK(status)) { close_file(req, fsp, NORMAL_CLOSE); @@ -2569,8 +2559,8 @@ static int restore_case_semantics(struct case_semantics_state *state) /**************************************************************************** Save case semantics. ****************************************************************************/ -static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx, - connection_struct *conn) +struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx, + connection_struct *conn) { struct case_semantics_state *result; @@ -2708,22 +2698,22 @@ static NTSTATUS open_streams_for_delete(connection_struct *conn, * Wrapper around open_file_ntcreate and open_directory */ -NTSTATUS create_file_unixpath(connection_struct *conn, - struct smb_request *req, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf) +static NTSTATUS create_file_unixpath(connection_struct *conn, + struct smb_request *req, + const char *fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) { SMB_STRUCT_STAT sbuf; int info = FILE_WAS_OPENED; @@ -2868,7 +2858,8 @@ NTSTATUS create_file_unixpath(connection_struct *conn, } /* Can't open a temp directory. IFS kit test. */ - if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) { + if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && + (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) { status = NT_STATUS_INVALID_PARAMETER; goto fail; } @@ -2890,41 +2881,35 @@ NTSTATUS create_file_unixpath(connection_struct *conn, * Ordinary file case. */ - if (base_fsp) { - /* - * We're opening the stream element of a base_fsp - * we already opened. We need to initialize - * the fsp first, and set up the base_fsp pointer. - */ - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - goto fail; - } + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + goto fail; + } + /* + * We're opening the stream element of a base_fsp + * we already opened. Set up the base_fsp pointer. + */ + if (base_fsp) { fsp->base_fsp = base_fsp; + } - status = open_file_ntcreate_internal(conn, - req, - fname, - &sbuf, - access_mask, - share_access, - create_disposition, - create_options, - file_attributes, - oplock_request, - &info, - fsp); - - if(!NT_STATUS_IS_OK(status)) { - file_free(req, fsp); - fsp = NULL; - } - } else { - status = open_file_ntcreate( - conn, req, fname, &sbuf, access_mask, share_access, - create_disposition, create_options, file_attributes, - oplock_request, &info, &fsp); + status = open_file_ntcreate(conn, + req, + fname, + &sbuf, + access_mask, + share_access, + create_disposition, + create_options, + file_attributes, + oplock_request, + &info, + fsp); + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + fsp = NULL; } if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { @@ -2975,21 +2960,10 @@ NTSTATUS create_file_unixpath(connection_struct *conn, if ((sd != NULL) && (info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn))) { - uint32_t sec_info_sent = ALL_SECURITY_INFORMATION; + uint32_t sec_info_sent; uint32_t saved_access_mask = fsp->access_mask; - if (sd->owner_sid == NULL) { - sec_info_sent &= ~OWNER_SECURITY_INFORMATION; - } - if (sd->group_sid == NULL) { - sec_info_sent &= ~GROUP_SECURITY_INFORMATION; - } - if (sd->sacl == NULL) { - sec_info_sent &= ~SACL_SECURITY_INFORMATION; - } - if (sd->dacl == NULL) { - sec_info_sent &= ~DACL_SECURITY_INFORMATION; - } + sec_info_sent = get_sec_info(sd); fsp->access_mask = FILE_GENERIC_ALL; @@ -3082,23 +3056,114 @@ NTSTATUS create_file_unixpath(connection_struct *conn, return status; } -NTSTATUS create_file(connection_struct *conn, - struct smb_request *req, - uint16_t root_dir_fid, - const char *fname, - uint32_t access_mask, - uint32_t share_access, - uint32_t create_disposition, - uint32_t create_options, - uint32_t file_attributes, - uint32_t oplock_request, - uint64_t allocation_size, - struct security_descriptor *sd, - struct ea_list *ea_list, - - files_struct **result, - int *pinfo, - SMB_STRUCT_STAT *psbuf) +/* + * Calculate the full path name given a relative fid. + */ +NTSTATUS get_relative_fid_filename(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, char **new_fname) +{ + files_struct *dir_fsp; + char *parent_fname = NULL; + + if (root_dir_fid == 0 || !fname || !new_fname) { + return NT_STATUS_INTERNAL_ERROR; + } + + dir_fsp = file_fsp(req, root_dir_fid); + + if (dir_fsp == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + + if (!dir_fsp->is_directory) { + + /* + * Check to see if this is a mac fork of some kind. + */ + + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) && + is_ntfs_stream_name(fname)) { + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + + /* + we need to handle the case when we get a + relative open relative to a file and the + pathname is blank - this is a reopen! + (hint from demyn plantenberg) + */ + + return NT_STATUS_INVALID_HANDLE; + } + + if (ISDOT(dir_fsp->fsp_name)) { + /* + * We're at the toplevel dir, the final file name + * must not contain ./, as this is filtered out + * normally by srvstr_get_path and unix_convert + * explicitly rejects paths containing ./. + */ + parent_fname = talloc_strdup(talloc_tos(), ""); + if (parent_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + size_t dir_name_len = strlen(dir_fsp->fsp_name); + + /* + * Copy in the base directory name. + */ + + parent_fname = TALLOC_ARRAY(talloc_tos(), char, + dir_name_len+2); + if (parent_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + memcpy(parent_fname, dir_fsp->fsp_name, + dir_name_len+1); + + /* + * Ensure it ends in a '/'. + * We used TALLOC_SIZE +2 to add space for the '/'. + */ + + if(dir_name_len + && (parent_fname[dir_name_len-1] != '\\') + && (parent_fname[dir_name_len-1] != '/')) { + parent_fname[dir_name_len] = '/'; + parent_fname[dir_name_len+1] = '\0'; + } + } + + *new_fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname, + fname); + if (*new_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +NTSTATUS create_file_default(connection_struct *conn, + struct smb_request *req, + uint16_t root_dir_fid, + const char *fname, + uint32_t create_file_flags, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + struct security_descriptor *sd, + struct ea_list *ea_list, + + files_struct **result, + int *pinfo, + SMB_STRUCT_STAT *psbuf) { struct case_semantics_state *case_state = NULL; SMB_STRUCT_STAT sbuf; @@ -3111,7 +3176,7 @@ NTSTATUS create_file(connection_struct *conn, "create_disposition = 0x%x create_options = 0x%x " "oplock_request = 0x%x " "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, " - "fname = %s\n", + "create_file_flags = 0x%x, fname = %s\n", (unsigned int)access_mask, (unsigned int)file_attributes, (unsigned int)share_access, @@ -3119,94 +3184,22 @@ NTSTATUS create_file(connection_struct *conn, (unsigned int)create_options, (unsigned int)oplock_request, (unsigned int)root_dir_fid, - ea_list, sd, fname)); + ea_list, sd, create_file_flags, fname)); /* - * Get the file name. + * Calculate the filename from the root_dir_if if necessary. */ if (root_dir_fid != 0) { - /* - * This filename is relative to a directory fid. - */ - char *parent_fname = NULL; - files_struct *dir_fsp = file_fsp(req, root_dir_fid); - - if (dir_fsp == NULL) { - status = NT_STATUS_INVALID_HANDLE; - goto fail; - } - - if (!dir_fsp->is_directory) { + char *new_fname; - /* - * Check to see if this is a mac fork of some kind. - */ - - if ((conn->fs_capabilities & FILE_NAMED_STREAMS) && - is_ntfs_stream_name(fname)) { - status = NT_STATUS_OBJECT_PATH_NOT_FOUND; - goto fail; - } - - /* - we need to handle the case when we get a - relative open relative to a file and the - pathname is blank - this is a reopen! - (hint from demyn plantenberg) - */ - - status = NT_STATUS_INVALID_HANDLE; + status = get_relative_fid_filename(conn, req, root_dir_fid, + fname, &new_fname); + if (!NT_STATUS_IS_OK(status)) { goto fail; } - if (ISDOT(dir_fsp->fsp_name)) { - /* - * We're at the toplevel dir, the final file name - * must not contain ./, as this is filtered out - * normally by srvstr_get_path and unix_convert - * explicitly rejects paths containing ./. - */ - parent_fname = talloc_strdup(talloc_tos(), ""); - if (parent_fname == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - } else { - size_t dir_name_len = strlen(dir_fsp->fsp_name); - - /* - * Copy in the base directory name. - */ - - parent_fname = TALLOC_ARRAY(talloc_tos(), char, - dir_name_len+2); - if (parent_fname == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - memcpy(parent_fname, dir_fsp->fsp_name, - dir_name_len+1); - - /* - * Ensure it ends in a '/'. - * We used TALLOC_SIZE +2 to add space for the '/'. - */ - - if(dir_name_len - && (parent_fname[dir_name_len-1] != '\\') - && (parent_fname[dir_name_len-1] != '/')) { - parent_fname[dir_name_len] = '/'; - parent_fname[dir_name_len+1] = '\0'; - } - } - - fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname, - fname); - if (fname == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } + fname = new_fname; } /* @@ -3272,10 +3265,9 @@ NTSTATUS create_file(connection_struct *conn, if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { case_state = set_posix_case_semantics(talloc_tos(), conn); - file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS; } - { + if (create_file_flags & CFF_DOS_PATH) { char *converted_fname; SET_STAT_INVALID(sbuf); @@ -3286,6 +3278,15 @@ NTSTATUS create_file(connection_struct *conn, goto fail; } fname = converted_fname; + } else { + if (psbuf != NULL) { + sbuf = *psbuf; + } else { + if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) { + SET_STAT_INVALID(sbuf); + } + } + } TALLOC_FREE(case_state); diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 261f12cb08..faabdd795b 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -43,7 +43,6 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) const char *fname = NULL; char *pipe_name = NULL; files_struct *fsp; - int size=0,fmode=0,mtime=0,rmode=0; TALLOC_CTX *ctx = talloc_tos(); NTSTATUS status; @@ -96,17 +95,12 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) SSVAL(req->outbuf,smb_vwv9,2); SSVAL(req->outbuf,smb_vwv10,0xc700); - if (rmode == 2) { - DEBUG(4,("Resetting open result to open from create.\n")); - rmode = 1; - } - - SSVAL(req->outbuf,smb_vwv2, fsp->fnum); - SSVAL(req->outbuf,smb_vwv3,fmode); - srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime); - SIVAL(req->outbuf,smb_vwv6,size); - SSVAL(req->outbuf,smb_vwv8,rmode); - SSVAL(req->outbuf,smb_vwv11,0x0001); + SSVAL(req->outbuf, smb_vwv2, fsp->fnum); + SSVAL(req->outbuf, smb_vwv3, 0); /* fmode */ + srv_put_dos_date3((char *)req->outbuf, smb_vwv4, 0); /* mtime */ + SIVAL(req->outbuf, smb_vwv6, 0); /* size */ + SSVAL(req->outbuf, smb_vwv8, 0); /* rmode */ + SSVAL(req->outbuf, smb_vwv11, 0x0001); chain_reply(req); return; diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 97fd3b2bbe..b184279259 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3248,17 +3248,24 @@ NTSTATUS append_parent_acl(files_struct *fsp, return NT_STATUS_NO_MEMORY; } - status = open_directory(fsp->conn, - NULL, - parent_name, - &sbuf, - FILE_READ_ATTRIBUTES, /* Just a stat open */ - FILE_SHARE_NONE, /* Ignored for stat opens */ - FILE_OPEN, - 0, - INTERNAL_OPEN_ONLY, - &info, - &parent_fsp); + status = SMB_VFS_CREATE_FILE( + fsp->conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + parent_name, /* fname */ + 0, /* create_file_flags */ + FILE_READ_ATTRIBUTES, /* access_mask */ + FILE_SHARE_NONE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + FILE_DIRECTORY_FILE, /* create_options */ + 0, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &parent_fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 11c713ab4a..9f7a1896b8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1630,22 +1630,24 @@ void reply_open(struct smb_request *req) return; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - dos_attr, /* file_attributes */ - oplock_request, /* oplock_request */ - 0, /* allocation_size */ - NULL, /* sd */ - NULL, /* ea_list */ - &fsp, /* result */ - &info, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + dos_attr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -1774,22 +1776,24 @@ void reply_open_and_X(struct smb_request *req) return; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - smb_attr, /* file_attributes */ - oplock_request, /* oplock_request */ - 0, /* allocation_size */ - NULL, /* sd */ - NULL, /* ea_list */ - &fsp, /* result */ - &smb_action, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + smb_attr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &smb_action, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBopenX); @@ -1972,22 +1976,24 @@ void reply_mknew(struct smb_request *req) create_disposition = FILE_OVERWRITE_IF; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - fattr, /* file_attributes */ - oplock_request, /* oplock_request */ - 0, /* allocation_size */ - NULL, /* sd */ - NULL, /* ea_list */ - &fsp, /* result */ - NULL, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + fattr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { END_PROFILE(SMBcreate); @@ -2117,14 +2123,24 @@ void reply_ctemp(struct smb_request *req) SMB_VFS_STAT(conn,fname,&sbuf); /* We should fail if file does not exist. */ - status = open_file_ntcreate(conn, req, fname, &sbuf, - FILE_GENERIC_READ | FILE_GENERIC_WRITE, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - fattr, - oplock_request, - NULL, &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + fattr, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf); /* psbuf */ /* close fd from smb_mkstemp() */ close(tmpfd); @@ -2309,10 +2325,12 @@ static NTSTATUS do_unlink(connection_struct *conn, /* On open checks the open itself will check the share mode, so don't do it here as we'll get it wrong. */ - status = create_file_unixpath + status = SMB_VFS_CREATE_FILE (conn, /* conn */ req, /* req */ + 0, /* root_dir_fid */ fname, /* fname */ + 0, /* create_file_flags */ DELETE_ACCESS, /* access_mask */ FILE_SHARE_NONE, /* share_access */ FILE_OPEN, /* create_disposition*/ @@ -2327,7 +2345,7 @@ static NTSTATUS do_unlink(connection_struct *conn, &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("create_file_unixpath failed: %s\n", + DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n", nt_errstr(status))); return status; } @@ -5565,8 +5583,6 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, * depends on these semantics. JRA. */ - set_allow_initial_delete_on_close(lck, fsp, True); - if (create_options & FILE_DELETE_ON_CLOSE) { status = can_set_delete_on_close(fsp, True, 0); @@ -5623,6 +5639,7 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, struct smb_Dir *dir_hnd = NULL; const char *dname; long offset = 0; + int create_options = 0; ZERO_STRUCT(sbuf1); ZERO_STRUCT(sbuf2); @@ -5736,17 +5753,29 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, ZERO_STRUCT(sbuf1); SMB_VFS_STAT(conn, directory, &sbuf1); - status = S_ISDIR(sbuf1.st_mode) ? - open_directory(conn, req, directory, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, NULL, - &fsp) - : open_file_ntcreate(conn, req, directory, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, 0, NULL, - &fsp); + if (S_ISDIR(sbuf1.st_mode)) { + create_options |= FILE_DIRECTORY_FILE; + } + + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + directory, /* fname */ + 0, /* create_file_flags */ + access_mask, /* access_mask */ + (FILE_SHARE_READ | /* share_access */ + FILE_SHARE_WRITE), + FILE_OPEN, /* create_disposition*/ + create_options, /* create_options */ + 0, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf1); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not open rename source %s: %s\n", @@ -5840,20 +5869,34 @@ NTSTATUS rename_internals(TALLOC_CTX *ctx, ZERO_STRUCT(sbuf1); SMB_VFS_STAT(conn, fname, &sbuf1); - status = S_ISDIR(sbuf1.st_mode) ? - open_directory(conn, req, fname, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, NULL, - &fsp) - : open_file_ntcreate(conn, req, fname, &sbuf1, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, 0, 0, 0, NULL, - &fsp); + create_options = 0; + + if (S_ISDIR(sbuf1.st_mode)) { + create_options |= FILE_DIRECTORY_FILE; + } + + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + access_mask, /* access_mask */ + (FILE_SHARE_READ | /* share_access */ + FILE_SHARE_WRITE), + FILE_OPEN, /* create_disposition*/ + create_options, /* create_options */ + 0, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + NULL, /* pinfo */ + &sbuf1); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { - DEBUG(3,("rename_internals: open_file_ntcreate " + DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE " "returned %s rename %s -> %s\n", nt_errstr(status), directory, newname)); break; @@ -6044,14 +6087,24 @@ NTSTATUS copy_file(TALLOC_CTX *ctx, } } - status = open_file_ntcreate(conn, NULL, src, &src_sbuf, - FILE_GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - NULL, &fsp1); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + src, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_READ, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp1, /* result */ + NULL, /* pinfo */ + &src_sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(dest); @@ -6063,14 +6116,24 @@ NTSTATUS copy_file(TALLOC_CTX *ctx, ZERO_STRUCTP(&sbuf2); } - status = open_file_ntcreate(conn, NULL, dest, &sbuf2, - FILE_GENERIC_WRITE, - FILE_SHARE_READ|FILE_SHARE_WRITE, - new_create_disposition, - 0, - dosattrs, - INTERNAL_OPEN_ONLY, - NULL, &fsp2); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + NULL, /* req */ + 0, /* root_dir_fid */ + dest, /* fname */ + 0, /* create_file_flags */ + FILE_GENERIC_WRITE, /* access_mask */ + FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ + new_create_disposition, /* create_disposition*/ + 0, /* create_options */ + dosattrs, /* file_attributes */ + INTERNAL_OPEN_ONLY, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp2, /* result */ + NULL, /* pinfo */ + &sbuf2); /* psbuf */ TALLOC_FREE(dest); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index fff05a3aac..f7bdb58288 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -469,9 +469,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ char *sock_tok; const char *sock_ptr; - if (sock_addr[0] == '\0' || - strequal(sock_addr, "0.0.0.0") || - strequal(sock_addr, "::")) { + if (strequal(sock_addr, "0.0.0.0") || + strequal(sock_addr, "::")) { #if HAVE_IPV6 sock_addr = "::,0.0.0.0"; #else diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 24a201013a..a24843ff64 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -915,7 +915,7 @@ static void reply_spnego_auth(struct smb_request *req, DEBUG(3,("reply_spnego_auth: network " "misconfiguration, client sent us a " "krb5 ticket and kerberos security " - "not enabled")); + "not enabled\n")); reply_nterror(req, nt_status_squash( NT_STATUS_LOGON_FAILURE)); SAFE_FREE(kerb_mech); diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c index 9dbacc2998..c72251b5a7 100644 --- a/source3/smbd/share_access.c +++ b/source3/smbd/share_access.c @@ -192,7 +192,7 @@ bool token_contains_name_in_list(const char *username, */ bool user_ok_token(const char *username, const char *domain, - struct nt_user_token *token, int snum) + const struct nt_user_token *token, int snum) { if (lp_invalid_users(snum) != NULL) { if (token_contains_name_in_list(username, domain, @@ -252,7 +252,7 @@ bool user_ok_token(const char *username, const char *domain, bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, + const struct nt_user_token *token, connection_struct *conn) { int snum = SNUM(conn); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 7b051d389f..606e656795 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1006,22 +1006,24 @@ static void call_trans2open(connection_struct *conn, return; } - status = create_file(conn, /* conn */ - req, /* req */ - 0, /* root_dir_fid */ - fname, /* fname */ - access_mask, /* access_mask */ - share_mode, /* share_access */ - create_disposition, /* create_disposition*/ - create_options, /* create_options */ - open_attr, /* file_attributes */ - oplock_request, /* oplock_request */ - open_size, /* allocation_size */ - NULL, /* sd */ - ea_list, /* ea_list */ - &fsp, /* result */ - &smb_action, /* pinfo */ - &sbuf); /* psbuf */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + CFF_DOS_PATH, /* create_file_flags */ + access_mask, /* access_mask */ + share_mode, /* share_access */ + create_disposition, /* create_disposition*/ + create_options, /* create_options */ + open_attr, /* file_attributes */ + oplock_request, /* oplock_request */ + open_size, /* allocation_size */ + NULL, /* sd */ + ea_list, /* ea_list */ + &fsp, /* result */ + &smb_action, /* pinfo */ + &sbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { @@ -1093,15 +1095,13 @@ static bool exact_match(connection_struct *conn, { if (mask[0] == '.' && mask[1] == 0) return False; - if (conn->case_sensitive) - return strcmp(str,mask)==0; - if (StrCaseCmp(str,mask) != 0) { - return False; - } if (dptr_has_wild(conn->dirptr)) { return False; } - return True; + if (conn->case_sensitive) + return strcmp(str,mask)==0; + else + return StrCaseCmp(str,mask) == 0; } /**************************************************************************** @@ -5057,15 +5057,26 @@ static NTSTATUS smb_set_file_size(connection_struct *conn, return NT_STATUS_OK; } - status = open_file_ntcreate(conn, req, fname, psbuf, - FILE_WRITE_ATTRIBUTES, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - FORCE_OPLOCK_BREAK_TO_NONE, - NULL, &new_fsp); - + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_ATTRIBUTES, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + FORCE_OPLOCK_BREAK_TO_NONE, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &new_fsp, /* result */ + NULL, /* pinfo */ + psbuf); /* psbuf */ + if (!NT_STATUS_IS_OK(status)) { /* NB. We check for open_was_deferred in the caller. */ return status; @@ -5826,14 +5837,25 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn, /* Pathname or stat or directory file. */ - status = open_file_ntcreate(conn, req, fname, psbuf, - FILE_WRITE_DATA, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - FORCE_OPLOCK_BREAK_TO_NONE, - NULL, &new_fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_WRITE_DATA, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + 0, /* create_options */ + FILE_ATTRIBUTE_NORMAL, /* file_attributes */ + FORCE_OPLOCK_BREAK_TO_NONE, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &new_fsp, /* result */ + NULL, /* pinfo */ + psbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { /* NB. We check for open_was_deferred in the caller. */ @@ -6257,16 +6279,24 @@ static NTSTATUS smb_posix_mkdir(connection_struct *conn, DEBUG(10,("smb_posix_mkdir: file %s, mode 0%o\n", fname, (unsigned int)unixmode )); - status = open_directory(conn, req, - fname, - psbuf, - FILE_READ_ATTRIBUTES, /* Just a stat open */ - FILE_SHARE_NONE, /* Ignored for stat opens */ - FILE_CREATE, - 0, - mod_unixmode, - &info, - &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + FILE_READ_ATTRIBUTES, /* access_mask */ + FILE_SHARE_NONE, /* share_access */ + FILE_CREATE, /* create_disposition*/ + FILE_DIRECTORY_FILE, /* create_options */ + mod_unixmode, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + psbuf); /* psbuf */ if (NT_STATUS_IS_OK(status)) { close_file(req, fsp, NORMAL_CLOSE); @@ -6423,17 +6453,25 @@ static NTSTATUS smb_posix_open(connection_struct *conn, (unsigned int)wire_open_mode, (unsigned int)unixmode )); - status = open_file_ntcreate(conn, req, - fname, - psbuf, - access_mask, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - create_disp, - 0, /* no create options yet. */ - mod_unixmode, - oplock_request, - &info, - &fsp); + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + access_mask, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + create_disp, /* create_disposition*/ + 0, /* create_options */ + mod_unixmode, /* file_attributes */ + oplock_request, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + psbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; @@ -6518,6 +6556,7 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn, uint16 flags = 0; char del = 1; int info = 0; + int create_options = 0; int i; struct share_mode_lock *lck = NULL; @@ -6541,30 +6580,28 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn, fname)); if (VALID_STAT_OF_DIR(*psbuf)) { - status = open_directory(conn, req, - fname, - psbuf, - DELETE_ACCESS, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_FLAG_POSIX_SEMANTICS|0777, - &info, - &fsp); - } else { - - status = open_file_ntcreate(conn, req, - fname, - psbuf, - DELETE_ACCESS, - FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, - FILE_OPEN, - 0, - FILE_FLAG_POSIX_SEMANTICS|0777, - 0, /* No oplock, but break existing ones. */ - &info, - &fsp); - } + create_options |= FILE_DIRECTORY_FILE; + } + + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ + req, /* req */ + 0, /* root_dir_fid */ + fname, /* fname */ + 0, /* create_file_flags */ + DELETE_ACCESS, /* access_mask */ + (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ + FILE_SHARE_DELETE), + FILE_OPEN, /* create_disposition*/ + create_options, /* create_options */ + FILE_FLAG_POSIX_SEMANTICS|0777, /* file_attributes */ + 0, /* oplock_request */ + 0, /* allocation_size */ + NULL, /* sd */ + NULL, /* ea_list */ + &fsp, /* result */ + &info, /* pinfo */ + psbuf); /* psbuf */ if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index ca7df264e2..5a4b8a52e7 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -61,22 +61,27 @@ bool change_to_guest(void) later code can then mess with. ********************************************************************/ -static bool check_user_ok(connection_struct *conn, uint16_t vuid, - struct auth_serversupplied_info *server_info, - int snum) +static bool check_user_ok(connection_struct *conn, + uint16_t vuid, + const struct auth_serversupplied_info *server_info, + int snum) { + bool valid_vuid = (vuid != UID_FIELD_INVALID); unsigned int i; - struct vuid_cache_entry *ent = NULL; bool readonly_share; bool admin_user; - for (i=0; i<VUID_CACHE_SIZE; i++) { - ent = &conn->vuid_cache.array[i]; - if (ent->vuid == vuid) { - conn->server_info = ent->server_info; - conn->read_only = ent->read_only; - conn->admin_user = ent->admin_user; - return(True); + if (valid_vuid) { + struct vuid_cache_entry *ent; + + for (i=0; i<VUID_CACHE_SIZE; i++) { + ent = &conn->vuid_cache.array[i]; + if (ent->vuid == vuid) { + conn->server_info = ent->server_info; + conn->read_only = ent->read_only; + conn->admin_user = ent->admin_user; + return(True); + } } } @@ -112,33 +117,36 @@ static bool check_user_ok(connection_struct *conn, uint16_t vuid, pdb_get_domain(server_info->sam_account), NULL, server_info->ptok, lp_admin_users(snum)); - ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry]; + if (valid_vuid) { + struct vuid_cache_entry *ent = + &conn->vuid_cache.array[conn->vuid_cache.next_entry]; - conn->vuid_cache.next_entry = - (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE; + conn->vuid_cache.next_entry = + (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE; - TALLOC_FREE(ent->server_info); + TALLOC_FREE(ent->server_info); - /* - * If force_user was set, all server_info's are based on the same - * username-based faked one. - */ + /* + * If force_user was set, all server_info's are based on the same + * username-based faked one. + */ - ent->server_info = copy_serverinfo( - conn, conn->force_user ? conn->server_info : server_info); + ent->server_info = copy_serverinfo( + conn, conn->force_user ? conn->server_info : server_info); - if (ent->server_info == NULL) { - ent->vuid = UID_FIELD_INVALID; - return false; - } + if (ent->server_info == NULL) { + ent->vuid = UID_FIELD_INVALID; + return false; + } - ent->vuid = vuid; - ent->read_only = readonly_share; - ent->admin_user = admin_user; + ent->vuid = vuid; + ent->read_only = readonly_share; + ent->admin_user = admin_user; + conn->server_info = ent->server_info; + } - conn->read_only = ent->read_only; - conn->admin_user = ent->admin_user; - conn->server_info = ent->server_info; + conn->read_only = readonly_share; + conn->admin_user = admin_user; return(True); } @@ -172,6 +180,7 @@ void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid) bool change_to_user(connection_struct *conn, uint16 vuid) { + const struct auth_serversupplied_info *server_info = NULL; user_struct *vuser = get_valid_user_struct(vuid); int snum; gid_t gid; @@ -207,13 +216,15 @@ bool change_to_user(connection_struct *conn, uint16 vuid) snum = SNUM(conn); - if ((vuser) && !check_user_ok(conn, vuid, vuser->server_info, snum)) { + server_info = vuser ? vuser->server_info : conn->server_info; + + if (!check_user_ok(conn, vuid, server_info, snum)) { DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) " "not permitted access to share %s.\n", - vuser->server_info->sanitized_username, - vuser->server_info->unix_name, vuid, + server_info->sanitized_username, + server_info->unix_name, vuid, lp_servicename(snum))); - return False; + return false; } /* diff --git a/source3/torture/locktest.c b/source3/torture/locktest.c index b58cb3deec..247c9abcc1 100644 --- a/source3/torture/locktest.c +++ b/source3/torture/locktest.c @@ -176,7 +176,7 @@ static struct cli_state *connect_one(char *share, int snum) server_n = server; - zero_addr(&ss); + zero_sockaddr(&ss); slprintf(myname,sizeof(myname), "lock-%lu-%u", (unsigned long)getpid(), count++); @@ -184,7 +184,7 @@ static struct cli_state *connect_one(char *share, int snum) make_nmb_name(&called , server, 0x20); again: - zero_addr(&ss); + zero_sockaddr(&ss); /* have to open a new connection */ if (!(c=cli_initialise())) { diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c index c5612fefaa..8fea15877f 100644 --- a/source3/torture/masktest.c +++ b/source3/torture/masktest.c @@ -178,13 +178,13 @@ static struct cli_state *connect_one(char *share) server_n = server; - zero_addr(&ss); + zero_sockaddr(&ss); make_nmb_name(&calling, "masktest", 0x0); make_nmb_name(&called , server, 0x20); again: - zero_addr(&ss); + zero_sockaddr(&ss); /* have to open a new connection */ if (!(c=cli_initialise())) { diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 603426b67c..382b3b65eb 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -158,7 +158,7 @@ static struct cli_state *open_nbt_connection(void) make_nmb_name(&calling, myname, 0x0); make_nmb_name(&called , host, 0x20); - zero_addr(&ss); + zero_sockaddr(&ss); if (!(c = cli_initialise())) { printf("Failed initialize cli_struct to connect with %s\n", host); diff --git a/source3/utils/net.c b/source3/utils/net.c index bab2f41d11..f1a5be1876 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -662,7 +662,7 @@ static struct functable net_func[] = { }; - zero_addr(&c->opt_dest_ip); + zero_sockaddr(&c->opt_dest_ip); load_case_tables(); diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b03fefe14a..27d534665c 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -293,7 +293,7 @@ retry: tried_closest_dc = true; /* avoid loop */ - if (!ads->config.tried_closest_dc) { + if (!ads_closest_dc(ads)) { namecache_delete(ads->server.realm, 0x1C); namecache_delete(ads->server.workgroup, 0x1C); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 3c8ce0326e..f69d3f9012 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5250,7 +5250,8 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, notime, notime, notime, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ¶meters, - 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, + 0, 0, ACB_DOMTRUST, + SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT, hours, 0, 0, 0, 0, 0, 0, 0, &crypt_pwd); diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 10b55014c2..f07b5011c8 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -735,6 +735,8 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, if (!cli_set_secdesc(cli, fnum, sd)) { printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); + cli_close(cli, fnum); + return EXIT_FAILED; } cli_close(cli, fnum); @@ -949,50 +951,51 @@ static int cacl_set(struct cli_state *cli, char *filename, /***************************************************** Return a connection to a server. *******************************************************/ -static struct cli_state *connect_one(const char *server, const char *share) +static struct cli_state *connect_one(struct user_auth_info *auth_info, + const char *server, const char *share) { struct cli_state *c = NULL; struct sockaddr_storage ss; NTSTATUS nt_status; uint32_t flags = 0; - zero_addr(&ss); + zero_sockaddr(&ss); - if (get_cmdline_auth_info_use_kerberos()) { + if (get_cmdline_auth_info_use_kerberos(auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(auth_info) && + !set_cmdline_auth_info_machine_account_creds(auth_info)) { return NULL; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(auth_info)) { char *pass = getpass("Password: "); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(auth_info, pass); } } nt_status = cli_full_connection(&c, global_myname(), server, &ss, 0, share, "?????", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_password(auth_info), flags, - get_cmdline_auth_info_signing_state(), + get_cmdline_auth_info_signing_state(auth_info), NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } - if (get_cmdline_auth_info_smb_encrypt()) { + if (get_cmdline_auth_info_smb_encrypt(auth_info)) { nt_status = cli_cm_force_encryption(c, - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), lp_workgroup(), share); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1038,6 +1041,7 @@ static struct cli_state *connect_one(const char *server, const char *share) TALLOC_CTX *frame = talloc_stackframe(); const char *owner_username = ""; char *server; + struct user_auth_info *auth_info; load_case_tables(); @@ -1053,6 +1057,12 @@ static struct cli_state *connect_one(const char *server, const char *share) lp_load(get_dyn_CONFIGFILE(),True,False,False,True); load_interfaces(); + auth_info = user_auth_info_init(frame); + if (auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(auth_info); + pc = poptGetContext("smbcacls", argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "//server1/share1 filename\nACLs look like: " @@ -1129,7 +1139,7 @@ static struct cli_state *connect_one(const char *server, const char *share) share++; if (!test_args) { - cli = connect_one(server, share); + cli = connect_one(auth_info, server, share); if (!cli) { exit(EXIT_FAILED); } diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c index b769c2bce0..a95394b125 100644 --- a/source3/utils/smbcquotas.c +++ b/source3/utils/smbcquotas.c @@ -37,6 +37,7 @@ static struct cli_state *cli_ipc; static struct rpc_pipe_client *global_pipe_hnd; static POLICY_HND pol; static bool got_policy_hnd; +static struct user_auth_info *smbcquotas_auth_info; static struct cli_state *connect_one(const char *share); @@ -371,44 +372,44 @@ static struct cli_state *connect_one(const char *share) NTSTATUS nt_status; uint32_t flags = 0; - zero_addr(&ss); + zero_sockaddr(&ss); - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(smbcquotas_auth_info) && + !set_cmdline_auth_info_machine_account_creds(smbcquotas_auth_info)) { return NULL; } - if (get_cmdline_auth_info_use_kerberos()) { + if (get_cmdline_auth_info_use_kerberos(smbcquotas_auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(smbcquotas_auth_info)) { char *pass = getpass("Password: "); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(smbcquotas_auth_info, pass); } } nt_status = cli_full_connection(&c, global_myname(), server, &ss, 0, share, "?????", - get_cmdline_auth_info_username(), + get_cmdline_auth_info_username(smbcquotas_auth_info), lp_workgroup(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_password(smbcquotas_auth_info), flags, - get_cmdline_auth_info_signing_state(), + get_cmdline_auth_info_signing_state(smbcquotas_auth_info), NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } - if (get_cmdline_auth_info_smb_encrypt()) { + if (get_cmdline_auth_info_smb_encrypt(smbcquotas_auth_info)) { nt_status = cli_cm_force_encryption(c, - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), + get_cmdline_auth_info_username(smbcquotas_auth_info), + get_cmdline_auth_info_password(smbcquotas_auth_info), lp_workgroup(), share); if (!NT_STATUS_IS_OK(nt_status)) { @@ -475,6 +476,12 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" }, lp_load(get_dyn_CONFIGFILE(),True,False,False,True); load_interfaces(); + smbcquotas_auth_info = user_auth_info_init(frame); + if (smbcquotas_auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(smbcquotas_auth_info); + pc = poptGetContext("smbcquotas", argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "//server1/share1"); @@ -537,7 +544,8 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT", "SETSTRING" }, todo = USER_QUOTA; if (!fix_user) { - username_str = talloc_strdup(frame, get_cmdline_auth_info_username()); + username_str = talloc_strdup( + frame, get_cmdline_auth_info_username(smbcquotas_auth_info)); if (!username_str) { exit(EXIT_PARSE_ERROR); } diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c index d274e09299..1e22a40201 100644 --- a/source3/utils/smbfilter.c +++ b/source3/utils/smbfilter.c @@ -212,7 +212,7 @@ static void start_filter(char *desthost) /* start listening on port 445 locally */ - zero_addr(&my_ss); + zero_sockaddr(&my_ss); s = open_socket_in(SOCK_STREAM, 445, 0, &my_ss, True); if (s == -1) { diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index 9fc02bac13..6c69300e85 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -272,7 +272,7 @@ static bool print_tree(struct user_auth_info *user_info) int main(int argc,char *argv[]) { TALLOC_CTX *frame = talloc_stackframe(); - struct user_auth_info local_auth_info; + struct user_auth_info *auth_info; struct poptOption long_options[] = { POPT_AUTOHELP { "broadcast", 'b', POPT_ARG_VAL, &use_bcast, True, "Use broadcast instead of using the master browser" }, @@ -293,6 +293,12 @@ static bool print_tree(struct user_auth_info *user_info) setup_logging(argv[0],True); + auth_info = user_auth_info_init(frame); + if (auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(auth_info); + pc = poptGetContext("smbtree", argc, (const char **)argv, long_options, POPT_CONTEXT_KEEP_FIRST); while(poptGetNextOpt(pc) != -1); @@ -303,26 +309,22 @@ static bool print_tree(struct user_auth_info *user_info) /* Parse command line args */ - if (get_cmdline_auth_info_use_machine_account() && - !set_cmdline_auth_info_machine_account_creds()) { + if (get_cmdline_auth_info_use_machine_account(auth_info) && + !set_cmdline_auth_info_machine_account_creds(auth_info)) { TALLOC_FREE(frame); return 1; } - if (!get_cmdline_auth_info_got_pass()) { + if (!get_cmdline_auth_info_got_pass(auth_info)) { char *pass = getpass("Password: "); if (pass) { - set_cmdline_auth_info_password(pass); + set_cmdline_auth_info_password(auth_info, pass); } } /* Now do our stuff */ - if (!get_cmdline_auth_info_copy(&local_auth_info)) { - return 1; - } - - if (!print_tree(&local_auth_info)) { + if (!print_tree(auth_info)) { TALLOC_FREE(frame); return 1; } diff --git a/source3/web/swat.c b/source3/web/swat.c index 27c4b54e2f..b729e3b241 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -232,7 +232,7 @@ static void show_parameter(int snum, struct parm_struct *parm) TALLOC_CTX *ctx = talloc_stackframe(); if (parm->p_class == P_LOCAL && snum >= 0) { - ptr = lp_local_ptr(snum, ptr); + ptr = lp_local_ptr_by_snum(snum, ptr); } printf("<tr><td>%s</td><td>", get_parm_translated(ctx, @@ -375,7 +375,7 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte void *ptr = parm->ptr; if (parm->p_class == P_LOCAL && snum >= 0) { - ptr = lp_local_ptr(snum, ptr); + ptr = lp_local_ptr_by_snum(snum, ptr); } switch (parm->type) { diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 82af55800f..0ecf11d0e5 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -7,17 +7,17 @@ Copyright (C) Andrew Tridgell 2002 Copyright (C) Jelmer Vernooij 2003 Copyright (C) Volker Lendecke 2004 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -103,9 +103,9 @@ static void winbindd_status(void) DEBUG(0, ("winbindd status:\n")); /* Print client state information */ - + DEBUG(0, ("\t%d clients currently active\n", winbindd_num_clients())); - + if (DEBUGLEVEL >= 2 && winbindd_num_clients()) { DEBUG(2, ("\tclient list:\n")); for(tmp = winbindd_client_list(); tmp; tmp = tmp->next) { @@ -157,7 +157,7 @@ static void terminate(bool is_parent) } idmap_close(); - + trustdom_cache_shutdown(); #if 0 @@ -173,35 +173,35 @@ static void terminate(bool is_parent) exit(0); } -static bool do_sigterm; +static SIG_ATOMIC_T do_sigterm = 0; static void termination_handler(int signum) { - do_sigterm = True; + do_sigterm = 1; sys_select_signal(signum); } -static bool do_sigusr2; +static SIG_ATOMIC_T do_sigusr2 = 0; static void sigusr2_handler(int signum) { - do_sigusr2 = True; + do_sigusr2 = 1; sys_select_signal(SIGUSR2); } -static bool do_sighup; +static SIG_ATOMIC_T do_sighup = 0; static void sighup_handler(int signum) { - do_sighup = True; + do_sighup = 1; sys_select_signal(SIGHUP); } -static bool do_sigchld; +static SIG_ATOMIC_T do_sigchld = 0; static void sigchld_handler(int signum) { - do_sigchld = True; + do_sigchld = 1; sys_select_signal(SIGCHLD); } @@ -224,7 +224,7 @@ static void msg_shutdown(struct messaging_context *msg, struct server_id server_id, DATA_BLOB *data) { - do_sigterm = True; + do_sigterm = 1; } @@ -288,7 +288,7 @@ static struct winbindd_dispatch_table { void (*fn)(struct winbindd_cli_state *state); const char *winbindd_cmd_name; } dispatch_table[] = { - + /* User functions */ { WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" }, @@ -685,9 +685,9 @@ static void new_connection(int listen_sock, bool privileged) struct winbindd_cli_state *state; socklen_t len; int sock; - + /* Accept connection */ - + len = sizeof(sunaddr); do { @@ -696,16 +696,16 @@ static void new_connection(int listen_sock, bool privileged) if (sock == -1) return; - + DEBUG(6,("accepted socket %d\n", sock)); - + /* Create new connection structure */ - + if ((state = TALLOC_ZERO_P(NULL, struct winbindd_cli_state)) == NULL) { close(sock); return; } - + state->sock = sock; state->last_access = time(NULL); @@ -720,7 +720,7 @@ static void new_connection(int listen_sock, bool privileged) request_len_recv, state); /* Add to connection list */ - + winbindd_add_client(state); } @@ -731,7 +731,7 @@ static void remove_client(struct winbindd_cli_state *state) char c = 0; /* It's a dead client - hold a funeral */ - + if (state == NULL) { return; } @@ -740,14 +740,14 @@ static void remove_client(struct winbindd_cli_state *state) write(state->sock, &c, sizeof(c)); /* Close socket */ - + close(state->sock); - + /* Free any getent state */ - + free_getent_state(state->getpwent_state); free_getent_state(state->getgrent_state); - + /* We may have some extra data that was not freed if the client was killed unexpectedly */ @@ -756,9 +756,9 @@ static void remove_client(struct winbindd_cli_state *state) TALLOC_FREE(state->mem_ctx); remove_fd_event(&state->fd_event); - + /* Remove from list and free */ - + winbindd_remove_client(state); TALLOC_FREE(state); } @@ -802,7 +802,7 @@ void winbind_check_sighup(const char *lfile) flush_caches(); reload_services_file(lfile); - do_sighup = False; + do_sighup = 0; } } @@ -893,7 +893,7 @@ static void process_loop(void) } /* Call select */ - + selret = sys_select(maxfd + 1, &r_fds, &w_fds, NULL, &timeout); if (selret == 0) { @@ -944,7 +944,7 @@ static void process_loop(void) /* new, non-privileged connection */ new_connection(listen_sock, False); } - + if (FD_ISSET(listen_priv_sock, &r_fds)) { while (winbindd_num_clients() > WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) { @@ -977,13 +977,13 @@ static void process_loop(void) if (do_sigusr2) { print_winbindd_status(); - do_sigusr2 = False; + do_sigusr2 = 0; } if (do_sigchld) { pid_t pid; - do_sigchld = False; + do_sigchld = 0; while ((pid = sys_waitpid(-1, NULL, WNOHANG)) > 0) { winbind_child_died(pid); @@ -1159,7 +1159,7 @@ int main(int argc, char **argv, char **envp) BlockSignals(False, SIGCHLD); /* Setup signal handlers */ - + CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */ CatchSignal(SIGQUIT, termination_handler); CatchSignal(SIGTERM, termination_handler); @@ -1232,13 +1232,13 @@ int main(int argc, char **argv, char **envp) messaging_register(winbind_messaging_context(), NULL, MSG_DEBUG, winbind_msg_debug); - + netsamlogon_cache_init(); /* Non-critical */ - + /* clear the cached list of trusted domains */ wcache_tdc_clear(); - + if (!init_domain_list()) { DEBUG(0,("unable to initialize domain list\n")); exit(1); diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c index 7500bcbe5b..7b93f963b4 100644 --- a/source3/winbindd/winbindd_async.c +++ b/source3/winbindd/winbindd_async.c @@ -5,7 +5,7 @@ Copyright (C) Volker Lendecke 2005 Copyright (C) Gerald Carter 2006 - + The helpers always consist of three functions: * A request setup function that takes the necessary parameters together @@ -21,12 +21,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -166,7 +166,7 @@ static void lookupsid_recv(TALLOC_CTX *mem_ctx, bool success, /* Try again using the forest root */ struct winbindd_domain *root_domain = find_root_domain(); struct winbindd_request request; - + if ( !root_domain ) { DEBUG(5,("lookupsid_recv: unable to determine forest root\n")); cont(s->caller_private_data, False, NULL, NULL, SID_NAME_UNKNOWN); @@ -491,7 +491,7 @@ void winbindd_listent_async(TALLOC_CTX *mem_ctx, do_async_domain(mem_ctx, domain, &request, listent_recv, (void *)cont, private_data); } - + enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, struct winbindd_cli_state *state) { @@ -509,7 +509,7 @@ enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, methods = domain->methods; status = methods->query_user_list(domain, state->mem_ctx, &num_entries, &info); - + if (!NT_STATUS_IS_OK(status)) return WINBINDD_ERROR; @@ -521,7 +521,7 @@ enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, +1 for the ',' between group names */ extra_data = (char *)SMB_REALLOC(extra_data, (sizeof(fstring) + 1) * num_entries); - + if (!extra_data) { DEBUG(0,("failed to enlarge buffer!\n")); return WINBINDD_ERROR; @@ -530,12 +530,12 @@ enum winbindd_result winbindd_dual_list_users(struct winbindd_domain *domain, /* Pack user list into extra data fields */ for (i = 0; i < num_entries; i++) { fstring acct_name, name; - + if (info[i].acct_name == NULL) fstrcpy(acct_name, ""); else fstrcpy(acct_name, info[i].acct_name); - + fill_domain_username(name, domain->name, acct_name, True); /* Append to extra data */ memcpy(&extra_data[extra_data_len], name, strlen(name)); @@ -904,7 +904,7 @@ enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, (char *)state->response.extra_data.data)); state->response.length += len+1; } - + return WINBINDD_OK; } @@ -926,7 +926,7 @@ static void gettoken_recvdomgroups(TALLOC_CTX *mem_ctx, bool success, static void gettoken_recvaliases(void *private_data, bool success, const DOM_SID *aliases, size_t num_aliases); - + void winbindd_gettoken_async(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid, void (*cont)(void *private_data, bool success, @@ -975,7 +975,7 @@ static void gettoken_recvdomgroups(TALLOC_CTX *mem_ctx, bool success, struct gettoken_state *state = talloc_get_type_abort(private_data, struct gettoken_state); char *sids_str; - + if (!success) { DEBUG(10, ("Could not get domain groups\n")); state->cont(state->private_data, False, NULL, 0); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3c69859731..5f592fc6b7 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1038,7 +1038,7 @@ static bool add_one_dc_unique(TALLOC_CTX *mem_ctx, const char *domain_name, /* Make sure there's no duplicates in the list */ for (i=0; i<*num; i++) - if (addr_equal((struct sockaddr *)&(*dcs)[i].ss, (struct sockaddr *)pss)) + if (sockaddr_equal((struct sockaddr *)&(*dcs)[i].ss, (struct sockaddr *)pss)) return False; *dcs = TALLOC_REALLOC_ARRAY(mem_ctx, *dcs, struct dc_name_ip, (*num)+1); diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 3422fdba1c..7432bda451 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -800,7 +800,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) /* Get info for the domain */ - if ((domain = find_domain_from_name(name_domain)) == NULL) { + if ((domain = find_domain_from_name_noinit(name_domain)) == NULL) { DEBUG(3, ("could not get domain sid for domain %s\n", name_domain)); request_error(state); @@ -833,7 +833,7 @@ struct getgrsid_state { }; static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) - { +{ struct getgrsid_state *s = (struct getgrsid_state *)private_data; struct winbindd_domain *domain; @@ -884,7 +884,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) s->state->response.extra_data.data = gr_mem; request_ok(s->state); - } +} static void getgrsid_lookupsid_recv( void *private_data, bool success, const char *dom_name, const char *name, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 9de385e3b3..92ce1f9850 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -67,6 +67,36 @@ void winbind_check_sighup(const char *lfile); void winbind_check_sigterm(bool in_parent); int main(int argc, char **argv, char **envp); +/* The following definitions come from winbindd/winbindd_reqtrans.c */ + +struct async_req *wb_req_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, size_t max_extra_data); +NTSTATUS wb_req_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_request **preq); +struct async_req *wb_req_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_request *wb_req); +NTSTATUS wb_req_write_recv(struct async_req *req); + +struct async_req *wb_resp_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd); +NTSTATUS wb_resp_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp); +struct async_req *wb_resp_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_response *wb_resp); +NTSTATUS wb_resp_write_recv(struct async_req *req); + +struct async_req *wb_trans_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, + struct winbindd_request *wb_req, + struct timeval timeout, + size_t reply_max_extra_data); +NTSTATUS wb_trans_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp); + /* The following definitions come from winbindd/winbindd_ads.c */ diff --git a/source3/winbindd/winbindd_reqtrans.c b/source3/winbindd/winbindd_reqtrans.c new file mode 100644 index 0000000000..ea16c5f81e --- /dev/null +++ b/source3/winbindd/winbindd_reqtrans.c @@ -0,0 +1,685 @@ +/* + Unix SMB/CIFS implementation. + + Async transfer of winbindd_request and _response structs + + Copyright (C) Volker Lendecke 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbindd.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + +struct req_read_state { + struct winbindd_request *wb_req; + struct event_context *ev; + size_t max_extra_data; + int fd; +}; + +static void wb_req_read_len(struct async_req *subreq); +static void wb_req_read_main(struct async_req *subreq); +static void wb_req_read_extra(struct async_req *subreq); + +struct async_req *wb_req_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, size_t max_extra_data) +{ + struct async_req *result, *subreq; + struct req_read_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct req_read_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->max_extra_data = max_extra_data; + state->wb_req = talloc(state, struct winbindd_request); + if (state->wb_req == NULL) { + goto nomem; + } + + subreq = recvall_send(state, ev, state->fd, &(state->wb_req->length), + sizeof(state->wb_req->length), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_req_read_len; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_req_read_len(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct req_read_state *state = talloc_get_type_abort( + req->private_data, struct req_read_state); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_req->length != sizeof(struct winbindd_request)) { + DEBUG(0, ("wb_req_read_len: Invalid request size received: " + "%d (expected %d)\n", (int)state->wb_req->length, + (int)sizeof(struct winbindd_request))); + async_req_error(req, NT_STATUS_INVALID_BUFFER_SIZE); + return; + } + + subreq = recvall_send( + req, state->ev, state->fd, (uint32 *)(state->wb_req)+1, + sizeof(struct winbindd_request) - sizeof(uint32), 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_req_read_main; + subreq->async.priv = req; +} + +static void wb_req_read_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct req_read_state *state = talloc_get_type_abort( + req->private_data, struct req_read_state); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if ((state->max_extra_data != 0) + && (state->wb_req->extra_len > state->max_extra_data)) { + DEBUG(3, ("Got request with %d bytes extra data on " + "unprivileged socket\n", + (int)state->wb_req->extra_len)); + async_req_error(req, NT_STATUS_INVALID_BUFFER_SIZE); + return; + } + + if (state->wb_req->extra_len == 0) { + async_req_done(req); + return; + } + + state->wb_req->extra_data.data = TALLOC_ARRAY( + state->wb_req, char, state->wb_req->extra_len + 1); + if (async_req_nomem(state->wb_req->extra_data.data, req)) { + return; + } + + state->wb_req->extra_data.data[state->wb_req->extra_len] = 0; + + subreq = recvall_send( + req, state->ev, state->fd, state->wb_req->extra_data.data, + state->wb_req->extra_len, 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_req_read_extra; + subreq->async.priv = req; +} + +static void wb_req_read_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + async_req_done(req); +} + + +NTSTATUS wb_req_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_request **preq) +{ + struct req_read_state *state = talloc_get_type_abort( + req->private_data, struct req_read_state); + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + *preq = talloc_move(mem_ctx, &state->wb_req); + return NT_STATUS_OK; +} + +struct req_write_state { + struct winbindd_request *wb_req; + struct event_context *ev; + int fd; +}; + +static void wb_req_write_main(struct async_req *subreq); +static void wb_req_write_extra(struct async_req *subreq); + +struct async_req *wb_req_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_request *wb_req) +{ + struct async_req *result, *subreq; + struct req_write_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct req_write_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->wb_req = wb_req; + + subreq = sendall_send(state, state->ev, state->fd, state->wb_req, + sizeof(struct winbindd_request), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_req_write_main; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_req_write_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct req_write_state *state = talloc_get_type_abort( + req->private_data, struct req_write_state); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_req->extra_len == 0) { + async_req_done(req); + return; + } + + subreq = sendall_send(state, state->ev, state->fd, + state->wb_req->extra_data.data, + state->wb_req->extra_len, 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_req_write_extra; + subreq->async.priv = req; +} + +static void wb_req_write_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + async_req_done(req); +} + +NTSTATUS wb_req_write_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + +struct resp_read_state { + struct winbindd_response *wb_resp; + struct event_context *ev; + size_t max_extra_data; + int fd; +}; + +static void wb_resp_read_len(struct async_req *subreq); +static void wb_resp_read_main(struct async_req *subreq); +static void wb_resp_read_extra(struct async_req *subreq); + +struct async_req *wb_resp_read_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd) +{ + struct async_req *result, *subreq; + struct resp_read_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct resp_read_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->wb_resp = talloc(state, struct winbindd_response); + if (state->wb_resp == NULL) { + goto nomem; + } + + subreq = recvall_send(state, ev, state->fd, &(state->wb_resp->length), + sizeof(state->wb_resp->length), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_resp_read_len; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_resp_read_len(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct resp_read_state *state = talloc_get_type_abort( + req->private_data, struct resp_read_state); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_resp->length < sizeof(struct winbindd_response)) { + DEBUG(0, ("wb_resp_read_len: Invalid response size received: " + "%d (expected at least%d)\n", + (int)state->wb_resp->length, + (int)sizeof(struct winbindd_response))); + async_req_error(req, NT_STATUS_INVALID_BUFFER_SIZE); + return; + } + + subreq = recvall_send( + req, state->ev, state->fd, (uint32 *)(state->wb_resp)+1, + sizeof(struct winbindd_response) - sizeof(uint32), 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_resp_read_main; + subreq->async.priv = req; +} + +static void wb_resp_read_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct resp_read_state *state = talloc_get_type_abort( + req->private_data, struct resp_read_state); + NTSTATUS status; + size_t extra_len; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + extra_len = state->wb_resp->length - sizeof(struct winbindd_response); + if (extra_len == 0) { + async_req_done(req); + return; + } + + state->wb_resp->extra_data.data = TALLOC_ARRAY( + state->wb_resp, char, extra_len+1); + if (async_req_nomem(state->wb_resp->extra_data.data, req)) { + return; + } + ((char *)state->wb_resp->extra_data.data)[extra_len] = 0; + + subreq = recvall_send( + req, state->ev, state->fd, state->wb_resp->extra_data.data, + extra_len, 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_resp_read_extra; + subreq->async.priv = req; +} + +static void wb_resp_read_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = recvall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + async_req_done(req); +} + + +NTSTATUS wb_resp_read_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp) +{ + struct resp_read_state *state = talloc_get_type_abort( + req->private_data, struct resp_read_state); + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + *presp = talloc_move(mem_ctx, &state->wb_resp); + return NT_STATUS_OK; +} + +struct resp_write_state { + struct winbindd_response *wb_resp; + struct event_context *ev; + int fd; +}; + +static void wb_resp_write_main(struct async_req *subreq); +static void wb_resp_write_extra(struct async_req *subreq); + +struct async_req *wb_resp_write_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, int fd, + struct winbindd_response *wb_resp) +{ + struct async_req *result, *subreq; + struct resp_write_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct resp_write_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->fd = fd; + state->ev = ev; + state->wb_resp = wb_resp; + + subreq = sendall_send(state, state->ev, state->fd, state->wb_resp, + sizeof(struct winbindd_response), 0); + if (subreq == NULL) { + goto nomem; + } + + subreq->async.fn = wb_resp_write_main; + subreq->async.priv = result; + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_resp_write_main(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct resp_write_state *state = talloc_get_type_abort( + req->private_data, struct resp_write_state); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + if (state->wb_resp->length == sizeof(struct winbindd_response)) { + async_req_done(req); + return; + } + + subreq = sendall_send( + state, state->ev, state->fd, + state->wb_resp->extra_data.data, + state->wb_resp->length - sizeof(struct winbindd_response), 0); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_resp_write_extra; + subreq->async.priv = req; +} + +static void wb_resp_write_extra(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + NTSTATUS status; + + status = sendall_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + async_req_done(req); +} + +NTSTATUS wb_resp_write_recv(struct async_req *req) +{ + return async_req_simple_recv(req); +} + +struct wb_trans_state { + struct event_context *ev; + struct timed_event *te; + int fd; + struct winbindd_response *wb_resp; + size_t reply_max_extra_data; +}; + +static void wb_trans_timeout(struct event_context *ev, struct timed_event *te, + const struct timeval *now, void *priv); +static void wb_trans_sent(struct async_req *req); +static void wb_trans_received(struct async_req *req); + +struct async_req *wb_trans_send(TALLOC_CTX *mem_ctx, + struct event_context *ev, + int fd, + struct winbindd_request *wb_req, + struct timeval timeout, + size_t reply_max_extra_data) +{ + struct async_req *result, *subreq; + struct wb_trans_state *state; + + result = async_req_new(mem_ctx, ev); + if (result == NULL) { + return NULL; + } + + state = talloc(result, struct wb_trans_state); + if (state == NULL) { + goto nomem; + } + result->private_data = state; + + state->ev = ev; + state->fd = fd; + state->reply_max_extra_data = reply_max_extra_data; + + state->te = event_add_timed( + ev, state, + timeval_current_ofs(timeout.tv_sec, timeout.tv_usec), + "wb_trans_timeout", wb_trans_timeout, result); + if (state->te == NULL) { + goto nomem; + } + + subreq = wb_req_write_send(state, state->ev, state->fd, wb_req); + if (subreq == NULL) { + goto nomem; + } + subreq->async.fn = wb_trans_sent; + subreq->async.priv = result; + + return result; + + nomem: + TALLOC_FREE(result); + return NULL; +} + +static void wb_trans_timeout(struct event_context *ev, struct timed_event *te, + const struct timeval *now, void *priv) +{ + struct async_req *req = talloc_get_type_abort( + priv, struct async_req); + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + + TALLOC_FREE(state->te); + async_req_error(req, NT_STATUS_IO_TIMEOUT); +} + +static void wb_trans_sent(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + NTSTATUS status; + + status = wb_req_write_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + subreq = wb_resp_read_send(state, state->ev, state->fd); + if (async_req_nomem(subreq, req)) { + return; + } + + subreq->async.fn = wb_trans_received; + subreq->async.priv = req; +}; + +static void wb_trans_received(struct async_req *subreq) +{ + struct async_req *req = talloc_get_type_abort( + subreq->async.priv, struct async_req); + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + NTSTATUS status; + + TALLOC_FREE(state->te); + + status = wb_resp_read_recv(subreq, state, &state->wb_resp); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(req, status); + return; + } + + async_req_done(req); +} + +NTSTATUS wb_trans_recv(struct async_req *req, TALLOC_CTX *mem_ctx, + struct winbindd_response **presp) +{ + struct wb_trans_state *state = talloc_get_type_abort( + req->private_data, struct wb_trans_state); + NTSTATUS status; + + if (async_req_is_error(req, &status)) { + return status; + } + *presp = talloc_move(mem_ctx, &state->wb_resp); + return NT_STATUS_OK; +} + +struct wb_trans_queue_state { + struct wb_trans_queue_state *prev, *next; + struct wb_trans_queue *queue; + struct winbindd_request *req; +}; + +struct wb_trans_queue { + int fd; + struct timeval timeout; + size_t max_resp_extra_data; + struct wb_trans_queue_state *queued_requests; +}; diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index e5d0a22a73..fd1fdd3699 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -456,7 +456,7 @@ void winbindd_getpwnam(struct winbindd_cli_state *state) /* Get info for the domain */ - domain = find_domain_from_name(domname); + domain = find_domain_from_name_noinit(domname); if (domain == NULL) { DEBUG(7, ("could not find domain entry for domain %s. " |